Search

Find a vulnerability

Search criteria

    61 vulnerabilities found for Clustered Data ONTAP by NetApp

    VAR-201908-0260

    Vulnerability from variot - Updated: 2026-04-10 23:34

    Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. Solution:

    Before applying this update, make sure all previously released errata relevant to your system have been applied. Description:

    Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

    The following packages have been upgraded to a later upstream version: rh-nodejs8-nodejs (8.16.1). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Important: httpd24-httpd and httpd24-nghttp2 security update Advisory ID: RHSA-2019:2949-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:2949 Issue date: 2019-10-01 CVE Names: CVE-2019-9511 CVE-2019-9513 CVE-2019-9517 ==================================================================== 1. Summary:

    An update for httpd24-httpd and httpd24-nghttp2 is now available for Red Hat Software Collections.

    Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

    1. Description:

    The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

    Security Fix(es):

    • HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511)

    • HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)

    • HTTP/2: request for large response leads to denial of service (CVE-2019-9517)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    After installing the updated packages, the httpd daemon will be restarted automatically.

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service

    1. Package List:

    Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):

    Source: httpd24-httpd-2.4.34-8.el6.1.src.rpm httpd24-nghttp2-1.7.1-7.el6.1.src.rpm

    noarch: httpd24-httpd-manual-2.4.34-8.el6.1.noarch.rpm

    x86_64: httpd24-httpd-2.4.34-8.el6.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-8.el6.1.x86_64.rpm httpd24-httpd-devel-2.4.34-8.el6.1.x86_64.rpm httpd24-httpd-tools-2.4.34-8.el6.1.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el6.1.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el6.1.x86_64.rpm httpd24-mod_ldap-2.4.34-8.el6.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-8.el6.1.x86_64.rpm httpd24-mod_session-2.4.34-8.el6.1.x86_64.rpm httpd24-mod_ssl-2.4.34-8.el6.1.x86_64.rpm httpd24-nghttp2-1.7.1-7.el6.1.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el6.1.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):

    Source: httpd24-httpd-2.4.34-8.el6.1.src.rpm httpd24-nghttp2-1.7.1-7.el6.1.src.rpm

    noarch: httpd24-httpd-manual-2.4.34-8.el6.1.noarch.rpm

    x86_64: httpd24-httpd-2.4.34-8.el6.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-8.el6.1.x86_64.rpm httpd24-httpd-devel-2.4.34-8.el6.1.x86_64.rpm httpd24-httpd-tools-2.4.34-8.el6.1.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el6.1.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el6.1.x86_64.rpm httpd24-mod_ldap-2.4.34-8.el6.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-8.el6.1.x86_64.rpm httpd24-mod_session-2.4.34-8.el6.1.x86_64.rpm httpd24-mod_ssl-2.4.34-8.el6.1.x86_64.rpm httpd24-nghttp2-1.7.1-7.el6.1.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el6.1.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

    Source: httpd24-httpd-2.4.34-8.el7.1.src.rpm httpd24-nghttp2-1.7.1-7.el7.1.src.rpm

    aarch64: httpd24-httpd-2.4.34-8.el7.1.aarch64.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.aarch64.rpm httpd24-httpd-devel-2.4.34-8.el7.1.aarch64.rpm httpd24-httpd-tools-2.4.34-8.el7.1.aarch64.rpm httpd24-libnghttp2-1.7.1-7.el7.1.aarch64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.aarch64.rpm httpd24-mod_ldap-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_md-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_session-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_ssl-2.4.34-8.el7.1.aarch64.rpm httpd24-nghttp2-1.7.1-7.el7.1.aarch64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.aarch64.rpm

    noarch: httpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm

    ppc64le: httpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm httpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm

    s390x: httpd24-httpd-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm httpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm httpd24-mod_md-2.4.34-8.el7.1.s390x.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm httpd24-mod_session-2.4.34-8.el7.1.s390x.rpm httpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

    Source: httpd24-httpd-2.4.34-8.el7.1.src.rpm httpd24-nghttp2-1.7.1-7.el7.1.src.rpm

    aarch64: httpd24-httpd-2.4.34-8.el7.1.aarch64.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.aarch64.rpm httpd24-httpd-devel-2.4.34-8.el7.1.aarch64.rpm httpd24-httpd-tools-2.4.34-8.el7.1.aarch64.rpm httpd24-libnghttp2-1.7.1-7.el7.1.aarch64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.aarch64.rpm httpd24-mod_ldap-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_md-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_session-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_ssl-2.4.34-8.el7.1.aarch64.rpm httpd24-nghttp2-1.7.1-7.el7.1.aarch64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.aarch64.rpm

    noarch: httpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm

    ppc64le: httpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm httpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm

    s390x: httpd24-httpd-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm httpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm httpd24-mod_md-2.4.34-8.el7.1.s390x.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm httpd24-mod_session-2.4.34-8.el7.1.s390x.rpm httpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm

    x86_64: httpd24-httpd-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):

    Source: httpd24-httpd-2.4.34-8.el7.1.src.rpm httpd24-nghttp2-1.7.1-7.el7.1.src.rpm

    noarch: httpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm

    ppc64le: httpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm httpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm

    s390x: httpd24-httpd-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm httpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm httpd24-mod_md-2.4.34-8.el7.1.s390x.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm httpd24-mod_session-2.4.34-8.el7.1.s390x.rpm httpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm

    x86_64: httpd24-httpd-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):

    Source: httpd24-httpd-2.4.34-8.el7.1.src.rpm httpd24-nghttp2-1.7.1-7.el7.1.src.rpm

    noarch: httpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm

    ppc64le: httpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm httpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm

    s390x: httpd24-httpd-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm httpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm httpd24-mod_md-2.4.34-8.el7.1.s390x.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm httpd24-mod_session-2.4.34-8.el7.1.s390x.rpm httpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm

    x86_64: httpd24-httpd-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):

    Source: httpd24-httpd-2.4.34-8.el7.1.src.rpm httpd24-nghttp2-1.7.1-7.el7.1.src.rpm

    noarch: httpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm

    ppc64le: httpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm httpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm

    s390x: httpd24-httpd-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm httpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm httpd24-mod_md-2.4.34-8.el7.1.s390x.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm httpd24-mod_session-2.4.34-8.el7.1.s390x.rpm httpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm

    x86_64: httpd24-httpd-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

    Source: httpd24-httpd-2.4.34-8.el7.1.src.rpm httpd24-nghttp2-1.7.1-7.el7.1.src.rpm

    noarch: httpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm

    x86_64: httpd24-httpd-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9513 https://access.redhat.com/security/cve/CVE-2019-9517 https://access.redhat.com/security/updates/classification/#important

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBXZM+I9zjgjWX9erEAQhZww/+KbkqyDmqC5wyM0PG3/ZbsAg8Odywrvl7 P6oFYg8/Dsb5Tdrf6kZgHb6TFPYRqdptH5WTmLVedjvkvYgOeseVyzUCcjUgxP3S GjH1rGHQosMyRG82dyB3nexUnjJsDPQZ7kAnT3QS7WwzluY+jzBmQb54nEyfOK+2 Cm7MQbRJGS9igNGWlrbJpWA1caZkLDWpXxBNwmf1lh6LR/xOlbbEn3OnU4VFnIeI dbqAOP8DXSMvTFDvUuqZTJw2IjnWAYm2CJ3hi/BdRiAbsRtiIjFrQ3A3EaObt3ip P+FEXawj7/NzwMEFZu5Los+bJBH21Gdr44d0iS1FQYYC41rz0g1KVHizFVkFT2Hh m2YI65XlEd393dQMCtfrZIArZt87dBkU4JCBvKPYQ9+cF3PMR5ZzHSI2iSJ67iZM TWxkZv5mrI7DXZooOMfrW7aX8eyKk9PZy/iU24Iu8rJ4d9WZto9oDXZb4RwrurfV 2HB7wOpDz3duWsCJojE8lbpWJ8PswajfaruJq/jX7Za++v7F7GyTbSOgsAQAfDY2 XUTGiYzbrZmaIKaP3REWwTn+xTJBh8mqvUA2E+KvZzSn8fBEry8GIUsIKmxxzsz2 uqDSPyZ4Q5UO1nwLXpghkz/S1/JJztzbpLn1BJuISsTmR12R5a2Zrd8wcqpn9SOl I52/ZH/L3O8=N7om -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================= Ubuntu Security Notice USN-4113-2 September 17, 2019

    apache2 regression

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 19.04
    • Ubuntu 18.04 LTS
    • Ubuntu 16.04 LTS

    Summary:

    USN-4113-1 introduced a regression in Apache. Unfortunately, that update introduced a regression when proxying balancer manager connections in some configurations. This update fixes the problem.

    We apologize for the inconvenience.

    Original advisory details:

    Stefan Eissing discovered that the HTTP/2 implementation in Apache did not properly handle upgrade requests from HTTP/1.1 to HTTP/2 in some situations. A remote attacker could use this to cause a denial of service (daemon crash). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-0197)

    Craig Young discovered that a memory overwrite error existed in Apache when performing HTTP/2 very early pushes in some situations. A remote attacker could use this to cause a denial of service (daemon crash). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-10081)

    Craig Young discovered that a read-after-free error existed in the HTTP/2 implementation in Apache during connection shutdown. A remote attacker could use this to possibly cause a denial of service (daemon crash) or possibly expose sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-10082)

    Matei Badanoiu discovered that the mod_proxy component of Apache did not properly filter URLs when reporting errors in some configurations. A remote attacker could possibly use this issue to conduct cross-site scripting (XSS) attacks. (CVE-2019-10092)

    Daniel McCarney discovered that mod_remoteip component of Apache contained a stack buffer overflow when parsing headers from a trusted intermediary proxy in some situations. A remote attacker controlling a trusted proxy could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 19.04. (CVE-2019-10097)

    Yukitsugu Sasaki discovered that the mod_rewrite component in Apache was vulnerable to open redirects in some situations. A remote attacker could use this to possibly expose sensitive information or bypass intended restrictions. (CVE-2019-10098)

    Jonathan Looney discovered that the HTTP/2 implementation in Apache did not properly limit the amount of buffering for client connections in some situations. A remote attacker could use this to cause a denial of service (unresponsive daemon). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-9517)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 19.04: apache2 2.4.38-2ubuntu2.3 apache2-bin 2.4.38-2ubuntu2.3

    Ubuntu 18.04 LTS: apache2 2.4.29-1ubuntu4.11 apache2-bin 2.4.29-1ubuntu4.11

    Ubuntu 16.04 LTS: apache2 2.4.18-2ubuntu3.13 apache2-bin 2.4.18-2ubuntu3.13

    In general, a standard system update will make all the necessary changes. JIRA issues fixed (https://issues.jboss.org/):

    JBCS-826 - Rebase nghttp2 to 1.39.2

    This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Description:

    AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. Solution:

    Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.

    The References section of this erratum contains a download link (you must log in to download the update).

    CVE-2019-9517

    Jonathan Looney reported that a malicious client could perform a
    denial of service attack (exhausting h2 workers) by flooding a
    connection with requests and basically never reading responses on
    the TCP connection.
    

    CVE-2019-10092

    Matei "Mal" Badanoiu reported a limited cross-site scripting
    vulnerability in the mod_proxy error page. This vulnerability could only be
    triggered by a trusted proxy and not by untrusted HTTP clients. The
    issue does not affect the stretch release.
    

    CVE-2019-10098

    Yukitsugu Sasaki reported a potential open redirect vulnerability in
    the mod_rewrite module.
    

    For the oldstable distribution (stretch), these problems have been fixed in version 2.4.25-3+deb9u8.

    For the stable distribution (buster), these problems have been fixed in version 2.4.38-3+deb10u1.

    We recommend that you upgrade your apache2 packages.

    For the detailed security status of apache2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache2

    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl1kODxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RAEw/+OaEyxK9D+s1uIin5SkmJJ4buicbeEwh6Qwn03SCj5RYW+PbGaW67dSZN qcTGyJqU2YrY3y75q0S5V6GBvcg1+QRCbTAlZhUwALGmMpnfkPhn3q6uUXY8511i tZhKZYQa5ZVnpcDH2IF1EP+ilwK4q2uzMh1Wpz79PWLitWhk5dNMtjcjJ+KXP15C oOs3aeHheAkLGKE8drgLpYRSgx3ccD9i7lts6gr/uAJOW7pvQoY+SDOZvceU6/0A GIjOO56hw1tW6qkbDiG/sCYncVv6ZKTVsjhBJabw55kaIrReSnEMiWjqkV4BhCBF JjsewEBYZMV7DC+gkHKRoHHrSrI6gLYAFuTREXAjnf6fsPoVgX8hYkZ0QqH7F5zX dgSV7wpjjFzDb/iPkkncKJS1h11GlrM/6VhT1cr/6ZlHvqSAWlz0OUseRA9ii6Le jVxFTb7EAGsrEzK9SPhA/IbvIBj1UPQhjEgIthfImw4S+M5q40Oh0oKW+/FgzMqH LarHY+jQcOuGxE7T6EK4gozGxpLvpRhg8NcCzL/Vnst5JW7vr/F4R3H1NFk579tS RcXuBUy8+DkKecawPgP05zPxrhuAFIi89TkEMX3LyyA/Kn0KX+2KXabQll9Q2KYz Cn5eimlukcxKmWUxA3cJggcDj/80YgxE6wmFqHPtI/8Sx4XN0pY=v6GC -----END PGP SIGNATURE----- . 8) - aarch64, noarch, ppc64le, s390x, x86_64

    3

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "software collections",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "30"
          },
          {
            "_id": null,
            "model": "communications element manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.1.1"
          },
          {
            "_id": null,
            "model": "traffic server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "8.0.3"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "communications element manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.0.0"
          },
          {
            "_id": null,
            "model": "quay",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "3.0.0"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "16.04"
          },
          {
            "_id": null,
            "model": "web gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "7.7.2.24"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "19.04"
          },
          {
            "_id": null,
            "model": "openshift service mesh",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "traffic server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "6.0.0"
          },
          {
            "_id": null,
            "model": "communications element manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.1.0"
          },
          {
            "_id": null,
            "model": "traffic server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "8.0.0"
          },
          {
            "_id": null,
            "model": "graalvm",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "19.2.0"
          },
          {
            "_id": null,
            "model": "instantis enterprisetrack",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "17.3"
          },
          {
            "_id": null,
            "model": "retail xstore point of service",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "diskstation manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "synology",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "node.js",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "10.12.0"
          },
          {
            "_id": null,
            "model": "swiftnio",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "1.0.0"
          },
          {
            "_id": null,
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "10.0.0"
          },
          {
            "_id": null,
            "model": "node.js",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "10.16.3"
          },
          {
            "_id": null,
            "model": "web gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "7.7.2.0"
          },
          {
            "_id": null,
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "8.9.0"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "18.04"
          },
          {
            "_id": null,
            "model": "clustered data ontap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "node.js",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "8.16.1"
          },
          {
            "_id": null,
            "model": "vs960hd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "synology",
            "version": null
          },
          {
            "_id": null,
            "model": "web gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "8.1.0"
          },
          {
            "_id": null,
            "model": "traffic server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.0.0"
          },
          {
            "_id": null,
            "model": "web gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "8.2.0"
          },
          {
            "_id": null,
            "model": "leap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "15.1"
          },
          {
            "_id": null,
            "model": "web gateway",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "7.8.2.0"
          },
          {
            "_id": null,
            "model": "node.js",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "8.8.1"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "29"
          },
          {
            "_id": null,
            "model": "leap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "15.0"
          },
          {
            "_id": null,
            "model": "communications element manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.2.0"
          },
          {
            "_id": null,
            "model": "traffic server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "6.2.3"
          },
          {
            "_id": null,
            "model": "jboss core services",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.4.20"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.4.40"
          },
          {
            "_id": null,
            "model": "skynas",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "synology",
            "version": null
          },
          {
            "_id": null,
            "model": "instantis enterprisetrack",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "17.1"
          },
          {
            "_id": null,
            "model": "jboss enterprise application platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.3.0"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "8.0.0"
          },
          {
            "_id": null,
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "10.13.0"
          },
          {
            "_id": null,
            "model": "swiftnio",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "1.4.0"
          },
          {
            "_id": null,
            "model": "web gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "7.8.2.13"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "node.js",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "12.8.1"
          },
          {
            "_id": null,
            "model": "node.js",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "nodejs",
            "version": "12.0.0"
          },
          {
            "_id": null,
            "model": "traffic server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.1.6"
          },
          {
            "_id": null,
            "model": "jboss enterprise application platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.2.0"
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "akamai",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "amazon",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apache traffic server",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cloudflare",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "envoy",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "facebook",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "go programming language",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "litespeed",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "microsoft",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "netty",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "node js",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "synology",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "twisted",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "grpc",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nghttp2",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "nginx",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9517"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "155414"
          },
          {
            "db": "PACKETSTORM",
            "id": "154712"
          },
          {
            "db": "PACKETSTORM",
            "id": "154699"
          },
          {
            "db": "PACKETSTORM",
            "id": "154697"
          },
          {
            "db": "PACKETSTORM",
            "id": "155416"
          },
          {
            "db": "PACKETSTORM",
            "id": "156852"
          },
          {
            "db": "PACKETSTORM",
            "id": "154663"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2019-9517",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-9517",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-160952",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-9517",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cret@cert.org",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-9517",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-9517",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "cret@cert.org",
                "id": "CVE-2019-9517",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201908-943",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-160952",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-160952"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-943"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9517"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9517"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Description:\n\nNode.js is a software development platform for building fast and scalable\nnetwork applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version:\nrh-nodejs8-nodejs (8.16.1). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: httpd24-httpd and httpd24-nghttp2 security update\nAdvisory ID:       RHSA-2019:2949-01\nProduct:           Red Hat Software Collections\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2019:2949\nIssue date:        2019-10-01\nCVE Names:         CVE-2019-9511 CVE-2019-9513 CVE-2019-9517\n====================================================================\n1. Summary:\n\nAn update for httpd24-httpd and httpd24-nghttp2 is now available for Red\nHat Software Collections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. Description:\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient,\nand extensible web server. \n\nSecurity Fix(es):\n\n* HTTP/2: large amount of data requests leads to denial of service\n(CVE-2019-9511)\n\n* HTTP/2: flood using PRIORITY frames resulting in excessive resource\nconsumption (CVE-2019-9513)\n\n* HTTP/2: request for large response leads to denial of service\n(CVE-2019-9517)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption\n1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service\n1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nhttpd24-httpd-2.4.34-8.el6.1.src.rpm\nhttpd24-nghttp2-1.7.1-7.el6.1.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-8.el6.1.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-libnghttp2-1.7.1-7.el6.1.x86_64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el6.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-mod_session-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-nghttp2-1.7.1-7.el6.1.x86_64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el6.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nhttpd24-httpd-2.4.34-8.el6.1.src.rpm\nhttpd24-nghttp2-1.7.1-7.el6.1.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-8.el6.1.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-libnghttp2-1.7.1-7.el6.1.x86_64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el6.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-mod_session-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-nghttp2-1.7.1-7.el6.1.x86_64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el6.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nhttpd24-httpd-2.4.34-8.el7.1.src.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.src.rpm\n\naarch64:\nhttpd24-httpd-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.aarch64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.aarch64.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.aarch64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.aarch64.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm\n\nppc64le:\nhttpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm\n\ns390x:\nhttpd24-httpd-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nhttpd24-httpd-2.4.34-8.el7.1.src.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.src.rpm\n\naarch64:\nhttpd24-httpd-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.aarch64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.aarch64.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.aarch64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.aarch64.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm\n\nppc64le:\nhttpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm\n\ns390x:\nhttpd24-httpd-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nhttpd24-httpd-2.4.34-8.el7.1.src.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm\n\nppc64le:\nhttpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm\n\ns390x:\nhttpd24-httpd-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nhttpd24-httpd-2.4.34-8.el7.1.src.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm\n\nppc64le:\nhttpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm\n\ns390x:\nhttpd24-httpd-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nhttpd24-httpd-2.4.34-8.el7.1.src.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm\n\nppc64le:\nhttpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm\n\ns390x:\nhttpd24-httpd-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nhttpd24-httpd-2.4.34-8.el7.1.src.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-9511\nhttps://access.redhat.com/security/cve/CVE-2019-9513\nhttps://access.redhat.com/security/cve/CVE-2019-9517\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXZM+I9zjgjWX9erEAQhZww/+KbkqyDmqC5wyM0PG3/ZbsAg8Odywrvl7\nP6oFYg8/Dsb5Tdrf6kZgHb6TFPYRqdptH5WTmLVedjvkvYgOeseVyzUCcjUgxP3S\nGjH1rGHQosMyRG82dyB3nexUnjJsDPQZ7kAnT3QS7WwzluY+jzBmQb54nEyfOK+2\nCm7MQbRJGS9igNGWlrbJpWA1caZkLDWpXxBNwmf1lh6LR/xOlbbEn3OnU4VFnIeI\ndbqAOP8DXSMvTFDvUuqZTJw2IjnWAYm2CJ3hi/BdRiAbsRtiIjFrQ3A3EaObt3ip\nP+FEXawj7/NzwMEFZu5Los+bJBH21Gdr44d0iS1FQYYC41rz0g1KVHizFVkFT2Hh\nm2YI65XlEd393dQMCtfrZIArZt87dBkU4JCBvKPYQ9+cF3PMR5ZzHSI2iSJ67iZM\nTWxkZv5mrI7DXZooOMfrW7aX8eyKk9PZy/iU24Iu8rJ4d9WZto9oDXZb4RwrurfV\n2HB7wOpDz3duWsCJojE8lbpWJ8PswajfaruJq/jX7Za++v7F7GyTbSOgsAQAfDY2\nXUTGiYzbrZmaIKaP3REWwTn+xTJBh8mqvUA2E+KvZzSn8fBEry8GIUsIKmxxzsz2\nuqDSPyZ4Q5UO1nwLXpghkz/S1/JJztzbpLn1BJuISsTmR12R5a2Zrd8wcqpn9SOl\nI52/ZH/L3O8=N7om\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. =========================================================================\nUbuntu Security Notice USN-4113-2\nSeptember 17, 2019\n\napache2 regression\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 19.04\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nUSN-4113-1 introduced a regression in Apache. \nUnfortunately, that update introduced a regression when proxying\nbalancer manager connections in some configurations. This update\nfixes the problem. \n\nWe apologize for the inconvenience. \n\nOriginal advisory details:\n\n Stefan Eissing discovered that the HTTP/2 implementation in Apache\n did not properly handle upgrade requests from HTTP/1.1 to HTTP/2 in\n some situations. A remote attacker could use this to cause a denial\n of service (daemon crash). This issue only affected Ubuntu 18.04 LTS\n and Ubuntu 19.04. (CVE-2019-0197)\n\n Craig Young discovered that a memory overwrite error existed in\n Apache when performing HTTP/2 very early pushes in some situations. A\n remote attacker could use this to cause a denial of service (daemon\n crash). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. \n (CVE-2019-10081)\n\n Craig Young discovered that a read-after-free error existed in the\n HTTP/2 implementation in Apache during connection shutdown. A remote\n attacker could use this to possibly cause a denial of service (daemon\n crash) or possibly expose sensitive information. This issue only\n affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-10082)\n\n Matei Badanoiu discovered that the mod_proxy component of\n Apache did not properly filter URLs when reporting errors in some\n configurations. A remote attacker could possibly use this issue to\n conduct cross-site scripting (XSS) attacks. (CVE-2019-10092)\n\n Daniel McCarney discovered that mod_remoteip component of Apache\n contained a stack buffer overflow when parsing headers from a trusted\n intermediary proxy in some situations. A remote attacker controlling a\n trusted proxy could use this to cause a denial of service or possibly\n execute arbitrary code. This issue only affected Ubuntu 19.04. \n (CVE-2019-10097)\n\n Yukitsugu Sasaki discovered that the mod_rewrite component in Apache\n was vulnerable to open redirects in some situations. A remote attacker\n could use this to possibly expose sensitive information or bypass\n intended restrictions. (CVE-2019-10098)\n\n Jonathan Looney discovered that the HTTP/2 implementation in Apache did\n not properly limit the amount of buffering for client connections in\n some situations. A remote attacker could use this to cause a denial\n of service (unresponsive daemon). This issue only affected Ubuntu\n 18.04 LTS and Ubuntu 19.04. (CVE-2019-9517)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 19.04:\n  apache2                         2.4.38-2ubuntu2.3\n  apache2-bin                     2.4.38-2ubuntu2.3\n\nUbuntu 18.04 LTS:\n  apache2                         2.4.29-1ubuntu4.11\n  apache2-bin                     2.4.29-1ubuntu4.11\n\nUbuntu 16.04 LTS:\n  apache2                         2.4.18-2ubuntu3.13\n  apache2-bin                     2.4.18-2ubuntu3.13\n\nIn general, a standard system update will make all the necessary changes. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-826 - Rebase nghttp2 to 1.39.2\n\n7. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.29 and includes bug fixes and enhancements. Refer to the\nRelease Notes for information on the most significant bug fixes and\nenhancements included in this release. Description:\n\nAMQ Broker is a high-performance messaging implementation based on ActiveMQ\nArtemis. It uses an asynchronous journal for fast message persistence, and\nsupports multiple languages, protocols, and platforms. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\nCVE-2019-9517\n\n    Jonathan Looney reported that a malicious client could perform a\n    denial of service attack (exhausting h2 workers) by flooding a\n    connection with requests and basically never reading responses on\n    the TCP connection. \n\nCVE-2019-10092\n\n    Matei \"Mal\" Badanoiu reported a limited cross-site scripting\n    vulnerability in the mod_proxy error page. This vulnerability could only be\n    triggered by a trusted proxy and not by untrusted HTTP clients. The\n    issue does not affect the stretch release. \n\nCVE-2019-10098\n\n    Yukitsugu Sasaki reported a potential open redirect vulnerability in\n    the mod_rewrite module. \n\nFor the oldstable distribution (stretch), these problems have been fixed\nin version 2.4.25-3+deb9u8. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.4.38-3+deb10u1. \n\nWe recommend that you upgrade your apache2 packages. \n\nFor the detailed security status of apache2 please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/apache2\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl1kODxfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0RAEw/+OaEyxK9D+s1uIin5SkmJJ4buicbeEwh6Qwn03SCj5RYW+PbGaW67dSZN\nqcTGyJqU2YrY3y75q0S5V6GBvcg1+QRCbTAlZhUwALGmMpnfkPhn3q6uUXY8511i\ntZhKZYQa5ZVnpcDH2IF1EP+ilwK4q2uzMh1Wpz79PWLitWhk5dNMtjcjJ+KXP15C\noOs3aeHheAkLGKE8drgLpYRSgx3ccD9i7lts6gr/uAJOW7pvQoY+SDOZvceU6/0A\nGIjOO56hw1tW6qkbDiG/sCYncVv6ZKTVsjhBJabw55kaIrReSnEMiWjqkV4BhCBF\nJjsewEBYZMV7DC+gkHKRoHHrSrI6gLYAFuTREXAjnf6fsPoVgX8hYkZ0QqH7F5zX\ndgSV7wpjjFzDb/iPkkncKJS1h11GlrM/6VhT1cr/6ZlHvqSAWlz0OUseRA9ii6Le\njVxFTb7EAGsrEzK9SPhA/IbvIBj1UPQhjEgIthfImw4S+M5q40Oh0oKW+/FgzMqH\nLarHY+jQcOuGxE7T6EK4gozGxpLvpRhg8NcCzL/Vnst5JW7vr/F4R3H1NFk579tS\nRcXuBUy8+DkKecawPgP05zPxrhuAFIi89TkEMX3LyyA/Kn0KX+2KXabQll9Q2KYz\nCn5eimlukcxKmWUxA3cJggcDj/80YgxE6wmFqHPtI/8Sx4XN0pY=v6GC\n-----END PGP SIGNATURE-----\n. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-9517"
          },
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "db": "VULHUB",
            "id": "VHN-160952"
          },
          {
            "db": "PACKETSTORM",
            "id": "155414"
          },
          {
            "db": "PACKETSTORM",
            "id": "154712"
          },
          {
            "db": "PACKETSTORM",
            "id": "154699"
          },
          {
            "db": "PACKETSTORM",
            "id": "154506"
          },
          {
            "db": "PACKETSTORM",
            "id": "154697"
          },
          {
            "db": "PACKETSTORM",
            "id": "155416"
          },
          {
            "db": "PACKETSTORM",
            "id": "156852"
          },
          {
            "db": "PACKETSTORM",
            "id": "154227"
          },
          {
            "db": "PACKETSTORM",
            "id": "154663"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-9517",
            "trust": 2.6
          },
          {
            "db": "CERT/CC",
            "id": "VU#605641",
            "trust": 2.5
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2019/08/15/7",
            "trust": 1.7
          },
          {
            "db": "MCAFEE",
            "id": "SB10296",
            "trust": 1.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-943",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "155414",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "156852",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "154227",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.4295",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3243",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4788",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3301",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1076",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3597.3",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4645",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4665",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0007",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4403",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4238",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1335",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3133",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.4596",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3597.2",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0643",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0100",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1030",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "156941",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "157214",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-19-346-01",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "154590",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-160952",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154712",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154699",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154506",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154697",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "155416",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154663",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "db": "VULHUB",
            "id": "VHN-160952"
          },
          {
            "db": "PACKETSTORM",
            "id": "155414"
          },
          {
            "db": "PACKETSTORM",
            "id": "154712"
          },
          {
            "db": "PACKETSTORM",
            "id": "154699"
          },
          {
            "db": "PACKETSTORM",
            "id": "154506"
          },
          {
            "db": "PACKETSTORM",
            "id": "154697"
          },
          {
            "db": "PACKETSTORM",
            "id": "155416"
          },
          {
            "db": "PACKETSTORM",
            "id": "156852"
          },
          {
            "db": "PACKETSTORM",
            "id": "154227"
          },
          {
            "db": "PACKETSTORM",
            "id": "154663"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-943"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9517"
          }
        ]
      },
      "id": "VAR-201908-0260",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-160952"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2026-04-10T23:34:01.956000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "HTTP/2 Remedial measures to achieve security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96626"
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-943"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-400",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-770",
            "trust": 1.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-160952"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9517"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.5,
            "url": "https://github.com/netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
          },
          {
            "trust": 2.5,
            "url": "https://www.synology.com/security/advisory/synology_sa_19_33"
          },
          {
            "trust": 2.4,
            "url": "https://access.redhat.com/errata/rhsa-2019:3933"
          },
          {
            "trust": 2.4,
            "url": "https://access.redhat.com/errata/rhsa-2019:3935"
          },
          {
            "trust": 2.3,
            "url": "https://www.debian.org/security/2019/dsa-4509"
          },
          {
            "trust": 2.3,
            "url": "https://access.redhat.com/errata/rhsa-2019:3932"
          },
          {
            "trust": 2.3,
            "url": "https://usn.ubuntu.com/4113-1/"
          },
          {
            "trust": 1.8,
            "url": "https://access.redhat.com/errata/rhsa-2019:2925"
          },
          {
            "trust": 1.8,
            "url": "https://access.redhat.com/errata/rhsa-2019:2946"
          },
          {
            "trust": 1.8,
            "url": "https://access.redhat.com/errata/rhsa-2019:2949"
          },
          {
            "trust": 1.8,
            "url": "https://access.redhat.com/errata/rhsa-2019:2955"
          },
          {
            "trust": 1.7,
            "url": "https://seclists.org/bugtraq/2019/aug/47"
          },
          {
            "trust": 1.7,
            "url": "https://kb.cert.org/vuls/id/605641/"
          },
          {
            "trust": 1.7,
            "url": "https://security.netapp.com/advisory/ntap-20190823-0003/"
          },
          {
            "trust": 1.7,
            "url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
          },
          {
            "trust": 1.7,
            "url": "https://security.netapp.com/advisory/ntap-20190905-0003/"
          },
          {
            "trust": 1.7,
            "url": "https://security.gentoo.org/glsa/201909-04"
          },
          {
            "trust": 1.7,
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "trust": 1.7,
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.openwall.com/lists/oss-security/2019/08/15/7"
          },
          {
            "trust": 1.7,
            "url": "https://access.redhat.com/errata/rhsa-2019:2893"
          },
          {
            "trust": 1.7,
            "url": "https://access.redhat.com/errata/rhsa-2019:2939"
          },
          {
            "trust": 1.7,
            "url": "https://access.redhat.com/errata/rhsa-2019:2950"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
          },
          {
            "trust": 1.6,
            "url": "https://blogs.akamai.com/sitr/2019/08/http2-vulnerabilities.html"
          },
          {
            "trust": 1.6,
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10296"
          },
          {
            "trust": 1.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9517"
          },
          {
            "trust": 1.1,
            "url": "https://support.f5.com/csp/article/k02591030"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xhtku7yq5eep2xnsav4m4vj7qcbojmod/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bp556leg3wenhzi5taq6zebftjb4e2is/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/d89f999e26dfb1d50f247ead1fe8538014eb412b2dbe5be4b1a9ef50%40%3cdev.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026amp%3butm_medium=rss"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/4610762456644181b267c846423b3a990bd4aaea1886ecc7d51febdb%40%3cannounce.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/ec97fdfc1a859266e56fef084353a34e0a0b08901b3c1aa317a43c8c%40%3cdev.httpd.apache.org%3e"
          },
          {
            "trust": 0.8,
            "url": "https://vuls.cert.org/confluence/pages/viewpage.action?pageid=56393752"
          },
          {
            "trust": 0.8,
            "url": "https://tools.ietf.org/html/rfc7540"
          },
          {
            "trust": 0.8,
            "url": "https://tools.ietf.org/html/rfc7541"
          },
          {
            "trust": 0.8,
            "url": "https://blog.cloudflare.com/on-the-recent-http-2-dos-attacks/"
          },
          {
            "trust": 0.8,
            "url": "https://blog.litespeedtech.com/2019/08/15/litespeed-addresses-http-2-dos-advisories/"
          },
          {
            "trust": 0.8,
            "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9511https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9512https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9513https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9514https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9518"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bp556leg3wenhzi5taq6zebftjb4e2is/"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xhtku7yq5eep2xnsav4m4vj7qcbojmod/"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/"
          },
          {
            "trust": 0.7,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.7,
            "url": "https://access.redhat.com/security/cve/cve-2019-9517"
          },
          {
            "trust": 0.7,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.7,
            "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.7,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2019-9511"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2019-9516"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9516"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3ccvs."
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/ec97fdfc1a859266e56fef084353a34e0a0b08901b3c1aa317a43c8c@%3cdev."
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3ccvs."
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3ccvs."
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs."
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs."
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/d89f999e26dfb1d50f247ead1fe8538014eb412b2dbe5be4b1a9ef50@%3cdev."
          },
          {
            "trust": 0.6,
            "url": "http2-cves/"
          },
          {
            "trust": 0.6,
            "url": "https://www.cloudfoundry.org/blog/various-"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9518"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9517"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9516"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9515"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9514"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9513"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9512"
          },
          {
            "trust": 0.6,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9511"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3ccvs."
          },
          {
            "trust": 0.6,
            "url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026utm_medium=rss"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3ccvs."
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3ccvs."
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3ccvs."
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs."
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3ccvs."
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/4610762456644181b267c846423b3a990bd4aaea1886ecc7d51febdb@%3cannounce."
          },
          {
            "trust": 0.6,
            "url": "https://support.f5.com/csp/article/k50233772"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1126605"
          },
          {
            "trust": 0.6,
            "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1104951"
          },
          {
            "trust": 0.6,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-346-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1165894"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1165906"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1135167"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1164346"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1164364"
          },
          {
            "trust": 0.6,
            "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200059-1.html"
          },
          {
            "trust": 0.6,
            "url": "httpd.apache.org/security/vulnerabilities_24.html"
          },
          {
            "trust": 0.6,
            "url": "httpd.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/be1e153d17bb9e32d43a38f176d93bf8a9f7568f5c8f3f5e5ebf76cd@%3cannounce."
          },
          {
            "trust": 0.6,
            "url": "httpd-six-vulnerabilities-30057"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/apache-"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1127397"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1128387"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/157214/red-hat-security-advisory-2020-1445-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4645/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4403/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3597.2/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4665/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4788/"
          },
          {
            "trust": 0.6,
            "url": "https://pivotal.io/security/cve-2019-9517"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-spectrum-protect-plus-cve-2019-15606-cve-2019-15604-cve-2019-15605-cve-2019-9511-cve-2019-9516-cve-2019-9512-cve-2019-9517-cve-2019-951/"
          },
          {
            "trust": 0.6,
            "url": "http-2-cve-2019-9515-cve-2019-9518-cve-2019-9517-cve-2019-9514-cve-2019-9512-cve-2019/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-console-and-rest-api-are-vulnerable-to-multiple-denial-of-service-attacks-within-"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-vulnerabilities-in-websphere-application-server-liberty-cve-2019-9515-cve-2019-9518-cve-2019-9517-cve-2019-9512-cve-2019-9514-c/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4596/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0643/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1143454"
          },
          {
            "trust": 0.6,
            "url": "http2-implementation-vulnerablility/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-websphere-liberty-susceptible-to-"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-websphere-application-server-affect-ibm-sterling-b2b-integrator/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/156852/red-hat-security-advisory-2020-0922-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-kubernetes-affect-ibm-infosphere-information-server/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/156941/red-hat-security-advisory-2020-0983-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-websphere-application-server-liberty-affect-ibm-spectrum-protect-operations-center-and-client-management-service/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3243/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.4295/"
          },
          {
            "trust": 0.6,
            "url": "http-2-implementation-used-by-watson-knowledge-catalog-for-ibm-cloud-pak-for-data/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1335/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-multiple-vulnerabilities-in-websphere-application-server-liberty/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3597.3/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/155414/red-hat-security-advisory-2019-3935-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1150960"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1137466"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0100/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1167160"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/http-2-multiple-vulnerabilities-30040"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0007/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.4238/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1165852"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/154227/debian-security-advisory-4509-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3301/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1076/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1030/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/1127853"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3133/"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9513"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2019-9513"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0197"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-9512"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-9514"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-9515"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-9518"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5407"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17199"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17189"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2018-0737"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2018-17199"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0737"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-0217"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0734"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0217"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-0197"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2018-17189"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2018-5407"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-0196"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0196"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2018-0734"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10082"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10081"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10097"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10098"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10092"
          },
          {
            "trust": 0.1,
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10296"
          },
          {
            "trust": 0.1,
            "url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026amp;amp;utm_medium=rss"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/4610762456644181b267c846423b3a990bd4aaea1886ecc7d51febdb@%3cannounce.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/ec97fdfc1a859266e56fef084353a34e0a0b08901b3c1aa317a43c8c@%3cdev.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/d89f999e26dfb1d50f247ead1fe8538014eb412b2dbe5be4b1a9ef50@%3cdev.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://usn.ubuntu.com/4113-2"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.18-2ubuntu3.13"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/bugs/1842701"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.38-2ubuntu2.3"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.11"
          },
          {
            "trust": 0.1,
            "url": "https://usn.ubuntu.com/4113-1"
          },
          {
            "trust": 0.1,
            "url": "https://issues.jboss.org/):"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-0222"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_amq/7.6/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10247"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.6.0\u0026productchanged=yes"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20445"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20444"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-16869"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0222"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2020:0922"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10241"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-7238"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-10247"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-10241"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/"
          },
          {
            "trust": 0.1,
            "url": "https://security-tracker.debian.org/tracker/apache2"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          },
          {
            "db": "VULHUB",
            "id": "VHN-160952"
          },
          {
            "db": "PACKETSTORM",
            "id": "155414"
          },
          {
            "db": "PACKETSTORM",
            "id": "154712"
          },
          {
            "db": "PACKETSTORM",
            "id": "154699"
          },
          {
            "db": "PACKETSTORM",
            "id": "154506"
          },
          {
            "db": "PACKETSTORM",
            "id": "154697"
          },
          {
            "db": "PACKETSTORM",
            "id": "155416"
          },
          {
            "db": "PACKETSTORM",
            "id": "156852"
          },
          {
            "db": "PACKETSTORM",
            "id": "154227"
          },
          {
            "db": "PACKETSTORM",
            "id": "154663"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-943"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9517"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#605641",
            "ident": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-160952",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "155414",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "154712",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "154699",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "154506",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "154697",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "155416",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "156852",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "154227",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "154663",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-943",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9517",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2019-08-13T00:00:00",
            "db": "CERT/CC",
            "id": "VU#605641",
            "ident": null
          },
          {
            "date": "2019-08-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-160952",
            "ident": null
          },
          {
            "date": "2019-11-20T23:02:22",
            "db": "PACKETSTORM",
            "id": "155414",
            "ident": null
          },
          {
            "date": "2019-10-02T15:03:59",
            "db": "PACKETSTORM",
            "id": "154712",
            "ident": null
          },
          {
            "date": "2019-10-01T20:46:00",
            "db": "PACKETSTORM",
            "id": "154699",
            "ident": null
          },
          {
            "date": "2019-09-17T16:48:23",
            "db": "PACKETSTORM",
            "id": "154506",
            "ident": null
          },
          {
            "date": "2019-10-01T20:45:33",
            "db": "PACKETSTORM",
            "id": "154697",
            "ident": null
          },
          {
            "date": "2019-11-20T20:55:55",
            "db": "PACKETSTORM",
            "id": "155416",
            "ident": null
          },
          {
            "date": "2020-03-23T15:57:42",
            "db": "PACKETSTORM",
            "id": "156852",
            "ident": null
          },
          {
            "date": "2019-08-27T13:29:10",
            "db": "PACKETSTORM",
            "id": "154227",
            "ident": null
          },
          {
            "date": "2019-09-30T13:33:33",
            "db": "PACKETSTORM",
            "id": "154663",
            "ident": null
          },
          {
            "date": "2019-08-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-943",
            "ident": null
          },
          {
            "date": "2019-08-13T21:15:12.647000",
            "db": "NVD",
            "id": "CVE-2019-9517",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2019-11-19T00:00:00",
            "db": "CERT/CC",
            "id": "VU#605641",
            "ident": null
          },
          {
            "date": "2023-01-19T00:00:00",
            "db": "VULHUB",
            "id": "VHN-160952",
            "ident": null
          },
          {
            "date": "2021-06-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201908-943",
            "ident": null
          },
          {
            "date": "2025-01-14T19:29:55.853000",
            "db": "NVD",
            "id": "CVE-2019-9517",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-943"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#605641"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201908-943"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202206-1900

    Vulnerability from variot - Updated: 2026-04-10 23:28

    curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors. Harry Sintonen incorrectly handled certain file permissions. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207). Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:

    https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/

    Security fixes:

    • golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)

    • moment: inefficient parsing algorithim resulting in DoS (CVE-2022-31129)

    • nodejs16: CRLF injection in node-undici (CVE-2022-31150)

    • nodejs/undici: Cookie headers uncleared on cross-origin redirect (CVE-2022-31151)

    • vm2: Sandbox Escape in vm2 (CVE-2022-36067)

    Bug fixes:

    • RHACM 2.4 using deprecated APIs in managed clusters (BZ# 2041540)

    • vSphere network name doesn't allow entering spaces and doesn't reflect YAML changes (BZ# 2074766)

    • cluster update status is stuck, also update is not even visible (BZ# 2079418)

    • Policy that creates cluster role is showing as not compliant due to Request entity too large message (BZ# 2088486)

    • Upgraded from RHACM 2.2-->2.3-->2.4 and cannot create cluster (BZ# 2089490)

    • ACM Console Becomes Unusable After a Time (BZ# 2097464)

    • RHACM 2.4.6 images (BZ# 2100613)

    • Cluster Pools with conflicting name of existing clusters in same namespace fails creation and deletes existing cluster (BZ# 2102436)

    • ManagedClusters in Pending import state after ACM hub migration (BZ# 2102495)

    • Bugs fixed (https://bugzilla.redhat.com/):

    2041540 - RHACM 2.4 using deprecated APIs in managed clusters 2074766 - vSphere network name doesn't allow entering spaces and doesn't reflect YAML changes 2079418 - cluster update status is stuck, also update is not even visible 2088486 - Policy that creates cluster role is showing as not compliant due to Request entity too large message 2089490 - Upgraded from RHACM 2.2-->2.3-->2.4 and cannot create cluster 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2097464 - ACM Console Becomes Unusable After a Time 2100613 - RHACM 2.4.6 images 2102436 - Cluster Pools with conflicting name of existing clusters in same namespace fails creation and deletes existing cluster 2102495 - ManagedClusters in Pending import state after ACM hub migration 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 2109354 - CVE-2022-31150 nodejs16: CRLF injection in node-undici 2121396 - CVE-2022-31151 nodejs/undici: Cookie headers uncleared on cross-origin redirect 2124794 - CVE-2022-36067 vm2: Sandbox Escape in vm2

    1. Bugs fixed (https://bugzilla.redhat.com/):

    2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working

    1. JIRA issues fixed (https://issues.jboss.org/):

    LOG-2647 - Add link to log console from pod views LOG-2801 - After upgrade all logs are stored in app indices LOG-2917 - Changing refresh interval throws error when the 'Query' field is empty

    1. This advisory contains the following OpenShift Virtualization 4.12.0 images:

    Security Fix(es):

    • golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)

    • kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)

    • golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)

    • golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)

    • golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)

    • golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)

    • golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)

    • golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)

    • golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)

    • golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)

    • golang: syscall: faccessat checks wrong group (CVE-2022-29526)

    • golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)

    • golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)

    • golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)

    • golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)

    • golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)

    • golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)

    • golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    RHEL-8-CNV-4.12

    ============= bridge-marker-container-v4.12.0-24 cluster-network-addons-operator-container-v4.12.0-24 cnv-containernetworking-plugins-container-v4.12.0-24 cnv-must-gather-container-v4.12.0-58 hco-bundle-registry-container-v4.12.0-769 hostpath-csi-driver-container-v4.12.0-30 hostpath-provisioner-container-v4.12.0-30 hostpath-provisioner-operator-container-v4.12.0-31 hyperconverged-cluster-operator-container-v4.12.0-96 hyperconverged-cluster-webhook-container-v4.12.0-96 kubemacpool-container-v4.12.0-24 kubevirt-console-plugin-container-v4.12.0-182 kubevirt-ssp-operator-container-v4.12.0-64 kubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55 kubevirt-tekton-tasks-copy-template-container-v4.12.0-55 kubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55 kubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55 kubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55 kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55 kubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55 kubevirt-tekton-tasks-operator-container-v4.12.0-40 kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55 kubevirt-template-validator-container-v4.12.0-32 libguestfs-tools-container-v4.12.0-255 ovs-cni-marker-container-v4.12.0-24 ovs-cni-plugin-container-v4.12.0-24 virt-api-container-v4.12.0-255 virt-artifacts-server-container-v4.12.0-255 virt-cdi-apiserver-container-v4.12.0-72 virt-cdi-cloner-container-v4.12.0-72 virt-cdi-controller-container-v4.12.0-72 virt-cdi-importer-container-v4.12.0-72 virt-cdi-operator-container-v4.12.0-72 virt-cdi-uploadproxy-container-v4.12.0-71 virt-cdi-uploadserver-container-v4.12.0-72 virt-controller-container-v4.12.0-255 virt-exportproxy-container-v4.12.0-255 virt-exportserver-container-v4.12.0-255 virt-handler-container-v4.12.0-255 virt-launcher-container-v4.12.0-255 virt-operator-container-v4.12.0-255 virtio-win-container-v4.12.0-10 vm-network-latency-checkup-container-v4.12.0-89

    1. Solution:

    Before applying this update, you must apply all previously released errata relevant to your system.

    To apply this update, refer to:

    https://access.redhat.com/articles/11258

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1719190 - Unable to cancel live-migration if virt-launcher pod in pending state 2023393 - [CNV] [UI]Additional information needed for cloning when default storageclass in not defined in target datavolume 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error 2040377 - Unable to delete failed VMIM after VM deleted 2046298 - mdevs not configured with drivers installed, if mdev config added to HCO CR before drivers are installed 2052556 - Metric "kubevirt_num_virt_handlers_by_node_running_virt_launcher" reporting incorrect value 2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements 2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString 2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control 2060499 - [RFE] Cannot add additional service (or other objects) to VM template 2069098 - Large scale |VMs migration is slow due to low migration parallelism 2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass 2071491 - Storage Throughput metrics are incorrect in Overview 2072797 - Metrics in Virtualization -> Overview period is not clear or configurable 2072821 - Top Consumers of Storage Traffic in Kubevirt Dashboard giving unexpected numbers 2079916 - KubeVirt CR seems to be in DeploymentInProgress state and not recovering 2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group 2086285 - [dark mode] VirtualMachine - in the Utilization card the percentages and the graphs not visible enough in dark mode 2086551 - Min CPU feature found in labels 2087724 - Default template show no boot source even there are auto-upload boot sources 2088129 - [SSP] webhook does not comply with restricted security context 2088464 - [CDI] cdi-deployment does not comply with restricted security context 2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR 2089744 - HCO should label its control plane namespace to admit pods at privileged security level 2089751 - 4.12.0 containers 2089804 - 4.12.0 rpms 2091856 - ?Edit BootSource? action should have more explicit information when disabled 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2092796 - [RFE] CPU|Memory display in the template card is not consistent with the display in the template drawer 2093771 - The disk source should be PVC if the template has no auto-update boot source 2093996 - kubectl get vmi API should always return primary interface if exist 2094202 - Cloud-init username field should have hint 2096285 - KubeVirt CR API documentation is missing docs for many fields 2096780 - [RFE] Add ssh-key and sysprep to template scripts tab 2097436 - Online disk expansion ignores filesystem overhead change 2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP 2099556 - [RFE] Add option to enable RDP service for windows vm 2099573 - [RFE] Improve template's message about not editable 2099923 - [RFE] Merge "SSH access" and "SSH command" into one 2100290 - Error is not dismissed on catalog review page 2100436 - VM list filtering ignores VMs in error-states 2100442 - [RFE] allow enabling and disabling SSH service while VM is shut down 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS 2100629 - Update nested support KBASE article 2100679 - The number of hardware devices is not correct in vm overview tab 2100682 - All hardware devices get deleted while just delete one 2100684 - Workload profile are not editable during creation and after creation 2101144 - VM filter has two "Other" checkboxes which are triggered together 2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode 2101167 - Edit buttons clickable area is too large. 2101333 - [e2e] elements on Template Scheduling tab are missing proper data-test-id 2101335 - Clone action enabled in VM list kebab button for a VM in CrashLoopBackOff state 2101390 - Easy to miss the "tick" when adding GPU device to vm via UI 2101394 - [e2e] elements on VM Scripts tab are missing proper data-test-id 2101423 - wrong user name on using ignition 2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page 2101445 - "Pending changes - Boot Order" 2101454 - Cannot add PVC boot source to template in 'Edit Boot Source Reference' view as a non-priv user 2101499 - Cannot add NIC to VM template as non-priv user 2101501 - NAME parameter in VM template has no effect. 2101628 - non-priv user cannot load dataSource while edit template's rootdisk 2101667 - VMI view is not aligned with vm and tempates 2101681 - All templates are labeling "source available" in template list page 2102074 - VM Creation time on VM Overview Details card lacks string 2102125 - vm clone modal is displaying DV size instead of PVC size 2102132 - align the utilization card of single VM overview with the design 2102138 - Should the word "new" be removed from "Create new VirtualMachine from catalog"? 2102256 - Add button moved to right 2102448 - VM disk is deleted by uncheck "Delete disks (1x)" on delete modal 2102475 - Template 'vm-template-example' should be filtered by 'Fedora' rather than 'Other' 2102561 - sysprep-info should link to downstream doc 2102737 - Clone a VM should lead to vm overview tab 2102740 - "Save" button on vm clone modal should be "Clone" 2103806 - "404: Not Found" appears shortly by clicking the PVC link on vm disk tab 2103807 - PVC is not named by VM name while creating vm quickly 2103817 - Workload profile values in vm details should align with template's value 2103844 - VM nic model is empty 2104331 - VM list page scroll up automatically 2104402 - VM create button is not enabled while adding multiple environment disks 2104422 - Storage status report "OpenShift Data Foundation is not available" even the operator is installed 2104424 - Enable descheduler or hide it on template's scheduling tab 2104479 - [4.12] Cloned VM's snapshot restore fails if the source VM disk is deleted 2104480 - Alerts in VM overview tab disappeared after a few seconds 2104785 - "Add disk" and "Disks" are on the same line 2104859 - [RFE] Add "Copy SSH command" to VM action list 2105257 - Can't set log verbosity level for virt-operator pod 2106175 - All pages are crashed after visit Virtualization -> Overview 2106963 - Cannot add configmap for windows VM 2107279 - VM Template's bootable disk can be marked as bootable 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header 2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse functions 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob 2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode 2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip 2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal 2108339 - datasource does not provide timestamp when updated 2108638 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed 2109818 - Upstream metrics documentation is not detailed enough 2109975 - DataVolume fails to import "cirros-container-disk-demo" image 2110256 - Storage -> PVC -> upload data, does not support source reference 2110562 - CNV introduces a compliance check fail in "ocp4-moderate" profile - routes-protected-by-tls 2111240 - GiB changes to B in Template's Edit boot source reference modal 2111292 - kubevirt plugin console is crashed after creating a vm with 2 nics 2111328 - kubevirt plugin console crashed after visit vmi page 2111378 - VM SSH command generated by UI points at api VIP 2111744 - Cloned template should not label app.kubernetes.io/name: common-templates 2111794 - the virtlogd process is taking too much RAM! (17468Ki > 17Mi) 2112900 - button style are different 2114516 - Nothing happens after clicking on Fedora cloud image list link 2114636 - The style of displayed items are not unified on VM tabs 2114683 - VM overview tab is crashed just after the vm is created 2115257 - Need to Change system-product-name to "OpenShift Virtualization" in CNV-4.12 2115258 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass 2115280 - [e2e] kubevirt-e2e-aws see two duplicated navigation items 2115769 - Machine type is updated to rhel8.6.0 in KV CR but not in Templates 2116225 - The filter keyword of the related operator 'Openshift Data Foundation' is 'OCS' rather than 'ODF' 2116644 - Importer pod is failing to start with error "MountVolume.SetUp failed for volume "cdi-proxy-cert-vol" : configmap "custom-ca" not found" 2117549 - Cannot edit cloud-init data after add ssh key 2117803 - Cannot edit ssh even vm is stopped 2117813 - Improve descriptive text of VM details while VM is off 2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs 2118257 - outdated doc link tolerations modal 2118823 - Deprecated API 1.25 call: virt-cdi-controller/v0.0.0 (linux/amd64) kubernetes/$Format 2119069 - Unable to start windows VMs on PSI setups 2119128 - virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 2119309 - readinessProbe in VM stays on failed 2119615 - Change the disk size causes the unit changed 2120907 - Cannot filter disks by label 2121320 - Negative values in migration metrics 2122236 - Failing to delete HCO with SSP sticking around 2122990 - VMExport should check APIGroup 2124147 - "ReadOnlyMany" should not be added to supported values in memory dump 2124307 - Ui crash/stuck on loading when trying to detach disk on a VM 2124528 - On upgrade, when live-migration is failed due to an infra issue, virt-handler continuously and endlessly tries to migrate it 2124555 - View documentation link on MigrationPolicies page des not work 2124557 - MigrationPolicy description is not displayed on Details page 2124558 - Non-privileged user can start MigrationPolicy creation 2124565 - Deleted DataSource reappears in list 2124572 - First annotation can not be added to DataSource 2124582 - Filtering VMs by OS does not work 2124594 - Docker URL validation is inconsistent over application 2124597 - Wrong case in Create DataSource menu 2126104 - virtctl image-upload hangs waiting for pod to be ready with missing access mode defined in the storage profile 2126397 - many KubeVirtComponentExceedsRequestedMemory alerts in Firing state 2127787 - Expose the PVC source of the dataSource on UI 2127843 - UI crashed by selecting "Live migration network" 2127931 - Change default time range on Virtualization -> Overview -> Monitoring dashboard to 30 minutes 2127947 - cluster-network-addons-config tlsSecurityProfle takes a long time to update after setting APIServer 2128002 - Error after VM template deletion 2128107 - sriov-manage command fails to enable SRIOV Virtual functions on the Ampere GPU Cards 2128872 - [4.11]Can't restore cloned VM 2128948 - Cannot create DataSource from default YAML 2128949 - Cannot create MigrationPolicy from example YAML 2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 2129013 - Mark Windows 11 as TechPreview 2129234 - Service is not deleted along with the VM when the VM is created from a template with service 2129301 - Cloud-init network data don't wipe out on uncheck checkbox 'Add network data' 2129870 - crypto-policy : Accepting TLS 1.3 connections by validating webhook 2130509 - Auto image import in failed state with data sources pointing to external manually-created PVC/DV 2130588 - crypto-policy : Common Ciphers support by apiserver and hco 2130695 - crypto-policy : Logging Improvement and publish the source of ciphers 2130909 - Non-privileged user can start DataSource creation 2131157 - KV data transfer rate chart in VM Metrics tab is not displayed 2131165 - [dark mode] Additional statuses accordion on Virtualization Overview page not visible enough 2131674 - Bump virtlogd memory requirement to 20Mi 2132031 - Ensure Windows 2022 Templates are marked as TechPreview like it is done now for Windows 11 2132682 - Default YAML entity name convention. 2132721 - Delete dialogs 2132744 - Description text is missing in Live Migrations section 2132746 - Background is broken in Virtualization Monitoring page 2132783 - VM can not be created from Template with edited boot source 2132793 - Edited Template BSR is not saved 2132932 - Typo in PVC size units menu 2133540 - [pod security violation audit] Audit violation in "cni-plugins" container should be fixed 2133541 - [pod security violation audit] Audit violation in "bridge-marker" container should be fixed 2133542 - [pod security violation audit] Audit violation in "manager" container should be fixed 2133543 - [pod security violation audit] Audit violation in "kube-rbac-proxy" container should be fixed 2133655 - [pod security violation audit] Audit violation in "cdi-operator" container should be fixed 2133656 - [4.12][pod security violation audit] Audit violation in "hostpath-provisioner-operator" container should be fixed 2133659 - [pod security violation audit] Audit violation in "cdi-controller" container should be fixed 2133660 - [pod security violation audit] Audit violation in "cdi-source-update-poller" container should be fixed 2134123 - KubeVirtComponentExceedsRequestedMemory Alert for virt-handler pod 2134672 - [e2e] add data-test-id for catalog -> storage section 2134825 - Authorization for expand-spec endpoint missing 2135805 - Windows 2022 template is missing vTPM and UEFI params in spec 2136051 - Name jumping when trying to create a VM with source from catalog 2136425 - Windows 11 is detected as Windows 10 2136534 - Not possible to specify a TTL on VMExports 2137123 - VMExport: export pod is not PSA complaint 2137241 - Checkbox about delete vm disks is not loaded while deleting VM 2137243 - registery input add docker prefix twice 2137349 - "Manage source" action infinitely loading on DataImportCron details page 2137591 - Inconsistent dialog headings/titles 2137731 - Link of VM status in overview is not working 2137733 - No link for VMs in error status in "VirtualMachine statuses" card 2137736 - The column name "MigrationPolicy name" can just be "Name" 2137896 - crypto-policy: HCO should pick TLSProfile from apiserver if not provided explicitly 2138112 - Unsupported S3 endpoint option in Add disk modal 2138119 - "Customize VirtualMachine" flow is not user-friendly because settings are split into 2 modals 2138199 - Win11 and Win22 templates are not filtered properly by Template provider 2138653 - Saving Template prameters reloads the page 2138657 - Setting DATA_SOURCE_ Template parameters makes VM creation fail 2138664 - VM that was created with SSH key fails to start 2139257 - Cannot add disk via "Using an existing PVC" 2139260 - Clone button is disabled while VM is running 2139293 - Non-admin user cannot load VM list page 2139296 - Non-admin cannot load MigrationPolicies page 2139299 - No auto-generated VM name while creating VM by non-admin user 2139306 - Non-admin cannot create VM via customize mode 2139479 - virtualization overview crashes for non-priv user 2139574 - VM name gets "emptyname" if click the create button quickly 2139651 - non-priv user can click create when have no permissions 2139687 - catalog shows template list for non-priv users 2139738 - [4.12]Can't restore cloned VM 2139820 - non-priv user cant reach vm details 2140117 - Provide upgrade path from 4.11.1->4.12.0 2140521 - Click the breadcrumb list about "VirtualMachines" goes to undefined project 2140534 - [View only] it should give a permission error when user clicking the VNC play/connect button as a view only user 2140627 - Not able to select storageClass if there is no default storageclass defined 2140730 - Links on Virtualization Overview page lead to wrong namespace for non-priv user 2140808 - Hyperv feature set to "enabled: false" prevents scheduling 2140977 - Alerts number is not correct on Virtualization overview 2140982 - The base template of cloned template is "Not available" 2140998 - Incorrect information shows in overview page per namespace 2141089 - Unable to upload boot images. 2141302 - Unhealthy states alerts and state metrics are missing 2141399 - Unable to set TLS Security profile for CDI using HCO jsonpatch annotations 2141494 - "Start in pause mode" option is not available while creating the VM 2141654 - warning log appearing on VMs: found no SR-IOV networks 2141711 - Node column selector is redundant for non-priv user 2142468 - VM action "Stop" should not be disabled when VM in pause state 2142470 - Delete a VM or template from all projects leads to 404 error 2142511 - Enhance alerts card in overview 2142647 - Error after MigrationPolicy deletion 2142891 - VM latency checkup: Failed to create the checkup's Job 2142929 - Permission denied when try get instancestypes 2143268 - Topolvm storageProfile missing accessModes and volumeMode 2143498 - Could not load template while creating VM from catalog 2143964 - Could not load template while creating VM from catalog 2144580 - "?" icon is too big in VM Template Disk tab 2144828 - "?" icon is too big in VM Template Disk tab 2144839 - Alerts number is not correct on Virtualization overview 2153849 - After upgrade to 4.11.1->4.12.0 hco.spec.workloadUpdateStrategy value is getting overwritten 2155757 - Incorrect upstream-version label "v1.6.0-unstable-410-g09ea881c" is tagged to 4.12 hyperconverged-cluster-operator-container and hyperconverged-cluster-webhook-container

    1. Description:

    Multicluster Engine for Kubernetes 2.0.2 images

    Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds.

    You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.

    Security updates:

    • moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
    • vm2: Sandbox Escape in vm2 (CVE-2022-36067)

    Bug fix:

    • MCE 2.0.2 images (BZ# 2104569)

    • Solution:

    For multicluster engine for Kubernetes, see the following documentation for details on how to install the images:

    https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/multicluster_engine/index#installing-while-connected-online

    1. Bugs fixed (https://bugzilla.redhat.com/):

    2104569 - MCE 2.0.2 Images 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 2124794 - CVE-2022-36067 vm2: Sandbox Escape in vm2

    Bug Fix(es):

    • Cloning a Block DV to VM with Filesystem with not big enough size comes to endless loop - using pvc api (BZ#2033191)

    • Restart of VM Pod causes SSH keys to be regenerated within VM (BZ#2087177)

    • Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR (BZ#2089391)

    • [4.11] VM Snapshot Restore hangs indefinitely when backed by a snapshotclass (BZ#2098225)

    • Fedora version in DataImportCrons is not 'latest' (BZ#2102694)

    • [4.11] Cloned VM's snapshot restore fails if the source VM disk is deleted (BZ#2109407)

    • CNV introduces a compliance check fail in "ocp4-moderate" profile - routes-protected-by-tls (BZ#2110562)

    • Nightly build: v4.11.0-578: index format was changed in 4.11 to file-based instead of sqlite-based (BZ#2112643)

    • Unable to start windows VMs on PSI setups (BZ#2115371)

    • [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 (BZ#2128997)

    • Mark Windows 11 as TechPreview (BZ#2129013)

    • 4.11.1 rpms (BZ#2139453)

    This advisory contains the following OpenShift Virtualization 4.11.1 images.

    RHEL-8-CNV-4.11

    virt-cdi-operator-container-v4.11.1-5 virt-cdi-uploadserver-container-v4.11.1-5 virt-cdi-apiserver-container-v4.11.1-5 virt-cdi-importer-container-v4.11.1-5 virt-cdi-controller-container-v4.11.1-5 virt-cdi-cloner-container-v4.11.1-5 virt-cdi-uploadproxy-container-v4.11.1-5 checkup-framework-container-v4.11.1-3 kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.1-7 kubevirt-tekton-tasks-create-datavolume-container-v4.11.1-7 kubevirt-template-validator-container-v4.11.1-4 virt-handler-container-v4.11.1-5 hostpath-provisioner-operator-container-v4.11.1-4 virt-api-container-v4.11.1-5 vm-network-latency-checkup-container-v4.11.1-3 cluster-network-addons-operator-container-v4.11.1-5 virtio-win-container-v4.11.1-4 virt-launcher-container-v4.11.1-5 ovs-cni-marker-container-v4.11.1-5 hyperconverged-cluster-webhook-container-v4.11.1-7 virt-controller-container-v4.11.1-5 virt-artifacts-server-container-v4.11.1-5 kubevirt-tekton-tasks-modify-vm-template-container-v4.11.1-7 kubevirt-tekton-tasks-disk-virt-customize-container-v4.11.1-7 libguestfs-tools-container-v4.11.1-5 hostpath-provisioner-container-v4.11.1-4 kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.1-7 kubevirt-tekton-tasks-copy-template-container-v4.11.1-7 cnv-containernetworking-plugins-container-v4.11.1-5 bridge-marker-container-v4.11.1-5 virt-operator-container-v4.11.1-5 hostpath-csi-driver-container-v4.11.1-4 kubevirt-tekton-tasks-create-vm-from-template-container-v4.11.1-7 kubemacpool-container-v4.11.1-5 hyperconverged-cluster-operator-container-v4.11.1-7 kubevirt-ssp-operator-container-v4.11.1-4 ovs-cni-plugin-container-v4.11.1-5 kubevirt-tekton-tasks-cleanup-vm-container-v4.11.1-7 kubevirt-tekton-tasks-operator-container-v4.11.1-2 cnv-must-gather-container-v4.11.1-8 kubevirt-console-plugin-container-v4.11.1-9 hco-bundle-registry-container-v4.11.1-49

    1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update Advisory ID: RHSA-2022:8840-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2022:8840 Issue date: 2022-12-08 CVE Names: CVE-2022-1292 CVE-2022-2068 CVE-2022-22721 CVE-2022-23943 CVE-2022-26377 CVE-2022-28330 CVE-2022-28614 CVE-2022-28615 CVE-2022-30522 CVE-2022-31813 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 CVE-2022-32221 CVE-2022-35252 CVE-2022-42915 CVE-2022-42916 ==================================================================== 1. Summary:

    An update is now available for Red Hat JBoss Core Services.

    Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat JBoss Core Services on RHEL 7 Server - noarch, x86_64 Red Hat JBoss Core Services on RHEL 8 - noarch, x86_64

    1. Description:

    Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.

    This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

    Security Fix(es):

    • curl: HSTS bypass via IDN (CVE-2022-42916)

    • curl: HTTP proxy double-free (CVE-2022-42915)

    • curl: POST following PUT confusion (CVE-2022-32221)

    • httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism (CVE-2022-31813)

    • httpd: mod_sed: DoS vulnerability (CVE-2022-30522)

    • httpd: out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)

    • httpd: out-of-bounds read via ap_rwrite() (CVE-2022-28614)

    • httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)

    • curl: control code in cookie denial of service (CVE-2022-35252)

    • jbcs-httpd24-httpd: httpd: mod_isapi: out-of-bounds read (CVE-2022-28330)

    • curl: Unpreserved file permissions (CVE-2022-32207)

    • curl: various flaws (CVE-2022-32206 CVE-2022-32208)

    • openssl: the c_rehash script allows command injection (CVE-2022-2068)

    • openssl: c_rehash script allows command injection (CVE-2022-1292)

    • jbcs-httpd24-httpd: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (CVE-2022-22721)

    • jbcs-httpd24-httpd: httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    Applications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.

    1. Bugs fixed (https://bugzilla.redhat.com/):

    2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds 2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody 2081494 - CVE-2022-1292 openssl: c_rehash script allows command injection 2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling 2095000 - CVE-2022-28330 httpd: mod_isapi: out-of-bounds read 2095002 - CVE-2022-28614 httpd: Out-of-bounds read via ap_rwrite() 2095006 - CVE-2022-28615 httpd: Out-of-bounds read in ap_strcmp_match() 2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability 2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism 2097310 - CVE-2022-2068 openssl: the c_rehash script allows command injection 2099300 - CVE-2022-32206 curl: HTTP compression denial of service 2099305 - CVE-2022-32207 curl: Unpreserved file permissions 2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification 2120718 - CVE-2022-35252 curl: control code in cookie denial of service 2135411 - CVE-2022-32221 curl: POST following PUT confusion 2135413 - CVE-2022-42915 curl: HTTP proxy double-free 2135416 - CVE-2022-42916 curl: HSTS bypass via IDN

    1. Package List:

    Red Hat JBoss Core Services on RHEL 7 Server:

    Source: jbcs-httpd24-apr-util-1.6.1-99.el7jbcs.src.rpm jbcs-httpd24-curl-7.86.0-2.el7jbcs.src.rpm jbcs-httpd24-httpd-2.4.51-37.el7jbcs.src.rpm jbcs-httpd24-mod_http2-1.15.19-20.el7jbcs.src.rpm jbcs-httpd24-mod_jk-1.2.48-44.redhat_1.el7jbcs.src.rpm jbcs-httpd24-mod_md-2.4.0-18.el7jbcs.src.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-13.el7jbcs.src.rpm jbcs-httpd24-mod_security-2.9.3-22.el7jbcs.src.rpm jbcs-httpd24-nghttp2-1.43.0-11.el7jbcs.src.rpm jbcs-httpd24-openssl-1.1.1k-13.el7jbcs.src.rpm jbcs-httpd24-openssl-chil-1.0.0-17.el7jbcs.src.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-32.el7jbcs.src.rpm

    noarch: jbcs-httpd24-httpd-manual-2.4.51-37.el7jbcs.noarch.rpm

    x86_64: jbcs-httpd24-apr-util-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-devel-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-curl-7.86.0-2.el7jbcs.x86_64.rpm jbcs-httpd24-curl-debuginfo-7.86.0-2.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-libcurl-7.86.0-2.el7jbcs.x86_64.rpm jbcs-httpd24-libcurl-devel-7.86.0-2.el7jbcs.x86_64.rpm jbcs-httpd24-mod_http2-1.15.19-20.el7jbcs.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.19-20.el7jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.48-44.redhat_1.el7jbcs.x86_64.rpm jbcs-httpd24-mod_jk-debuginfo-1.2.48-44.redhat_1.el7jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-mod_md-2.4.0-18.el7jbcs.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.4.0-18.el7jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-13.el7jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-13.el7jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-mod_security-2.9.3-22.el7jbcs.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.3-22.el7jbcs.x86_64.rpm jbcs-httpd24-mod_session-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-nghttp2-1.43.0-11.el7jbcs.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.43.0-11.el7jbcs.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.43.0-11.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-1.1.1k-13.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-1.0.0-17.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-17.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1k-13.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1k-13.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1k-13.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1k-13.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-32.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-32.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1k-13.el7jbcs.x86_64.rpm

    Red Hat JBoss Core Services on RHEL 8:

    Source: jbcs-httpd24-apr-util-1.6.1-99.el8jbcs.src.rpm jbcs-httpd24-curl-7.86.0-2.el8jbcs.src.rpm jbcs-httpd24-httpd-2.4.51-37.el8jbcs.src.rpm jbcs-httpd24-mod_http2-1.15.19-20.el8jbcs.src.rpm jbcs-httpd24-mod_jk-1.2.48-44.redhat_1.el8jbcs.src.rpm jbcs-httpd24-mod_md-2.4.0-18.el8jbcs.src.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-13.el8jbcs.src.rpm jbcs-httpd24-mod_security-2.9.3-22.el8jbcs.src.rpm jbcs-httpd24-nghttp2-1.43.0-11.el8jbcs.src.rpm jbcs-httpd24-openssl-1.1.1k-13.el8jbcs.src.rpm jbcs-httpd24-openssl-chil-1.0.0-17.el8jbcs.src.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-32.el8jbcs.src.rpm

    noarch: jbcs-httpd24-httpd-manual-2.4.51-37.el8jbcs.noarch.rpm

    x86_64: jbcs-httpd24-apr-util-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-devel-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-curl-7.86.0-2.el8jbcs.x86_64.rpm jbcs-httpd24-curl-debuginfo-7.86.0-2.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-7.86.0-2.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-debuginfo-7.86.0-2.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-devel-7.86.0-2.el8jbcs.x86_64.rpm jbcs-httpd24-mod_http2-1.15.19-20.el8jbcs.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.19-20.el8jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.48-44.redhat_1.el8jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-debuginfo-1.2.48-44.redhat_1.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-mod_md-2.4.0-18.el8jbcs.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.4.0-18.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-13.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-13.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-mod_security-2.9.3-22.el8jbcs.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.3-22.el8jbcs.x86_64.rpm jbcs-httpd24-mod_session-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-mod_session-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-1.43.0-11.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.43.0-11.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.43.0-11.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-1.1.1k-13.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-1.0.0-17.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-17.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1k-13.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1k-13.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1k-13.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-libs-debuginfo-1.1.1k-13.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1k-13.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-32.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-32.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1k-13.el8jbcs.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/cve/CVE-2022-22721 https://access.redhat.com/security/cve/CVE-2022-23943 https://access.redhat.com/security/cve/CVE-2022-26377 https://access.redhat.com/security/cve/CVE-2022-28330 https://access.redhat.com/security/cve/CVE-2022-28614 https://access.redhat.com/security/cve/CVE-2022-28615 https://access.redhat.com/security/cve/CVE-2022-30522 https://access.redhat.com/security/cve/CVE-2022-31813 https://access.redhat.com/security/cve/CVE-2022-32206 https://access.redhat.com/security/cve/CVE-2022-32207 https://access.redhat.com/security/cve/CVE-2022-32208 https://access.redhat.com/security/cve/CVE-2022-32221 https://access.redhat.com/security/cve/CVE-2022-35252 https://access.redhat.com/security/cve/CVE-2022-42915 https://access.redhat.com/security/cve/CVE-2022-42916 https://access.redhat.com/security/updates/classification/#moderate

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBY5ISE9zjgjWX9erEAQixuA//dX5Q3wtu2MRvrjD/sK/r6dqBz4fWWhS9 ws2A8cRa5ki3RlCaYQ3pP7LkRtIdankAP3HG1NU4er/odsMEW5aEgku+5foV7w4M WEd0USLKs3Pw5a7/3TjOBUf5CA7oet03C7/u9idWaLD/ip4UMhskSnz33qFQSFZf FAWNdsRhH8+ql6qFMg9Odv5RFX3i2+wBy5pC69Akr2FBEt9j+/PbvSPWuPD26n6H 0l+QUKrI3OW1EHzz+S/8aEfTFKLluXfhVJn61wdA8Kjs4ZKrnBz8czJjxn4hOi7a z0tpzg5d1BJEf/UB7EdyyLBGRIliWhf978qtG8QS37GEgnQSof2xgcfu1NGiHl9j ypCqX1R4oOkeoISynnZUKWZ1uFp5GkMiRtPu0Bw7WYB6z/8OWZce4yIqh1rcG09d NcyleabDtpJ7C3BJQzpnhXAWjri7oJ6wHBvcbQ9sLj2xkQRX2Zpi0KJGIH8iLwdn Ik+RIZ7u/mXeW3ulcwiQTPYbTQLWGXqgZV1qxJq91HIcu+y3STQwZjb4fZuqjH5M onO/rF2y50l9LqArg/v9KAJUbHSKMDP6r7Dx02J+iKjW3g7NczoImrU7JcyAgce9 mCN7gMmU9bQx1tagIKcKKW5IVN/jHyWKJW/t0teoaECsa2LMgoEIt+6RcmQXWpdF 6t6oQh+b3NY=UGfz -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description:

    The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Bugs fixed (https://bugzilla.redhat.com/):

    2099300 - CVE-2022-32206 curl: HTTP compression denial of service 2167815 - CVE-2023-23916 curl: HTTP multi-header compression denial of service

    6

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "scalance sc646-2c",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.1.0"
          },
          {
            "_id": null,
            "model": "clustered data ontap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "35"
          },
          {
            "_id": null,
            "model": "bootstrap os",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "solidfire",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "h700s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.0.6"
          },
          {
            "_id": null,
            "model": "h500s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.0.0"
          },
          {
            "_id": null,
            "model": "scalance sc622-2c",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "8.2.12"
          },
          {
            "_id": null,
            "model": "hci management node",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "element software",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "scalance sc642-2c",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.84.0"
          },
          {
            "_id": null,
            "model": "h410s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "h300s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "8.2.0"
          },
          {
            "_id": null,
            "model": "scalance sc632-2c",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "scalance sc626-2c",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "scalance sc636-2c",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.0"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-32206"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "168538"
          },
          {
            "db": "PACKETSTORM",
            "id": "168275"
          },
          {
            "db": "PACKETSTORM",
            "id": "170741"
          },
          {
            "db": "PACKETSTORM",
            "id": "168347"
          },
          {
            "db": "PACKETSTORM",
            "id": "170083"
          },
          {
            "db": "PACKETSTORM",
            "id": "170166"
          },
          {
            "db": "PACKETSTORM",
            "id": "172765"
          },
          {
            "db": "PACKETSTORM",
            "id": "168284"
          }
        ],
        "trust": 0.8
      },
      "cve": "CVE-2022-32206",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2022-32206",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2022-32206",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-32206",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-32206",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202206-2565",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-2565"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-32206"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-32206"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "curl \u003c 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors. Harry Sintonen incorrectly handled certain file permissions. \nAn attacker could possibly use this issue to expose sensitive information. \nThis issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207). Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/\n\nSecurity fixes:\n\n* golang: crypto/tls: session tickets lack random ticket_age_add\n(CVE-2022-30629)\n\n* moment: inefficient parsing algorithim resulting in DoS (CVE-2022-31129)\n\n* nodejs16: CRLF injection in node-undici (CVE-2022-31150)\n\n* nodejs/undici: Cookie headers uncleared on cross-origin redirect\n(CVE-2022-31151)\n\n* vm2: Sandbox Escape in vm2 (CVE-2022-36067)\n\nBug fixes:\n\n* RHACM 2.4 using deprecated APIs in managed clusters (BZ# 2041540)\n\n* vSphere network name doesn\u0027t allow entering spaces and doesn\u0027t reflect\nYAML changes (BZ# 2074766)\n\n* cluster update status is stuck, also update is not even visible (BZ#\n2079418)\n\n* Policy that creates cluster role is showing as not compliant due to\nRequest entity too large message (BZ# 2088486)\n\n* Upgraded from RHACM 2.2--\u003e2.3--\u003e2.4 and cannot create cluster (BZ#\n2089490)\n\n* ACM Console Becomes Unusable After a Time (BZ# 2097464)\n\n* RHACM 2.4.6 images (BZ# 2100613)\n\n* Cluster Pools with conflicting name of existing clusters in same\nnamespace fails creation and deletes existing cluster (BZ# 2102436)\n\n* ManagedClusters in Pending import state after ACM hub migration (BZ#\n2102495)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2041540 - RHACM 2.4 using deprecated APIs in managed clusters\n2074766 - vSphere network name doesn\u0027t allow entering spaces and doesn\u0027t reflect YAML changes\n2079418 - cluster update status is stuck, also update is not even visible\n2088486 - Policy that creates cluster role is showing as not compliant due to Request entity too large message\n2089490 - Upgraded from RHACM 2.2--\u003e2.3--\u003e2.4 and cannot create cluster\n2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n2097464 - ACM Console Becomes Unusable After a Time\n2100613 - RHACM 2.4.6 images\n2102436 - Cluster Pools with conflicting name of existing clusters in same namespace fails creation and deletes existing cluster\n2102495 - ManagedClusters in Pending import state after ACM hub migration\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n2109354 - CVE-2022-31150 nodejs16: CRLF injection in node-undici\n2121396 - CVE-2022-31151 nodejs/undici: Cookie headers uncleared on cross-origin redirect\n2124794 - CVE-2022-36067 vm2:  Sandbox Escape in vm2\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header\n2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-2647 - Add link to log console from pod views\nLOG-2801 - After upgrade all logs are stored in app indices\nLOG-2917 - Changing refresh interval throws error when the \u0027Query\u0027 field is empty\n\n6. This advisory contains the following\nOpenShift Virtualization 4.12.0 images:\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache\n(CVE-2021-44716)\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs\n(CVE-2022-1798)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n(CVE-2021-38561)\n\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header\n(CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions\n(CVE-2022-1962)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled\noverflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect\naccess control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field\nelements (CVE-2022-23806)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit\nX-Forwarded-For not working (CVE-2022-32148)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add\n(CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nRHEL-8-CNV-4.12\n\n=============\nbridge-marker-container-v4.12.0-24\ncluster-network-addons-operator-container-v4.12.0-24\ncnv-containernetworking-plugins-container-v4.12.0-24\ncnv-must-gather-container-v4.12.0-58\nhco-bundle-registry-container-v4.12.0-769\nhostpath-csi-driver-container-v4.12.0-30\nhostpath-provisioner-container-v4.12.0-30\nhostpath-provisioner-operator-container-v4.12.0-31\nhyperconverged-cluster-operator-container-v4.12.0-96\nhyperconverged-cluster-webhook-container-v4.12.0-96\nkubemacpool-container-v4.12.0-24\nkubevirt-console-plugin-container-v4.12.0-182\nkubevirt-ssp-operator-container-v4.12.0-64\nkubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55\nkubevirt-tekton-tasks-copy-template-container-v4.12.0-55\nkubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55\nkubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55\nkubevirt-tekton-tasks-operator-container-v4.12.0-40\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55\nkubevirt-template-validator-container-v4.12.0-32\nlibguestfs-tools-container-v4.12.0-255\novs-cni-marker-container-v4.12.0-24\novs-cni-plugin-container-v4.12.0-24\nvirt-api-container-v4.12.0-255\nvirt-artifacts-server-container-v4.12.0-255\nvirt-cdi-apiserver-container-v4.12.0-72\nvirt-cdi-cloner-container-v4.12.0-72\nvirt-cdi-controller-container-v4.12.0-72\nvirt-cdi-importer-container-v4.12.0-72\nvirt-cdi-operator-container-v4.12.0-72\nvirt-cdi-uploadproxy-container-v4.12.0-71\nvirt-cdi-uploadserver-container-v4.12.0-72\nvirt-controller-container-v4.12.0-255\nvirt-exportproxy-container-v4.12.0-255\nvirt-exportserver-container-v4.12.0-255\nvirt-handler-container-v4.12.0-255\nvirt-launcher-container-v4.12.0-255\nvirt-operator-container-v4.12.0-255\nvirtio-win-container-v4.12.0-10\nvm-network-latency-checkup-container-v4.12.0-89\n\n3. Solution:\n\nBefore applying this update, you must apply all previously released errata\nrelevant to your system. \n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1719190 - Unable to cancel live-migration if virt-launcher pod in pending state\n2023393 - [CNV] [UI]Additional information needed for cloning when default storageclass in not defined in target datavolume\n2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache\n2030806 - CVE-2021-44717 golang: syscall: don\u0027t close fd 0 on ForkExec error\n2040377 - Unable to delete failed VMIM after VM deleted\n2046298 - mdevs not configured with drivers installed, if mdev config added to HCO CR before drivers are installed\n2052556 - Metric \"kubevirt_num_virt_handlers_by_node_running_virt_launcher\" reporting incorrect value\n2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements\n2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString\n2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control\n2060499 - [RFE] Cannot add additional service (or other objects) to VM template\n2069098 - Large scale |VMs migration is slow due to low migration parallelism\n2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass\n2071491 - Storage Throughput metrics are incorrect in Overview\n2072797 - Metrics in Virtualization -\u003e Overview period is not clear or configurable\n2072821 - Top Consumers of Storage Traffic in Kubevirt Dashboard giving unexpected numbers\n2079916 - KubeVirt CR seems to be in DeploymentInProgress state and not recovering\n2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group\n2086285 - [dark mode] VirtualMachine - in the Utilization card the percentages and the graphs not visible enough in dark mode\n2086551 - Min CPU feature found in labels\n2087724 - Default template show no boot source even there are auto-upload boot sources\n2088129 - [SSP] webhook does not comply with restricted security context\n2088464 - [CDI] cdi-deployment does not comply with restricted security context\n2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR\n2089744 - HCO should label its control plane namespace to admit pods at privileged security level\n2089751 - 4.12.0 containers\n2089804 - 4.12.0 rpms\n2091856 - ?Edit BootSource? action should have more explicit information when disabled\n2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n2092796 - [RFE] CPU|Memory display in the template card is not consistent with the display in the template drawer\n2093771 - The disk source should be PVC if the template has no auto-update boot source\n2093996 - kubectl get vmi API should always return primary interface if exist\n2094202 - Cloud-init username field should have hint\n2096285 - KubeVirt CR API documentation is missing docs for many fields\n2096780 - [RFE] Add ssh-key and sysprep to template scripts tab\n2097436 - Online disk expansion ignores filesystem overhead change\n2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP\n2099556 - [RFE] Add option to enable RDP service for windows vm\n2099573 - [RFE] Improve template\u0027s message about not editable\n2099923 - [RFE] Merge \"SSH access\" and \"SSH command\" into one\n2100290 - Error is not dismissed on catalog review page\n2100436 - VM list filtering ignores VMs in error-states\n2100442 - [RFE] allow enabling and disabling SSH service while VM is shut down\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n2100629 - Update nested support KBASE article\n2100679 - The number of hardware devices is not correct in vm overview tab\n2100682 - All hardware devices get deleted while just delete one\n2100684 - Workload profile are not editable during creation and after creation\n2101144 - VM filter has two \"Other\" checkboxes which are triggered together\n2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode\n2101167 - Edit buttons clickable area is too large. \n2101333 - [e2e] elements on Template Scheduling tab are missing proper data-test-id\n2101335 - Clone action enabled in VM list kebab button for a VM in CrashLoopBackOff state\n2101390 - Easy to miss the \"tick\" when adding GPU device to vm via UI\n2101394 - [e2e] elements on VM Scripts tab are missing proper data-test-id\n2101423 - wrong user name on using ignition\n2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page\n2101445 - \"Pending changes - Boot Order\"\n2101454 - Cannot add PVC boot source to template in \u0027Edit Boot Source Reference\u0027 view as a non-priv user\n2101499 - Cannot add NIC to VM template as non-priv user\n2101501 - NAME parameter in VM template has no effect. \n2101628 - non-priv user cannot load dataSource while edit template\u0027s rootdisk\n2101667 - VMI view is not aligned with vm and tempates\n2101681 - All templates are labeling \"source available\" in template list page\n2102074 - VM Creation time on VM Overview Details card lacks string\n2102125 - vm clone modal is displaying DV size instead of PVC size\n2102132 - align the utilization card of single VM overview with the design\n2102138 - Should the word \"new\" be removed from \"Create new VirtualMachine from catalog\"?\n2102256 - Add button moved to right\n2102448 - VM disk is deleted by uncheck \"Delete disks (1x)\" on delete modal\n2102475 - Template \u0027vm-template-example\u0027 should be filtered by \u0027Fedora\u0027 rather than \u0027Other\u0027\n2102561 - sysprep-info should link to downstream doc\n2102737 - Clone a VM should lead to vm overview tab\n2102740 - \"Save\" button on vm clone modal should be \"Clone\"\n2103806 - \"404: Not Found\" appears shortly by clicking the PVC link on vm disk tab\n2103807 - PVC is not named by VM name while creating vm quickly\n2103817 - Workload profile values in vm details should align with template\u0027s value\n2103844 - VM nic model is empty\n2104331 - VM list page scroll up automatically\n2104402 - VM create button is not enabled while adding multiple environment disks\n2104422 - Storage status report \"OpenShift Data Foundation is not available\" even the operator is installed\n2104424 - Enable descheduler or hide it on template\u0027s scheduling tab\n2104479 - [4.12] Cloned VM\u0027s snapshot restore fails if the source VM disk is deleted\n2104480 - Alerts in VM overview tab disappeared after a few seconds\n2104785 - \"Add disk\" and \"Disks\" are on the same line\n2104859 - [RFE] Add \"Copy SSH command\" to VM action list\n2105257 - Can\u0027t set log verbosity level for virt-operator pod\n2106175 - All pages are crashed after visit Virtualization -\u003e Overview\n2106963 - Cannot add configmap for windows VM\n2107279 - VM Template\u0027s bootable disk can be marked as bootable\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob\n2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header\n2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions\n2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working\n2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode\n2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip\n2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n2108339 - datasource does not provide timestamp when updated\n2108638 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed\n2109818 - Upstream metrics documentation is not detailed enough\n2109975 - DataVolume fails to import \"cirros-container-disk-demo\" image\n2110256 - Storage -\u003e PVC -\u003e upload data, does not support source reference\n2110562 - CNV introduces a compliance check fail in \"ocp4-moderate\" profile - routes-protected-by-tls\n2111240 - GiB changes to B in Template\u0027s Edit boot source reference modal\n2111292 - kubevirt plugin console is crashed after creating a vm with 2 nics\n2111328 - kubevirt plugin console crashed after visit vmi page\n2111378 - VM SSH command generated by UI points at api VIP\n2111744 - Cloned template should not label `app.kubernetes.io/name: common-templates`\n2111794 - the virtlogd process is taking too much RAM! (17468Ki \u003e 17Mi)\n2112900 - button style are different\n2114516 - Nothing happens after clicking on Fedora cloud image list link\n2114636 - The style of displayed items are not unified on VM tabs\n2114683 - VM overview tab is crashed just after the vm is created\n2115257 - Need to Change system-product-name to \"OpenShift  Virtualization\" in CNV-4.12\n2115258 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass\n2115280 - [e2e] kubevirt-e2e-aws see two duplicated navigation items\n2115769 - Machine type is updated to rhel8.6.0 in KV CR but not in Templates\n2116225 - The filter keyword of the related operator \u0027Openshift Data Foundation\u0027 is \u0027OCS\u0027 rather than \u0027ODF\u0027\n2116644 - Importer pod is failing to start with error \"MountVolume.SetUp failed for volume \"cdi-proxy-cert-vol\" : configmap \"custom-ca\" not found\"\n2117549 - Cannot edit cloud-init data after add ssh key\n2117803 - Cannot edit ssh even vm is stopped\n2117813 - Improve descriptive text of VM details while VM is off\n2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs\n2118257 - outdated doc link tolerations modal\n2118823 - Deprecated API 1.25 call: virt-cdi-controller/v0.0.0 (linux/amd64) kubernetes/$Format\n2119069 - Unable to start windows VMs on PSI setups\n2119128 - virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24\n2119309 - readinessProbe in VM stays on failed\n2119615 - Change the disk size causes the unit changed\n2120907 - Cannot filter disks by label\n2121320 - Negative values in migration metrics\n2122236 - Failing to delete HCO with SSP sticking around\n2122990 - VMExport should check APIGroup\n2124147 - \"ReadOnlyMany\" should not be added to supported values in memory dump\n2124307 - Ui crash/stuck on loading when trying to detach disk on a VM\n2124528 - On upgrade, when live-migration is failed due to an infra issue, virt-handler continuously and endlessly tries to migrate it\n2124555 - View documentation link on MigrationPolicies page des not work\n2124557 - MigrationPolicy description is not displayed on Details page\n2124558 - Non-privileged user can start MigrationPolicy creation\n2124565 - Deleted DataSource reappears in list\n2124572 - First annotation can not be added to DataSource\n2124582 - Filtering VMs by OS does not work\n2124594 - Docker URL validation is inconsistent over application\n2124597 - Wrong case in Create DataSource menu\n2126104 - virtctl image-upload hangs waiting for pod to be ready with missing access mode defined in the storage profile\n2126397 - many KubeVirtComponentExceedsRequestedMemory alerts in Firing state\n2127787 - Expose the PVC source of the dataSource on UI\n2127843 - UI crashed by selecting \"Live migration network\"\n2127931 - Change default time range on Virtualization -\u003e Overview -\u003e Monitoring dashboard to 30 minutes\n2127947 - cluster-network-addons-config tlsSecurityProfle takes a long time to update after setting APIServer\n2128002 - Error after VM template deletion\n2128107 - sriov-manage command fails to enable SRIOV Virtual functions on the Ampere GPU Cards\n2128872 - [4.11]Can\u0027t restore cloned VM\n2128948 - Cannot create DataSource from default YAML\n2128949 - Cannot create MigrationPolicy from example YAML\n2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24\n2129013 - Mark Windows 11 as TechPreview\n2129234 - Service is not deleted along with the VM when the VM is created from a template with service\n2129301 - Cloud-init network data don\u0027t wipe out on uncheck checkbox \u0027Add network data\u0027\n2129870 - crypto-policy : Accepting TLS 1.3 connections by validating webhook\n2130509 - Auto image import in failed state with data sources pointing to external manually-created PVC/DV\n2130588 - crypto-policy : Common Ciphers support by apiserver and hco\n2130695 - crypto-policy : Logging Improvement and publish the source of ciphers\n2130909 - Non-privileged user can start DataSource creation\n2131157 - KV data transfer rate chart in VM Metrics tab is not displayed\n2131165 - [dark mode] Additional statuses accordion on Virtualization Overview page not visible enough\n2131674 - Bump virtlogd memory requirement to 20Mi\n2132031 - Ensure Windows 2022 Templates are marked as TechPreview like it is done now for Windows 11\n2132682 - Default YAML entity name convention. \n2132721 - Delete dialogs\n2132744 - Description text is missing in Live Migrations section\n2132746 - Background is broken in Virtualization Monitoring page\n2132783 - VM can not be created from Template with edited boot source\n2132793 - Edited Template BSR is not saved\n2132932 - Typo in PVC size units menu\n2133540 - [pod security violation audit] Audit violation in \"cni-plugins\" container should be fixed\n2133541 - [pod security violation audit] Audit violation in \"bridge-marker\" container should be fixed\n2133542 - [pod security violation audit] Audit violation in \"manager\" container should be fixed\n2133543 - [pod security violation audit] Audit violation in \"kube-rbac-proxy\" container should be fixed\n2133655 - [pod security violation audit] Audit violation in \"cdi-operator\" container should be fixed\n2133656 - [4.12][pod security violation audit] Audit violation in \"hostpath-provisioner-operator\" container should be fixed\n2133659 - [pod security violation audit] Audit violation in \"cdi-controller\" container should be fixed\n2133660 - [pod security violation audit] Audit violation in \"cdi-source-update-poller\" container should be fixed\n2134123 - KubeVirtComponentExceedsRequestedMemory Alert for virt-handler pod\n2134672 - [e2e] add data-test-id for catalog -\u003e storage section\n2134825 - Authorization for expand-spec endpoint missing\n2135805 - Windows 2022 template is missing vTPM and UEFI params in spec\n2136051 - Name jumping when trying to create a VM with source from catalog\n2136425 - Windows 11 is detected as Windows 10\n2136534 - Not possible to specify a TTL on VMExports\n2137123 - VMExport: export pod is not PSA complaint\n2137241 - Checkbox about delete vm disks is not loaded while deleting VM\n2137243 - registery input add docker prefix twice\n2137349 - \"Manage source\" action infinitely loading on DataImportCron details page\n2137591 - Inconsistent dialog headings/titles\n2137731 - Link of VM status in overview is not working\n2137733 - No link for VMs in error status in \"VirtualMachine statuses\" card\n2137736 - The column name \"MigrationPolicy name\" can just be \"Name\"\n2137896 - crypto-policy: HCO should pick TLSProfile from apiserver if not provided explicitly\n2138112 - Unsupported S3 endpoint option in Add disk modal\n2138119 - \"Customize VirtualMachine\" flow is not user-friendly because settings are split into 2 modals\n2138199 - Win11 and Win22 templates are not filtered properly by Template provider\n2138653 - Saving Template prameters reloads the page\n2138657 - Setting DATA_SOURCE_* Template parameters makes VM creation fail\n2138664 - VM that was created with SSH key fails to start\n2139257 - Cannot add disk via \"Using an existing PVC\"\n2139260 - Clone button is disabled while VM is running\n2139293 - Non-admin user cannot load VM list page\n2139296 - Non-admin cannot load MigrationPolicies page\n2139299 - No auto-generated VM name while creating VM by non-admin user\n2139306 - Non-admin cannot create VM via customize mode\n2139479 - virtualization overview crashes for non-priv user\n2139574 - VM name gets \"emptyname\" if click the create button quickly\n2139651 - non-priv user can click create when have no permissions\n2139687 - catalog shows template list for non-priv users\n2139738 - [4.12]Can\u0027t restore cloned VM\n2139820 - non-priv user cant reach vm details\n2140117 - Provide upgrade path from 4.11.1-\u003e4.12.0\n2140521 - Click the breadcrumb list about \"VirtualMachines\" goes to undefined project\n2140534 - [View only] it should give a permission error when user clicking the VNC play/connect button as a view only user\n2140627 - Not able to select storageClass if there is no default storageclass defined\n2140730 - Links on Virtualization Overview page lead to wrong namespace for non-priv user\n2140808 - Hyperv feature set to \"enabled: false\" prevents scheduling\n2140977 - Alerts number is not correct on Virtualization overview\n2140982 - The base template of cloned template is \"Not available\"\n2140998 - Incorrect information shows in overview page per namespace\n2141089 - Unable to upload boot images. \n2141302 - Unhealthy states alerts and state metrics are missing\n2141399 - Unable to set TLS Security profile for CDI using HCO jsonpatch annotations\n2141494 - \"Start in pause mode\" option is not available while creating the VM\n2141654 - warning log appearing on VMs: found no SR-IOV networks\n2141711 - Node column selector is redundant for non-priv user\n2142468 - VM action \"Stop\" should not be disabled when VM in pause state\n2142470 - Delete a VM or template from all projects leads to 404 error\n2142511 - Enhance alerts card in overview\n2142647 - Error after MigrationPolicy deletion\n2142891 - VM latency checkup: Failed to create the checkup\u0027s Job\n2142929 - Permission denied when try get instancestypes\n2143268 - Topolvm storageProfile missing accessModes and volumeMode\n2143498 - Could not load template while creating VM from catalog\n2143964 - Could not load template while creating VM from catalog\n2144580 - \"?\" icon is too big in VM Template Disk tab\n2144828 - \"?\" icon is too big in VM Template Disk tab\n2144839 - Alerts number is not correct on Virtualization overview\n2153849 - After upgrade to 4.11.1-\u003e4.12.0 hco.spec.workloadUpdateStrategy value is getting overwritten\n2155757 - Incorrect upstream-version label \"v1.6.0-unstable-410-g09ea881c\" is tagged to 4.12 hyperconverged-cluster-operator-container and hyperconverged-cluster-webhook-container\n\n5. Description:\n\nMulticluster Engine for Kubernetes 2.0.2 images\n\nMulticluster engine for Kubernetes provides the foundational components\nthat are necessary for the centralized management of multiple\nKubernetes-based clusters across data centers, public clouds, and private\nclouds. \n\nYou can use the engine to create new Red Hat OpenShift Container Platform\nclusters or to bring existing Kubernetes-based clusters under management by\nimporting them. After the clusters are managed, you can use the APIs that\nare provided by the engine to distribute configuration based on placement\npolicy. \n\nSecurity updates:\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n* vm2: Sandbox Escape in vm2 (CVE-2022-36067)\n\nBug fix:\n\n* MCE 2.0.2 images (BZ# 2104569)\n\n3. Solution:\n\nFor multicluster engine for Kubernetes, see the following documentation for\ndetails on how to install the images:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/multicluster_engine/index#installing-while-connected-online\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2104569 - MCE 2.0.2 Images\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n2124794 - CVE-2022-36067 vm2:  Sandbox Escape in vm2\n\n5. \n\nBug Fix(es):\n\n* Cloning a Block DV to VM with Filesystem with not big enough size comes\nto endless loop - using pvc api (BZ#2033191)\n\n* Restart of VM Pod causes SSH keys to be regenerated within VM\n(BZ#2087177)\n\n* Import gzipped raw file causes image to be downloaded and uncompressed to\nTMPDIR (BZ#2089391)\n\n* [4.11] VM Snapshot Restore hangs indefinitely when backed by a\nsnapshotclass (BZ#2098225)\n\n* Fedora version in DataImportCrons is not \u0027latest\u0027 (BZ#2102694)\n\n* [4.11] Cloned VM\u0027s snapshot restore fails if the source VM disk is\ndeleted (BZ#2109407)\n\n* CNV introduces a compliance check fail in \"ocp4-moderate\" profile -\nroutes-protected-by-tls (BZ#2110562)\n\n* Nightly build: v4.11.0-578: index format was changed in 4.11 to\nfile-based instead of sqlite-based (BZ#2112643)\n\n* Unable to start windows VMs on PSI setups (BZ#2115371)\n\n* [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity\nrestricted:v1.24 (BZ#2128997)\n\n* Mark Windows 11 as TechPreview (BZ#2129013)\n\n* 4.11.1 rpms (BZ#2139453)\n\nThis advisory contains the following OpenShift Virtualization 4.11.1\nimages. \n\nRHEL-8-CNV-4.11\n\nvirt-cdi-operator-container-v4.11.1-5\nvirt-cdi-uploadserver-container-v4.11.1-5\nvirt-cdi-apiserver-container-v4.11.1-5\nvirt-cdi-importer-container-v4.11.1-5\nvirt-cdi-controller-container-v4.11.1-5\nvirt-cdi-cloner-container-v4.11.1-5\nvirt-cdi-uploadproxy-container-v4.11.1-5\ncheckup-framework-container-v4.11.1-3\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.1-7\nkubevirt-tekton-tasks-create-datavolume-container-v4.11.1-7\nkubevirt-template-validator-container-v4.11.1-4\nvirt-handler-container-v4.11.1-5\nhostpath-provisioner-operator-container-v4.11.1-4\nvirt-api-container-v4.11.1-5\nvm-network-latency-checkup-container-v4.11.1-3\ncluster-network-addons-operator-container-v4.11.1-5\nvirtio-win-container-v4.11.1-4\nvirt-launcher-container-v4.11.1-5\novs-cni-marker-container-v4.11.1-5\nhyperconverged-cluster-webhook-container-v4.11.1-7\nvirt-controller-container-v4.11.1-5\nvirt-artifacts-server-container-v4.11.1-5\nkubevirt-tekton-tasks-modify-vm-template-container-v4.11.1-7\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.11.1-7\nlibguestfs-tools-container-v4.11.1-5\nhostpath-provisioner-container-v4.11.1-4\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.1-7\nkubevirt-tekton-tasks-copy-template-container-v4.11.1-7\ncnv-containernetworking-plugins-container-v4.11.1-5\nbridge-marker-container-v4.11.1-5\nvirt-operator-container-v4.11.1-5\nhostpath-csi-driver-container-v4.11.1-4\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.11.1-7\nkubemacpool-container-v4.11.1-5\nhyperconverged-cluster-operator-container-v4.11.1-7\nkubevirt-ssp-operator-container-v4.11.1-4\novs-cni-plugin-container-v4.11.1-5\nkubevirt-tekton-tasks-cleanup-vm-container-v4.11.1-7\nkubevirt-tekton-tasks-operator-container-v4.11.1-2\ncnv-must-gather-container-v4.11.1-8\nkubevirt-console-plugin-container-v4.11.1-9\nhco-bundle-registry-container-v4.11.1-49\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update\nAdvisory ID:       RHSA-2022:8840-01\nProduct:           Red Hat JBoss Core Services\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:8840\nIssue date:        2022-12-08\nCVE Names:         CVE-2022-1292 CVE-2022-2068 CVE-2022-22721\n                   CVE-2022-23943 CVE-2022-26377 CVE-2022-28330\n                   CVE-2022-28614 CVE-2022-28615 CVE-2022-30522\n                   CVE-2022-31813 CVE-2022-32206 CVE-2022-32207\n                   CVE-2022-32208 CVE-2022-32221 CVE-2022-35252\n                   CVE-2022-42915 CVE-2022-42916\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat JBoss Core Services. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss Core Services on RHEL 7 Server - noarch, x86_64\nRed Hat JBoss Core Services on RHEL 8 - noarch, x86_64\n\n3. Description:\n\nRed Hat JBoss Core Services is a set of supplementary software for Red Hat\nJBoss middleware products. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51\nService Pack 1 serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.51, and includes bug fixes and enhancements, which\nare documented in the Release Notes document linked to in the References. \n\nSecurity Fix(es):\n\n* curl: HSTS bypass via IDN (CVE-2022-42916)\n\n* curl: HTTP proxy double-free (CVE-2022-42915)\n\n* curl: POST following PUT confusion (CVE-2022-32221)\n\n* httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism\n(CVE-2022-31813)\n\n* httpd: mod_sed: DoS vulnerability (CVE-2022-30522)\n\n* httpd: out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)\n\n* httpd: out-of-bounds read via ap_rwrite() (CVE-2022-28614)\n\n* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)\n\n* curl: control code in cookie denial of service (CVE-2022-35252)\n\n* jbcs-httpd24-httpd: httpd: mod_isapi: out-of-bounds read (CVE-2022-28330)\n\n* curl: Unpreserved file permissions (CVE-2022-32207)\n\n* curl: various flaws (CVE-2022-32206 CVE-2022-32208)\n\n* openssl: the c_rehash script allows command injection (CVE-2022-2068)\n\n* openssl: c_rehash script allows command injection (CVE-2022-1292)\n\n* jbcs-httpd24-httpd: httpd: core: Possible buffer overflow with very large\nor unlimited LimitXMLRequestBody (CVE-2022-22721)\n\n* jbcs-httpd24-httpd: httpd: mod_sed: Read/write beyond bounds\n(CVE-2022-23943)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for\nthis update to take effect. After installing the updated packages, the\nhttpd daemon will be restarted automatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds\n2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody\n2081494 - CVE-2022-1292 openssl: c_rehash script allows command injection\n2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling\n2095000 - CVE-2022-28330 httpd: mod_isapi: out-of-bounds read\n2095002 - CVE-2022-28614 httpd: Out-of-bounds read via ap_rwrite()\n2095006 - CVE-2022-28615 httpd: Out-of-bounds read in ap_strcmp_match()\n2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability\n2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism\n2097310 - CVE-2022-2068 openssl: the c_rehash script allows command injection\n2099300 - CVE-2022-32206 curl: HTTP compression denial of service\n2099305 - CVE-2022-32207 curl: Unpreserved file permissions\n2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification\n2120718 - CVE-2022-35252 curl: control code in cookie denial of service\n2135411 - CVE-2022-32221 curl: POST following PUT confusion\n2135413 - CVE-2022-42915 curl: HTTP proxy double-free\n2135416 - CVE-2022-42916 curl: HSTS bypass via IDN\n\n6. Package List:\n\nRed Hat JBoss Core Services on RHEL 7 Server:\n\nSource:\njbcs-httpd24-apr-util-1.6.1-99.el7jbcs.src.rpm\njbcs-httpd24-curl-7.86.0-2.el7jbcs.src.rpm\njbcs-httpd24-httpd-2.4.51-37.el7jbcs.src.rpm\njbcs-httpd24-mod_http2-1.15.19-20.el7jbcs.src.rpm\njbcs-httpd24-mod_jk-1.2.48-44.redhat_1.el7jbcs.src.rpm\njbcs-httpd24-mod_md-2.4.0-18.el7jbcs.src.rpm\njbcs-httpd24-mod_proxy_cluster-1.3.17-13.el7jbcs.src.rpm\njbcs-httpd24-mod_security-2.9.3-22.el7jbcs.src.rpm\njbcs-httpd24-nghttp2-1.43.0-11.el7jbcs.src.rpm\njbcs-httpd24-openssl-1.1.1k-13.el7jbcs.src.rpm\njbcs-httpd24-openssl-chil-1.0.0-17.el7jbcs.src.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-32.el7jbcs.src.rpm\n\nnoarch:\njbcs-httpd24-httpd-manual-2.4.51-37.el7jbcs.noarch.rpm\n\nx86_64:\njbcs-httpd24-apr-util-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-debuginfo-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-devel-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-ldap-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-mysql-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-nss-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-odbc-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-openssl-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-pgsql-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-sqlite-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-curl-7.86.0-2.el7jbcs.x86_64.rpm\njbcs-httpd24-curl-debuginfo-7.86.0-2.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-debuginfo-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-devel-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-selinux-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-tools-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-libcurl-7.86.0-2.el7jbcs.x86_64.rpm\njbcs-httpd24-libcurl-devel-7.86.0-2.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_http2-1.15.19-20.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_http2-debuginfo-1.15.19-20.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_jk-ap24-1.2.48-44.redhat_1.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_jk-debuginfo-1.2.48-44.redhat_1.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_ldap-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_md-2.4.0-18.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_md-debuginfo-2.4.0-18.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_cluster-1.3.17-13.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-13.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_html-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_security-2.9.3-22.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_security-debuginfo-2.9.3-22.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_session-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_ssl-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-1.43.0-11.el7jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-debuginfo-1.43.0-11.el7jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-devel-1.43.0-11.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-1.1.1k-13.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-chil-1.0.0-17.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-chil-debuginfo-1.0.0-17.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-debuginfo-1.1.1k-13.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-devel-1.1.1k-13.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-libs-1.1.1k-13.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-perl-1.1.1k-13.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-32.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-32.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-static-1.1.1k-13.el7jbcs.x86_64.rpm\n\nRed Hat JBoss Core Services on RHEL 8:\n\nSource:\njbcs-httpd24-apr-util-1.6.1-99.el8jbcs.src.rpm\njbcs-httpd24-curl-7.86.0-2.el8jbcs.src.rpm\njbcs-httpd24-httpd-2.4.51-37.el8jbcs.src.rpm\njbcs-httpd24-mod_http2-1.15.19-20.el8jbcs.src.rpm\njbcs-httpd24-mod_jk-1.2.48-44.redhat_1.el8jbcs.src.rpm\njbcs-httpd24-mod_md-2.4.0-18.el8jbcs.src.rpm\njbcs-httpd24-mod_proxy_cluster-1.3.17-13.el8jbcs.src.rpm\njbcs-httpd24-mod_security-2.9.3-22.el8jbcs.src.rpm\njbcs-httpd24-nghttp2-1.43.0-11.el8jbcs.src.rpm\njbcs-httpd24-openssl-1.1.1k-13.el8jbcs.src.rpm\njbcs-httpd24-openssl-chil-1.0.0-17.el8jbcs.src.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-32.el8jbcs.src.rpm\n\nnoarch:\njbcs-httpd24-httpd-manual-2.4.51-37.el8jbcs.noarch.rpm\n\nx86_64:\njbcs-httpd24-apr-util-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-devel-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-ldap-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-ldap-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-mysql-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-mysql-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-nss-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-nss-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-odbc-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-odbc-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-openssl-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-openssl-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-pgsql-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-pgsql-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-sqlite-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-sqlite-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-curl-7.86.0-2.el8jbcs.x86_64.rpm\njbcs-httpd24-curl-debuginfo-7.86.0-2.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-devel-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-selinux-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-tools-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-tools-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-libcurl-7.86.0-2.el8jbcs.x86_64.rpm\njbcs-httpd24-libcurl-debuginfo-7.86.0-2.el8jbcs.x86_64.rpm\njbcs-httpd24-libcurl-devel-7.86.0-2.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_http2-1.15.19-20.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_http2-debuginfo-1.15.19-20.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_jk-ap24-1.2.48-44.redhat_1.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_jk-ap24-debuginfo-1.2.48-44.redhat_1.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_ldap-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_ldap-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_md-2.4.0-18.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_md-debuginfo-2.4.0-18.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_cluster-1.3.17-13.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-13.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_html-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_html-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_security-2.9.3-22.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_security-debuginfo-2.9.3-22.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_session-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_session-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_ssl-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_ssl-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-1.43.0-11.el8jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-debuginfo-1.43.0-11.el8jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-devel-1.43.0-11.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-1.1.1k-13.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-chil-1.0.0-17.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-chil-debuginfo-1.0.0-17.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-debuginfo-1.1.1k-13.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-devel-1.1.1k-13.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-libs-1.1.1k-13.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-libs-debuginfo-1.1.1k-13.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-perl-1.1.1k-13.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-32.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-32.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-static-1.1.1k-13.el8jbcs.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-1292\nhttps://access.redhat.com/security/cve/CVE-2022-2068\nhttps://access.redhat.com/security/cve/CVE-2022-22721\nhttps://access.redhat.com/security/cve/CVE-2022-23943\nhttps://access.redhat.com/security/cve/CVE-2022-26377\nhttps://access.redhat.com/security/cve/CVE-2022-28330\nhttps://access.redhat.com/security/cve/CVE-2022-28614\nhttps://access.redhat.com/security/cve/CVE-2022-28615\nhttps://access.redhat.com/security/cve/CVE-2022-30522\nhttps://access.redhat.com/security/cve/CVE-2022-31813\nhttps://access.redhat.com/security/cve/CVE-2022-32206\nhttps://access.redhat.com/security/cve/CVE-2022-32207\nhttps://access.redhat.com/security/cve/CVE-2022-32208\nhttps://access.redhat.com/security/cve/CVE-2022-32221\nhttps://access.redhat.com/security/cve/CVE-2022-35252\nhttps://access.redhat.com/security/cve/CVE-2022-42915\nhttps://access.redhat.com/security/cve/CVE-2022-42916\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBY5ISE9zjgjWX9erEAQixuA//dX5Q3wtu2MRvrjD/sK/r6dqBz4fWWhS9\nws2A8cRa5ki3RlCaYQ3pP7LkRtIdankAP3HG1NU4er/odsMEW5aEgku+5foV7w4M\nWEd0USLKs3Pw5a7/3TjOBUf5CA7oet03C7/u9idWaLD/ip4UMhskSnz33qFQSFZf\nFAWNdsRhH8+ql6qFMg9Odv5RFX3i2+wBy5pC69Akr2FBEt9j+/PbvSPWuPD26n6H\n0l+QUKrI3OW1EHzz+S/8aEfTFKLluXfhVJn61wdA8Kjs4ZKrnBz8czJjxn4hOi7a\nz0tpzg5d1BJEf/UB7EdyyLBGRIliWhf978qtG8QS37GEgnQSof2xgcfu1NGiHl9j\nypCqX1R4oOkeoISynnZUKWZ1uFp5GkMiRtPu0Bw7WYB6z/8OWZce4yIqh1rcG09d\nNcyleabDtpJ7C3BJQzpnhXAWjri7oJ6wHBvcbQ9sLj2xkQRX2Zpi0KJGIH8iLwdn\nIk+RIZ7u/mXeW3ulcwiQTPYbTQLWGXqgZV1qxJq91HIcu+y3STQwZjb4fZuqjH5M\nonO/rF2y50l9LqArg/v9KAJUbHSKMDP6r7Dx02J+iKjW3g7NczoImrU7JcyAgce9\nmCN7gMmU9bQx1tagIKcKKW5IVN/jHyWKJW/t0teoaECsa2LMgoEIt+6RcmQXWpdF\n6t6oQh+b3NY=UGfz\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. Bugs fixed (https://bugzilla.redhat.com/):\n\n2099300 - CVE-2022-32206 curl: HTTP compression denial of service\n2167815 - CVE-2023-23916 curl: HTTP multi-header compression denial of service\n\n6",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-32206"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-32206"
          },
          {
            "db": "PACKETSTORM",
            "id": "168538"
          },
          {
            "db": "PACKETSTORM",
            "id": "168275"
          },
          {
            "db": "PACKETSTORM",
            "id": "170741"
          },
          {
            "db": "PACKETSTORM",
            "id": "168347"
          },
          {
            "db": "PACKETSTORM",
            "id": "170083"
          },
          {
            "db": "PACKETSTORM",
            "id": "170166"
          },
          {
            "db": "PACKETSTORM",
            "id": "172765"
          },
          {
            "db": "PACKETSTORM",
            "id": "168284"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-32206",
            "trust": 2.5
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2023/02/15/3",
            "trust": 1.6
          },
          {
            "db": "HACKERONE",
            "id": "1570651",
            "trust": 1.6
          },
          {
            "db": "SIEMENS",
            "id": "SSA-333517",
            "trust": 1.6
          },
          {
            "db": "PACKETSTORM",
            "id": "168347",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "170166",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "168284",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.3366",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.6333",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.3732",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.6290",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.4468",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.4757",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.3143",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.3238",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.4324",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.5247",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.4266",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.4112",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.3117",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.5632",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.2163",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.5300",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.4525",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.4568",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "167607",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "168301",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "168174",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "168503",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "168378",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "169443",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022071152",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022062927",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-2565",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-32206",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "168538",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "168275",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "170741",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "170083",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "172765",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-32206"
          },
          {
            "db": "PACKETSTORM",
            "id": "168538"
          },
          {
            "db": "PACKETSTORM",
            "id": "168275"
          },
          {
            "db": "PACKETSTORM",
            "id": "170741"
          },
          {
            "db": "PACKETSTORM",
            "id": "168347"
          },
          {
            "db": "PACKETSTORM",
            "id": "170083"
          },
          {
            "db": "PACKETSTORM",
            "id": "170166"
          },
          {
            "db": "PACKETSTORM",
            "id": "172765"
          },
          {
            "db": "PACKETSTORM",
            "id": "168284"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-2565"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-32206"
          }
        ]
      },
      "id": "VAR-202206-1900",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.5566514
      },
      "last_update_date": "2026-04-10T23:28:19.708000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "curl Remediation of resource management error vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=198520"
          },
          {
            "title": "Ubuntu Security Notice: USN-5495-1: curl vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5495-1"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-32206"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-2565"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-770",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-32206"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.6,
            "url": "https://hackerone.com/reports/1570651"
          },
          {
            "trust": 1.6,
            "url": "http://seclists.org/fulldisclosure/2022/oct/41"
          },
          {
            "trust": 1.6,
            "url": "http://www.openwall.com/lists/oss-security/2023/02/15/3"
          },
          {
            "trust": 1.6,
            "url": "https://www.debian.org/security/2022/dsa-5197"
          },
          {
            "trust": 1.6,
            "url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
          },
          {
            "trust": 1.6,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf"
          },
          {
            "trust": 1.6,
            "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
          },
          {
            "trust": 1.6,
            "url": "http://seclists.org/fulldisclosure/2022/oct/28"
          },
          {
            "trust": 1.6,
            "url": "https://support.apple.com/kb/ht213488"
          },
          {
            "trust": 1.6,
            "url": "https://security.gentoo.org/glsa/202212-01"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bev6br4mti3cewk2yu2hqzuw5fas3fey/"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2022-32206"
          },
          {
            "trust": 0.8,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.8,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.7,
            "url": "https://access.redhat.com/security/cve/cve-2022-32208"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1292"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2022-1292"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2022-2068"
          },
          {
            "trust": 0.6,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bev6br4mti3cewk2yu2hqzuw5fas3fey/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.3143"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/curl-denial-of-service-via-http-compression-38671"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022062927"
          },
          {
            "trust": 0.6,
            "url": "https://support.apple.com/en-us/ht213488"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168347/red-hat-security-advisory-2022-6422-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.6290"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168301/red-hat-security-advisory-2022-6287-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168174/red-hat-security-advisory-2022-6157-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.4112"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/170166/red-hat-security-advisory-2022-8840-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168378/red-hat-security-advisory-2022-6507-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.5247"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.6333"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.3366"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168503/red-hat-security-advisory-2022-6560-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.4757"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/167607/ubuntu-security-notice-usn-5495-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.2163"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022071152"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.3732"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.3238"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168284/red-hat-security-advisory-2022-6183-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.4266"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-32206/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.5632"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.4468"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.4324"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.4525"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/169443/red-hat-security-advisory-2022-7058-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.3117"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.4568"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-2097"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-1586"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1586"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-29154"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2068"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-1785"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-1897"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-1927"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-2526"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32208"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0391"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-20107"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2015-20107"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-30629"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2097"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-0391"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-34903"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-32148"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-1705"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2526"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-30631"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29154"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/updates/classification/#critical"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-36067"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-31129"
          },
          {
            "trust": 0.2,
            "url": "https://issues.jboss.org/):"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32148"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1705"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30631"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-30698"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1304"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-26716"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-27406"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-30293"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-35525"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-38561"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-40674"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-38561"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-22624"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-22662"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-0308"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-35527"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0934"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-0256"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2016-3709"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3709"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-22629"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-26717"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35525"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-24795"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-26719"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-2509"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-26709"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0256"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-26700"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-27405"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-25308"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-26710"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-1304"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-25309"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-27404"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-30699"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35527"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-25310"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-22628"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0934"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-0308"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-37434"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-3515"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-5495-1"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html-single/install/index#installing"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-25314"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-28915"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-27782"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1729"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:6696"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-21123"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-32250"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-31150"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-27776"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28915"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21123"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-21166"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-21125"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22576"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-40528"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1729"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-25313"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-27666"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1012"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-27774"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1012"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-40528"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-29824"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-31151"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:6344"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:0408"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-30632"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23772"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-28131"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44716"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-29526"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-30633"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-42898"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23773"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-30630"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1962"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-30635"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-3787"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-44716"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44717"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23806"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1798"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-44717"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:6422"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-31129"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/multicluster_engine/index#installing-while-connected-online"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-36067"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-38177"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-28327"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24921"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24675"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:8750"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-38178"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28614"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23943"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-32207"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26377"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30522"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-31813"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32207"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-42915"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-28615"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-42916"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22721"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-35252"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-31813"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-28614"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-28330"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28615"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28330"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26377"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32221"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:8840"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23943"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-30522"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-32221"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-23916"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23916"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:3460"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-release-notes.html"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-upgrading.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:6183"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-32206"
          },
          {
            "db": "PACKETSTORM",
            "id": "168538"
          },
          {
            "db": "PACKETSTORM",
            "id": "168275"
          },
          {
            "db": "PACKETSTORM",
            "id": "170741"
          },
          {
            "db": "PACKETSTORM",
            "id": "168347"
          },
          {
            "db": "PACKETSTORM",
            "id": "170083"
          },
          {
            "db": "PACKETSTORM",
            "id": "170166"
          },
          {
            "db": "PACKETSTORM",
            "id": "172765"
          },
          {
            "db": "PACKETSTORM",
            "id": "168284"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-2565"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-32206"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2022-32206",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "168538",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "168275",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "170741",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "168347",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "170083",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "170166",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "172765",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "168284",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-2565",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2022-32206",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-09-27T16:01:00",
            "db": "PACKETSTORM",
            "id": "168538",
            "ident": null
          },
          {
            "date": "2022-09-07T16:50:50",
            "db": "PACKETSTORM",
            "id": "168275",
            "ident": null
          },
          {
            "date": "2023-01-26T15:29:09",
            "db": "PACKETSTORM",
            "id": "170741",
            "ident": null
          },
          {
            "date": "2022-09-13T15:29:12",
            "db": "PACKETSTORM",
            "id": "168347",
            "ident": null
          },
          {
            "date": "2022-12-02T15:57:08",
            "db": "PACKETSTORM",
            "id": "170083",
            "ident": null
          },
          {
            "date": "2022-12-08T21:28:44",
            "db": "PACKETSTORM",
            "id": "170166",
            "ident": null
          },
          {
            "date": "2023-06-06T17:04:24",
            "db": "PACKETSTORM",
            "id": "172765",
            "ident": null
          },
          {
            "date": "2022-09-07T16:57:47",
            "db": "PACKETSTORM",
            "id": "168284",
            "ident": null
          },
          {
            "date": "2022-06-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202206-2565",
            "ident": null
          },
          {
            "date": "2022-07-07T13:15:08.340000",
            "db": "NVD",
            "id": "CVE-2022-32206",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2023-06-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202206-2565",
            "ident": null
          },
          {
            "date": "2025-05-05T17:18:13.120000",
            "db": "NVD",
            "id": "CVE-2022-32206",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-2565"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "curl Resource Management Error Vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-2565"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "_id": null,
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-2565"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202210-1070

    Vulnerability from variot - Updated: 2026-04-10 23:25

    An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. It is written in C language and can be called by many languages, such as C language, C++, XSH. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. Summary:

    OpenShift API for Data Protection (OADP) 1.1.2 is now available. Description:

    OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Solution:

    Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):

    2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers 2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps 2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests

    1. JIRA issues fixed (https://issues.jboss.org/):

    OADP-1056 - DPA fails validation if multiple BSLs have the same provider OADP-1150 - Handle docker env config changes in the oadp-operator OADP-1217 - update velero + restic to 1.9.5 OADP-1256 - Backup stays in progress status after restic pod is restarted due to OOM killed OADP-1289 - Restore partially fails with error "Secrets \"deployer-token-rrjqx\" not found" OADP-290 - Remove creation/usage of velero-privileged SCC

    1. Description:

    Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):

    2160492 - CVE-2023-22482 ArgoCD: JWT audience claim is not verified 2162517 - CVE-2023-22736 argocd: Controller reconciles apps outside configured namespaces when sharding is enabled

    1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Moderate: libxml2 security update Advisory ID: RHSA-2023:0338-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:0338 Issue date: 2023-01-23 CVE Names: CVE-2022-40303 CVE-2022-40304 ==================================================================== 1. Summary:

    An update for libxml2 is now available for Red Hat Enterprise Linux 9.

    Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64

    1. Description:

    The libxml2 library is a development toolbox providing the implementation of various XML standards.

    Security Fix(es):

    • libxml2: integer overflows with XML_PARSE_HUGE (CVE-2022-40303)

    • libxml2: dict corruption caused by entity reference cycles (CVE-2022-40304)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    The desktop must be restarted (log out, then log back in) for this update to take effect.

    1. Bugs fixed (https://bugzilla.redhat.com/):

    2136266 - CVE-2022-40303 libxml2: integer overflows with XML_PARSE_HUGE 2136288 - CVE-2022-40304 libxml2: dict corruption caused by entity reference cycles

    1. Package List:

    Red Hat Enterprise Linux AppStream (v. 9):

    aarch64: libxml2-debuginfo-2.9.13-3.el9_1.aarch64.rpm libxml2-debugsource-2.9.13-3.el9_1.aarch64.rpm libxml2-devel-2.9.13-3.el9_1.aarch64.rpm python3-libxml2-debuginfo-2.9.13-3.el9_1.aarch64.rpm

    ppc64le: libxml2-debuginfo-2.9.13-3.el9_1.ppc64le.rpm libxml2-debugsource-2.9.13-3.el9_1.ppc64le.rpm libxml2-devel-2.9.13-3.el9_1.ppc64le.rpm python3-libxml2-debuginfo-2.9.13-3.el9_1.ppc64le.rpm

    s390x: libxml2-debuginfo-2.9.13-3.el9_1.s390x.rpm libxml2-debugsource-2.9.13-3.el9_1.s390x.rpm libxml2-devel-2.9.13-3.el9_1.s390x.rpm python3-libxml2-debuginfo-2.9.13-3.el9_1.s390x.rpm

    x86_64: libxml2-debuginfo-2.9.13-3.el9_1.i686.rpm libxml2-debuginfo-2.9.13-3.el9_1.x86_64.rpm libxml2-debugsource-2.9.13-3.el9_1.i686.rpm libxml2-debugsource-2.9.13-3.el9_1.x86_64.rpm libxml2-devel-2.9.13-3.el9_1.i686.rpm libxml2-devel-2.9.13-3.el9_1.x86_64.rpm python3-libxml2-debuginfo-2.9.13-3.el9_1.i686.rpm python3-libxml2-debuginfo-2.9.13-3.el9_1.x86_64.rpm

    Red Hat Enterprise Linux BaseOS (v. 9):

    Source: libxml2-2.9.13-3.el9_1.src.rpm

    aarch64: libxml2-2.9.13-3.el9_1.aarch64.rpm libxml2-debuginfo-2.9.13-3.el9_1.aarch64.rpm libxml2-debugsource-2.9.13-3.el9_1.aarch64.rpm python3-libxml2-2.9.13-3.el9_1.aarch64.rpm python3-libxml2-debuginfo-2.9.13-3.el9_1.aarch64.rpm

    ppc64le: libxml2-2.9.13-3.el9_1.ppc64le.rpm libxml2-debuginfo-2.9.13-3.el9_1.ppc64le.rpm libxml2-debugsource-2.9.13-3.el9_1.ppc64le.rpm python3-libxml2-2.9.13-3.el9_1.ppc64le.rpm python3-libxml2-debuginfo-2.9.13-3.el9_1.ppc64le.rpm

    s390x: libxml2-2.9.13-3.el9_1.s390x.rpm libxml2-debuginfo-2.9.13-3.el9_1.s390x.rpm libxml2-debugsource-2.9.13-3.el9_1.s390x.rpm python3-libxml2-2.9.13-3.el9_1.s390x.rpm python3-libxml2-debuginfo-2.9.13-3.el9_1.s390x.rpm

    x86_64: libxml2-2.9.13-3.el9_1.i686.rpm libxml2-2.9.13-3.el9_1.x86_64.rpm libxml2-debuginfo-2.9.13-3.el9_1.i686.rpm libxml2-debuginfo-2.9.13-3.el9_1.x86_64.rpm libxml2-debugsource-2.9.13-3.el9_1.i686.rpm libxml2-debugsource-2.9.13-3.el9_1.x86_64.rpm python3-libxml2-2.9.13-3.el9_1.x86_64.rpm python3-libxml2-debuginfo-2.9.13-3.el9_1.i686.rpm python3-libxml2-debuginfo-2.9.13-3.el9_1.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2022-40303 https://access.redhat.com/security/cve/CVE-2022-40304 https://access.redhat.com/security/updates/classification/#moderate

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2023 Red Hat, Inc. Bugs fixed (https://bugzilla.redhat.com/):

    2171870 - CVE-2023-0923 odh-notebook-controller-container: Missing authorization allows for file contents disclosure

    1. JIRA issues fixed (https://issues.jboss.org/):

    RHODS-6123 - Update dsp repo to match upstream kfp-tekton repo RHODS-6136 - Verify status of manifests RHODS-6330 - Remove Openvino and Etcd images from quay for self-managed deployments RHODS-6779 - [Model Serving] fallback image for ovms is not published, leading to image pull errors in upgrade scenarios

    1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    APPLE-SA-2022-12-13-8 watchOS 9.2

    watchOS 9.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213536.

    Accounts Available for: Apple Watch Series 4 and later Impact: A user may be able to view sensitive user information Description: This issue was addressed with improved data protection. CVE-2022-42843: Mickey Jin (@patch1t)

    AppleAVD Available for: Apple Watch Series 4 and later Impact: Parsing a maliciously crafted video file may lead to kernel code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-46694: Andrey Labunets and Nikita Tarakanov

    AppleMobileFileIntegrity Available for: Apple Watch Series 4 and later Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed by enabling hardened runtime. CVE-2022-42865: Wojciech Reguła (@_r3ggi) of SecuRing

    CoreServices Available for: Apple Watch Series 4 and later Impact: An app may be able to bypass Privacy preferences Description: Multiple issues were addressed by removing the vulnerable code. CVE-2022-42859: Mickey Jin (@patch1t), Csaba Fitzl (@theevilbit) of Offensive Security

    ImageIO Available for: Apple Watch Series 4 and later Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-46693: Mickey Jin (@patch1t)

    IOHIDFamily Available for: Apple Watch Series 4 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2022-42864: Tommy Muir (@Muirey03)

    IOMobileFrameBuffer Available for: Apple Watch Series 4 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-46690: John Aakerblom (@jaakerblom)

    iTunes Store Available for: Apple Watch Series 4 and later Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: An issue existed in the parsing of URLs. This issue was addressed with improved input validation. CVE-2022-42837: an anonymous researcher

    Kernel Available for: Apple Watch Series 4 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with additional validation. CVE-2022-46689: Ian Beer of Google Project Zero

    Kernel Available for: Apple Watch Series 4 and later Impact: A remote user may be able to cause kernel code execution Description: The issue was addressed with improved memory handling. CVE-2022-42842: pattern-f (@pattern_F_) of Ant Security Light-Year Lab

    Kernel Available for: Apple Watch Series 4 and later Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-42845: Adam Doupé of ASU SEFCOM

    libxml2 Available for: Apple Watch Series 4 and later Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: An integer overflow was addressed through improved input validation. CVE-2022-40303: Maddie Stone of Google Project Zero

    libxml2 Available for: Apple Watch Series 4 and later Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-40304: Ned Williamson and Nathan Wachholz of Google Project Zero

    Safari Available for: Apple Watch Series 4 and later Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. CVE-2022-46695: KirtiKumar Anandrao Ramchandani

    Software Update Available for: Apple Watch Series 4 and later Impact: A user may be able to elevate privileges Description: An access issue existed with privileged API calls. This issue was addressed with additional restrictions. CVE-2022-42849: Mickey Jin (@patch1t)

    Weather Available for: Apple Watch Series 4 and later Impact: An app may be able to read sensitive location information Description: The issue was addressed with improved handling of caches. CVE-2022-42866: an anonymous researcher

    WebKit Available for: Apple Watch Series 4 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 245521 CVE-2022-42867: Maddie Stone of Google Project Zero

    WebKit Available for: Apple Watch Series 4 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling. WebKit Bugzilla: 245466 CVE-2022-46691: an anonymous researcher

    WebKit Available for: Apple Watch Series 4 and later Impact: Processing maliciously crafted web content may bypass Same Origin Policy Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 246783 CVE-2022-46692: KirtiKumar Anandrao Ramchandani

    WebKit Available for: Apple Watch Series 4 and later Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: The issue was addressed with improved memory handling. CVE-2022-42852: hazbinhotel working with Trend Micro Zero Day Initiative

    WebKit Available for: Apple Watch Series 4 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. WebKit Bugzilla: 246942 CVE-2022-46696: Samuel Groß of Google V8 Security WebKit Bugzilla: 247562 CVE-2022-46700: Samuel Groß of Google V8 Security

    WebKit Available for: Apple Watch Series 4 and later Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A logic issue was addressed with improved checks. CVE-2022-46698: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.

    WebKit Available for: Apple Watch Series 4 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 247420 CVE-2022-46699: Samuel Groß of Google V8 Security WebKit Bugzilla: 244622 CVE-2022-42863: an anonymous researcher

    Additional recognition

    Kernel We would like to acknowledge Zweig of Kunlun Lab for their assistance.

    Safari Extensions We would like to acknowledge Oliver Dunk and Christian R. of 1Password for their assistance.

    WebKit We would like to acknowledge an anonymous researcher and scarlet for their assistance.

    Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.

    This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmOZFX4ACgkQ4RjMIDke NxlyKA//eeU/txeqNxHM7JQE6xFrlla1tinQYMjbLhMgzdTbKpPjX8aHVqFfLB/Q 5nH+NqrGs4HQwNQJ6fSiBIId0th71mgX7W3Noa1apzFh7Okl6IehczkAFB9OH7ve vnwiEECGU0hUNmbIi0s9HuuBo6eSNPFsJt0Jqn8ovV+F9bc+ftl/IRv6q2vg3rl3 DNag62BCmCN4uXmqoJ4CKg7cNbddvma0bDbB1yYujxdmFwm4JGN6aittXE3WtPK2 GH2/UxdZll8FR7Zegh1ziUcTaLR4dwHlXRFgc6WC8hqx6T8imNh1heAPwzhT+Iag piObDoMs7UYFKF/eQ8LUcl4hX8IOdLFO5I+BcvCzOcKqHutPqbE8QRU9yqjcQlsJ sOV7GT9W9J+QhibpIJbLVkkQp5djPZ8mLP0OKiRN1quEDWMrquPdM+r9ftJwEIki PLL/ur9c7geXCJCLzglMSMkNcoGZk77qzfJuPdoE0lD6zjdvBHalF5j8S0a1+9gi ex3zU1I+ixqg7CvLNfkSjLcO9KOoPEFHnqEFrrO17QWWyraugrPgV0dMYArGRBpA FofYP6bXLv8eSUNuyOoQxF6kS4ChYgLUabl2NYqop9LoRWAtDAclTiabuvDJPfqA W09wxdhbpp2saxt8LlQjffzOmHJST6oHhHZiFiFswRM0q0nue6I= =DltD -----END PGP SIGNATURE-----

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "h410c",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "tvos",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "16.2"
          },
          {
            "_id": null,
            "model": "h500s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "clustered data ontap antivirus connector",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "clustered data ontap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "macos",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "smi-s provider",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "macos",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "iphone os",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "15.7.2"
          },
          {
            "_id": null,
            "model": "h300s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "h410s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "ipados",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "15.7.2"
          },
          {
            "_id": null,
            "model": "libxml2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "xmlsoft",
            "version": "2.10.3"
          },
          {
            "_id": null,
            "model": "macos",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "11.7.2"
          },
          {
            "_id": null,
            "model": "watchos",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "9.2"
          },
          {
            "_id": null,
            "model": "manageability software development kit",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "active iq unified manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "h700s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "snapmanager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "macos",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "12.6.2"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-40304"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "171310"
          },
          {
            "db": "PACKETSTORM",
            "id": "170753"
          },
          {
            "db": "PACKETSTORM",
            "id": "170752"
          },
          {
            "db": "PACKETSTORM",
            "id": "170668"
          },
          {
            "db": "PACKETSTORM",
            "id": "170754"
          },
          {
            "db": "PACKETSTORM",
            "id": "171173"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2022-40304",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2022-40304",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-40304",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-40304",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202210-1022",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1022"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40304"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40304"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. It is written in C language and can be called by many languages, such as C language, C++, XSH. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. Summary:\n\nOpenShift API for Data Protection (OADP) 1.1.2 is now available. Description:\n\nOpenShift API for Data Protection (OADP) enables you to back up and restore\napplication resources, persistent volume data, and internal container\nimages to external backup storage. OADP enables both file system-based and\nsnapshot-based backups for persistent volumes. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers\n2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters\n2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps\n2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nOADP-1056 - DPA fails validation if multiple BSLs have the same provider\nOADP-1150 - Handle docker env config changes in the oadp-operator\nOADP-1217 - update velero + restic to 1.9.5\nOADP-1256 - Backup stays in progress status after restic pod is restarted due to OOM killed\nOADP-1289 - Restore partially fails with error \"Secrets \\\"deployer-token-rrjqx\\\" not found\"\nOADP-290 - Remove creation/usage of velero-privileged SCC\n\n6. Description:\n\nRed Hat Openshift GitOps is a declarative way to implement continuous\ndeployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):\n\n2160492 - CVE-2023-22482 ArgoCD: JWT audience claim is not verified\n2162517 - CVE-2023-22736 argocd: Controller reconciles apps outside configured namespaces when sharding is enabled\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: libxml2 security update\nAdvisory ID:       RHSA-2023:0338-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2023:0338\nIssue date:        2023-01-23\nCVE Names:         CVE-2022-40303 CVE-2022-40304\n====================================================================\n1. Summary:\n\nAn update for libxml2 is now available for Red Hat Enterprise Linux 9. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe libxml2 library is a development toolbox providing the implementation\nof various XML standards. \n\nSecurity Fix(es):\n\n* libxml2: integer overflows with XML_PARSE_HUGE (CVE-2022-40303)\n\n* libxml2: dict corruption caused by entity reference cycles\n(CVE-2022-40304)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update\nto take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2136266 - CVE-2022-40303 libxml2: integer overflows with XML_PARSE_HUGE\n2136288 - CVE-2022-40304 libxml2: dict corruption caused by entity reference cycles\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 9):\n\naarch64:\nlibxml2-debuginfo-2.9.13-3.el9_1.aarch64.rpm\nlibxml2-debugsource-2.9.13-3.el9_1.aarch64.rpm\nlibxml2-devel-2.9.13-3.el9_1.aarch64.rpm\npython3-libxml2-debuginfo-2.9.13-3.el9_1.aarch64.rpm\n\nppc64le:\nlibxml2-debuginfo-2.9.13-3.el9_1.ppc64le.rpm\nlibxml2-debugsource-2.9.13-3.el9_1.ppc64le.rpm\nlibxml2-devel-2.9.13-3.el9_1.ppc64le.rpm\npython3-libxml2-debuginfo-2.9.13-3.el9_1.ppc64le.rpm\n\ns390x:\nlibxml2-debuginfo-2.9.13-3.el9_1.s390x.rpm\nlibxml2-debugsource-2.9.13-3.el9_1.s390x.rpm\nlibxml2-devel-2.9.13-3.el9_1.s390x.rpm\npython3-libxml2-debuginfo-2.9.13-3.el9_1.s390x.rpm\n\nx86_64:\nlibxml2-debuginfo-2.9.13-3.el9_1.i686.rpm\nlibxml2-debuginfo-2.9.13-3.el9_1.x86_64.rpm\nlibxml2-debugsource-2.9.13-3.el9_1.i686.rpm\nlibxml2-debugsource-2.9.13-3.el9_1.x86_64.rpm\nlibxml2-devel-2.9.13-3.el9_1.i686.rpm\nlibxml2-devel-2.9.13-3.el9_1.x86_64.rpm\npython3-libxml2-debuginfo-2.9.13-3.el9_1.i686.rpm\npython3-libxml2-debuginfo-2.9.13-3.el9_1.x86_64.rpm\n\nRed Hat Enterprise Linux BaseOS (v. 9):\n\nSource:\nlibxml2-2.9.13-3.el9_1.src.rpm\n\naarch64:\nlibxml2-2.9.13-3.el9_1.aarch64.rpm\nlibxml2-debuginfo-2.9.13-3.el9_1.aarch64.rpm\nlibxml2-debugsource-2.9.13-3.el9_1.aarch64.rpm\npython3-libxml2-2.9.13-3.el9_1.aarch64.rpm\npython3-libxml2-debuginfo-2.9.13-3.el9_1.aarch64.rpm\n\nppc64le:\nlibxml2-2.9.13-3.el9_1.ppc64le.rpm\nlibxml2-debuginfo-2.9.13-3.el9_1.ppc64le.rpm\nlibxml2-debugsource-2.9.13-3.el9_1.ppc64le.rpm\npython3-libxml2-2.9.13-3.el9_1.ppc64le.rpm\npython3-libxml2-debuginfo-2.9.13-3.el9_1.ppc64le.rpm\n\ns390x:\nlibxml2-2.9.13-3.el9_1.s390x.rpm\nlibxml2-debuginfo-2.9.13-3.el9_1.s390x.rpm\nlibxml2-debugsource-2.9.13-3.el9_1.s390x.rpm\npython3-libxml2-2.9.13-3.el9_1.s390x.rpm\npython3-libxml2-debuginfo-2.9.13-3.el9_1.s390x.rpm\n\nx86_64:\nlibxml2-2.9.13-3.el9_1.i686.rpm\nlibxml2-2.9.13-3.el9_1.x86_64.rpm\nlibxml2-debuginfo-2.9.13-3.el9_1.i686.rpm\nlibxml2-debuginfo-2.9.13-3.el9_1.x86_64.rpm\nlibxml2-debugsource-2.9.13-3.el9_1.i686.rpm\nlibxml2-debugsource-2.9.13-3.el9_1.x86_64.rpm\npython3-libxml2-2.9.13-3.el9_1.x86_64.rpm\npython3-libxml2-debuginfo-2.9.13-3.el9_1.i686.rpm\npython3-libxml2-debuginfo-2.9.13-3.el9_1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-40303\nhttps://access.redhat.com/security/cve/CVE-2022-40304\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc. Bugs fixed (https://bugzilla.redhat.com/):\n\n2171870 - CVE-2023-0923 odh-notebook-controller-container: Missing authorization allows for file contents disclosure\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nRHODS-6123 - Update dsp repo to match upstream kfp-tekton repo\nRHODS-6136 - Verify status of manifests\nRHODS-6330 - Remove Openvino and Etcd images from quay for self-managed deployments\nRHODS-6779 - [Model Serving] fallback image for ovms is not published, leading to image pull errors in upgrade scenarios\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-12-13-8 watchOS 9.2\n\nwatchOS 9.2 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213536. \n\nAccounts\nAvailable for: Apple Watch Series 4 and later\nImpact: A user may be able to view sensitive user information\nDescription: This issue was addressed with improved data protection. \nCVE-2022-42843: Mickey Jin (@patch1t)\n\nAppleAVD\nAvailable for: Apple Watch Series 4 and later\nImpact: Parsing a maliciously crafted video file may lead to kernel\ncode execution\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-46694: Andrey Labunets and Nikita Tarakanov\n\nAppleMobileFileIntegrity\nAvailable for: Apple Watch Series 4 and later\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed by enabling hardened runtime. \nCVE-2022-42865: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nCoreServices\nAvailable for: Apple Watch Series 4 and later\nImpact: An app may be able to bypass Privacy preferences\nDescription: Multiple issues were addressed by removing the\nvulnerable code. \nCVE-2022-42859: Mickey Jin (@patch1t), Csaba Fitzl (@theevilbit) of\nOffensive Security\n\nImageIO\nAvailable for: Apple Watch Series 4 and later\nImpact: Processing a maliciously crafted file may lead to arbitrary\ncode execution\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-46693: Mickey Jin (@patch1t)\n\nIOHIDFamily\nAvailable for: Apple Watch Series 4 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-42864: Tommy Muir (@Muirey03)\n\nIOMobileFrameBuffer\nAvailable for: Apple Watch Series 4 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-46690: John Aakerblom (@jaakerblom)\n\niTunes Store\nAvailable for: Apple Watch Series 4 and later\nImpact: A remote user may be able to cause unexpected app termination\nor arbitrary code execution\nDescription: An issue existed in the parsing of URLs. This issue was\naddressed with improved input validation. \nCVE-2022-42837: an anonymous researcher\n\nKernel\nAvailable for: Apple Watch Series 4 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with additional\nvalidation. \nCVE-2022-46689: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Series 4 and later\nImpact: A remote user may be able to cause kernel code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42842: pattern-f (@pattern_F_) of Ant Security Light-Year\nLab\n\nKernel\nAvailable for: Apple Watch Series 4 and later\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42845: Adam Doup\u00e9 of ASU SEFCOM\n\nlibxml2\nAvailable for: Apple Watch Series 4 and later\nImpact: A remote user may be able to cause unexpected app termination\nor arbitrary code execution\nDescription: An integer overflow was addressed through improved input\nvalidation. \nCVE-2022-40303: Maddie Stone of Google Project Zero\n\nlibxml2\nAvailable for: Apple Watch Series 4 and later\nImpact: A remote user may be able to cause unexpected app termination\nor arbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2022-40304: Ned Williamson and Nathan Wachholz of Google Project\nZero\n\nSafari\nAvailable for: Apple Watch Series 4 and later\nImpact: Visiting a website that frames malicious content may lead to\nUI spoofing\nDescription: A spoofing issue existed in the handling of URLs. This\nissue was addressed with improved input validation. \nCVE-2022-46695: KirtiKumar Anandrao Ramchandani\n\nSoftware Update\nAvailable for: Apple Watch Series 4 and later\nImpact: A user may be able to elevate privileges\nDescription: An access issue existed with privileged API calls. This\nissue was addressed with additional restrictions. \nCVE-2022-42849: Mickey Jin (@patch1t)\n\nWeather\nAvailable for: Apple Watch Series 4 and later\nImpact: An app may be able to read sensitive location information\nDescription: The issue was addressed with improved handling of\ncaches. \nCVE-2022-42866: an anonymous researcher\n\nWebKit\nAvailable for: Apple Watch Series 4 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 245521\nCVE-2022-42867: Maddie Stone of Google Project Zero\n\nWebKit\nAvailable for: Apple Watch Series 4 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 245466\nCVE-2022-46691: an anonymous researcher\n\nWebKit\nAvailable for: Apple Watch Series 4 and later\nImpact: Processing maliciously crafted web content may bypass Same\nOrigin Policy\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 246783\nCVE-2022-46692: KirtiKumar Anandrao Ramchandani\n\nWebKit\nAvailable for: Apple Watch Series 4 and later\nImpact: Processing maliciously crafted web content may result in the\ndisclosure of process memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42852: hazbinhotel working with Trend Micro Zero Day\nInitiative\n\nWebKit\nAvailable for: Apple Watch Series 4 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nWebKit Bugzilla: 246942\nCVE-2022-46696: Samuel Gro\u00df of Google V8 Security\nWebKit Bugzilla: 247562\nCVE-2022-46700: Samuel Gro\u00df of Google V8 Security\n\nWebKit\nAvailable for: Apple Watch Series 4 and later\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-46698: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs\n\u0026 DNSLab, Korea Univ. \n\nWebKit\nAvailable for: Apple Watch Series 4 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 247420\nCVE-2022-46699: Samuel Gro\u00df of Google V8 Security\nWebKit Bugzilla: 244622\nCVE-2022-42863: an anonymous researcher\n\nAdditional recognition\n\nKernel\nWe would like to acknowledge Zweig of Kunlun Lab for their\nassistance. \n\nSafari Extensions\nWe would like to acknowledge Oliver Dunk and Christian R. of\n1Password for their assistance. \n\nWebKit\nWe would like to acknowledge an anonymous researcher and scarlet for\ntheir assistance. \n\nInstructions on how to update your Apple Watch software are available\nat https://support.apple.com/kb/HT204641  To check the version on\nyour Apple Watch, open the Apple Watch app on your iPhone and select\n\"My Watch \u003e General \u003e About\".  Alternatively, on your watch, select\n\"My Watch \u003e General \u003e About\". \nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmOZFX4ACgkQ4RjMIDke\nNxlyKA//eeU/txeqNxHM7JQE6xFrlla1tinQYMjbLhMgzdTbKpPjX8aHVqFfLB/Q\n5nH+NqrGs4HQwNQJ6fSiBIId0th71mgX7W3Noa1apzFh7Okl6IehczkAFB9OH7ve\nvnwiEECGU0hUNmbIi0s9HuuBo6eSNPFsJt0Jqn8ovV+F9bc+ftl/IRv6q2vg3rl3\nDNag62BCmCN4uXmqoJ4CKg7cNbddvma0bDbB1yYujxdmFwm4JGN6aittXE3WtPK2\nGH2/UxdZll8FR7Zegh1ziUcTaLR4dwHlXRFgc6WC8hqx6T8imNh1heAPwzhT+Iag\npiObDoMs7UYFKF/eQ8LUcl4hX8IOdLFO5I+BcvCzOcKqHutPqbE8QRU9yqjcQlsJ\nsOV7GT9W9J+QhibpIJbLVkkQp5djPZ8mLP0OKiRN1quEDWMrquPdM+r9ftJwEIki\nPLL/ur9c7geXCJCLzglMSMkNcoGZk77qzfJuPdoE0lD6zjdvBHalF5j8S0a1+9gi\nex3zU1I+ixqg7CvLNfkSjLcO9KOoPEFHnqEFrrO17QWWyraugrPgV0dMYArGRBpA\nFofYP6bXLv8eSUNuyOoQxF6kS4ChYgLUabl2NYqop9LoRWAtDAclTiabuvDJPfqA\nW09wxdhbpp2saxt8LlQjffzOmHJST6oHhHZiFiFswRM0q0nue6I=\n=DltD\n-----END PGP SIGNATURE-----\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-40304"
          },
          {
            "db": "VULHUB",
            "id": "VHN-429438"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-40304"
          },
          {
            "db": "PACKETSTORM",
            "id": "171310"
          },
          {
            "db": "PACKETSTORM",
            "id": "170753"
          },
          {
            "db": "PACKETSTORM",
            "id": "170752"
          },
          {
            "db": "PACKETSTORM",
            "id": "170668"
          },
          {
            "db": "PACKETSTORM",
            "id": "170754"
          },
          {
            "db": "PACKETSTORM",
            "id": "169857"
          },
          {
            "db": "PACKETSTORM",
            "id": "171173"
          },
          {
            "db": "PACKETSTORM",
            "id": "170318"
          }
        ],
        "trust": 1.8
      },
      "exploit_availability": {
        "_id": null,
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-429438",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-429438"
          }
        ]
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-40304",
            "trust": 2.6
          },
          {
            "db": "PACKETSTORM",
            "id": "169857",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "170318",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "170754",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "169824",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "170555",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "169620",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "170955",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "169732",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "170097",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1022",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.0246",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.3732",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.1467",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.5286",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.3143",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.6321",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.5792.2",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.0816",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.1501",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.5614",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.1267",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.0513",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.5455",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.1041",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.1398",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "170753",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "171173",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "170752",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "170317",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "170316",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "171016",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "171043",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "170899",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "170096",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "170312",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169858",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "171042",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "171017",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "170315",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "171040",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "171260",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-429438",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-40304",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "171310",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "170668",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-429438"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-40304"
          },
          {
            "db": "PACKETSTORM",
            "id": "171310"
          },
          {
            "db": "PACKETSTORM",
            "id": "170753"
          },
          {
            "db": "PACKETSTORM",
            "id": "170752"
          },
          {
            "db": "PACKETSTORM",
            "id": "170668"
          },
          {
            "db": "PACKETSTORM",
            "id": "170754"
          },
          {
            "db": "PACKETSTORM",
            "id": "169857"
          },
          {
            "db": "PACKETSTORM",
            "id": "171173"
          },
          {
            "db": "PACKETSTORM",
            "id": "170318"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1022"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40304"
          }
        ]
      },
      "id": "VAR-202210-1070",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-429438"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2026-04-10T23:25:26.950000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "libxml2 Fixes for code issue vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=215772"
          },
          {
            "title": "Debian CVElist Bug Report Logs: libxml2: CVE-2022-40304: dict corruption caused by entity reference cycles",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=8363a596e2a5d2dc61357b1dbd72b616"
          },
          {
            "title": "Red Hat: ",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-40304"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-40304"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1022"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-415",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-611",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-429438"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40304"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.7,
            "url": "https://security.netapp.com/advisory/ntap-20221209-0003/"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/kb/ht213531"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/kb/ht213533"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/kb/ht213534"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/kb/ht213535"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/kb/ht213536"
          },
          {
            "trust": 1.7,
            "url": "http://seclists.org/fulldisclosure/2022/dec/21"
          },
          {
            "trust": 1.7,
            "url": "http://seclists.org/fulldisclosure/2022/dec/24"
          },
          {
            "trust": 1.7,
            "url": "http://seclists.org/fulldisclosure/2022/dec/25"
          },
          {
            "trust": 1.7,
            "url": "http://seclists.org/fulldisclosure/2022/dec/26"
          },
          {
            "trust": 1.7,
            "url": "https://gitlab.gnome.org/gnome/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b"
          },
          {
            "trust": 1.7,
            "url": "https://gitlab.gnome.org/gnome/libxml2/-/tags"
          },
          {
            "trust": 1.7,
            "url": "https://gitlab.gnome.org/gnome/libxml2/-/tags/v2.10.3"
          },
          {
            "trust": 1.1,
            "url": "http://seclists.org/fulldisclosure/2022/dec/27"
          },
          {
            "trust": 0.7,
            "url": "https://access.redhat.com/security/cve/cve-2022-40304"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-40304"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-40303"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.6,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2022-40303"
          },
          {
            "trust": 0.6,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.1041"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.3143"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/170555/red-hat-security-advisory-2023-0173-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.1267"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.1467"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/170318/apple-security-advisory-2022-12-13-8.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.1501"
          },
          {
            "trust": 0.6,
            "url": "https://support.apple.com/en-us/ht213505"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.5286"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/170955/red-hat-security-advisory-2023-0634-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/169857/apple-security-advisory-2022-11-09-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/170754/red-hat-security-advisory-2023-0468-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/170097/ubuntu-security-notice-usn-5760-2.html"
          },
          {
            "trust": 0.6,
            "url": "https://support.apple.com/en-us/ht213534"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.3732"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.0246"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-40304/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/169732/debian-security-advisory-5271-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/libxml2-three-vulnerabilities-39554"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/169824/libxml2-attribute-parsing-double-free.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.1398"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.0816"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/169620/gentoo-linux-security-advisory-202210-39.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.6321"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.0513"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.5792.2"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.5455"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.5614"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-43680"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-42011"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-35737"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-46848"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-46848"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-42010"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-42012"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-43680"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42012"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2023-22482"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-22482"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-35737"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42010"
          },
          {
            "trust": 0.3,
            "url": "https://docs.openshift.com/container-platform/latest/cicd/gitops/understanding-openshift-gitops.html"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42011"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-4415"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-47629"
          },
          {
            "trust": 0.2,
            "url": "https://issues.jboss.org/):"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-3821"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3821"
          },
          {
            "trust": 0.2,
            "url": "https://www.apple.com/support/security/pgp/"
          },
          {
            "trust": 0.2,
            "url": "https://support.apple.com/en-us/ht201222."
          },
          {
            "trust": 0.1,
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022225"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-46285"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-25308"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-2953"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-48303"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22662"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-2879"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-2880"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1304"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-2869"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-27404"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-2058"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22624"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-25310"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-42898"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22628"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-25309"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:1174"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26710"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2057"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1304"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26700"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-4883"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26719"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-44617"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2058"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-41717"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-2521"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26709"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26717"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2519"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26716"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22629"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2056"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2521"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2520"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-27405"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-41715"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22629"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-27406"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-2056"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-2868"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1122"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-2520"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22628"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1122"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22662"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22624"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-2867"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-30293"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-2519"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-2057"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25308"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:0466"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:0467"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-22736"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-22736"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:0338"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:0468"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/ht213505."
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23521"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-0923"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-41903"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-47629"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-0923"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23521"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-41903"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-4415"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:0977"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42867"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42849"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42842"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42866"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42845"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42865"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42863"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42864"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42843"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42852"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/kb/ht204641"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/ht213536."
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42837"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42859"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-429438"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-40304"
          },
          {
            "db": "PACKETSTORM",
            "id": "171310"
          },
          {
            "db": "PACKETSTORM",
            "id": "170753"
          },
          {
            "db": "PACKETSTORM",
            "id": "170752"
          },
          {
            "db": "PACKETSTORM",
            "id": "170668"
          },
          {
            "db": "PACKETSTORM",
            "id": "170754"
          },
          {
            "db": "PACKETSTORM",
            "id": "169857"
          },
          {
            "db": "PACKETSTORM",
            "id": "171173"
          },
          {
            "db": "PACKETSTORM",
            "id": "170318"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1022"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40304"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-429438",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-40304",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "171310",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "170753",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "170752",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "170668",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "170754",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "169857",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "171173",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "170318",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1022",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40304",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-11-23T00:00:00",
            "db": "VULHUB",
            "id": "VHN-429438",
            "ident": null
          },
          {
            "date": "2023-03-09T15:14:10",
            "db": "PACKETSTORM",
            "id": "171310",
            "ident": null
          },
          {
            "date": "2023-01-26T15:34:56",
            "db": "PACKETSTORM",
            "id": "170753",
            "ident": null
          },
          {
            "date": "2023-01-26T15:34:49",
            "db": "PACKETSTORM",
            "id": "170752",
            "ident": null
          },
          {
            "date": "2023-01-24T16:30:22",
            "db": "PACKETSTORM",
            "id": "170668",
            "ident": null
          },
          {
            "date": "2023-01-26T15:35:03",
            "db": "PACKETSTORM",
            "id": "170754",
            "ident": null
          },
          {
            "date": "2022-11-15T16:42:23",
            "db": "PACKETSTORM",
            "id": "169857",
            "ident": null
          },
          {
            "date": "2023-02-28T17:09:39",
            "db": "PACKETSTORM",
            "id": "171173",
            "ident": null
          },
          {
            "date": "2022-12-22T02:13:22",
            "db": "PACKETSTORM",
            "id": "170318",
            "ident": null
          },
          {
            "date": "2022-10-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202210-1022",
            "ident": null
          },
          {
            "date": "2022-11-23T18:15:12.167000",
            "db": "NVD",
            "id": "CVE-2022-40304",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2023-02-23T00:00:00",
            "db": "VULHUB",
            "id": "VHN-429438",
            "ident": null
          },
          {
            "date": "2023-06-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202210-1022",
            "ident": null
          },
          {
            "date": "2025-04-28T20:15:19.607000",
            "db": "NVD",
            "id": "CVE-2022-40304",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1022"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "libxml2 Code problem vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1022"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "_id": null,
        "data": "code problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1022"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202206-1961

    Vulnerability from variot - Updated: 2026-04-10 23:24

    When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. Harry Sintonen incorrectly handled certain file permissions. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Moderate: curl security update Advisory ID: RHSA-2022:6159-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:6159 Issue date: 2022-08-24 CVE Names: CVE-2022-32206 CVE-2022-32208 ==================================================================== 1. Summary:

    An update for curl is now available for Red Hat Enterprise Linux 8.

    Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

    1. Description:

    The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

    Security Fix(es):

    • curl: HTTP compression denial of service (CVE-2022-32206)

    • curl: FTP-KRB bad message verification (CVE-2022-32208)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    1. Bugs fixed (https://bugzilla.redhat.com/):

    2099300 - CVE-2022-32206 curl: HTTP compression denial of service 2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification

    1. Package List:

    Red Hat Enterprise Linux BaseOS (v. 8):

    Source: curl-7.61.1-22.el8_6.4.src.rpm

    aarch64: curl-7.61.1-22.el8_6.4.aarch64.rpm curl-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm curl-debugsource-7.61.1-22.el8_6.4.aarch64.rpm curl-minimal-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm libcurl-7.61.1-22.el8_6.4.aarch64.rpm libcurl-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm libcurl-devel-7.61.1-22.el8_6.4.aarch64.rpm libcurl-minimal-7.61.1-22.el8_6.4.aarch64.rpm libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm

    ppc64le: curl-7.61.1-22.el8_6.4.ppc64le.rpm curl-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm curl-debugsource-7.61.1-22.el8_6.4.ppc64le.rpm curl-minimal-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm libcurl-7.61.1-22.el8_6.4.ppc64le.rpm libcurl-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm libcurl-devel-7.61.1-22.el8_6.4.ppc64le.rpm libcurl-minimal-7.61.1-22.el8_6.4.ppc64le.rpm libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm

    s390x: curl-7.61.1-22.el8_6.4.s390x.rpm curl-debuginfo-7.61.1-22.el8_6.4.s390x.rpm curl-debugsource-7.61.1-22.el8_6.4.s390x.rpm curl-minimal-debuginfo-7.61.1-22.el8_6.4.s390x.rpm libcurl-7.61.1-22.el8_6.4.s390x.rpm libcurl-debuginfo-7.61.1-22.el8_6.4.s390x.rpm libcurl-devel-7.61.1-22.el8_6.4.s390x.rpm libcurl-minimal-7.61.1-22.el8_6.4.s390x.rpm libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.s390x.rpm

    x86_64: curl-7.61.1-22.el8_6.4.x86_64.rpm curl-debuginfo-7.61.1-22.el8_6.4.i686.rpm curl-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm curl-debugsource-7.61.1-22.el8_6.4.i686.rpm curl-debugsource-7.61.1-22.el8_6.4.x86_64.rpm curl-minimal-debuginfo-7.61.1-22.el8_6.4.i686.rpm curl-minimal-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm libcurl-7.61.1-22.el8_6.4.i686.rpm libcurl-7.61.1-22.el8_6.4.x86_64.rpm libcurl-debuginfo-7.61.1-22.el8_6.4.i686.rpm libcurl-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm libcurl-devel-7.61.1-22.el8_6.4.i686.rpm libcurl-devel-7.61.1-22.el8_6.4.x86_64.rpm libcurl-minimal-7.61.1-22.el8_6.4.i686.rpm libcurl-minimal-7.61.1-22.el8_6.4.x86_64.rpm libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.i686.rpm libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2022-32206 https://access.redhat.com/security/cve/CVE-2022-32208 https://access.redhat.com/security/updates/classification/#moderate

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBYwa9b9zjgjWX9erEAQi1rQ/+Kw4R4cPAIlGUx4vJwSMw8zwCDxnLviV+ YgCpaCuUwCkWI9hrAQNC1O5i2MSl7j8jI9dt0Oe770VwNIZPzJMK8MX96zYdeOsg EiuwTW5KTWKwCeAvPt6ydVji9R0N7FMDBxmdi1aE8gBt8J6pIwp4ozrR4jXiXCjB dQJlc2kf7YXDiengte1jpXNCFh2ar9t8lqmW53Hu05zR8VFdAPk6NM1kTIploICN blR9t80TbWouBvN2A6gIZ0ZWnbJOY9odCBHdo5ay8kufmQC0K9QKb7jyoaUUHVau 5/HVbncd7bFQuyu+yGoOxU1TCxwee3B9LAmR4uzDdJcaTxPgvK2cyskdTVz+9N9k nJLDYGaL7UNC7YkbByN58VC6fdGsnn8QIXHg7ICTgdhYiPZ3uP5JUiDrAGKKb/v+ XPtwYHuh6yX0OfS0JqFEMjR0P1rFLiuDNBOPBDiTV2mBVd+7kiNTs1izUDGwQeFd VaNNNU4kpD3FGOgRwxIAKz2qCX+Ody8goBeJJPGcVlmDp025ZrMisl1QC8/3eTas ML+TSvTeaSY/I35uPzKsoh1f+/lAwUsB54I6NxHH3vWYryievuSdpjtNsQInACjw owX+pU5CfOwdD56Hqdhb7fjuJVufo6VC8b0zy/vSZYnNt0cfojXA73F3B1K5+XcF bBkTeh+fqsg=powM -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description:

    Red Hat Advanced Cluster Management for Kubernetes 2.3.12 images

    Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:

    https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/

    Security fix:

    • CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS

    Bug fixes:

    • Remove 1.9.1 from Proxy Patch Documentation (BZ# 2076856)

    • RHACM 2.3.12 images (BZ# 2101411)

    • Bugs fixed (https://bugzilla.redhat.com/):

    2076856 - [doc] Remove 1.9.1 from Proxy Patch Documentation 2101411 - RHACM 2.3.12 images 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS

    1. Description:

    OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.12.0 images:

    Security Fix(es):

    • golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)

    • kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)

    • golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)

    • golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)

    • golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)

    • golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)

    • golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)

    • golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)

    • golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)

    • golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)

    • golang: syscall: faccessat checks wrong group (CVE-2022-29526)

    • golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)

    • golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)

    • golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)

    • golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)

    • golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)

    • golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)

    • golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    RHEL-8-CNV-4.12

    ============= bridge-marker-container-v4.12.0-24 cluster-network-addons-operator-container-v4.12.0-24 cnv-containernetworking-plugins-container-v4.12.0-24 cnv-must-gather-container-v4.12.0-58 hco-bundle-registry-container-v4.12.0-769 hostpath-csi-driver-container-v4.12.0-30 hostpath-provisioner-container-v4.12.0-30 hostpath-provisioner-operator-container-v4.12.0-31 hyperconverged-cluster-operator-container-v4.12.0-96 hyperconverged-cluster-webhook-container-v4.12.0-96 kubemacpool-container-v4.12.0-24 kubevirt-console-plugin-container-v4.12.0-182 kubevirt-ssp-operator-container-v4.12.0-64 kubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55 kubevirt-tekton-tasks-copy-template-container-v4.12.0-55 kubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55 kubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55 kubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55 kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55 kubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55 kubevirt-tekton-tasks-operator-container-v4.12.0-40 kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55 kubevirt-template-validator-container-v4.12.0-32 libguestfs-tools-container-v4.12.0-255 ovs-cni-marker-container-v4.12.0-24 ovs-cni-plugin-container-v4.12.0-24 virt-api-container-v4.12.0-255 virt-artifacts-server-container-v4.12.0-255 virt-cdi-apiserver-container-v4.12.0-72 virt-cdi-cloner-container-v4.12.0-72 virt-cdi-controller-container-v4.12.0-72 virt-cdi-importer-container-v4.12.0-72 virt-cdi-operator-container-v4.12.0-72 virt-cdi-uploadproxy-container-v4.12.0-71 virt-cdi-uploadserver-container-v4.12.0-72 virt-controller-container-v4.12.0-255 virt-exportproxy-container-v4.12.0-255 virt-exportserver-container-v4.12.0-255 virt-handler-container-v4.12.0-255 virt-launcher-container-v4.12.0-255 virt-operator-container-v4.12.0-255 virtio-win-container-v4.12.0-10 vm-network-latency-checkup-container-v4.12.0-89

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1719190 - Unable to cancel live-migration if virt-launcher pod in pending state 2023393 - [CNV] [UI]Additional information needed for cloning when default storageclass in not defined in target datavolume 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error 2040377 - Unable to delete failed VMIM after VM deleted 2046298 - mdevs not configured with drivers installed, if mdev config added to HCO CR before drivers are installed 2052556 - Metric "kubevirt_num_virt_handlers_by_node_running_virt_launcher" reporting incorrect value 2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements 2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString 2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control 2060499 - [RFE] Cannot add additional service (or other objects) to VM template 2069098 - Large scale |VMs migration is slow due to low migration parallelism 2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass 2071491 - Storage Throughput metrics are incorrect in Overview 2072797 - Metrics in Virtualization -> Overview period is not clear or configurable 2072821 - Top Consumers of Storage Traffic in Kubevirt Dashboard giving unexpected numbers 2079916 - KubeVirt CR seems to be in DeploymentInProgress state and not recovering 2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group 2086285 - [dark mode] VirtualMachine - in the Utilization card the percentages and the graphs not visible enough in dark mode 2086551 - Min CPU feature found in labels 2087724 - Default template show no boot source even there are auto-upload boot sources 2088129 - [SSP] webhook does not comply with restricted security context 2088464 - [CDI] cdi-deployment does not comply with restricted security context 2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR 2089744 - HCO should label its control plane namespace to admit pods at privileged security level 2089751 - 4.12.0 containers 2089804 - 4.12.0 rpms 2091856 - ?Edit BootSource? action should have more explicit information when disabled 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2092796 - [RFE] CPU|Memory display in the template card is not consistent with the display in the template drawer 2093771 - The disk source should be PVC if the template has no auto-update boot source 2093996 - kubectl get vmi API should always return primary interface if exist 2094202 - Cloud-init username field should have hint 2096285 - KubeVirt CR API documentation is missing docs for many fields 2096780 - [RFE] Add ssh-key and sysprep to template scripts tab 2097436 - Online disk expansion ignores filesystem overhead change 2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP 2099556 - [RFE] Add option to enable RDP service for windows vm 2099573 - [RFE] Improve template's message about not editable 2099923 - [RFE] Merge "SSH access" and "SSH command" into one 2100290 - Error is not dismissed on catalog review page 2100436 - VM list filtering ignores VMs in error-states 2100442 - [RFE] allow enabling and disabling SSH service while VM is shut down 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS 2100629 - Update nested support KBASE article 2100679 - The number of hardware devices is not correct in vm overview tab 2100682 - All hardware devices get deleted while just delete one 2100684 - Workload profile are not editable during creation and after creation 2101144 - VM filter has two "Other" checkboxes which are triggered together 2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode 2101167 - Edit buttons clickable area is too large. 2101333 - [e2e] elements on Template Scheduling tab are missing proper data-test-id 2101335 - Clone action enabled in VM list kebab button for a VM in CrashLoopBackOff state 2101390 - Easy to miss the "tick" when adding GPU device to vm via UI 2101394 - [e2e] elements on VM Scripts tab are missing proper data-test-id 2101423 - wrong user name on using ignition 2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page 2101445 - "Pending changes - Boot Order" 2101454 - Cannot add PVC boot source to template in 'Edit Boot Source Reference' view as a non-priv user 2101499 - Cannot add NIC to VM template as non-priv user 2101501 - NAME parameter in VM template has no effect. 2101628 - non-priv user cannot load dataSource while edit template's rootdisk 2101667 - VMI view is not aligned with vm and tempates 2101681 - All templates are labeling "source available" in template list page 2102074 - VM Creation time on VM Overview Details card lacks string 2102125 - vm clone modal is displaying DV size instead of PVC size 2102132 - align the utilization card of single VM overview with the design 2102138 - Should the word "new" be removed from "Create new VirtualMachine from catalog"? 2102256 - Add button moved to right 2102448 - VM disk is deleted by uncheck "Delete disks (1x)" on delete modal 2102475 - Template 'vm-template-example' should be filtered by 'Fedora' rather than 'Other' 2102561 - sysprep-info should link to downstream doc 2102737 - Clone a VM should lead to vm overview tab 2102740 - "Save" button on vm clone modal should be "Clone" 2103806 - "404: Not Found" appears shortly by clicking the PVC link on vm disk tab 2103807 - PVC is not named by VM name while creating vm quickly 2103817 - Workload profile values in vm details should align with template's value 2103844 - VM nic model is empty 2104331 - VM list page scroll up automatically 2104402 - VM create button is not enabled while adding multiple environment disks 2104422 - Storage status report "OpenShift Data Foundation is not available" even the operator is installed 2104424 - Enable descheduler or hide it on template's scheduling tab 2104479 - [4.12] Cloned VM's snapshot restore fails if the source VM disk is deleted 2104480 - Alerts in VM overview tab disappeared after a few seconds 2104785 - "Add disk" and "Disks" are on the same line 2104859 - [RFE] Add "Copy SSH command" to VM action list 2105257 - Can't set log verbosity level for virt-operator pod 2106175 - All pages are crashed after visit Virtualization -> Overview 2106963 - Cannot add configmap for windows VM 2107279 - VM Template's bootable disk can be marked as bootable 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header 2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse functions 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob 2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode 2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip 2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal 2108339 - datasource does not provide timestamp when updated 2108638 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed 2109818 - Upstream metrics documentation is not detailed enough 2109975 - DataVolume fails to import "cirros-container-disk-demo" image 2110256 - Storage -> PVC -> upload data, does not support source reference 2110562 - CNV introduces a compliance check fail in "ocp4-moderate" profile - routes-protected-by-tls 2111240 - GiB changes to B in Template's Edit boot source reference modal 2111292 - kubevirt plugin console is crashed after creating a vm with 2 nics 2111328 - kubevirt plugin console crashed after visit vmi page 2111378 - VM SSH command generated by UI points at api VIP 2111744 - Cloned template should not label app.kubernetes.io/name: common-templates 2111794 - the virtlogd process is taking too much RAM! (17468Ki > 17Mi) 2112900 - button style are different 2114516 - Nothing happens after clicking on Fedora cloud image list link 2114636 - The style of displayed items are not unified on VM tabs 2114683 - VM overview tab is crashed just after the vm is created 2115257 - Need to Change system-product-name to "OpenShift Virtualization" in CNV-4.12 2115258 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass 2115280 - [e2e] kubevirt-e2e-aws see two duplicated navigation items 2115769 - Machine type is updated to rhel8.6.0 in KV CR but not in Templates 2116225 - The filter keyword of the related operator 'Openshift Data Foundation' is 'OCS' rather than 'ODF' 2116644 - Importer pod is failing to start with error "MountVolume.SetUp failed for volume "cdi-proxy-cert-vol" : configmap "custom-ca" not found" 2117549 - Cannot edit cloud-init data after add ssh key 2117803 - Cannot edit ssh even vm is stopped 2117813 - Improve descriptive text of VM details while VM is off 2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs 2118257 - outdated doc link tolerations modal 2118823 - Deprecated API 1.25 call: virt-cdi-controller/v0.0.0 (linux/amd64) kubernetes/$Format 2119069 - Unable to start windows VMs on PSI setups 2119128 - virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 2119309 - readinessProbe in VM stays on failed 2119615 - Change the disk size causes the unit changed 2120907 - Cannot filter disks by label 2121320 - Negative values in migration metrics 2122236 - Failing to delete HCO with SSP sticking around 2122990 - VMExport should check APIGroup 2124147 - "ReadOnlyMany" should not be added to supported values in memory dump 2124307 - Ui crash/stuck on loading when trying to detach disk on a VM 2124528 - On upgrade, when live-migration is failed due to an infra issue, virt-handler continuously and endlessly tries to migrate it 2124555 - View documentation link on MigrationPolicies page des not work 2124557 - MigrationPolicy description is not displayed on Details page 2124558 - Non-privileged user can start MigrationPolicy creation 2124565 - Deleted DataSource reappears in list 2124572 - First annotation can not be added to DataSource 2124582 - Filtering VMs by OS does not work 2124594 - Docker URL validation is inconsistent over application 2124597 - Wrong case in Create DataSource menu 2126104 - virtctl image-upload hangs waiting for pod to be ready with missing access mode defined in the storage profile 2126397 - many KubeVirtComponentExceedsRequestedMemory alerts in Firing state 2127787 - Expose the PVC source of the dataSource on UI 2127843 - UI crashed by selecting "Live migration network" 2127931 - Change default time range on Virtualization -> Overview -> Monitoring dashboard to 30 minutes 2127947 - cluster-network-addons-config tlsSecurityProfle takes a long time to update after setting APIServer 2128002 - Error after VM template deletion 2128107 - sriov-manage command fails to enable SRIOV Virtual functions on the Ampere GPU Cards 2128872 - [4.11]Can't restore cloned VM 2128948 - Cannot create DataSource from default YAML 2128949 - Cannot create MigrationPolicy from example YAML 2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 2129013 - Mark Windows 11 as TechPreview 2129234 - Service is not deleted along with the VM when the VM is created from a template with service 2129301 - Cloud-init network data don't wipe out on uncheck checkbox 'Add network data' 2129870 - crypto-policy : Accepting TLS 1.3 connections by validating webhook 2130509 - Auto image import in failed state with data sources pointing to external manually-created PVC/DV 2130588 - crypto-policy : Common Ciphers support by apiserver and hco 2130695 - crypto-policy : Logging Improvement and publish the source of ciphers 2130909 - Non-privileged user can start DataSource creation 2131157 - KV data transfer rate chart in VM Metrics tab is not displayed 2131165 - [dark mode] Additional statuses accordion on Virtualization Overview page not visible enough 2131674 - Bump virtlogd memory requirement to 20Mi 2132031 - Ensure Windows 2022 Templates are marked as TechPreview like it is done now for Windows 11 2132682 - Default YAML entity name convention. 2132721 - Delete dialogs 2132744 - Description text is missing in Live Migrations section 2132746 - Background is broken in Virtualization Monitoring page 2132783 - VM can not be created from Template with edited boot source 2132793 - Edited Template BSR is not saved 2132932 - Typo in PVC size units menu 2133540 - [pod security violation audit] Audit violation in "cni-plugins" container should be fixed 2133541 - [pod security violation audit] Audit violation in "bridge-marker" container should be fixed 2133542 - [pod security violation audit] Audit violation in "manager" container should be fixed 2133543 - [pod security violation audit] Audit violation in "kube-rbac-proxy" container should be fixed 2133655 - [pod security violation audit] Audit violation in "cdi-operator" container should be fixed 2133656 - [4.12][pod security violation audit] Audit violation in "hostpath-provisioner-operator" container should be fixed 2133659 - [pod security violation audit] Audit violation in "cdi-controller" container should be fixed 2133660 - [pod security violation audit] Audit violation in "cdi-source-update-poller" container should be fixed 2134123 - KubeVirtComponentExceedsRequestedMemory Alert for virt-handler pod 2134672 - [e2e] add data-test-id for catalog -> storage section 2134825 - Authorization for expand-spec endpoint missing 2135805 - Windows 2022 template is missing vTPM and UEFI params in spec 2136051 - Name jumping when trying to create a VM with source from catalog 2136425 - Windows 11 is detected as Windows 10 2136534 - Not possible to specify a TTL on VMExports 2137123 - VMExport: export pod is not PSA complaint 2137241 - Checkbox about delete vm disks is not loaded while deleting VM 2137243 - registery input add docker prefix twice 2137349 - "Manage source" action infinitely loading on DataImportCron details page 2137591 - Inconsistent dialog headings/titles 2137731 - Link of VM status in overview is not working 2137733 - No link for VMs in error status in "VirtualMachine statuses" card 2137736 - The column name "MigrationPolicy name" can just be "Name" 2137896 - crypto-policy: HCO should pick TLSProfile from apiserver if not provided explicitly 2138112 - Unsupported S3 endpoint option in Add disk modal 2138119 - "Customize VirtualMachine" flow is not user-friendly because settings are split into 2 modals 2138199 - Win11 and Win22 templates are not filtered properly by Template provider 2138653 - Saving Template prameters reloads the page 2138657 - Setting DATA_SOURCE_ Template parameters makes VM creation fail 2138664 - VM that was created with SSH key fails to start 2139257 - Cannot add disk via "Using an existing PVC" 2139260 - Clone button is disabled while VM is running 2139293 - Non-admin user cannot load VM list page 2139296 - Non-admin cannot load MigrationPolicies page 2139299 - No auto-generated VM name while creating VM by non-admin user 2139306 - Non-admin cannot create VM via customize mode 2139479 - virtualization overview crashes for non-priv user 2139574 - VM name gets "emptyname" if click the create button quickly 2139651 - non-priv user can click create when have no permissions 2139687 - catalog shows template list for non-priv users 2139738 - [4.12]Can't restore cloned VM 2139820 - non-priv user cant reach vm details 2140117 - Provide upgrade path from 4.11.1->4.12.0 2140521 - Click the breadcrumb list about "VirtualMachines" goes to undefined project 2140534 - [View only] it should give a permission error when user clicking the VNC play/connect button as a view only user 2140627 - Not able to select storageClass if there is no default storageclass defined 2140730 - Links on Virtualization Overview page lead to wrong namespace for non-priv user 2140808 - Hyperv feature set to "enabled: false" prevents scheduling 2140977 - Alerts number is not correct on Virtualization overview 2140982 - The base template of cloned template is "Not available" 2140998 - Incorrect information shows in overview page per namespace 2141089 - Unable to upload boot images. 2141302 - Unhealthy states alerts and state metrics are missing 2141399 - Unable to set TLS Security profile for CDI using HCO jsonpatch annotations 2141494 - "Start in pause mode" option is not available while creating the VM 2141654 - warning log appearing on VMs: found no SR-IOV networks 2141711 - Node column selector is redundant for non-priv user 2142468 - VM action "Stop" should not be disabled when VM in pause state 2142470 - Delete a VM or template from all projects leads to 404 error 2142511 - Enhance alerts card in overview 2142647 - Error after MigrationPolicy deletion 2142891 - VM latency checkup: Failed to create the checkup's Job 2142929 - Permission denied when try get instancestypes 2143268 - Topolvm storageProfile missing accessModes and volumeMode 2143498 - Could not load template while creating VM from catalog 2143964 - Could not load template while creating VM from catalog 2144580 - "?" icon is too big in VM Template Disk tab 2144828 - "?" icon is too big in VM Template Disk tab 2144839 - Alerts number is not correct on Virtualization overview 2153849 - After upgrade to 4.11.1->4.12.0 hco.spec.workloadUpdateStrategy value is getting overwritten 2155757 - Incorrect upstream-version label "v1.6.0-unstable-410-g09ea881c" is tagged to 4.12 hyperconverged-cluster-operator-container and hyperconverged-cluster-webhook-container


    1. Gentoo Linux Security Advisory GLSA 202212-01

                                           https://security.gentoo.org/
    

    Severity: High Title: curl: Multiple Vulnerabilities Date: December 19, 2022 Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365 ID: 202212-01


    Synopsis

    Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution.

    Background

    A command line tool and library for transferring data with URLs.

    Affected packages

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
    

    1 net-misc/curl < 7.86.0 >= 7.86.0

    Description

    Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details.

    Impact

    Please review the referenced CVE identifiers for details.

    Workaround

    There is no known workaround at this time.

    Resolution

    All curl users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.86.0"

    References

    [ 1 ] CVE-2021-22922 https://nvd.nist.gov/vuln/detail/CVE-2021-22922 [ 2 ] CVE-2021-22923 https://nvd.nist.gov/vuln/detail/CVE-2021-22923 [ 3 ] CVE-2021-22925 https://nvd.nist.gov/vuln/detail/CVE-2021-22925 [ 4 ] CVE-2021-22926 https://nvd.nist.gov/vuln/detail/CVE-2021-22926 [ 5 ] CVE-2021-22945 https://nvd.nist.gov/vuln/detail/CVE-2021-22945 [ 6 ] CVE-2021-22946 https://nvd.nist.gov/vuln/detail/CVE-2021-22946 [ 7 ] CVE-2021-22947 https://nvd.nist.gov/vuln/detail/CVE-2021-22947 [ 8 ] CVE-2022-22576 https://nvd.nist.gov/vuln/detail/CVE-2022-22576 [ 9 ] CVE-2022-27774 https://nvd.nist.gov/vuln/detail/CVE-2022-27774 [ 10 ] CVE-2022-27775 https://nvd.nist.gov/vuln/detail/CVE-2022-27775 [ 11 ] CVE-2022-27776 https://nvd.nist.gov/vuln/detail/CVE-2022-27776 [ 12 ] CVE-2022-27779 https://nvd.nist.gov/vuln/detail/CVE-2022-27779 [ 13 ] CVE-2022-27780 https://nvd.nist.gov/vuln/detail/CVE-2022-27780 [ 14 ] CVE-2022-27781 https://nvd.nist.gov/vuln/detail/CVE-2022-27781 [ 15 ] CVE-2022-27782 https://nvd.nist.gov/vuln/detail/CVE-2022-27782 [ 16 ] CVE-2022-30115 https://nvd.nist.gov/vuln/detail/CVE-2022-30115 [ 17 ] CVE-2022-32205 https://nvd.nist.gov/vuln/detail/CVE-2022-32205 [ 18 ] CVE-2022-32206 https://nvd.nist.gov/vuln/detail/CVE-2022-32206 [ 19 ] CVE-2022-32207 https://nvd.nist.gov/vuln/detail/CVE-2022-32207 [ 20 ] CVE-2022-32208 https://nvd.nist.gov/vuln/detail/CVE-2022-32208 [ 21 ] CVE-2022-32221 https://nvd.nist.gov/vuln/detail/CVE-2022-32221 [ 22 ] CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 [ 23 ] CVE-2022-35260 https://nvd.nist.gov/vuln/detail/CVE-2022-35260 [ 24 ] CVE-2022-42915 https://nvd.nist.gov/vuln/detail/CVE-2022-42915 [ 25 ] CVE-2022-42916 https://nvd.nist.gov/vuln/detail/CVE-2022-42916

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    https://security.gentoo.org/glsa/202212-01

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5 . Bugs fixed (https://bugzilla.redhat.com/):

    2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read

    1. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:

    https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/

    Security fixes:

    • moment: inefficient parsing algorithim resulting in DoS (CVE-2022-31129)
    • vm2: Sandbox Escape in vm2 (CVE-2022-36067)

    Bug fixes:

    • Submariner Globalnet e2e tests failed on MTU between On-Prem to Public clusters (BZ# 2074547)

    • OCP 4.11 - Install fails because of: pods "management-ingress-63029-5cf6789dd6-" is forbidden: unable to validate against any security context constrain (BZ# 2082254)

    • subctl gather fails to gather libreswan data if CableDriver field is missing/empty in Submariner Spec (BZ# 2083659)

    • Yaml editor for creating vSphere cluster moves to next line after typing (BZ# 2086883)

    • Submariner addon status doesn't track all deployment failures (BZ# 2090311)

    • Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn without including s3 secret (BZ# 2091170)

    • After switching to ACM 2.5 the managed clusters log "unable to create ClusterClaim" errors (BZ# 2095481)

    • Enforce failed and report the violation after modified memory value in limitrange policy (BZ# 2100036)

    • Creating an application fails with "This application has no subscription match selector (spec.selector.matchExpressions)" (BZ# 2101577)

    • Inconsistent cluster resource statuses between "All Subscription" topology and individual topologies (BZ# 2102273)

    • managed cluster is in "unknown" state for 120 mins after OADP restore

    • RHACM 2.5.2 images (BZ# 2104553)

    • Subscription UI does not allow binding to label with empty value (BZ# 2104961)

    • Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD (BZ# 2106069)

    • Region information is not available for Azure cloud in managedcluster CR (BZ# 2107134)

    • cluster uninstall log points to incorrect container name (BZ# 2107359)

    • ACM shows wrong path for Argo CD applicationset git generator (BZ# 2107885)

    • Single node checkbox not visible for 4.11 images (BZ# 2109134)

    • Unable to deploy hypershift cluster when enabling validate-cluster-security (BZ# 2109544)

    • Deletion of Application (including app related resources) from the console fails to delete PlacementRule for the application (BZ# 20110026)

    • After the creation by a policy of job or deployment (in case the object is missing)ACM is trying to add new containers instead of updating (BZ# 2117728)

    • pods in CrashLoopBackoff on 3.11 managed cluster (BZ# 2122292)

    • ArgoCD and AppSet Applications do not deploy to local-cluster (BZ# 2124707)

    • Bugs fixed (https://bugzilla.redhat.com/):

    2074547 - Submariner Globalnet e2e tests failed on MTU between On-Prem to Public clusters 2082254 - OCP 4.11 - Install fails because of: pods "management-ingress-63029-5cf6789dd6-" is forbidden: unable to validate against any security context constraint 2083659 - subctl gather fails to gather libreswan data if CableDriver field is missing/empty in Submariner Spec 2086883 - Yaml editor for creating vSphere cluster moves to next line after typing 2090311 - Submariner addon status doesn't track all deployment failures 2091170 - Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn without including s3 secret 2095481 - After switching to ACM 2.5 the managed clusters log "unable to create ClusterClaim" errors 2100036 - Enforce failed and report the violation after modified memory value in limitrange policy 2101577 - Creating an application fails with "This application has no subscription match selector (spec.selector.matchExpressions)" 2102273 - Inconsistent cluster resource statuses between "All Subscription" topology and individual topologies 2103653 - managed cluster is in "unknown" state for 120 mins after OADP restore 2104553 - RHACM 2.5.2 images 2104961 - Subscription UI does not allow binding to label with empty value 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 2106069 - Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD 2107134 - Region information is not available for Azure cloud in managedcluster CR 2107359 - cluster uninstall log points to incorrect container name 2107885 - ACM shows wrong path for Argo CD applicationset git generator 2109134 - Single node checkbox not visible for 4.11 images 2110026 - Deletion of Application (including app related resources) from the console fails to delete PlacementRule for the application 2117728 - After the creation by a policy of job or deployment (in case the object is missing)ACM is trying to add new containers instead of updating 2122292 - pods in CrashLoopBackoff on 3.11 managed cluster 2124707 - ArgoCD and AppSet Applications do not deploy to local-cluster 2124794 - CVE-2022-36067 vm2: Sandbox Escape in vm2

    5

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.1.0"
          },
          {
            "_id": null,
            "model": "clustered data ontap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "35"
          },
          {
            "_id": null,
            "model": "bootstrap os",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "solidfire",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "h700s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.0.6"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.16.4"
          },
          {
            "_id": null,
            "model": "h500s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "macos",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "13.0"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.0.0"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "8.2.12"
          },
          {
            "_id": null,
            "model": "hci management node",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "element software",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.84.0"
          },
          {
            "_id": null,
            "model": "h410s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "8.2.0"
          },
          {
            "_id": null,
            "model": "h300s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-32208"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "168158"
          },
          {
            "db": "PACKETSTORM",
            "id": "168213"
          },
          {
            "db": "PACKETSTORM",
            "id": "170741"
          },
          {
            "db": "PACKETSTORM",
            "id": "168289"
          },
          {
            "db": "PACKETSTORM",
            "id": "168503"
          },
          {
            "db": "PACKETSTORM",
            "id": "168378"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2022-32208",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2022-32208",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-424135",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "id": "CVE-2022-32208",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-32208",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-32208",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-424135",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-424135"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-32208"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-32208"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "When curl \u003c 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. Harry Sintonen incorrectly handled certain file permissions. \nAn attacker could possibly use this issue to expose sensitive information. \nThis issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: curl security update\nAdvisory ID:       RHSA-2022:6159-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:6159\nIssue date:        2022-08-24\nCVE Names:         CVE-2022-32206 CVE-2022-32208\n====================================================================\n1. Summary:\n\nAn update for curl is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. \n\nSecurity Fix(es):\n\n* curl: HTTP compression denial of service (CVE-2022-32206)\n\n* curl: FTP-KRB bad message verification (CVE-2022-32208)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2099300 - CVE-2022-32206 curl: HTTP compression denial of service\n2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification\n\n6. Package List:\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\ncurl-7.61.1-22.el8_6.4.src.rpm\n\naarch64:\ncurl-7.61.1-22.el8_6.4.aarch64.rpm\ncurl-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm\ncurl-debugsource-7.61.1-22.el8_6.4.aarch64.rpm\ncurl-minimal-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm\nlibcurl-7.61.1-22.el8_6.4.aarch64.rpm\nlibcurl-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm\nlibcurl-devel-7.61.1-22.el8_6.4.aarch64.rpm\nlibcurl-minimal-7.61.1-22.el8_6.4.aarch64.rpm\nlibcurl-minimal-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm\n\nppc64le:\ncurl-7.61.1-22.el8_6.4.ppc64le.rpm\ncurl-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm\ncurl-debugsource-7.61.1-22.el8_6.4.ppc64le.rpm\ncurl-minimal-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm\nlibcurl-7.61.1-22.el8_6.4.ppc64le.rpm\nlibcurl-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm\nlibcurl-devel-7.61.1-22.el8_6.4.ppc64le.rpm\nlibcurl-minimal-7.61.1-22.el8_6.4.ppc64le.rpm\nlibcurl-minimal-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm\n\ns390x:\ncurl-7.61.1-22.el8_6.4.s390x.rpm\ncurl-debuginfo-7.61.1-22.el8_6.4.s390x.rpm\ncurl-debugsource-7.61.1-22.el8_6.4.s390x.rpm\ncurl-minimal-debuginfo-7.61.1-22.el8_6.4.s390x.rpm\nlibcurl-7.61.1-22.el8_6.4.s390x.rpm\nlibcurl-debuginfo-7.61.1-22.el8_6.4.s390x.rpm\nlibcurl-devel-7.61.1-22.el8_6.4.s390x.rpm\nlibcurl-minimal-7.61.1-22.el8_6.4.s390x.rpm\nlibcurl-minimal-debuginfo-7.61.1-22.el8_6.4.s390x.rpm\n\nx86_64:\ncurl-7.61.1-22.el8_6.4.x86_64.rpm\ncurl-debuginfo-7.61.1-22.el8_6.4.i686.rpm\ncurl-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm\ncurl-debugsource-7.61.1-22.el8_6.4.i686.rpm\ncurl-debugsource-7.61.1-22.el8_6.4.x86_64.rpm\ncurl-minimal-debuginfo-7.61.1-22.el8_6.4.i686.rpm\ncurl-minimal-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm\nlibcurl-7.61.1-22.el8_6.4.i686.rpm\nlibcurl-7.61.1-22.el8_6.4.x86_64.rpm\nlibcurl-debuginfo-7.61.1-22.el8_6.4.i686.rpm\nlibcurl-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm\nlibcurl-devel-7.61.1-22.el8_6.4.i686.rpm\nlibcurl-devel-7.61.1-22.el8_6.4.x86_64.rpm\nlibcurl-minimal-7.61.1-22.el8_6.4.i686.rpm\nlibcurl-minimal-7.61.1-22.el8_6.4.x86_64.rpm\nlibcurl-minimal-debuginfo-7.61.1-22.el8_6.4.i686.rpm\nlibcurl-minimal-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-32206\nhttps://access.redhat.com/security/cve/CVE-2022-32208\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYwa9b9zjgjWX9erEAQi1rQ/+Kw4R4cPAIlGUx4vJwSMw8zwCDxnLviV+\nYgCpaCuUwCkWI9hrAQNC1O5i2MSl7j8jI9dt0Oe770VwNIZPzJMK8MX96zYdeOsg\nEiuwTW5KTWKwCeAvPt6ydVji9R0N7FMDBxmdi1aE8gBt8J6pIwp4ozrR4jXiXCjB\ndQJlc2kf7YXDiengte1jpXNCFh2ar9t8lqmW53Hu05zR8VFdAPk6NM1kTIploICN\nblR9t80TbWouBvN2A6gIZ0ZWnbJOY9odCBHdo5ay8kufmQC0K9QKb7jyoaUUHVau\n5/HVbncd7bFQuyu+yGoOxU1TCxwee3B9LAmR4uzDdJcaTxPgvK2cyskdTVz+9N9k\nnJLDYGaL7UNC7YkbByN58VC6fdGsnn8QIXHg7ICTgdhYiPZ3uP5JUiDrAGKKb/v+\nXPtwYHuh6yX0OfS0JqFEMjR0P1rFLiuDNBOPBDiTV2mBVd+7kiNTs1izUDGwQeFd\nVaNNNU4kpD3FGOgRwxIAKz2qCX+Ody8goBeJJPGcVlmDp025ZrMisl1QC8/3eTas\nML+TSvTeaSY/I35uPzKsoh1f+/lAwUsB54I6NxHH3vWYryievuSdpjtNsQInACjw\nowX+pU5CfOwdD56Hqdhb7fjuJVufo6VC8b0zy/vSZYnNt0cfojXA73F3B1K5+XcF\nbBkTeh+fqsg=powM\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.3.12 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/\n\nSecurity fix:\n\n* CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n\nBug fixes:\n\n* Remove 1.9.1 from Proxy Patch Documentation (BZ# 2076856)\n\n* RHACM 2.3.12 images (BZ# 2101411)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2076856 - [doc] Remove 1.9.1 from Proxy Patch Documentation\n2101411 - RHACM 2.3.12 images\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n\n5. Description:\n\nOpenShift Virtualization is Red Hat\u0027s virtualization solution designed for\nRed Hat OpenShift Container Platform. This advisory contains the following\nOpenShift Virtualization 4.12.0 images:\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache\n(CVE-2021-44716)\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs\n(CVE-2022-1798)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n(CVE-2021-38561)\n\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header\n(CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions\n(CVE-2022-1962)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled\noverflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect\naccess control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field\nelements (CVE-2022-23806)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit\nX-Forwarded-For not working (CVE-2022-32148)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add\n(CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nRHEL-8-CNV-4.12\n\n=============\nbridge-marker-container-v4.12.0-24\ncluster-network-addons-operator-container-v4.12.0-24\ncnv-containernetworking-plugins-container-v4.12.0-24\ncnv-must-gather-container-v4.12.0-58\nhco-bundle-registry-container-v4.12.0-769\nhostpath-csi-driver-container-v4.12.0-30\nhostpath-provisioner-container-v4.12.0-30\nhostpath-provisioner-operator-container-v4.12.0-31\nhyperconverged-cluster-operator-container-v4.12.0-96\nhyperconverged-cluster-webhook-container-v4.12.0-96\nkubemacpool-container-v4.12.0-24\nkubevirt-console-plugin-container-v4.12.0-182\nkubevirt-ssp-operator-container-v4.12.0-64\nkubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55\nkubevirt-tekton-tasks-copy-template-container-v4.12.0-55\nkubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55\nkubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55\nkubevirt-tekton-tasks-operator-container-v4.12.0-40\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55\nkubevirt-template-validator-container-v4.12.0-32\nlibguestfs-tools-container-v4.12.0-255\novs-cni-marker-container-v4.12.0-24\novs-cni-plugin-container-v4.12.0-24\nvirt-api-container-v4.12.0-255\nvirt-artifacts-server-container-v4.12.0-255\nvirt-cdi-apiserver-container-v4.12.0-72\nvirt-cdi-cloner-container-v4.12.0-72\nvirt-cdi-controller-container-v4.12.0-72\nvirt-cdi-importer-container-v4.12.0-72\nvirt-cdi-operator-container-v4.12.0-72\nvirt-cdi-uploadproxy-container-v4.12.0-71\nvirt-cdi-uploadserver-container-v4.12.0-72\nvirt-controller-container-v4.12.0-255\nvirt-exportproxy-container-v4.12.0-255\nvirt-exportserver-container-v4.12.0-255\nvirt-handler-container-v4.12.0-255\nvirt-launcher-container-v4.12.0-255\nvirt-operator-container-v4.12.0-255\nvirtio-win-container-v4.12.0-10\nvm-network-latency-checkup-container-v4.12.0-89\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1719190 - Unable to cancel live-migration if virt-launcher pod in pending state\n2023393 - [CNV] [UI]Additional information needed for cloning when default storageclass in not defined in target datavolume\n2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache\n2030806 - CVE-2021-44717 golang: syscall: don\u0027t close fd 0 on ForkExec error\n2040377 - Unable to delete failed VMIM after VM deleted\n2046298 - mdevs not configured with drivers installed, if mdev config added to HCO CR before drivers are installed\n2052556 - Metric \"kubevirt_num_virt_handlers_by_node_running_virt_launcher\" reporting incorrect value\n2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements\n2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString\n2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control\n2060499 - [RFE] Cannot add additional service (or other objects) to VM template\n2069098 - Large scale |VMs migration is slow due to low migration parallelism\n2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass\n2071491 - Storage Throughput metrics are incorrect in Overview\n2072797 - Metrics in Virtualization -\u003e Overview period is not clear or configurable\n2072821 - Top Consumers of Storage Traffic in Kubevirt Dashboard giving unexpected numbers\n2079916 - KubeVirt CR seems to be in DeploymentInProgress state and not recovering\n2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group\n2086285 - [dark mode] VirtualMachine - in the Utilization card the percentages and the graphs not visible enough in dark mode\n2086551 - Min CPU feature found in labels\n2087724 - Default template show no boot source even there are auto-upload boot sources\n2088129 - [SSP] webhook does not comply with restricted security context\n2088464 - [CDI] cdi-deployment does not comply with restricted security context\n2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR\n2089744 - HCO should label its control plane namespace to admit pods at privileged security level\n2089751 - 4.12.0 containers\n2089804 - 4.12.0 rpms\n2091856 - ?Edit BootSource? action should have more explicit information when disabled\n2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n2092796 - [RFE] CPU|Memory display in the template card is not consistent with the display in the template drawer\n2093771 - The disk source should be PVC if the template has no auto-update boot source\n2093996 - kubectl get vmi API should always return primary interface if exist\n2094202 - Cloud-init username field should have hint\n2096285 - KubeVirt CR API documentation is missing docs for many fields\n2096780 - [RFE] Add ssh-key and sysprep to template scripts tab\n2097436 - Online disk expansion ignores filesystem overhead change\n2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP\n2099556 - [RFE] Add option to enable RDP service for windows vm\n2099573 - [RFE] Improve template\u0027s message about not editable\n2099923 - [RFE] Merge \"SSH access\" and \"SSH command\" into one\n2100290 - Error is not dismissed on catalog review page\n2100436 - VM list filtering ignores VMs in error-states\n2100442 - [RFE] allow enabling and disabling SSH service while VM is shut down\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n2100629 - Update nested support KBASE article\n2100679 - The number of hardware devices is not correct in vm overview tab\n2100682 - All hardware devices get deleted while just delete one\n2100684 - Workload profile are not editable during creation and after creation\n2101144 - VM filter has two \"Other\" checkboxes which are triggered together\n2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode\n2101167 - Edit buttons clickable area is too large. \n2101333 - [e2e] elements on Template Scheduling tab are missing proper data-test-id\n2101335 - Clone action enabled in VM list kebab button for a VM in CrashLoopBackOff state\n2101390 - Easy to miss the \"tick\" when adding GPU device to vm via UI\n2101394 - [e2e] elements on VM Scripts tab are missing proper data-test-id\n2101423 - wrong user name on using ignition\n2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page\n2101445 - \"Pending changes - Boot Order\"\n2101454 - Cannot add PVC boot source to template in \u0027Edit Boot Source Reference\u0027 view as a non-priv user\n2101499 - Cannot add NIC to VM template as non-priv user\n2101501 - NAME parameter in VM template has no effect. \n2101628 - non-priv user cannot load dataSource while edit template\u0027s rootdisk\n2101667 - VMI view is not aligned with vm and tempates\n2101681 - All templates are labeling \"source available\" in template list page\n2102074 - VM Creation time on VM Overview Details card lacks string\n2102125 - vm clone modal is displaying DV size instead of PVC size\n2102132 - align the utilization card of single VM overview with the design\n2102138 - Should the word \"new\" be removed from \"Create new VirtualMachine from catalog\"?\n2102256 - Add button moved to right\n2102448 - VM disk is deleted by uncheck \"Delete disks (1x)\" on delete modal\n2102475 - Template \u0027vm-template-example\u0027 should be filtered by \u0027Fedora\u0027 rather than \u0027Other\u0027\n2102561 - sysprep-info should link to downstream doc\n2102737 - Clone a VM should lead to vm overview tab\n2102740 - \"Save\" button on vm clone modal should be \"Clone\"\n2103806 - \"404: Not Found\" appears shortly by clicking the PVC link on vm disk tab\n2103807 - PVC is not named by VM name while creating vm quickly\n2103817 - Workload profile values in vm details should align with template\u0027s value\n2103844 - VM nic model is empty\n2104331 - VM list page scroll up automatically\n2104402 - VM create button is not enabled while adding multiple environment disks\n2104422 - Storage status report \"OpenShift Data Foundation is not available\" even the operator is installed\n2104424 - Enable descheduler or hide it on template\u0027s scheduling tab\n2104479 - [4.12] Cloned VM\u0027s snapshot restore fails if the source VM disk is deleted\n2104480 - Alerts in VM overview tab disappeared after a few seconds\n2104785 - \"Add disk\" and \"Disks\" are on the same line\n2104859 - [RFE] Add \"Copy SSH command\" to VM action list\n2105257 - Can\u0027t set log verbosity level for virt-operator pod\n2106175 - All pages are crashed after visit Virtualization -\u003e Overview\n2106963 - Cannot add configmap for windows VM\n2107279 - VM Template\u0027s bootable disk can be marked as bootable\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob\n2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header\n2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions\n2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working\n2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode\n2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip\n2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n2108339 - datasource does not provide timestamp when updated\n2108638 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed\n2109818 - Upstream metrics documentation is not detailed enough\n2109975 - DataVolume fails to import \"cirros-container-disk-demo\" image\n2110256 - Storage -\u003e PVC -\u003e upload data, does not support source reference\n2110562 - CNV introduces a compliance check fail in \"ocp4-moderate\" profile - routes-protected-by-tls\n2111240 - GiB changes to B in Template\u0027s Edit boot source reference modal\n2111292 - kubevirt plugin console is crashed after creating a vm with 2 nics\n2111328 - kubevirt plugin console crashed after visit vmi page\n2111378 - VM SSH command generated by UI points at api VIP\n2111744 - Cloned template should not label `app.kubernetes.io/name: common-templates`\n2111794 - the virtlogd process is taking too much RAM! (17468Ki \u003e 17Mi)\n2112900 - button style are different\n2114516 - Nothing happens after clicking on Fedora cloud image list link\n2114636 - The style of displayed items are not unified on VM tabs\n2114683 - VM overview tab is crashed just after the vm is created\n2115257 - Need to Change system-product-name to \"OpenShift  Virtualization\" in CNV-4.12\n2115258 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass\n2115280 - [e2e] kubevirt-e2e-aws see two duplicated navigation items\n2115769 - Machine type is updated to rhel8.6.0 in KV CR but not in Templates\n2116225 - The filter keyword of the related operator \u0027Openshift Data Foundation\u0027 is \u0027OCS\u0027 rather than \u0027ODF\u0027\n2116644 - Importer pod is failing to start with error \"MountVolume.SetUp failed for volume \"cdi-proxy-cert-vol\" : configmap \"custom-ca\" not found\"\n2117549 - Cannot edit cloud-init data after add ssh key\n2117803 - Cannot edit ssh even vm is stopped\n2117813 - Improve descriptive text of VM details while VM is off\n2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs\n2118257 - outdated doc link tolerations modal\n2118823 - Deprecated API 1.25 call: virt-cdi-controller/v0.0.0 (linux/amd64) kubernetes/$Format\n2119069 - Unable to start windows VMs on PSI setups\n2119128 - virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24\n2119309 - readinessProbe in VM stays on failed\n2119615 - Change the disk size causes the unit changed\n2120907 - Cannot filter disks by label\n2121320 - Negative values in migration metrics\n2122236 - Failing to delete HCO with SSP sticking around\n2122990 - VMExport should check APIGroup\n2124147 - \"ReadOnlyMany\" should not be added to supported values in memory dump\n2124307 - Ui crash/stuck on loading when trying to detach disk on a VM\n2124528 - On upgrade, when live-migration is failed due to an infra issue, virt-handler continuously and endlessly tries to migrate it\n2124555 - View documentation link on MigrationPolicies page des not work\n2124557 - MigrationPolicy description is not displayed on Details page\n2124558 - Non-privileged user can start MigrationPolicy creation\n2124565 - Deleted DataSource reappears in list\n2124572 - First annotation can not be added to DataSource\n2124582 - Filtering VMs by OS does not work\n2124594 - Docker URL validation is inconsistent over application\n2124597 - Wrong case in Create DataSource menu\n2126104 - virtctl image-upload hangs waiting for pod to be ready with missing access mode defined in the storage profile\n2126397 - many KubeVirtComponentExceedsRequestedMemory alerts in Firing state\n2127787 - Expose the PVC source of the dataSource on UI\n2127843 - UI crashed by selecting \"Live migration network\"\n2127931 - Change default time range on Virtualization -\u003e Overview -\u003e Monitoring dashboard to 30 minutes\n2127947 - cluster-network-addons-config tlsSecurityProfle takes a long time to update after setting APIServer\n2128002 - Error after VM template deletion\n2128107 - sriov-manage command fails to enable SRIOV Virtual functions on the Ampere GPU Cards\n2128872 - [4.11]Can\u0027t restore cloned VM\n2128948 - Cannot create DataSource from default YAML\n2128949 - Cannot create MigrationPolicy from example YAML\n2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24\n2129013 - Mark Windows 11 as TechPreview\n2129234 - Service is not deleted along with the VM when the VM is created from a template with service\n2129301 - Cloud-init network data don\u0027t wipe out on uncheck checkbox \u0027Add network data\u0027\n2129870 - crypto-policy : Accepting TLS 1.3 connections by validating webhook\n2130509 - Auto image import in failed state with data sources pointing to external manually-created PVC/DV\n2130588 - crypto-policy : Common Ciphers support by apiserver and hco\n2130695 - crypto-policy : Logging Improvement and publish the source of ciphers\n2130909 - Non-privileged user can start DataSource creation\n2131157 - KV data transfer rate chart in VM Metrics tab is not displayed\n2131165 - [dark mode] Additional statuses accordion on Virtualization Overview page not visible enough\n2131674 - Bump virtlogd memory requirement to 20Mi\n2132031 - Ensure Windows 2022 Templates are marked as TechPreview like it is done now for Windows 11\n2132682 - Default YAML entity name convention. \n2132721 - Delete dialogs\n2132744 - Description text is missing in Live Migrations section\n2132746 - Background is broken in Virtualization Monitoring page\n2132783 - VM can not be created from Template with edited boot source\n2132793 - Edited Template BSR is not saved\n2132932 - Typo in PVC size units menu\n2133540 - [pod security violation audit] Audit violation in \"cni-plugins\" container should be fixed\n2133541 - [pod security violation audit] Audit violation in \"bridge-marker\" container should be fixed\n2133542 - [pod security violation audit] Audit violation in \"manager\" container should be fixed\n2133543 - [pod security violation audit] Audit violation in \"kube-rbac-proxy\" container should be fixed\n2133655 - [pod security violation audit] Audit violation in \"cdi-operator\" container should be fixed\n2133656 - [4.12][pod security violation audit] Audit violation in \"hostpath-provisioner-operator\" container should be fixed\n2133659 - [pod security violation audit] Audit violation in \"cdi-controller\" container should be fixed\n2133660 - [pod security violation audit] Audit violation in \"cdi-source-update-poller\" container should be fixed\n2134123 - KubeVirtComponentExceedsRequestedMemory Alert for virt-handler pod\n2134672 - [e2e] add data-test-id for catalog -\u003e storage section\n2134825 - Authorization for expand-spec endpoint missing\n2135805 - Windows 2022 template is missing vTPM and UEFI params in spec\n2136051 - Name jumping when trying to create a VM with source from catalog\n2136425 - Windows 11 is detected as Windows 10\n2136534 - Not possible to specify a TTL on VMExports\n2137123 - VMExport: export pod is not PSA complaint\n2137241 - Checkbox about delete vm disks is not loaded while deleting VM\n2137243 - registery input add docker prefix twice\n2137349 - \"Manage source\" action infinitely loading on DataImportCron details page\n2137591 - Inconsistent dialog headings/titles\n2137731 - Link of VM status in overview is not working\n2137733 - No link for VMs in error status in \"VirtualMachine statuses\" card\n2137736 - The column name \"MigrationPolicy name\" can just be \"Name\"\n2137896 - crypto-policy: HCO should pick TLSProfile from apiserver if not provided explicitly\n2138112 - Unsupported S3 endpoint option in Add disk modal\n2138119 - \"Customize VirtualMachine\" flow is not user-friendly because settings are split into 2 modals\n2138199 - Win11 and Win22 templates are not filtered properly by Template provider\n2138653 - Saving Template prameters reloads the page\n2138657 - Setting DATA_SOURCE_* Template parameters makes VM creation fail\n2138664 - VM that was created with SSH key fails to start\n2139257 - Cannot add disk via \"Using an existing PVC\"\n2139260 - Clone button is disabled while VM is running\n2139293 - Non-admin user cannot load VM list page\n2139296 - Non-admin cannot load MigrationPolicies page\n2139299 - No auto-generated VM name while creating VM by non-admin user\n2139306 - Non-admin cannot create VM via customize mode\n2139479 - virtualization overview crashes for non-priv user\n2139574 - VM name gets \"emptyname\" if click the create button quickly\n2139651 - non-priv user can click create when have no permissions\n2139687 - catalog shows template list for non-priv users\n2139738 - [4.12]Can\u0027t restore cloned VM\n2139820 - non-priv user cant reach vm details\n2140117 - Provide upgrade path from 4.11.1-\u003e4.12.0\n2140521 - Click the breadcrumb list about \"VirtualMachines\" goes to undefined project\n2140534 - [View only] it should give a permission error when user clicking the VNC play/connect button as a view only user\n2140627 - Not able to select storageClass if there is no default storageclass defined\n2140730 - Links on Virtualization Overview page lead to wrong namespace for non-priv user\n2140808 - Hyperv feature set to \"enabled: false\" prevents scheduling\n2140977 - Alerts number is not correct on Virtualization overview\n2140982 - The base template of cloned template is \"Not available\"\n2140998 - Incorrect information shows in overview page per namespace\n2141089 - Unable to upload boot images. \n2141302 - Unhealthy states alerts and state metrics are missing\n2141399 - Unable to set TLS Security profile for CDI using HCO jsonpatch annotations\n2141494 - \"Start in pause mode\" option is not available while creating the VM\n2141654 - warning log appearing on VMs: found no SR-IOV networks\n2141711 - Node column selector is redundant for non-priv user\n2142468 - VM action \"Stop\" should not be disabled when VM in pause state\n2142470 - Delete a VM or template from all projects leads to 404 error\n2142511 - Enhance alerts card in overview\n2142647 - Error after MigrationPolicy deletion\n2142891 - VM latency checkup: Failed to create the checkup\u0027s Job\n2142929 - Permission denied when try get instancestypes\n2143268 - Topolvm storageProfile missing accessModes and volumeMode\n2143498 - Could not load template while creating VM from catalog\n2143964 - Could not load template while creating VM from catalog\n2144580 - \"?\" icon is too big in VM Template Disk tab\n2144828 - \"?\" icon is too big in VM Template Disk tab\n2144839 - Alerts number is not correct on Virtualization overview\n2153849 - After upgrade to 4.11.1-\u003e4.12.0 hco.spec.workloadUpdateStrategy value is getting overwritten\n2155757 - Incorrect upstream-version label \"v1.6.0-unstable-410-g09ea881c\" is tagged to 4.12 hyperconverged-cluster-operator-container and hyperconverged-cluster-webhook-container\n\n5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202212-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: curl: Multiple Vulnerabilities\n     Date: December 19, 2022\n     Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365\n       ID: 202212-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in curl, the worst of which\ncould result in arbitrary code execution. \n\nBackground\n=========\nA command line tool and library for transferring data with URLs. \n\nAffected packages\n================\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-misc/curl              \u003c 7.86.0                    \u003e= 7.86.0\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in curl. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll curl users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-misc/curl-7.86.0\"\n\nReferences\n=========\n[ 1 ] CVE-2021-22922\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22922\n[ 2 ] CVE-2021-22923\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22923\n[ 3 ] CVE-2021-22925\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22925\n[ 4 ] CVE-2021-22926\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22926\n[ 5 ] CVE-2021-22945\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22945\n[ 6 ] CVE-2021-22946\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22946\n[ 7 ] CVE-2021-22947\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22947\n[ 8 ] CVE-2022-22576\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22576\n[ 9 ] CVE-2022-27774\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27774\n[ 10 ] CVE-2022-27775\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27775\n[ 11 ] CVE-2022-27776\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27776\n[ 12 ] CVE-2022-27779\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27779\n[ 13 ] CVE-2022-27780\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27780\n[ 14 ] CVE-2022-27781\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27781\n[ 15 ] CVE-2022-27782\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27782\n[ 16 ] CVE-2022-30115\n      https://nvd.nist.gov/vuln/detail/CVE-2022-30115\n[ 17 ] CVE-2022-32205\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32205\n[ 18 ] CVE-2022-32206\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32206\n[ 19 ] CVE-2022-32207\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32207\n[ 20 ] CVE-2022-32208\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32208\n[ 21 ] CVE-2022-32221\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32221\n[ 22 ] CVE-2022-35252\n      https://nvd.nist.gov/vuln/detail/CVE-2022-35252\n[ 23 ] CVE-2022-35260\n      https://nvd.nist.gov/vuln/detail/CVE-2022-35260\n[ 24 ] CVE-2022-42915\n      https://nvd.nist.gov/vuln/detail/CVE-2022-42915\n[ 25 ] CVE-2022-42916\n      https://nvd.nist.gov/vuln/detail/CVE-2022-42916\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202212-01\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. Bugs fixed (https://bugzilla.redhat.com/):\n\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n\n5. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/\n\nSecurity fixes:\n\n* moment: inefficient parsing algorithim resulting in DoS (CVE-2022-31129)\n* vm2: Sandbox Escape in vm2 (CVE-2022-36067)\n\nBug fixes:\n\n* Submariner Globalnet e2e tests failed on MTU between On-Prem to Public\nclusters (BZ# 2074547)\n\n* OCP 4.11 - Install fails because of: pods\n\"management-ingress-63029-5cf6789dd6-\" is forbidden: unable to validate\nagainst any security context constrain (BZ# 2082254)\n\n* subctl gather fails to gather libreswan data if CableDriver field is\nmissing/empty in Submariner Spec (BZ# 2083659)\n\n* Yaml editor for creating vSphere cluster moves to next line after typing\n(BZ# 2086883)\n\n* Submariner addon status doesn\u0027t track all deployment failures (BZ#\n2090311)\n\n* Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn\nwithout including s3 secret (BZ# 2091170)\n\n* After switching to ACM 2.5 the managed clusters log \"unable to create\nClusterClaim\" errors (BZ# 2095481)\n\n* Enforce failed and report the violation after modified memory value in\nlimitrange policy (BZ# 2100036)\n\n* Creating an application fails with \"This application has no subscription\nmatch selector (spec.selector.matchExpressions)\" (BZ# 2101577)\n\n* Inconsistent cluster resource statuses between \"All Subscription\"\ntopology and individual topologies (BZ# 2102273)\n\n* managed cluster is in \"unknown\" state for 120 mins after OADP restore\n\n* RHACM 2.5.2 images (BZ# 2104553)\n\n* Subscription UI does not allow binding to label with empty value (BZ#\n2104961)\n\n* Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD (BZ#\n2106069)\n\n* Region information is not available for Azure cloud in managedcluster CR\n(BZ# 2107134)\n\n* cluster uninstall log points to incorrect container name (BZ# 2107359)\n\n* ACM shows wrong path for Argo CD applicationset git generator (BZ#\n2107885)\n\n* Single node checkbox not visible for 4.11 images (BZ# 2109134)\n\n* Unable to deploy hypershift cluster when enabling\nvalidate-cluster-security (BZ# 2109544)\n\n* Deletion of Application (including app related resources) from the\nconsole fails to delete PlacementRule for the application (BZ# 20110026)\n\n* After the creation by a policy of job or deployment (in case the object\nis missing)ACM is trying to add new containers instead of updating (BZ#\n2117728)\n\n* pods in CrashLoopBackoff on 3.11 managed cluster (BZ# 2122292)\n\n* ArgoCD and AppSet Applications do not deploy to local-cluster (BZ#\n2124707)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2074547 - Submariner Globalnet e2e tests failed on MTU between On-Prem to Public clusters\n2082254 - OCP 4.11 - Install fails because of: pods \"management-ingress-63029-5cf6789dd6-\" is forbidden: unable to validate against any security context constraint\n2083659 - subctl gather fails to gather libreswan data if CableDriver field is missing/empty in Submariner Spec\n2086883 - Yaml editor for creating vSphere cluster moves to next line after typing\n2090311 - Submariner addon status doesn\u0027t track all deployment failures\n2091170 - Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn without including s3 secret\n2095481 - After switching to ACM 2.5 the managed clusters log \"unable to create ClusterClaim\" errors\n2100036 - Enforce failed and report the violation after modified memory value in limitrange policy\n2101577 - Creating an application fails with \"This application has no subscription match selector (spec.selector.matchExpressions)\"\n2102273 - Inconsistent cluster resource statuses between \"All Subscription\" topology and individual topologies\n2103653 - managed cluster is in \"unknown\" state for 120 mins after OADP restore\n2104553 - RHACM 2.5.2 images\n2104961 - Subscription UI does not allow binding to label with empty value\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n2106069 - Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD\n2107134 - Region information is not available for Azure cloud in managedcluster CR\n2107359 - cluster uninstall log points to incorrect container name\n2107885 - ACM shows wrong path for Argo CD applicationset git generator\n2109134 - Single node checkbox not visible for 4.11 images\n2110026 - Deletion of Application (including app related resources) from the console fails to delete PlacementRule for the application\n2117728 - After the creation by a policy of job or deployment (in case the object is missing)ACM is trying to add new containers instead of updating\n2122292 - pods in CrashLoopBackoff on 3.11 managed cluster\n2124707 - ArgoCD and AppSet Applications do not deploy to local-cluster\n2124794 - CVE-2022-36067 vm2:  Sandbox Escape in vm2\n\n5",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-32208"
          },
          {
            "db": "VULHUB",
            "id": "VHN-424135"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-32208"
          },
          {
            "db": "PACKETSTORM",
            "id": "168158"
          },
          {
            "db": "PACKETSTORM",
            "id": "168213"
          },
          {
            "db": "PACKETSTORM",
            "id": "170741"
          },
          {
            "db": "PACKETSTORM",
            "id": "170303"
          },
          {
            "db": "PACKETSTORM",
            "id": "168289"
          },
          {
            "db": "PACKETSTORM",
            "id": "168503"
          },
          {
            "db": "PACKETSTORM",
            "id": "168378"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-32208",
            "trust": 1.9
          },
          {
            "db": "HACKERONE",
            "id": "1590071",
            "trust": 1.1
          },
          {
            "db": "PACKETSTORM",
            "id": "168289",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "168503",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "168378",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "168158",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "168284",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "168275",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "167661",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "168174",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "167607",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "168347",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "168301",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-424135",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-32208",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "168213",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "170741",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "170303",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-424135"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-32208"
          },
          {
            "db": "PACKETSTORM",
            "id": "168158"
          },
          {
            "db": "PACKETSTORM",
            "id": "168213"
          },
          {
            "db": "PACKETSTORM",
            "id": "170741"
          },
          {
            "db": "PACKETSTORM",
            "id": "170303"
          },
          {
            "db": "PACKETSTORM",
            "id": "168289"
          },
          {
            "db": "PACKETSTORM",
            "id": "168503"
          },
          {
            "db": "PACKETSTORM",
            "id": "168378"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-32208"
          }
        ]
      },
      "id": "VAR-202206-1961",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-424135"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2026-04-10T23:24:46.149000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Ubuntu Security Notice: USN-5499-1: curl vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5499-1"
          },
          {
            "title": "Ubuntu Security Notice: USN-5495-1: curl vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5495-1"
          },
          {
            "title": "Red Hat: ",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-32208"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-32208"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-840",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-424135"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-32208"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.2,
            "url": "https://security.gentoo.org/glsa/202212-01"
          },
          {
            "trust": 1.1,
            "url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
          },
          {
            "trust": 1.1,
            "url": "https://support.apple.com/kb/ht213488"
          },
          {
            "trust": 1.1,
            "url": "https://www.debian.org/security/2022/dsa-5197"
          },
          {
            "trust": 1.1,
            "url": "http://seclists.org/fulldisclosure/2022/oct/28"
          },
          {
            "trust": 1.1,
            "url": "http://seclists.org/fulldisclosure/2022/oct/41"
          },
          {
            "trust": 1.1,
            "url": "https://hackerone.com/reports/1590071"
          },
          {
            "trust": 1.1,
            "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bev6br4mti3cewk2yu2hqzuw5fas3fey/"
          },
          {
            "trust": 0.7,
            "url": "https://access.redhat.com/security/cve/cve-2022-32208"
          },
          {
            "trust": 0.6,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2022-32206"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.6,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32208"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-2097"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1292"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-1292"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-1586"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-2068"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1586"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-1785"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-1897"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-1927"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-29154"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2068"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2097"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-2526"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-30631"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29154"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-21123"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-32250"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-21166"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-21125"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-1012"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1012"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-31129"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-20107"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0391"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0391"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-34903"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2015-20107"
          },
          {
            "trust": 0.2,
            "url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-release-notes.html"
          },
          {
            "trust": 0.2,
            "url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2526"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30631"
          },
          {
            "trust": 0.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bev6br4mti3cewk2yu2hqzuw5fas3fey/"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-5499-1"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-5495-1"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:6159"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-26116"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26116"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-25314"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-27782"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1729"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-27776"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html-single/install/index#installing"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22576"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1966"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3177"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26137"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-40528"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1729"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1966"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-25313"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/index"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-26137"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-27774"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-40528"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3177"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:6271"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-29824"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:0408"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-30632"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-30698"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-30629"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1304"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26716"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-27406"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-30293"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23772"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-35525"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-28131"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-38561"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-40674"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-38561"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22624"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22662"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44716"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-0308"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-35527"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-29526"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0934"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-0256"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-30633"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-3709"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1705"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3709"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-42898"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22629"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26717"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23773"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35525"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-30630"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24795"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26719"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1962"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-30635"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-2509"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-3787"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-44716"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26709"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0256"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44717"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26700"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-27405"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-25308"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26710"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1304"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-25309"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-27404"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-30699"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35527"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-25310"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-32148"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23806"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1798"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22628"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0934"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-0308"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-37434"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-44717"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-3515"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22922"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27782"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27776"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27779"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30115"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22576"
          },
          {
            "trust": 0.1,
            "url": "https://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-35260"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22926"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27781"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22945"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32207"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27774"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27775"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32205"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27780"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-35252"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42916"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42915"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22923"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32221"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
          },
          {
            "trust": 0.1,
            "url": "https://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:6182"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21166"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-34903"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21123"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:6560"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21125"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/install/index#installing"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:6507"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#critical"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-31129"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-36067"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32250"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-424135"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-32208"
          },
          {
            "db": "PACKETSTORM",
            "id": "168158"
          },
          {
            "db": "PACKETSTORM",
            "id": "168213"
          },
          {
            "db": "PACKETSTORM",
            "id": "170741"
          },
          {
            "db": "PACKETSTORM",
            "id": "170303"
          },
          {
            "db": "PACKETSTORM",
            "id": "168289"
          },
          {
            "db": "PACKETSTORM",
            "id": "168503"
          },
          {
            "db": "PACKETSTORM",
            "id": "168378"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-32208"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-424135",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-32208",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "168158",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "168213",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "170741",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "170303",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "168289",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "168503",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "168378",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2022-32208",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-07-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-424135",
            "ident": null
          },
          {
            "date": "2022-08-25T15:25:12",
            "db": "PACKETSTORM",
            "id": "168158",
            "ident": null
          },
          {
            "date": "2022-09-01T16:30:25",
            "db": "PACKETSTORM",
            "id": "168213",
            "ident": null
          },
          {
            "date": "2023-01-26T15:29:09",
            "db": "PACKETSTORM",
            "id": "170741",
            "ident": null
          },
          {
            "date": "2022-12-19T13:48:31",
            "db": "PACKETSTORM",
            "id": "170303",
            "ident": null
          },
          {
            "date": "2022-09-07T17:09:04",
            "db": "PACKETSTORM",
            "id": "168289",
            "ident": null
          },
          {
            "date": "2022-09-26T15:37:32",
            "db": "PACKETSTORM",
            "id": "168503",
            "ident": null
          },
          {
            "date": "2022-09-14T15:08:07",
            "db": "PACKETSTORM",
            "id": "168378",
            "ident": null
          },
          {
            "date": "2022-07-07T13:15:08.467000",
            "db": "NVD",
            "id": "CVE-2022-32208",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2023-01-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-424135",
            "ident": null
          },
          {
            "date": "2025-05-05T17:18:13.390000",
            "db": "NVD",
            "id": "CVE-2022-32208",
            "ident": null
          }
        ]
      },
      "title": {
        "_id": null,
        "data": "Red Hat Security Advisory 2022-6159-01",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "168158"
          }
        ],
        "trust": 0.1
      },
      "type": {
        "_id": null,
        "data": "arbitrary, code execution",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "170303"
          }
        ],
        "trust": 0.1
      }
    }

    VAR-202210-1888

    Vulnerability from variot - Updated: 2026-04-10 22:55

    When doing HTTP(S) transfers, libcurl might erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent POST request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST. (CVE-2022-42915). ========================================================================== Ubuntu Security Notice USN-5702-1 October 26, 2022

    curl vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 22.10
    • Ubuntu 22.04 LTS
    • Ubuntu 20.04 LTS
    • Ubuntu 18.04 LTS

    Summary:

    Several security issues were fixed in curl.

    Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries

    Details:

    Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. (CVE-2022-32221)

    Hiroki Kurosawa discovered that curl incorrectly handled parsing .netrc files. If an attacker were able to provide a specially crafted .netrc file, this issue could cause curl to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10. (CVE-2022-35260)

    It was discovered that curl incorrectly handled certain HTTP proxy return codes. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-42915)

    Hiroki Kurosawa discovered that curl incorrectly handled HSTS support when certain hostnames included IDN characters. A remote attacker could possibly use this issue to cause curl to use unencrypted connections. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-42916)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 22.10: curl 7.85.0-1ubuntu0.1 libcurl3-gnutls 7.85.0-1ubuntu0.1 libcurl3-nss 7.85.0-1ubuntu0.1 libcurl4 7.85.0-1ubuntu0.1

    Ubuntu 22.04 LTS: curl 7.81.0-1ubuntu1.6 libcurl3-gnutls 7.81.0-1ubuntu1.6 libcurl3-nss 7.81.0-1ubuntu1.6 libcurl4 7.81.0-1ubuntu1.6

    Ubuntu 20.04 LTS: curl 7.68.0-1ubuntu2.14 libcurl3-gnutls 7.68.0-1ubuntu2.14 libcurl3-nss 7.68.0-1ubuntu2.14 libcurl4 7.68.0-1ubuntu2.14

    Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.21 libcurl3-gnutls 7.58.0-2ubuntu3.21 libcurl3-nss 7.58.0-2ubuntu3.21 libcurl4 7.58.0-2ubuntu3.21

    In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202212-01


                                           https://security.gentoo.org/
    

    Severity: High Title: curl: Multiple Vulnerabilities Date: December 19, 2022 Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365 ID: 202212-01


    Synopsis

    Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution.

    Background

    A command line tool and library for transferring data with URLs.

    Affected packages

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
    

    1 net-misc/curl < 7.86.0 >= 7.86.0

    Description

    Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details.

    Impact

    Please review the referenced CVE identifiers for details.

    Workaround

    There is no known workaround at this time.

    Resolution

    All curl users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.86.0"

    References

    [ 1 ] CVE-2021-22922 https://nvd.nist.gov/vuln/detail/CVE-2021-22922 [ 2 ] CVE-2021-22923 https://nvd.nist.gov/vuln/detail/CVE-2021-22923 [ 3 ] CVE-2021-22925 https://nvd.nist.gov/vuln/detail/CVE-2021-22925 [ 4 ] CVE-2021-22926 https://nvd.nist.gov/vuln/detail/CVE-2021-22926 [ 5 ] CVE-2021-22945 https://nvd.nist.gov/vuln/detail/CVE-2021-22945 [ 6 ] CVE-2021-22946 https://nvd.nist.gov/vuln/detail/CVE-2021-22946 [ 7 ] CVE-2021-22947 https://nvd.nist.gov/vuln/detail/CVE-2021-22947 [ 8 ] CVE-2022-22576 https://nvd.nist.gov/vuln/detail/CVE-2022-22576 [ 9 ] CVE-2022-27774 https://nvd.nist.gov/vuln/detail/CVE-2022-27774 [ 10 ] CVE-2022-27775 https://nvd.nist.gov/vuln/detail/CVE-2022-27775 [ 11 ] CVE-2022-27776 https://nvd.nist.gov/vuln/detail/CVE-2022-27776 [ 12 ] CVE-2022-27779 https://nvd.nist.gov/vuln/detail/CVE-2022-27779 [ 13 ] CVE-2022-27780 https://nvd.nist.gov/vuln/detail/CVE-2022-27780 [ 14 ] CVE-2022-27781 https://nvd.nist.gov/vuln/detail/CVE-2022-27781 [ 15 ] CVE-2022-27782 https://nvd.nist.gov/vuln/detail/CVE-2022-27782 [ 16 ] CVE-2022-30115 https://nvd.nist.gov/vuln/detail/CVE-2022-30115 [ 17 ] CVE-2022-32205 https://nvd.nist.gov/vuln/detail/CVE-2022-32205 [ 18 ] CVE-2022-32206 https://nvd.nist.gov/vuln/detail/CVE-2022-32206 [ 19 ] CVE-2022-32207 https://nvd.nist.gov/vuln/detail/CVE-2022-32207 [ 20 ] CVE-2022-32208 https://nvd.nist.gov/vuln/detail/CVE-2022-32208 [ 21 ] CVE-2022-32221 https://nvd.nist.gov/vuln/detail/CVE-2022-32221 [ 22 ] CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 [ 23 ] CVE-2022-35260 https://nvd.nist.gov/vuln/detail/CVE-2022-35260 [ 24 ] CVE-2022-42915 https://nvd.nist.gov/vuln/detail/CVE-2022-42915 [ 25 ] CVE-2022-42916 https://nvd.nist.gov/vuln/detail/CVE-2022-42916

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    https://security.gentoo.org/glsa/202212-01

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    APPLE-SA-2023-01-23-4 macOS Ventura 13.2

    macOS Ventura 13.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213605.

    AppleMobileFileIntegrity Available for: macOS Ventura Impact: An app may be able to access user-sensitive data Description: This issue was addressed by enabling hardened runtime. CVE-2023-23499: Wojciech Reguła (@_r3ggi) of SecuRing (wojciechregula.blog)

    curl Available for: macOS Ventura Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.86.0. CVE-2022-42915 CVE-2022-42916 CVE-2022-32221 CVE-2022-35260

    dcerpc Available for: macOS Ventura Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2023-23513: Dimitrios Tatsis and Aleksandar Nikolic of Cisco Talos

    DiskArbitration Available for: macOS Ventura Impact: An encrypted volume may be unmounted and remounted by a different user without prompting for the password Description: A logic issue was addressed with improved state management. CVE-2023-23493: Oliver Norpoth (@norpoth) of KLIXX GmbH (klixx.com)

    ImageIO Available for: macOS Ventura Impact: Processing an image may lead to a denial-of-service Description: A memory corruption issue was addressed with improved state management. CVE-2023-23519: Yiğit Can YILMAZ (@yilmazcanyigit)

    Intel Graphics Driver Available for: macOS Ventura Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2023-23507: an anonymous researcher

    Kernel Available for: macOS Ventura Impact: An app may be able to leak sensitive kernel state Description: The issue was addressed with improved memory handling. CVE-2023-23500: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd. (@starlabs_sg)

    Kernel Available for: macOS Ventura Impact: An app may be able to determine kernel memory layout Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2023-23502: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd. (@starlabs_sg)

    Kernel Available for: macOS Ventura Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2023-23504: Adam Doupé of ASU SEFCOM

    libxpc Available for: macOS Ventura Impact: An app may be able to access user-sensitive data Description: A permissions issue was addressed with improved validation. CVE-2023-23506: Guilherme Rambo of Best Buddy Apps (rambo.codes)

    Mail Drafts Available for: macOS Ventura Impact: The quoted original message may be selected from the wrong email when forwarding an email from an Exchange account Description: A logic issue was addressed with improved state management. CVE-2023-23498: an anonymous researcher

    Maps Available for: macOS Ventura Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2023-23503: an anonymous researcher

    PackageKit Available for: macOS Ventura Impact: An app may be able to gain root privileges Description: A logic issue was addressed with improved state management. CVE-2023-23497: Mickey Jin (@patch1t)

    Safari Available for: macOS Ventura Impact: An app may be able to access a user’s Safari history Description: A permissions issue was addressed with improved validation. CVE-2023-23510: Guilherme Rambo of Best Buddy Apps (rambo.codes)

    Safari Available for: macOS Ventura Impact: Visiting a website may lead to an app denial-of-service Description: The issue was addressed with improved handling of caches. CVE-2023-23512: Adriatik Raci

    Screen Time Available for: macOS Ventura Impact: An app may be able to access information about a user’s contacts Description: A privacy issue was addressed with improved private data redaction for log entries. CVE-2023-23505: Wojciech Reguła of SecuRing (wojciechregula.blog)

    Vim Available for: macOS Ventura Impact: Multiple issues in Vim Description: A use after free issue was addressed with improved memory management. CVE-2022-3705

    Weather Available for: macOS Ventura Impact: An app may be able to bypass Privacy preferences Description: The issue was addressed with improved memory handling. CVE-2023-23511: Wojciech Regula of SecuRing (wojciechregula.blog), an anonymous researcher

    WebKit Available for: macOS Ventura Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: The issue was addressed with improved checks. WebKit Bugzilla: 245464 CVE-2023-23496: ChengGang Wu, Yan Kang, YuHao Hu, Yue Sun, Jiming Wang, JiKai Ren and Hang Shu of Institute of Computing Technology, Chinese Academy of Sciences

    WebKit Available for: macOS Ventura Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 248268 CVE-2023-23518: YeongHyeon Choi (@hyeon101010), Hyeon Park (@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung), JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE WebKit Bugzilla: 248268 CVE-2023-23517: YeongHyeon Choi (@hyeon101010), Hyeon Park (@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung), JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE

    Wi-Fi Available for: macOS Ventura Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2023-23501: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd. (@starlabs_sg)

    Windows Installer Available for: macOS Ventura Impact: An app may be able to bypass Privacy preferences Description: The issue was addressed with improved memory handling. CVE-2023-23508: Mickey Jin (@patch1t)

    Additional recognition

    Bluetooth We would like to acknowledge an anonymous researcher for their assistance.

    Kernel We would like to acknowledge Nick Stenning of Replicate for their assistance.

    Shortcuts We would like to acknowledge Baibhav Anand Jha from ReconWithMe and Cristian Dinca of Tudor Vianu National High School of Computer Science, Romania for their assistance.

    WebKit We would like to acknowledge Eliya Stein of Confiant for their assistance.

    macOS Ventura 13.2 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.

    This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPPIl8ACgkQ4RjMIDke Nxnt7RAA2a0c/Ij93MfR8eiNMkIHVnr+wL+4rckVmHvs85dSHNBqQ8+kYpAs2tEk 7CVZoxAGg8LqVa6ZmBbAp5ZJGi2nV8LjOYzaWw/66d648QC2upTWJ93sWmZ7LlLb m9pcLfBsdAFPmVa8VJO0fxJGkxsCP0cQiBl+f9R4ObZBBiScbHUckSmHa6Qn/Q2U VsnHnJznAlDHMXiaV3O1zKBeahkqSx/IfO04qmk8oMWh89hI53S551Z3NEx63zgd Cx8JENj2NpFlgmZ0w0Tz5ZZ3LT4Ok28ns8N762JLE2nbTfEl7rM+bjUfWg4yJ1Rp TCEelbLKfUjlrh2N1fe0XWBs9br/069QlhTBBVd/qAbUBxkS/UOlWk3Vp+TI0bkK rrXouRijzRmBBK93jfWxhyd27avqQHmc04ofjY/lNYOCcGMrr813cGKNs90aRfcg joKeC51mYJnlTyMB0nDcJx3b5+MN+Ij7Sa04B9dbH162YFxp4LsaavmR0MooN1T9 3XrXEQ71a3pvdoF1ffW9Mz7vaqhBkffnzQwWU5zY2RwDTjFyHdNyI/1JkVzYmAxq QR4uA5gCDYYk/3rzlrVot+ezHX525clTHsvEYhIfu+i1HCxqdpvfaHbn2m+i1QtU /Lzz2mySt3y0akZ2rHwPfBZ8UFfvaauyhZ3EhSP3ikGs9DOsv1w= =pcJ4 -----END PGP SIGNATURE-----

    .

    Software Description: - mysql-8.0: MySQL database - mysql-5.7: MySQL database

    Details:

    Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues.

    In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. In general, a standard system update will make all the necessary changes.

    For the stable distribution (bullseye), these problems have been fixed in version 7.74.0-1.3+deb11u5. This update also revises the fix for CVE-2022-27774 released in DSA-5197-1.

    We recommend that you upgrade your curl packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ===================================================================== Red Hat Security Advisory

    Synopsis: Moderate: curl security update Advisory ID: RHSA-2023:4139-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:4139 Issue date: 2023-07-18 CVE Names: CVE-2022-32221 CVE-2023-23916 =====================================================================

    1. Summary:

    An update for curl is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

    Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Relevant releases/architectures:

    Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64

    1. Description:

    The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

    Security Fix(es):

    • curl: POST following PUT confusion (CVE-2022-32221)

    • curl: HTTP multi-header compression denial of service (CVE-2023-23916)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    1. Bugs fixed (https://bugzilla.redhat.com/):

    2135411 - CVE-2022-32221 curl: POST following PUT confusion 2167815 - CVE-2023-23916 curl: HTTP multi-header compression denial of service

    1. Package List:

    Red Hat Enterprise Linux AppStream EUS (v.9.0):

    aarch64: curl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm curl-debugsource-7.76.1-14.el9_0.6.aarch64.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm libcurl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm libcurl-devel-7.76.1-14.el9_0.6.aarch64.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm

    ppc64le: curl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm curl-debugsource-7.76.1-14.el9_0.6.ppc64le.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm libcurl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm libcurl-devel-7.76.1-14.el9_0.6.ppc64le.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm

    s390x: curl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm curl-debugsource-7.76.1-14.el9_0.6.s390x.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm libcurl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm libcurl-devel-7.76.1-14.el9_0.6.s390x.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm

    x86_64: curl-debuginfo-7.76.1-14.el9_0.6.i686.rpm curl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm curl-debugsource-7.76.1-14.el9_0.6.i686.rpm curl-debugsource-7.76.1-14.el9_0.6.x86_64.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm libcurl-debuginfo-7.76.1-14.el9_0.6.i686.rpm libcurl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm libcurl-devel-7.76.1-14.el9_0.6.i686.rpm libcurl-devel-7.76.1-14.el9_0.6.x86_64.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm

    Red Hat Enterprise Linux BaseOS EUS (v.9.0):

    Source: curl-7.76.1-14.el9_0.6.src.rpm

    aarch64: curl-7.76.1-14.el9_0.6.aarch64.rpm curl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm curl-debugsource-7.76.1-14.el9_0.6.aarch64.rpm curl-minimal-7.76.1-14.el9_0.6.aarch64.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm libcurl-7.76.1-14.el9_0.6.aarch64.rpm libcurl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm libcurl-minimal-7.76.1-14.el9_0.6.aarch64.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm

    ppc64le: curl-7.76.1-14.el9_0.6.ppc64le.rpm curl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm curl-debugsource-7.76.1-14.el9_0.6.ppc64le.rpm curl-minimal-7.76.1-14.el9_0.6.ppc64le.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm libcurl-7.76.1-14.el9_0.6.ppc64le.rpm libcurl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm libcurl-minimal-7.76.1-14.el9_0.6.ppc64le.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm

    s390x: curl-7.76.1-14.el9_0.6.s390x.rpm curl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm curl-debugsource-7.76.1-14.el9_0.6.s390x.rpm curl-minimal-7.76.1-14.el9_0.6.s390x.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm libcurl-7.76.1-14.el9_0.6.s390x.rpm libcurl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm libcurl-minimal-7.76.1-14.el9_0.6.s390x.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm

    x86_64: curl-7.76.1-14.el9_0.6.x86_64.rpm curl-debuginfo-7.76.1-14.el9_0.6.i686.rpm curl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm curl-debugsource-7.76.1-14.el9_0.6.i686.rpm curl-debugsource-7.76.1-14.el9_0.6.x86_64.rpm curl-minimal-7.76.1-14.el9_0.6.x86_64.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm libcurl-7.76.1-14.el9_0.6.i686.rpm libcurl-7.76.1-14.el9_0.6.x86_64.rpm libcurl-debuginfo-7.76.1-14.el9_0.6.i686.rpm libcurl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm libcurl-minimal-7.76.1-14.el9_0.6.i686.rpm libcurl-minimal-7.76.1-14.el9_0.6.x86_64.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2022-32221 https://access.redhat.com/security/cve/CVE-2023-23916 https://access.redhat.com/security/updates/classification/#moderate

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2023 Red Hat, Inc

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "8.2.12"
          },
          {
            "_id": null,
            "model": "h300s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "h700s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "h410s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.86.0"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "8.2.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.0.6"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.1.0"
          },
          {
            "_id": null,
            "model": "macos",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "12.6.3"
          },
          {
            "_id": null,
            "model": "h500s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.0.0"
          },
          {
            "_id": null,
            "model": "clustered data ontap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-32221"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Ubuntu",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "169538"
          },
          {
            "db": "PACKETSTORM",
            "id": "169535"
          },
          {
            "db": "PACKETSTORM",
            "id": "170729"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2022-32221",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-32221",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-32221",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-32221",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202210-2214",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2214"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-32221"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-32221"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST. (CVE-2022-42915). ==========================================================================\nUbuntu Security Notice USN-5702-1\nOctober 26, 2022\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.10\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in curl. \n\nSoftware Description:\n- curl: HTTP, HTTPS, and FTP client and client libraries\n\nDetails:\n\nRobby Simpson discovered that curl incorrectly handled certain POST\noperations after PUT operations. \n(CVE-2022-32221)\n\nHiroki Kurosawa discovered that curl incorrectly handled parsing .netrc\nfiles. If an attacker were able to provide a specially crafted .netrc file,\nthis issue could cause curl to crash, resulting in a denial of service. \nThis issue only affected Ubuntu 22.10. (CVE-2022-35260)\n\nIt was discovered that curl incorrectly handled certain HTTP proxy return\ncodes. A remote attacker could use this issue to cause curl to crash,\nresulting in a denial of service, or possibly execute arbitrary code. This\nissue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-42915)\n\nHiroki Kurosawa discovered that curl incorrectly handled HSTS support\nwhen certain hostnames included IDN characters. A remote attacker could\npossibly use this issue to cause curl to use unencrypted connections. This\nissue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-42916)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.10:\n   curl                            7.85.0-1ubuntu0.1\n   libcurl3-gnutls                 7.85.0-1ubuntu0.1\n   libcurl3-nss                    7.85.0-1ubuntu0.1\n   libcurl4                        7.85.0-1ubuntu0.1\n\nUbuntu 22.04 LTS:\n   curl                            7.81.0-1ubuntu1.6\n   libcurl3-gnutls                 7.81.0-1ubuntu1.6\n   libcurl3-nss                    7.81.0-1ubuntu1.6\n   libcurl4                        7.81.0-1ubuntu1.6\n\nUbuntu 20.04 LTS:\n   curl                            7.68.0-1ubuntu2.14\n   libcurl3-gnutls                 7.68.0-1ubuntu2.14\n   libcurl3-nss                    7.68.0-1ubuntu2.14\n   libcurl4                        7.68.0-1ubuntu2.14\n\nUbuntu 18.04 LTS:\n   curl                            7.58.0-2ubuntu3.21\n   libcurl3-gnutls                 7.58.0-2ubuntu3.21\n   libcurl3-nss                    7.58.0-2ubuntu3.21\n   libcurl4                        7.58.0-2ubuntu3.21\n\nIn general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202212-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: curl: Multiple Vulnerabilities\n     Date: December 19, 2022\n     Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365\n       ID: 202212-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in curl, the worst of which\ncould result in arbitrary code execution. \n\nBackground\n=========\nA command line tool and library for transferring data with URLs. \n\nAffected packages\n================\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-misc/curl              \u003c 7.86.0                    \u003e= 7.86.0\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in curl. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll curl users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-misc/curl-7.86.0\"\n\nReferences\n=========\n[ 1 ] CVE-2021-22922\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22922\n[ 2 ] CVE-2021-22923\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22923\n[ 3 ] CVE-2021-22925\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22925\n[ 4 ] CVE-2021-22926\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22926\n[ 5 ] CVE-2021-22945\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22945\n[ 6 ] CVE-2021-22946\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22946\n[ 7 ] CVE-2021-22947\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22947\n[ 8 ] CVE-2022-22576\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22576\n[ 9 ] CVE-2022-27774\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27774\n[ 10 ] CVE-2022-27775\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27775\n[ 11 ] CVE-2022-27776\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27776\n[ 12 ] CVE-2022-27779\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27779\n[ 13 ] CVE-2022-27780\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27780\n[ 14 ] CVE-2022-27781\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27781\n[ 15 ] CVE-2022-27782\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27782\n[ 16 ] CVE-2022-30115\n      https://nvd.nist.gov/vuln/detail/CVE-2022-30115\n[ 17 ] CVE-2022-32205\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32205\n[ 18 ] CVE-2022-32206\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32206\n[ 19 ] CVE-2022-32207\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32207\n[ 20 ] CVE-2022-32208\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32208\n[ 21 ] CVE-2022-32221\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32221\n[ 22 ] CVE-2022-35252\n      https://nvd.nist.gov/vuln/detail/CVE-2022-35252\n[ 23 ] CVE-2022-35260\n      https://nvd.nist.gov/vuln/detail/CVE-2022-35260\n[ 24 ] CVE-2022-42915\n      https://nvd.nist.gov/vuln/detail/CVE-2022-42915\n[ 25 ] CVE-2022-42916\n      https://nvd.nist.gov/vuln/detail/CVE-2022-42916\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202212-01\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2023-01-23-4 macOS Ventura 13.2\n\nmacOS Ventura 13.2 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213605. \n\nAppleMobileFileIntegrity\nAvailable for: macOS Ventura\nImpact: An app may be able to access user-sensitive data\nDescription: This issue was addressed by enabling hardened runtime. \nCVE-2023-23499: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n(wojciechregula.blog)\n\ncurl\nAvailable for: macOS Ventura\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.86.0. \nCVE-2022-42915\nCVE-2022-42916\nCVE-2022-32221\nCVE-2022-35260\n\ndcerpc\nAvailable for: macOS Ventura\nImpact: Mounting a maliciously crafted Samba network share may lead\nto arbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2023-23513: Dimitrios Tatsis and Aleksandar Nikolic of Cisco\nTalos\n\nDiskArbitration\nAvailable for: macOS Ventura\nImpact: An encrypted volume may be unmounted and remounted by a\ndifferent user without prompting for the password\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2023-23493: Oliver Norpoth (@norpoth) of KLIXX GmbH (klixx.com)\n\nImageIO\nAvailable for: macOS Ventura\nImpact: Processing an image may lead to a denial-of-service\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2023-23519: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nIntel Graphics Driver\nAvailable for: macOS Ventura\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved bounds checks. \nCVE-2023-23507: an anonymous researcher\n\nKernel\nAvailable for: macOS Ventura\nImpact: An app may be able to leak sensitive kernel state\nDescription: The issue was addressed with improved memory handling. \nCVE-2023-23500: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. \nLtd. (@starlabs_sg)\n\nKernel\nAvailable for: macOS Ventura\nImpact: An app may be able to determine kernel memory layout\nDescription: An information disclosure issue was addressed by\nremoving the vulnerable code. \nCVE-2023-23502: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. \nLtd. (@starlabs_sg)\n\nKernel\nAvailable for: macOS Ventura\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2023-23504: Adam Doup\u00e9 of ASU SEFCOM\n\nlibxpc\nAvailable for: macOS Ventura\nImpact: An app may be able to access user-sensitive data\nDescription: A permissions issue was addressed with improved\nvalidation. \nCVE-2023-23506: Guilherme Rambo of Best Buddy Apps (rambo.codes)\n\nMail Drafts\nAvailable for: macOS Ventura\nImpact: The quoted original message may be selected from the wrong\nemail when forwarding an email from an Exchange account\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2023-23498: an anonymous researcher\n\nMaps\nAvailable for: macOS Ventura\nImpact: An app may be able to bypass Privacy preferences\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2023-23503: an anonymous researcher\n\nPackageKit\nAvailable for: macOS Ventura\nImpact: An app may be able to gain root privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2023-23497: Mickey Jin (@patch1t)\n\nSafari\nAvailable for: macOS Ventura\nImpact: An app may be able to access a user\u2019s Safari history\nDescription: A permissions issue was addressed with improved\nvalidation. \nCVE-2023-23510: Guilherme Rambo of Best Buddy Apps (rambo.codes)\n\nSafari\nAvailable for: macOS Ventura\nImpact: Visiting a website may lead to an app denial-of-service\nDescription: The issue was addressed with improved handling of\ncaches. \nCVE-2023-23512: Adriatik Raci\n\nScreen Time\nAvailable for: macOS Ventura\nImpact: An app may be able to access information about a user\u2019s\ncontacts\nDescription: A privacy issue was addressed with improved private data\nredaction for log entries. \nCVE-2023-23505: Wojciech Regu\u0142a of SecuRing (wojciechregula.blog)\n\nVim\nAvailable for: macOS Ventura\nImpact: Multiple issues in Vim\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-3705\n\nWeather\nAvailable for: macOS Ventura\nImpact: An app may be able to bypass Privacy preferences\nDescription: The issue was addressed with improved memory handling. \nCVE-2023-23511: Wojciech Regula of SecuRing (wojciechregula.blog), an\nanonymous researcher\n\nWebKit\nAvailable for: macOS Ventura\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: The issue was addressed with improved checks. \nWebKit Bugzilla: 245464\nCVE-2023-23496: ChengGang Wu, Yan Kang, YuHao Hu, Yue Sun, Jiming\nWang, JiKai Ren and Hang Shu of Institute of Computing Technology,\nChinese Academy of Sciences\n\nWebKit\nAvailable for: macOS Ventura\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: The issue was addressed with improved memory handling. \nWebKit Bugzilla: 248268\nCVE-2023-23518: YeongHyeon Choi (@hyeon101010), Hyeon Park\n(@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung),\nJunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE\nWebKit Bugzilla: 248268\nCVE-2023-23517: YeongHyeon Choi (@hyeon101010), Hyeon Park\n(@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung),\nJunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE\n\nWi-Fi\nAvailable for: macOS Ventura\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2023-23501: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. \nLtd. (@starlabs_sg)\n\nWindows Installer\nAvailable for: macOS Ventura\nImpact: An app may be able to bypass Privacy preferences\nDescription: The issue was addressed with improved memory handling. \nCVE-2023-23508: Mickey Jin (@patch1t)\n\nAdditional recognition\n\nBluetooth\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nKernel\nWe would like to acknowledge Nick Stenning of Replicate for their\nassistance. \n\nShortcuts\nWe would like to acknowledge Baibhav Anand Jha from ReconWithMe and\nCristian Dinca of Tudor Vianu National High School of Computer\nScience, Romania for their assistance. \n\nWebKit\nWe would like to acknowledge Eliya Stein of Confiant for their\nassistance. \n\nmacOS Ventura 13.2 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPPIl8ACgkQ4RjMIDke\nNxnt7RAA2a0c/Ij93MfR8eiNMkIHVnr+wL+4rckVmHvs85dSHNBqQ8+kYpAs2tEk\n7CVZoxAGg8LqVa6ZmBbAp5ZJGi2nV8LjOYzaWw/66d648QC2upTWJ93sWmZ7LlLb\nm9pcLfBsdAFPmVa8VJO0fxJGkxsCP0cQiBl+f9R4ObZBBiScbHUckSmHa6Qn/Q2U\nVsnHnJznAlDHMXiaV3O1zKBeahkqSx/IfO04qmk8oMWh89hI53S551Z3NEx63zgd\nCx8JENj2NpFlgmZ0w0Tz5ZZ3LT4Ok28ns8N762JLE2nbTfEl7rM+bjUfWg4yJ1Rp\nTCEelbLKfUjlrh2N1fe0XWBs9br/069QlhTBBVd/qAbUBxkS/UOlWk3Vp+TI0bkK\nrrXouRijzRmBBK93jfWxhyd27avqQHmc04ofjY/lNYOCcGMrr813cGKNs90aRfcg\njoKeC51mYJnlTyMB0nDcJx3b5+MN+Ij7Sa04B9dbH162YFxp4LsaavmR0MooN1T9\n3XrXEQ71a3pvdoF1ffW9Mz7vaqhBkffnzQwWU5zY2RwDTjFyHdNyI/1JkVzYmAxq\nQR4uA5gCDYYk/3rzlrVot+ezHX525clTHsvEYhIfu+i1HCxqdpvfaHbn2m+i1QtU\n/Lzz2mySt3y0akZ2rHwPfBZ8UFfvaauyhZ3EhSP3ikGs9DOsv1w=\n=pcJ4\n-----END PGP SIGNATURE-----\n\n\n. \n\nSoftware Description:\n- mysql-8.0: MySQL database\n- mysql-5.7: MySQL database\n\nDetails:\n\nMultiple security issues were discovered in MySQL and this update includes\nnew upstream MySQL versions to fix these issues. \n\nIn addition to security fixes, the updated packages contain bug fixes, new\nfeatures, and possibly incompatible changes. In general, a standard system update will make all the necessary\nchanges. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 7.74.0-1.3+deb11u5. This update also revises the fix for\nCVE-2022-27774 released in DSA-5197-1. \n\nWe recommend that you upgrade your curl packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: curl security update\nAdvisory ID:       RHSA-2023:4139-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2023:4139\nIssue date:        2023-07-18\nCVE Names:         CVE-2022-32221 CVE-2023-23916 \n=====================================================================\n\n1. Summary:\n\nAn update for curl is now available for Red Hat Enterprise Linux 9.0\nExtended Update Support. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. \n\nSecurity Fix(es):\n\n* curl: POST following PUT confusion (CVE-2022-32221)\n\n* curl: HTTP multi-header compression denial of service (CVE-2023-23916)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2135411 - CVE-2022-32221 curl: POST following PUT confusion\n2167815 - CVE-2023-23916 curl: HTTP multi-header compression denial of service\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream EUS (v.9.0):\n\naarch64:\ncurl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm\ncurl-debugsource-7.76.1-14.el9_0.6.aarch64.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm\nlibcurl-devel-7.76.1-14.el9_0.6.aarch64.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm\n\nppc64le:\ncurl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm\ncurl-debugsource-7.76.1-14.el9_0.6.ppc64le.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm\nlibcurl-devel-7.76.1-14.el9_0.6.ppc64le.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm\n\ns390x:\ncurl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm\ncurl-debugsource-7.76.1-14.el9_0.6.s390x.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm\nlibcurl-devel-7.76.1-14.el9_0.6.s390x.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm\n\nx86_64:\ncurl-debuginfo-7.76.1-14.el9_0.6.i686.rpm\ncurl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm\ncurl-debugsource-7.76.1-14.el9_0.6.i686.rpm\ncurl-debugsource-7.76.1-14.el9_0.6.x86_64.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.6.i686.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm\nlibcurl-devel-7.76.1-14.el9_0.6.i686.rpm\nlibcurl-devel-7.76.1-14.el9_0.6.x86_64.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm\n\nRed Hat Enterprise Linux BaseOS EUS (v.9.0):\n\nSource:\ncurl-7.76.1-14.el9_0.6.src.rpm\n\naarch64:\ncurl-7.76.1-14.el9_0.6.aarch64.rpm\ncurl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm\ncurl-debugsource-7.76.1-14.el9_0.6.aarch64.rpm\ncurl-minimal-7.76.1-14.el9_0.6.aarch64.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm\nlibcurl-7.76.1-14.el9_0.6.aarch64.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm\nlibcurl-minimal-7.76.1-14.el9_0.6.aarch64.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm\n\nppc64le:\ncurl-7.76.1-14.el9_0.6.ppc64le.rpm\ncurl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm\ncurl-debugsource-7.76.1-14.el9_0.6.ppc64le.rpm\ncurl-minimal-7.76.1-14.el9_0.6.ppc64le.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm\nlibcurl-7.76.1-14.el9_0.6.ppc64le.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm\nlibcurl-minimal-7.76.1-14.el9_0.6.ppc64le.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm\n\ns390x:\ncurl-7.76.1-14.el9_0.6.s390x.rpm\ncurl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm\ncurl-debugsource-7.76.1-14.el9_0.6.s390x.rpm\ncurl-minimal-7.76.1-14.el9_0.6.s390x.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm\nlibcurl-7.76.1-14.el9_0.6.s390x.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm\nlibcurl-minimal-7.76.1-14.el9_0.6.s390x.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm\n\nx86_64:\ncurl-7.76.1-14.el9_0.6.x86_64.rpm\ncurl-debuginfo-7.76.1-14.el9_0.6.i686.rpm\ncurl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm\ncurl-debugsource-7.76.1-14.el9_0.6.i686.rpm\ncurl-debugsource-7.76.1-14.el9_0.6.x86_64.rpm\ncurl-minimal-7.76.1-14.el9_0.6.x86_64.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm\nlibcurl-7.76.1-14.el9_0.6.i686.rpm\nlibcurl-7.76.1-14.el9_0.6.x86_64.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.6.i686.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm\nlibcurl-minimal-7.76.1-14.el9_0.6.i686.rpm\nlibcurl-minimal-7.76.1-14.el9_0.6.x86_64.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-32221\nhttps://access.redhat.com/security/cve/CVE-2023-23916\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-32221"
          },
          {
            "db": "VULHUB",
            "id": "VHN-424148"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-32221"
          },
          {
            "db": "PACKETSTORM",
            "id": "169538"
          },
          {
            "db": "PACKETSTORM",
            "id": "169535"
          },
          {
            "db": "PACKETSTORM",
            "id": "170303"
          },
          {
            "db": "PACKETSTORM",
            "id": "170697"
          },
          {
            "db": "PACKETSTORM",
            "id": "170696"
          },
          {
            "db": "PACKETSTORM",
            "id": "170729"
          },
          {
            "db": "PACKETSTORM",
            "id": "170777"
          },
          {
            "db": "PACKETSTORM",
            "id": "173569"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-32221",
            "trust": 2.6
          },
          {
            "db": "HACKERONE",
            "id": "1704017",
            "trust": 1.7
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2023/05/17/4",
            "trust": 1.6
          },
          {
            "db": "PACKETSTORM",
            "id": "170777",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "169535",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "169538",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "170166",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.3143",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.3732",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.4030",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.5421",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.6333",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2214",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "170729",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "170648",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-424148",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-32221",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "170303",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "170697",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "170696",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "173569",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-424148"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-32221"
          },
          {
            "db": "PACKETSTORM",
            "id": "169538"
          },
          {
            "db": "PACKETSTORM",
            "id": "169535"
          },
          {
            "db": "PACKETSTORM",
            "id": "170303"
          },
          {
            "db": "PACKETSTORM",
            "id": "170697"
          },
          {
            "db": "PACKETSTORM",
            "id": "170696"
          },
          {
            "db": "PACKETSTORM",
            "id": "170729"
          },
          {
            "db": "PACKETSTORM",
            "id": "170777"
          },
          {
            "db": "PACKETSTORM",
            "id": "173569"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2214"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-32221"
          }
        ]
      },
      "id": "VAR-202210-1888",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-424148"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2026-04-10T22:55:07.161000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "curl Security vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=216855"
          },
          {
            "title": "Ubuntu Security Notice: USN-5702-2: curl vulnerability",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5702-2"
          },
          {
            "title": "Ubuntu Security Notice: USN-5702-1: curl vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5702-1"
          },
          {
            "title": "Red Hat: ",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-32221"
          },
          {
            "title": "IBM: Security Bulletin: The Community Edition of IBM ILOG CPLEX Optimization Studio is affected by multiple vulnerabilities in libcurl (CVE-2022-42915, CVE-2022-42916, CVE-2022-32221)",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=93e8baf3e9bfd9ab92a05b44368ef244"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-32221"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2214"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-668",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-200",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-424148"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-32221"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.8,
            "url": "https://security.gentoo.org/glsa/202212-01"
          },
          {
            "trust": 1.7,
            "url": "https://security.netapp.com/advisory/ntap-20230110-0006/"
          },
          {
            "trust": 1.7,
            "url": "https://security.netapp.com/advisory/ntap-20230208-0002/"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/kb/ht213604"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/kb/ht213605"
          },
          {
            "trust": 1.7,
            "url": "https://www.debian.org/security/2023/dsa-5330"
          },
          {
            "trust": 1.7,
            "url": "http://seclists.org/fulldisclosure/2023/jan/19"
          },
          {
            "trust": 1.7,
            "url": "http://seclists.org/fulldisclosure/2023/jan/20"
          },
          {
            "trust": 1.7,
            "url": "https://hackerone.com/reports/1704017"
          },
          {
            "trust": 1.7,
            "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html"
          },
          {
            "trust": 1.6,
            "url": "http://www.openwall.com/lists/oss-security/2023/05/17/4"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2022-32221"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32221"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.3143"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-32221/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.4030"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.3732"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/curl-reuse-after-free-39731"
          },
          {
            "trust": 0.6,
            "url": "https://support.apple.com/en-us/ht213604"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/169538/ubuntu-security-notice-usn-5702-2.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/169535/ubuntu-security-notice-usn-5702-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.5421"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/170166/red-hat-security-advisory-2022-8840-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.6333"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/170777/debian-security-advisory-5330-1.html"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42915"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-35260"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42916"
          },
          {
            "trust": 0.3,
            "url": "https://ubuntu.com/security/notices/usn-5702-1"
          },
          {
            "trust": 0.2,
            "url": "https://ubuntu.com/security/notices/usn-5702-2"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-35252"
          },
          {
            "trust": 0.2,
            "url": "https://support.apple.com/downloads/"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23493"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23497"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23499"
          },
          {
            "trust": 0.2,
            "url": "https://www.apple.com/support/security/pgp/"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23502"
          },
          {
            "trust": 0.2,
            "url": "https://support.apple.com/en-us/ht201222."
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.6"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.14"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.21"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/curl/7.85.0-1ubuntu0.1"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22922"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27782"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27776"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27779"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30115"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22576"
          },
          {
            "trust": 0.1,
            "url": "https://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22926"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27781"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22945"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32208"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32207"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27774"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27775"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32205"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27780"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22923"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
          },
          {
            "trust": 0.1,
            "url": "https://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23507"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23504"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23505"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32915"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23508"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/ht213604."
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/ht213605."
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23503"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3705"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23501"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23496"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23498"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23500"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.32-0buntu0.20.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://www.oracle.com/security-alerts/cpujan2023.html"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.32-0buntu0.22.10.1"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-21877"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-21881"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.32-0buntu0.22.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-32.html"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/mysql-5.7/5.7.41-0ubuntu0.18.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-21871"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-21867"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-5823-1"
          },
          {
            "trust": 0.1,
            "url": "https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-41.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-43552"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "https://security-tracker.debian.org/tracker/curl"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.1,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:4139"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.1,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23916"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-23916"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-424148"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-32221"
          },
          {
            "db": "PACKETSTORM",
            "id": "169538"
          },
          {
            "db": "PACKETSTORM",
            "id": "169535"
          },
          {
            "db": "PACKETSTORM",
            "id": "170303"
          },
          {
            "db": "PACKETSTORM",
            "id": "170697"
          },
          {
            "db": "PACKETSTORM",
            "id": "170696"
          },
          {
            "db": "PACKETSTORM",
            "id": "170729"
          },
          {
            "db": "PACKETSTORM",
            "id": "170777"
          },
          {
            "db": "PACKETSTORM",
            "id": "173569"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2214"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-32221"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-424148",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-32221",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "169538",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "169535",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "170303",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "170697",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "170696",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "170729",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "170777",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "173569",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2214",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2022-32221",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-12-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-424148",
            "ident": null
          },
          {
            "date": "2022-10-27T13:04:37",
            "db": "PACKETSTORM",
            "id": "169538",
            "ident": null
          },
          {
            "date": "2022-10-27T13:03:39",
            "db": "PACKETSTORM",
            "id": "169535",
            "ident": null
          },
          {
            "date": "2022-12-19T13:48:31",
            "db": "PACKETSTORM",
            "id": "170303",
            "ident": null
          },
          {
            "date": "2023-01-24T16:41:07",
            "db": "PACKETSTORM",
            "id": "170697",
            "ident": null
          },
          {
            "date": "2023-01-24T16:40:49",
            "db": "PACKETSTORM",
            "id": "170696",
            "ident": null
          },
          {
            "date": "2023-01-25T16:09:53",
            "db": "PACKETSTORM",
            "id": "170729",
            "ident": null
          },
          {
            "date": "2023-01-30T16:25:15",
            "db": "PACKETSTORM",
            "id": "170777",
            "ident": null
          },
          {
            "date": "2023-07-18T13:47:37",
            "db": "PACKETSTORM",
            "id": "173569",
            "ident": null
          },
          {
            "date": "2022-10-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202210-2214",
            "ident": null
          },
          {
            "date": "2022-12-05T22:15:10.343000",
            "db": "NVD",
            "id": "CVE-2022-32221",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2023-03-01T00:00:00",
            "db": "VULHUB",
            "id": "VHN-424148",
            "ident": null
          },
          {
            "date": "2023-07-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202210-2214",
            "ident": null
          },
          {
            "date": "2026-02-13T20:16:13.200000",
            "db": "NVD",
            "id": "CVE-2022-32221",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2214"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "curl Security hole",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2214"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "_id": null,
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2214"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202108-2222

    Vulnerability from variot - Updated: 2026-04-10 22:46

    libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate. cURL There is a vulnerability in the use of incorrectly resolved names and references.Information may be obtained. A security issue has been found in curl before version 7.78.0. The comparison also didn't include the 'issuer cert' which a transfer can set to qualify how to verify the server certificate. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Moderate: rh-dotnet31-curl security update Advisory ID: RHSA-2022:1354-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1354 Issue date: 2022-04-13 CVE Names: CVE-2021-22876 CVE-2021-22924 CVE-2021-22946 CVE-2021-22947 ==================================================================== 1. Summary:

    An update for rh-dotnet31-curl is now available for .NET Core on Red Hat Enterprise Linux.

    Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64

    1. Description:

    .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

    Security Fix(es):

    • curl: Leak of authentication credentials in URL via automatic Referer (CVE-2021-22876)

    • curl: Bad connection reuse due to flawed path name checks (CVE-2021-22924)

    • curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols (CVE-2021-22946)

    • curl: Server responses received before STARTTLS processed after TLS handshake (CVE-2021-22947)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer 1981460 - CVE-2021-22924 curl: Bad connection reuse due to flawed path name checks 2003175 - CVE-2021-22946 curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols 2003191 - CVE-2021-22947 curl: Server responses received before STARTTLS processed after TLS handshake

    1. Package List:

    .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

    Source: rh-dotnet31-curl-7.61.1-22.el7_9.src.rpm

    x86_64: rh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm

    .NET Core on Red Hat Enterprise Linux Server (v. 7):

    Source: rh-dotnet31-curl-7.61.1-22.el7_9.src.rpm

    x86_64: rh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm

    .NET Core on Red Hat Enterprise Linux Workstation (v. 7):

    Source: rh-dotnet31-curl-7.61.1-22.el7_9.src.rpm

    x86_64: rh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2021-22876 https://access.redhat.com/security/cve/CVE-2021-22924 https://access.redhat.com/security/cve/CVE-2021-22946 https://access.redhat.com/security/cve/CVE-2021-22947 https://access.redhat.com/security/updates/classification/#moderate

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBYlb3SNzjgjWX9erEAQgpXg/5AT2Nh6ff5mqlZ7dY4dfRgIFgwWOFbvsL 7SHL2ScZJGC2ArXHw9ZpL6XqOZlNm6LGy3V9py4CTEt3lSOl1i3NG4LBKjA7tnea C0l327UhJZqwg1NtZzuhfJTjngxY+09PKNF9X9ULfISZAU0LJlA32VsY/Aw3r2Pu tPx+v+xFKHov+lCT9M75Y7gd0O1McWRwnLF+9E8sVYfkkWp/KMEg4BiuiIax+5lD 9Cs7sgYGct1wDMC+aXbcgM06vCY8nKTwyD67yuFjL+wbHnjcO12Kle9AIzPLQpjU LvzQRqE5/KNhH1BC0jLJwRmFuRH4q/JP8+PRK7/9ABLIl10uj37z9XKpqRj5eBKe tof7/1Fq1DIhDQXoU2TB6SdWwAW/GgLb0tQf1F9KUfgJ+PUQGZED7JzB/jjBZqEy Rh2zDbM8hpCyTBA1bZb/34NyuGG2fypXYkbAda61bWAmn/oV4+P7tV+rGVdQP9GA rlvFPm3sEvT5qHe2pI0du5+Y0yB1PjPMmwYKBlNmhuNFbKgH6dLv8KlKMcbJvu4T dA7yKkZyyxux8W1Reyp0Wzh2wJE5aQfbZm9rzVDJ896AIlO+UzqHXH4XWoFQV1Rz Foj7yKfAJAS/fumVMGd5Z2rpzf8bVjiPltQi+qXFgdyfqpkLxzSKj1tFtWxFW8P4 04zDwrF/odg=o6o+ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-5021-1 July 22, 2021

    curl vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 21.04
    • Ubuntu 20.04 LTS
    • Ubuntu 18.04 LTS

    Summary:

    Several security issues were fixed in curl.

    Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries

    Details:

    Harry Sintonen and Tomas Hoger discovered that curl incorrectly handled TELNET connections when the -t option was used on the command line. Uninitialized data possibly containing sensitive information could be sent to the remote server, contrary to expectations. (CVE-2021-22898, CVE-2021-22925)

    Harry Sintonen discovered that curl incorrectly reused connections in the connection pool. This could result in curl reusing the wrong connections. (CVE-2021-22924)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 21.04: curl 7.74.0-1ubuntu2.1 libcurl3-gnutls 7.74.0-1ubuntu2.1 libcurl3-nss 7.74.0-1ubuntu2.1 libcurl4 7.74.0-1ubuntu2.1

    Ubuntu 20.04 LTS: curl 7.68.0-1ubuntu2.6 libcurl3-gnutls 7.68.0-1ubuntu2.6 libcurl3-nss 7.68.0-1ubuntu2.6 libcurl4 7.68.0-1ubuntu2.6

    Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.14 libcurl3-gnutls 7.58.0-2ubuntu3.14 libcurl3-nss 7.58.0-2ubuntu3.14 libcurl4 7.58.0-2ubuntu3.14

    In general, a standard system update will make all the necessary changes. Bugs fixed (https://bugzilla.redhat.com/):

    2007489 - RHACM 2.1.12 images 2010991 - CVE-2021-32687 redis: Integer overflow issue with intsets 2011000 - CVE-2021-32675 redis: Denial of service via Redis Standard Protocol (RESP) request 2011001 - CVE-2021-32672 redis: Out of bounds read in lua debugger protocol parser 2011004 - CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure 2011010 - CVE-2021-32627 redis: Integer overflow issue with Streams 2011017 - CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack 2011020 - CVE-2021-41099 redis: Integer overflow issue with strings

    1. 8) - aarch64, ppc64le, s390x, x86_64

    2. Description:

    The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Summary:

    Red Hat Advanced Cluster Management for Kubernetes 2.1.11 General Availability release images, which provide a security fix and update the container images. Description:

    Red Hat Advanced Cluster Management for Kubernetes 2.1.11 images

    Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.

    This advisory contains updates to one or more container images for Red Hat Advanced Cluster Management for Kubernetes.

    Container updates:

    • RHACM 2.1.11 images (BZ# 1999375)

    • Solution:

    Before applying this update, make sure all previously released errata relevant to your system have been applied. To apply this upgrade, you must upgrade your OpenShift Container Platform version to 4.6, or later. Bugs fixed (https://bugzilla.redhat.com/):

    1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name 1999375 - RHACM 2.1.11 images

    1. Description:

    Quay 3.6.0 release

    Security Fix(es):

    • nodejs-url-parse: incorrect hostname in url parsing (CVE-2018-3774)

    • python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c (CVE-2021-25289)

    • nodejs-urijs: mishandling certain uses of backslash may lead to confidentiality compromise (CVE-2021-27516)

    • nodejs-debug: Regular expression Denial of Service (CVE-2017-16137)

    • nodejs-mime: Regular expression Denial of Service (CVE-2017-16138)

    • nodejs-is-my-json-valid: ReDoS when validating JSON fields with email format (CVE-2018-1107)

    • nodejs-extend: Prototype pollution can allow attackers to modify object properties (CVE-2018-16492)

    • nodejs-stringstream: out-of-bounds read leading to uninitialized memory exposure (CVE-2018-21270)

    • nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution (CVE-2019-20920)

    • nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS (CVE-2019-20922)

    • nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)

    • nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366)

    • nodejs-highlight-js: prototype pollution via a crafted HTML code block (CVE-2020-26237)

    • urijs: Hostname spoofing via backslashes in URL (CVE-2020-26291)

    • python-pillow: decoding crafted YCbCr files could result in heap-based buffer overflow (CVE-2020-35654)

    • browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) (CVE-2021-23364)

    • nodejs-postcss: Regular expression denial of service during source map parsing (CVE-2021-23368)

    • nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js (CVE-2021-23382)

    • python-pillow: negative-offset memcpy with an invalid size in TiffDecode.c (CVE-2021-25290)

    • python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c (CVE-2021-25291)

    • python-pillow: backtracking regex in PDF parser could be used as a DOS attack (CVE-2021-25292)

    • python-pillow: out-of-bounds read in SGIRleDecode.c (CVE-2021-25293)

    • nodejs-url-parse: mishandling certain uses of backslash may lead to confidentiality compromise (CVE-2021-27515)

    • python-pillow: reported size of a contained image is not properly checked for a BLP container (CVE-2021-27921)

    • python-pillow: reported size of a contained image is not properly checked for an ICNS container (CVE-2021-27922)

    • python-pillow: reported size of a contained image is not properly checked for an ICO container (CVE-2021-27923)

    • python-pillow: buffer overflow in Convert.c because it allow an attacker to pass controlled parameters directly into a convert function (CVE-2021-34552)

    • nodejs-braces: Regular Expression Denial of Service (ReDoS) in lib/parsers.js (CVE-2018-1109)

    • lodash: Prototype pollution in utilities function (CVE-2018-3721)

    • hoek: Prototype pollution in utilities function (CVE-2018-3728)

    • lodash: uncontrolled resource consumption in Data handler causing denial of service (CVE-2019-1010266)

    • nodejs-yargs-parser: prototype pollution vulnerability (CVE-2020-7608)

    • python-pillow: decoding a crafted PCX file could result in buffer over-read (CVE-2020-35653)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):

    1500700 - CVE-2017-16138 nodejs-mime: Regular expression Denial of Service 1500705 - CVE-2017-16137 nodejs-debug: Regular expression Denial of Service 1545884 - CVE-2018-3721 lodash: Prototype pollution in utilities function 1545893 - CVE-2018-3728 hoek: Prototype pollution in utilities function 1546357 - CVE-2018-1107 nodejs-is-my-json-valid: ReDoS when validating JSON fields with email format 1547272 - CVE-2018-1109 nodejs-braces: Regular Expression Denial of Service (ReDoS) in lib/parsers.js 1608140 - CVE-2018-16492 nodejs-extend: Prototype pollution can allow attackers to modify object properties 1743096 - CVE-2019-1010266 lodash: uncontrolled resource consumption in Data handler causing denial of service 1840004 - CVE-2020-7608 nodejs-yargs-parser: prototype pollution vulnerability 1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function 1857977 - CVE-2020-15366 nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function 1882256 - CVE-2019-20922 nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS 1882260 - CVE-2019-20920 nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution 1901662 - CVE-2020-26237 nodejs-highlight-js: prototype pollution via a crafted HTML code block 1915257 - CVE-2020-26291 urijs: Hostname spoofing via backslashes in URL 1915420 - CVE-2020-35653 python-pillow: decoding a crafted PCX file could result in buffer over-read 1915424 - CVE-2020-35654 python-pillow: decoding crafted YCbCr files could result in heap-based buffer overflow 1927293 - CVE-2018-21270 nodejs-stringstream: out-of-bounds read leading to uninitialized memory exposure 1934470 - CVE-2021-27516 nodejs-urijs: mishandling certain uses of backslash may lead to confidentiality compromise 1934474 - CVE-2021-27515 nodejs-url-parse: mishandling certain uses of backslash may lead to confidentiality compromise 1934680 - CVE-2021-25289 python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c 1934685 - CVE-2021-25290 python-pillow: negative-offset memcpy with an invalid size in TiffDecode.c 1934692 - CVE-2021-25291 python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c 1934699 - CVE-2021-25292 python-pillow: backtracking regex in PDF parser could be used as a DOS attack 1934705 - CVE-2021-25293 python-pillow: out-of-bounds read in SGIRleDecode.c 1935384 - CVE-2021-27921 python-pillow: reported size of a contained image is not properly checked for a BLP container 1935396 - CVE-2021-27922 python-pillow: reported size of a contained image is not properly checked for an ICNS container 1935401 - CVE-2021-27923 python-pillow: reported size of a contained image is not properly checked for an ICO container 1940759 - CVE-2018-3774 nodejs-url-parse: incorrect hostname in url parsing 1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing 1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js 1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) 1982378 - CVE-2021-34552 python-pillow: buffer overflow in Convert.c because it allow an attacker to pass controlled parameters directly into a convert function

    1. JIRA issues fixed (https://issues.jboss.org/):

    PROJQUAY-1417 - zstd compressed layers PROJQUAY-1449 - As a Quay admin I want to rely on the Operator to auto-scale all stateless parts of Quay PROJQUAY-1535 - As a user I can create and use nested repository name structures PROJQUAY-1583 - add "disconnected" annotation to operators PROJQUAY-1609 - Operator communicates status per managed component PROJQUAY-1610 - Operator does not make Quay deployment wait on Clair deployment PROJQUAY-1791 - v1beta CRD EOL PROJQUAY-1883 - Support OCP Re-encrypt routes PROJQUAY-1887 - allow either sha or tag in related images PROJQUAY-1926 - As an admin, I want an API to create first user, so I can automate deployment. PROJQUAY-1998 - note database deprecations in 3.6 Config Tool PROJQUAY-2050 - Support OCP Edge-Termination PROJQUAY-2100 - A customer can update the Operator from 3.3 to 3.6 directly PROJQUAY-2102 - add clair-4.2 enrichment data to quay UI PROJQUAY-672 - MutatingAdmissionWebhook Created Automatically for QBO During Install

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1858777 - Alert for VM with 'evictionStrategy: LiveMigrate' for local PVs set 1891921 - virt-launcher is missing /usr/share/zoneinfo directory, making it impossible to set clock offset of timezone type for the guest RTC 1896469 - In cluster with OVN Kubernetes networking - a node doesn't recover when configuring linux-bridge over its default NIC 1903687 - [scale] 1K DV creation failed 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1933043 - Delete VM just after it turns into "running" is very likely to hit grace period end 1935219 - [CNV-2.5] Set memory and CPU request on hco-operator and hco-webhook deployments 1942726 - test automatic bug creation for a new release 1943164 - Node drain: Sometimes source virt-launcher pod status is Failed and not Completed 1945589 - Live migration with virtiofs is possible 1953481 - New OCP priority classes are not used - Deploy 1953483 - New OCP priority classes are not used - SSP 1953484 - New OCP priority classes are not used - Storage 1955129 - Failed to bindmount hotplug-disk for hostpath-provisioner 1957852 - Could not start VM as restore snapshot was still not Complete 1958341 - CVE-2021-31525 golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header 1963963 - hco.kubevirt.io:config-reader role and rolebinding are not strictly reconciled 1965050 - RoleBinding and ClusterRoleBinding brought in by kubevirt does not get reconciled when kind is ServiceAccount 1973852 - Introduce VM crashloop backoff 1976604 - [CNV-5786] IP connectivity is lost after migration (masquerade) 1976730 - Disk is not usable due to incorrect size for proper alignment 1979631 - virt-chroot: container disk validation crash prevents VMI from starting/migrating 1979659 - 4.9.0 containers 1981345 - 4.9.0 rpms 1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1985083 - VMI Pod fails to terminate due to a zombie qemu process 1985649 - virt-handler Pod is missing xorrisofs command 1985670 - virt-launcher fails to create v1 controller cpu for group: Read-only file system 1985719 - Unprivileged client fails to get guest agent data 1989176 - kube-cni-linux-bridge-plugin Pod is missing bridge CNI plugin 1989263 - VM Snapshot may freeze guest indefinitely 1989269 - Online VM Snapshot storing incorrect VM spec 1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names 1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty 1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents 1991691 - Enable DownwardMetrics FeatureGate via HCO CR 1992608 - kubevirt doesn't respect useEmulation: true 1993121 - Rhel9 templates - provider-url should be updated to https://www.redhat.com/ 1994389 - Some of the cdi resources missing app labels 1995295 - SCC annotation of ssp-operator was changed to privileged 1996407 - [cdi-functional-tests] cdi-docker-registry-host Pod fails to start 1997014 - Common templates - dataVolumeTemplates API version should be updated 1998054 - RHEL9 template - update template description. 1998656 - no "name" label in ssp-operator pod 1999571 - NFS clone not progressing when clone sizes mismatch (target > source) 1999617 - Unable to create a VM with nonroot VirtLauncher Pods 1999835 - ConsoleCLIDownload | wrong path in virtctl archive URL 2000052 - NNCP creation failures after nmstate-handler pod deletion 2000204 - [4.9.0] [RFE] volumeSnapshotStatuses reason does not check for volume type that do not support snapshots 2001041 - [4.9.0] Importer attempts to shrink an image in certain situations 2001047 - Automatic size detection may not request a PVC that is large enough for an import 2003473 - Failed to Migrate Windows VM with CDROM (readonly) 2005695 - With descheduler during multiple VMIs migrations, some VMs are restarted 2006418 - Clone Strategy does not work as described 2008900 - Eviction of not live migratable VMs due to virt-launcher upgrade can happen outside the upgrade window 2010742 - [CNV-4.9] VMI is in LiveMigrate loop when Upgrading Cluster from 2.6.7/4.7.32 to OCP 4.8.13 2011179 - Cluster-wide live migration limits and timeouts are not suitable 2017394 - After upgrade, live migration is Pending 2018521 - [Storage] Failed to restore VirtualMachineSnapshot after CNV upgrade

    5

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "mysql server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.0.26"
          },
          {
            "_id": null,
            "model": "scalance m876-3",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "8.2.0"
          },
          {
            "_id": null,
            "model": "sinec infrastructure network services",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "1.0.1.1"
          },
          {
            "_id": null,
            "model": "sinema remote connect server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "simatic rtu3031c",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "5.0.14"
          },
          {
            "_id": null,
            "model": "simatic rtu 3041c",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "5.0.14"
          },
          {
            "_id": null,
            "model": "mysql server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "5.7.36"
          },
          {
            "_id": null,
            "model": "scalance m804pb",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "scalance m874-3",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.58"
          },
          {
            "_id": null,
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.59"
          },
          {
            "_id": null,
            "model": "clustered data ontap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "scalance m876-4",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "simatic rtu3010c",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "5.0.14"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "33"
          },
          {
            "_id": null,
            "model": "ruggedcomrm 1224 lte",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "simatic cp 1543-1",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.0.22"
          },
          {
            "_id": null,
            "model": "scalance m874-2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "cloud backup",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "simatic rtu3030c",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "5.0.14"
          },
          {
            "_id": null,
            "model": "solidfire \\\u0026 hci management node",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "scalance m812-1",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.57"
          },
          {
            "_id": null,
            "model": "scalance s615",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.0.0"
          },
          {
            "_id": null,
            "model": "logo\\! cmr2020",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "*"
          },
          {
            "_id": null,
            "model": "logo\\! cmr2040",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "*"
          },
          {
            "_id": null,
            "model": "simatic cp 1545-1",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "1.1"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.0.6"
          },
          {
            "_id": null,
            "model": "scalance m826-2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "mysql server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "5.7.0"
          },
          {
            "_id": null,
            "model": "mysql server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.0.0"
          },
          {
            "_id": null,
            "model": "scalance m816-1",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.10.4"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.1.0"
          },
          {
            "_id": null,
            "model": "solidfire baseboard management controller",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "8.2.12"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.77.0"
          },
          {
            "_id": null,
            "model": "siplus net cp 1543-1",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.0.22"
          },
          {
            "_id": null,
            "model": "scalance mum856-1",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "sinema remote connect",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "solidfire \u0026 hci management node",
            "scope": null,
            "trust": 0.8,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": null,
            "trust": 0.8,
            "vendor": "fedora",
            "version": null
          },
          {
            "_id": null,
            "model": "mysql",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30aa\u30e9\u30af\u30eb",
            "version": null
          },
          {
            "_id": null,
            "model": "peoplesoft enterprise peopletools",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30aa\u30e9\u30af\u30eb",
            "version": null
          },
          {
            "_id": null,
            "model": "\u65e5\u7acb\u9ad8\u4fe1\u983c\u30b5\u30fc\u30d0 rv3000",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "_id": null,
            "model": "ontap",
            "scope": null,
            "trust": 0.8,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "gnu/linux",
            "scope": null,
            "trust": 0.8,
            "vendor": "debian",
            "version": null
          },
          {
            "_id": null,
            "model": "curl",
            "scope": null,
            "trust": 0.8,
            "vendor": "haxx",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009762"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22924"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "164523"
          },
          {
            "db": "PACKETSTORM",
            "id": "166714"
          },
          {
            "db": "PACKETSTORM",
            "id": "164583"
          },
          {
            "db": "PACKETSTORM",
            "id": "164221"
          },
          {
            "db": "PACKETSTORM",
            "id": "164282"
          },
          {
            "db": "PACKETSTORM",
            "id": "164555"
          },
          {
            "db": "PACKETSTORM",
            "id": "164755"
          },
          {
            "db": "PACKETSTORM",
            "id": "164948"
          }
        ],
        "trust": 0.8
      },
      "cve": "CVE-2021-22924",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2021-22924",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-381398",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.2,
                "id": "CVE-2021-22924",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 3.7,
                "baseSeverity": "Low",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2021-22924",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-22924",
                "trust": 1.0,
                "value": "LOW"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2021-22924",
                "trust": 1.0,
                "value": "LOW"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-22924",
                "trust": 0.8,
                "value": "Low"
              },
              {
                "author": "VULHUB",
                "id": "VHN-381398",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381398"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009762"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22924"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22924"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take \u0027issuercert\u0027 into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn\u0027t include the \u0027issuer cert\u0027 which a transfer can setto qualify how to verify the server certificate. cURL There is a vulnerability in the use of incorrectly resolved names and references.Information may be obtained. A security issue has been found in curl before version 7.78.0. The comparison also didn\u0027t include the \u0027issuer cert\u0027 which a transfer can set to qualify how to verify the server certificate. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: rh-dotnet31-curl security update\nAdvisory ID:       RHSA-2022:1354-01\nProduct:           .NET Core on Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:1354\nIssue date:        2022-04-13\nCVE Names:         CVE-2021-22876 CVE-2021-22924 CVE-2021-22946\n                   CVE-2021-22947\n====================================================================\n1. Summary:\n\nAn update for rh-dotnet31-curl is now available for .NET Core on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET Core is a managed-software framework. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nSecurity Fix(es):\n\n* curl: Leak of authentication credentials in URL via automatic Referer\n(CVE-2021-22876)\n\n* curl: Bad connection reuse due to flawed path name checks\n(CVE-2021-22924)\n\n* curl: Requirement to use TLS not properly enforced for IMAP, POP3, and\nFTP protocols (CVE-2021-22946)\n\n* curl: Server responses received before STARTTLS processed after TLS\nhandshake (CVE-2021-22947)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer\n1981460 - CVE-2021-22924 curl: Bad connection reuse due to flawed path name checks\n2003175 - CVE-2021-22946 curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols\n2003191 - CVE-2021-22947 curl: Server responses received before STARTTLS processed after TLS handshake\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet31-curl-7.61.1-22.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet31-curl-7.61.1-22.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet31-curl-7.61.1-22.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-22876\nhttps://access.redhat.com/security/cve/CVE-2021-22924\nhttps://access.redhat.com/security/cve/CVE-2021-22946\nhttps://access.redhat.com/security/cve/CVE-2021-22947\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYlb3SNzjgjWX9erEAQgpXg/5AT2Nh6ff5mqlZ7dY4dfRgIFgwWOFbvsL\n7SHL2ScZJGC2ArXHw9ZpL6XqOZlNm6LGy3V9py4CTEt3lSOl1i3NG4LBKjA7tnea\nC0l327UhJZqwg1NtZzuhfJTjngxY+09PKNF9X9ULfISZAU0LJlA32VsY/Aw3r2Pu\ntPx+v+xFKHov+lCT9M75Y7gd0O1McWRwnLF+9E8sVYfkkWp/KMEg4BiuiIax+5lD\n9Cs7sgYGct1wDMC+aXbcgM06vCY8nKTwyD67yuFjL+wbHnjcO12Kle9AIzPLQpjU\nLvzQRqE5/KNhH1BC0jLJwRmFuRH4q/JP8+PRK7/9ABLIl10uj37z9XKpqRj5eBKe\ntof7/1Fq1DIhDQXoU2TB6SdWwAW/GgLb0tQf1F9KUfgJ+PUQGZED7JzB/jjBZqEy\nRh2zDbM8hpCyTBA1bZb/34NyuGG2fypXYkbAda61bWAmn/oV4+P7tV+rGVdQP9GA\nrlvFPm3sEvT5qHe2pI0du5+Y0yB1PjPMmwYKBlNmhuNFbKgH6dLv8KlKMcbJvu4T\ndA7yKkZyyxux8W1Reyp0Wzh2wJE5aQfbZm9rzVDJ896AIlO+UzqHXH4XWoFQV1Rz\nFoj7yKfAJAS/fumVMGd5Z2rpzf8bVjiPltQi+qXFgdyfqpkLxzSKj1tFtWxFW8P4\n04zDwrF/odg=o6o+\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. ==========================================================================\nUbuntu Security Notice USN-5021-1\nJuly 22, 2021\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.04\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in curl. \n\nSoftware Description:\n- curl: HTTP, HTTPS, and FTP client and client libraries\n\nDetails:\n\nHarry Sintonen and Tomas Hoger discovered that curl incorrectly handled\nTELNET connections when the -t option was used on the command line. \nUninitialized data possibly containing sensitive information could be sent\nto the remote server, contrary to expectations. (CVE-2021-22898,\nCVE-2021-22925)\n\nHarry Sintonen discovered that curl incorrectly reused connections in the\nconnection pool. This could result in curl reusing the wrong connections. \n(CVE-2021-22924)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.04:\n  curl                            7.74.0-1ubuntu2.1\n  libcurl3-gnutls                 7.74.0-1ubuntu2.1\n  libcurl3-nss                    7.74.0-1ubuntu2.1\n  libcurl4                        7.74.0-1ubuntu2.1\n\nUbuntu 20.04 LTS:\n  curl                            7.68.0-1ubuntu2.6\n  libcurl3-gnutls                 7.68.0-1ubuntu2.6\n  libcurl3-nss                    7.68.0-1ubuntu2.6\n  libcurl4                        7.68.0-1ubuntu2.6\n\nUbuntu 18.04 LTS:\n  curl                            7.58.0-2ubuntu3.14\n  libcurl3-gnutls                 7.58.0-2ubuntu3.14\n  libcurl3-nss                    7.58.0-2ubuntu3.14\n  libcurl4                        7.58.0-2ubuntu3.14\n\nIn general, a standard system update will make all the necessary changes. Bugs fixed (https://bugzilla.redhat.com/):\n\n2007489 - RHACM 2.1.12 images\n2010991 - CVE-2021-32687 redis: Integer overflow issue with intsets\n2011000 - CVE-2021-32675 redis: Denial of service via Redis Standard Protocol (RESP) request\n2011001 - CVE-2021-32672 redis: Out of bounds read in lua debugger protocol parser\n2011004 - CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure\n2011010 - CVE-2021-32627 redis: Integer overflow issue with Streams\n2011017 - CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack\n2011020 - CVE-2021-41099 redis: Integer overflow issue with strings\n\n5. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. Summary:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.1.11 General\nAvailability release images, which provide a security fix and update the\ncontainer images. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.1.11 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nThis advisory contains updates to one or more container images for Red Hat\nAdvanced Cluster Management for Kubernetes. \n\nContainer updates:\n\n* RHACM 2.1.11 images (BZ# 1999375)\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. To apply this upgrade,\nyou \nmust upgrade your OpenShift Container Platform version to 4.6, or later. Bugs fixed (https://bugzilla.redhat.com/):\n\n1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name\n1999375 - RHACM 2.1.11 images\n\n5. Description:\n\nQuay 3.6.0 release\n\nSecurity Fix(es):\n\n* nodejs-url-parse: incorrect hostname in url parsing (CVE-2018-3774)\n\n* python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error\nchecking in TiffDecode.c (CVE-2021-25289)\n\n* nodejs-urijs: mishandling certain uses of backslash may lead to\nconfidentiality compromise (CVE-2021-27516)\n\n* nodejs-debug: Regular expression Denial of Service (CVE-2017-16137)\n\n* nodejs-mime: Regular expression Denial of Service (CVE-2017-16138)\n\n* nodejs-is-my-json-valid: ReDoS when validating JSON fields with email\nformat (CVE-2018-1107)\n\n* nodejs-extend: Prototype pollution can allow attackers to modify object\nproperties (CVE-2018-16492)\n\n* nodejs-stringstream: out-of-bounds read leading to uninitialized memory\nexposure (CVE-2018-21270)\n\n* nodejs-handlebars: lookup helper fails to properly validate templates\nallowing for arbitrary JavaScript execution (CVE-2019-20920)\n\n* nodejs-handlebars: an endless loop while processing specially-crafted\ntemplates leads to DoS (CVE-2019-20922)\n\n* nodejs-lodash: prototype pollution in zipObjectDeep function\n(CVE-2020-8203)\n\n* nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate\nfunction (CVE-2020-15366)\n\n* nodejs-highlight-js: prototype pollution via a crafted HTML code block\n(CVE-2020-26237)\n\n* urijs: Hostname spoofing via backslashes in URL (CVE-2020-26291)\n\n* python-pillow: decoding crafted YCbCr files could result in heap-based\nbuffer overflow (CVE-2020-35654)\n\n* browserslist: parsing of invalid queries could result in Regular\nExpression Denial of Service (ReDoS) (CVE-2021-23364)\n\n* nodejs-postcss: Regular expression denial of service during source map\nparsing (CVE-2021-23368)\n\n* nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in\nlib/previous-map.js (CVE-2021-23382)\n\n* python-pillow: negative-offset memcpy with an invalid size in\nTiffDecode.c (CVE-2021-25290)\n\n* python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c\n(CVE-2021-25291)\n\n* python-pillow: backtracking regex in PDF parser could be used as a DOS\nattack (CVE-2021-25292)\n\n* python-pillow: out-of-bounds read in SGIRleDecode.c (CVE-2021-25293)\n\n* nodejs-url-parse: mishandling certain uses of backslash may lead to\nconfidentiality compromise (CVE-2021-27515)\n\n* python-pillow: reported size of a contained image is not properly checked\nfor a BLP container (CVE-2021-27921)\n\n* python-pillow: reported size of a contained image is not properly checked\nfor an ICNS container (CVE-2021-27922)\n\n* python-pillow: reported size of a contained image is not properly checked\nfor an ICO container (CVE-2021-27923)\n\n* python-pillow: buffer overflow in Convert.c because it allow an attacker\nto pass controlled parameters directly into a convert function\n(CVE-2021-34552)\n\n* nodejs-braces: Regular Expression Denial of Service (ReDoS) in\nlib/parsers.js (CVE-2018-1109)\n\n* lodash: Prototype pollution in utilities function (CVE-2018-3721)\n\n* hoek: Prototype pollution in utilities function (CVE-2018-3728)\n\n* lodash: uncontrolled resource consumption in Data handler causing denial\nof service (CVE-2019-1010266)\n\n* nodejs-yargs-parser: prototype pollution vulnerability (CVE-2020-7608)\n\n* python-pillow: decoding a crafted PCX file could result in buffer\nover-read (CVE-2020-35653)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1500700 - CVE-2017-16138 nodejs-mime: Regular expression Denial of Service\n1500705 - CVE-2017-16137 nodejs-debug: Regular expression Denial of Service\n1545884 - CVE-2018-3721 lodash: Prototype pollution in utilities function\n1545893 - CVE-2018-3728 hoek: Prototype pollution in utilities function\n1546357 - CVE-2018-1107 nodejs-is-my-json-valid: ReDoS when validating JSON fields with email format\n1547272 - CVE-2018-1109 nodejs-braces: Regular Expression Denial of Service (ReDoS) in lib/parsers.js\n1608140 - CVE-2018-16492 nodejs-extend: Prototype pollution can allow attackers to modify object properties\n1743096 - CVE-2019-1010266 lodash: uncontrolled resource consumption in Data handler causing denial of service\n1840004 - CVE-2020-7608 nodejs-yargs-parser: prototype pollution vulnerability\n1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function\n1857977 - CVE-2020-15366 nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function\n1882256 - CVE-2019-20922 nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS\n1882260 - CVE-2019-20920 nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution\n1901662 - CVE-2020-26237 nodejs-highlight-js: prototype pollution via a crafted HTML code block\n1915257 - CVE-2020-26291 urijs: Hostname spoofing via backslashes in URL\n1915420 - CVE-2020-35653 python-pillow: decoding a crafted PCX file could result in buffer over-read\n1915424 - CVE-2020-35654 python-pillow: decoding crafted YCbCr files could result in heap-based buffer overflow\n1927293 - CVE-2018-21270 nodejs-stringstream: out-of-bounds read leading to uninitialized memory exposure\n1934470 - CVE-2021-27516 nodejs-urijs: mishandling certain uses of backslash may lead to confidentiality compromise\n1934474 - CVE-2021-27515 nodejs-url-parse: mishandling certain uses of backslash may lead to confidentiality compromise\n1934680 - CVE-2021-25289 python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c\n1934685 - CVE-2021-25290 python-pillow: negative-offset memcpy with an invalid size in TiffDecode.c\n1934692 - CVE-2021-25291 python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c\n1934699 - CVE-2021-25292 python-pillow: backtracking regex in PDF parser could be used as a DOS attack\n1934705 - CVE-2021-25293 python-pillow: out-of-bounds read in SGIRleDecode.c\n1935384 - CVE-2021-27921 python-pillow: reported size of a contained image is not properly checked for a BLP container\n1935396 - CVE-2021-27922 python-pillow: reported size of a contained image is not properly checked for an ICNS container\n1935401 - CVE-2021-27923 python-pillow: reported size of a contained image is not properly checked for an ICO container\n1940759 - CVE-2018-3774 nodejs-url-parse: incorrect hostname in url parsing\n1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing\n1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js\n1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS)\n1982378 - CVE-2021-34552 python-pillow: buffer overflow in Convert.c because it allow an attacker to pass controlled parameters directly into a convert function\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nPROJQUAY-1417 - zstd compressed layers\nPROJQUAY-1449 - As a Quay admin I want to rely on the Operator to auto-scale all stateless parts of Quay\nPROJQUAY-1535 -  As a user I can create and use nested repository name structures\nPROJQUAY-1583 - add \"disconnected\" annotation to operators\nPROJQUAY-1609 - Operator communicates status per managed component\nPROJQUAY-1610 - Operator does not make Quay deployment wait on Clair deployment\nPROJQUAY-1791 - v1beta CRD EOL\nPROJQUAY-1883 - Support OCP Re-encrypt routes\nPROJQUAY-1887 - allow either sha or tag in related images\nPROJQUAY-1926 - As an admin, I want an API to create first user, so I can automate deployment. \nPROJQUAY-1998 - note database deprecations in 3.6 Config Tool\nPROJQUAY-2050 - Support OCP Edge-Termination\nPROJQUAY-2100 - A customer can update the Operator from 3.3 to 3.6 directly\nPROJQUAY-2102 - add clair-4.2 enrichment data to quay UI\nPROJQUAY-672 - MutatingAdmissionWebhook Created Automatically for QBO During Install\n\n6. Bugs fixed (https://bugzilla.redhat.com/):\n\n1858777 - Alert for VM with \u0027evictionStrategy: LiveMigrate\u0027 for local PVs set\n1891921 - virt-launcher is missing /usr/share/zoneinfo directory, making it impossible to set clock offset of timezone type for the guest RTC\n1896469 - In cluster with OVN Kubernetes networking - a node doesn\u0027t recover when configuring linux-bridge over its default NIC\n1903687 - [scale] 1K DV creation failed\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1933043 - Delete VM just after it turns into \"running\" is very likely to hit grace period end\n1935219 - [CNV-2.5] Set memory and CPU request on hco-operator and hco-webhook deployments\n1942726 - test automatic bug creation for a new release\n1943164 - Node drain: Sometimes source virt-launcher pod status is Failed and not Completed\n1945589 - Live migration with virtiofs is possible\n1953481 - New OCP priority classes are not used - Deploy\n1953483 - New OCP priority classes are not used - SSP\n1953484 - New OCP priority classes are not used - Storage\n1955129 - Failed to bindmount hotplug-disk for hostpath-provisioner\n1957852 - Could not start VM as restore snapshot was still not Complete\n1958341 - CVE-2021-31525 golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header\n1963963 - hco.kubevirt.io:config-reader role and rolebinding are not strictly reconciled\n1965050 - RoleBinding and ClusterRoleBinding brought in by kubevirt does not get reconciled when kind is ServiceAccount\n1973852 - Introduce VM crashloop backoff\n1976604 - [CNV-5786] IP connectivity is lost after migration (masquerade)\n1976730 - Disk is not usable due to incorrect size for proper alignment\n1979631 - virt-chroot: container disk validation crash prevents VMI from starting/migrating\n1979659 - 4.9.0 containers\n1981345 - 4.9.0 rpms\n1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic\n1985083 - VMI Pod fails to terminate due to a zombie qemu process\n1985649 - virt-handler Pod is missing xorrisofs command\n1985670 - virt-launcher fails to create v1 controller cpu for group: Read-only file system\n1985719 - Unprivileged client fails to get guest agent data\n1989176 - kube-cni-linux-bridge-plugin Pod is missing bridge CNI plugin\n1989263 - VM Snapshot may freeze guest indefinitely\n1989269 - Online VM Snapshot storing incorrect VM spec\n1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names\n1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty\n1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents\n1991691 - Enable DownwardMetrics FeatureGate via HCO CR\n1992608 - kubevirt doesn\u0027t respect useEmulation: true\n1993121 - Rhel9 templates - provider-url should be updated to https://www.redhat.com/\n1994389 - Some of the cdi resources missing app labels\n1995295 - SCC annotation of ssp-operator was changed to privileged\n1996407 - [cdi-functional-tests] cdi-docker-registry-host Pod fails to start\n1997014 - Common templates - dataVolumeTemplates API version should be updated\n1998054 - RHEL9 template - update template description. \n1998656 - no \"name\" label in ssp-operator pod\n1999571 - NFS clone not progressing when clone sizes mismatch (target \u003e source)\n1999617 - Unable to create a VM with nonroot VirtLauncher Pods\n1999835 - ConsoleCLIDownload | wrong path in virtctl archive URL\n2000052 - NNCP creation failures after nmstate-handler pod deletion\n2000204 - [4.9.0] [RFE] volumeSnapshotStatuses reason does not check for volume type that do not support snapshots\n2001041 - [4.9.0] Importer attempts to shrink an image in certain situations\n2001047 - Automatic size detection may not request a PVC that is large enough for an import\n2003473 - Failed to Migrate Windows VM with CDROM  (readonly)\n2005695 - With descheduler during multiple VMIs migrations, some VMs are restarted\n2006418 - Clone Strategy does not work as described\n2008900 - Eviction of not live migratable VMs due to virt-launcher upgrade can happen outside the upgrade window\n2010742 - [CNV-4.9] VMI is in LiveMigrate loop when Upgrading Cluster from 2.6.7/4.7.32 to OCP 4.8.13\n2011179 - Cluster-wide live migration limits and timeouts are not suitable\n2017394 - After upgrade, live migration is Pending\n2018521 - [Storage] Failed to restore VirtualMachineSnapshot after CNV upgrade\n\n5",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-22924"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009762"
          },
          {
            "db": "VULHUB",
            "id": "VHN-381398"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22924"
          },
          {
            "db": "PACKETSTORM",
            "id": "164523"
          },
          {
            "db": "PACKETSTORM",
            "id": "166714"
          },
          {
            "db": "PACKETSTORM",
            "id": "163637"
          },
          {
            "db": "PACKETSTORM",
            "id": "164583"
          },
          {
            "db": "PACKETSTORM",
            "id": "164221"
          },
          {
            "db": "PACKETSTORM",
            "id": "164282"
          },
          {
            "db": "PACKETSTORM",
            "id": "164555"
          },
          {
            "db": "PACKETSTORM",
            "id": "164755"
          },
          {
            "db": "PACKETSTORM",
            "id": "164948"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-22924",
            "trust": 3.7
          },
          {
            "db": "HACKERONE",
            "id": "1223565",
            "trust": 1.9
          },
          {
            "db": "SIEMENS",
            "id": "SSA-732250",
            "trust": 1.1
          },
          {
            "db": "SIEMENS",
            "id": "SSA-484086",
            "trust": 1.1
          },
          {
            "db": "SIEMENS",
            "id": "SSA-389290",
            "trust": 1.1
          },
          {
            "db": "JVN",
            "id": "JVNVU91709091",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU99030761",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009762",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "164948",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "164755",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "164583",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "165008",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-381398",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22924",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "164523",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166714",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "163637",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "164221",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "164282",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "164555",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381398"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22924"
          },
          {
            "db": "PACKETSTORM",
            "id": "164523"
          },
          {
            "db": "PACKETSTORM",
            "id": "166714"
          },
          {
            "db": "PACKETSTORM",
            "id": "163637"
          },
          {
            "db": "PACKETSTORM",
            "id": "164583"
          },
          {
            "db": "PACKETSTORM",
            "id": "164221"
          },
          {
            "db": "PACKETSTORM",
            "id": "164282"
          },
          {
            "db": "PACKETSTORM",
            "id": "164555"
          },
          {
            "db": "PACKETSTORM",
            "id": "164755"
          },
          {
            "db": "PACKETSTORM",
            "id": "164948"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009762"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22924"
          }
        ]
      },
      "id": "VAR-202108-2222",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381398"
          }
        ],
        "trust": 0.7410993499999999
      },
      "last_update_date": "2026-04-10T22:46:32.438000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "hitachi-sec-2023-204",
            "trust": 0.8,
            "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html"
          },
          {
            "title": "Arch Linux Issues: ",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-22924 log"
          },
          {
            "title": "Arch Linux Advisories: [ASA-202107-61] libcurl-compat: multiple issues",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-61"
          },
          {
            "title": "Arch Linux Advisories: [ASA-202107-60] lib32-curl: multiple issues",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-60"
          },
          {
            "title": "Arch Linux Advisories: [ASA-202107-64] lib32-libcurl-gnutls: multiple issues",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-64"
          },
          {
            "title": "Arch Linux Advisories: [ASA-202107-62] lib32-libcurl-compat: multiple issues",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-62"
          },
          {
            "title": "Arch Linux Advisories: [ASA-202107-63] libcurl-gnutls: multiple issues",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-63"
          },
          {
            "title": "Arch Linux Advisories: [ASA-202107-59] curl: multiple issues",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-59"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-22924"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009762"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-706",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-20",
            "trust": 1.0
          },
          {
            "problemtype": "Use of incorrectly resolved names and references (CWE-706) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381398"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009762"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22924"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.9,
            "url": "https://hackerone.com/reports/1223565"
          },
          {
            "trust": 1.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22924"
          },
          {
            "trust": 1.1,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
          },
          {
            "trust": 1.1,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
          },
          {
            "trust": 1.1,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf"
          },
          {
            "trust": 1.1,
            "url": "https://security.netapp.com/advisory/ntap-20210902-0003/"
          },
          {
            "trust": 1.1,
            "url": "https://www.debian.org/security/2022/dsa-5197"
          },
          {
            "trust": 1.1,
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "trust": 1.1,
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "trust": 1.1,
            "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html"
          },
          {
            "trust": 1.1,
            "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3cusers.kafka.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3cusers.kafka.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/frucw2uvnyudzf72dqlfqr4pjec6cf7v/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3cdev.kafka.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3cdev.kafka.apache.org%3e"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2021-22924"
          },
          {
            "trust": 0.8,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.8,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu91709091/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu99030761/index.html"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22922"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22923"
          },
          {
            "trust": 0.7,
            "url": "https://access.redhat.com/security/cve/cve-2021-22922"
          },
          {
            "trust": 0.7,
            "url": "https://access.redhat.com/security/cve/cve-2021-22923"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2021-36222"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2021-37750"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36222"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3653"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-37750"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-3653"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-32626"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-32687"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32626"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32675"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23017"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-32675"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-41099"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32627"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32687"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32628"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32672"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-23017"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-32627"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-32672"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-32628"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41099"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-22947"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-22946"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3656"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-3656"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-25648"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25648"
          },
          {
            "trust": 0.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/frucw2uvnyudzf72dqlfqr4pjec6cf7v/"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3cdev.kafka.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3cdev.kafka.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3cusers.kafka.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3cusers.kafka.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "http://seclists.org/oss-sec/2021/q3/26"
          },
          {
            "trust": 0.1,
            "url": "https://security.archlinux.org/cve-2021-22924"
          },
          {
            "trust": 0.1,
            "url": "https://security.archlinux.org/asa-202107-61"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23434"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:3873"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23434"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1354"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-22876"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/curl/7.74.0-1ubuntu2.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.14"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-5021-1"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.6"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-22543"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-37576"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22543"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:3949"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23841"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23840"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23841"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23840"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-37576"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-4658"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4658"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:3582"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27777"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-29154"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31535"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:3653"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32399"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-29650"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27777"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-29154"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-32399"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-29650"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22555"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-31535"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-22555"
          },
          {
            "trust": 0.1,
            "url": "https://issues.jboss.org/):"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-27922"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-1109"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-7608"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26237"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-21270"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-25292"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-26237"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-25289"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20920"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3728"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-34552"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-35653"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-25289"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35654"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1109"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-3721"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23368"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-8203"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1107"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-3774"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7608"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16137"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8203"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-21270"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23382"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-26291"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15366"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-25291"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-16492"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-27921"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3774"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20920"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-27515"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20922"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-1010266"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-35654"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-27923"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-25290"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23364"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16492"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1010266"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20922"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-1107"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:3917"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26291"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35653"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23382"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2017-16138"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-3728"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3721"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-15366"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-27516"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16138"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2017-16137"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-25293"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23364"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23368"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33195"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3121"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33197"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:4104"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33195"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3121"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33198"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33198"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-31525"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-34558"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33197"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31525"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34558"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33929"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-0512"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-32803"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3733"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33930"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32690"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3711"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:4618"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3733"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-36385"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3712"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-32804"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33623"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33938"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33929"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36385"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32804"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-32690"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-0512"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3711"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3749"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33930"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33623"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33928"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3712"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33938"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32803"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33928"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381398"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22924"
          },
          {
            "db": "PACKETSTORM",
            "id": "164523"
          },
          {
            "db": "PACKETSTORM",
            "id": "166714"
          },
          {
            "db": "PACKETSTORM",
            "id": "163637"
          },
          {
            "db": "PACKETSTORM",
            "id": "164583"
          },
          {
            "db": "PACKETSTORM",
            "id": "164221"
          },
          {
            "db": "PACKETSTORM",
            "id": "164282"
          },
          {
            "db": "PACKETSTORM",
            "id": "164555"
          },
          {
            "db": "PACKETSTORM",
            "id": "164755"
          },
          {
            "db": "PACKETSTORM",
            "id": "164948"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009762"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22924"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-381398",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22924",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164523",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166714",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "163637",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164583",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164221",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164282",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164555",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164755",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164948",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009762",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22924",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-08-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-381398",
            "ident": null
          },
          {
            "date": "2021-10-15T15:06:44",
            "db": "PACKETSTORM",
            "id": "164523",
            "ident": null
          },
          {
            "date": "2022-04-13T22:20:44",
            "db": "PACKETSTORM",
            "id": "166714",
            "ident": null
          },
          {
            "date": "2021-07-22T23:15:11",
            "db": "PACKETSTORM",
            "id": "163637",
            "ident": null
          },
          {
            "date": "2021-10-21T15:31:47",
            "db": "PACKETSTORM",
            "id": "164583",
            "ident": null
          },
          {
            "date": "2021-09-21T15:40:44",
            "db": "PACKETSTORM",
            "id": "164221",
            "ident": null
          },
          {
            "date": "2021-09-24T15:49:04",
            "db": "PACKETSTORM",
            "id": "164282",
            "ident": null
          },
          {
            "date": "2021-10-19T15:32:20",
            "db": "PACKETSTORM",
            "id": "164555",
            "ident": null
          },
          {
            "date": "2021-11-03T17:47:45",
            "db": "PACKETSTORM",
            "id": "164755",
            "ident": null
          },
          {
            "date": "2021-11-12T17:01:04",
            "db": "PACKETSTORM",
            "id": "164948",
            "ident": null
          },
          {
            "date": "2022-05-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-009762",
            "ident": null
          },
          {
            "date": "2021-08-05T21:15:11.380000",
            "db": "NVD",
            "id": "CVE-2021-22924",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-10-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-381398",
            "ident": null
          },
          {
            "date": "2025-09-19T08:27:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-009762",
            "ident": null
          },
          {
            "date": "2025-06-09T15:15:24.403000",
            "db": "NVD",
            "id": "CVE-2021-22924",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "163637"
          }
        ],
        "trust": 0.1
      },
      "title": {
        "_id": null,
        "data": "cURL\u00a0 Incorrectly resolved name and reference usage vulnerabilities in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009762"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "overflow",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "164523"
          },
          {
            "db": "PACKETSTORM",
            "id": "164583"
          },
          {
            "db": "PACKETSTORM",
            "id": "164948"
          }
        ],
        "trust": 0.3
      }
    }

    VAR-202012-1279

    Vulnerability from variot - Updated: 2026-04-10 22:46

    curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. HAXX libcurl is an open source client-side URL transfer library developed by Haxx (HAXX) in Sweden. The product supports protocols such as FTP, SFTP, TFTP and HTTP. A security vulnerability exists in libcurl that could be exploited by an attacker to read or write data in a session by acting as a man-in-the-middle through low-level OCSP authentication on libcurl. Description:

    Red Hat Advanced Cluster Management for Kubernetes 2.3.0 images

    Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:

    https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.3/html/release_notes/

    Security:

    • fastify-reply-from: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21321)

    • fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21322)

    • nodejs-netmask: improper input validation of octal input data (CVE-2021-28918)

    • redis: Integer overflow via STRALGO LCS command (CVE-2021-29477)

    • redis: Integer overflow via COPY command for large intsets (CVE-2021-29478)

    • nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)

    • nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500)

    • golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing

    • -u- extension (CVE-2020-28851)

    • golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852)

    • nodejs-ansi_up: XSS due to insufficient URL sanitization (CVE-2021-3377)

    • oras: zip-slip vulnerability via oras-pull (CVE-2021-21272)

    • redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309)

    • nodejs-lodash: command injection via template (CVE-2021-23337)

    • nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() (CVE-2021-23362)

    • browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) (CVE-2021-23364)

    • nodejs-postcss: Regular expression denial of service during source map parsing (CVE-2021-23368)

    • nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option (CVE-2021-23369)

    • nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js (CVE-2021-23382)

    • nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option (CVE-2021-23383)

    • openssl: integer overflow in CipherUpdate (CVE-2021-23840)

    • openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841)

    • nodejs-ua-parser-js: ReDoS via malicious User-Agent header (CVE-2021-27292)

    • grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call (CVE-2021-27358)

    • nodejs-is-svg: ReDoS via malicious string (CVE-2021-28092)

    • nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character (CVE-2021-29418)

    • ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482)

    • normalize-url: ReDoS for data URLs (CVE-2021-33502)

    • nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623)

    • nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe (CVE-2021-23343)

    • html-parse-stringify: Regular Expression DoS (CVE-2021-23346)

    • openssl: incorrect SSLv2 rollback protection (CVE-2021-23839)

    For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section.

    Bugs:

    • RFE Make the source code for the endpoint-metrics-operator public (BZ# 1913444)

    • cluster became offline after apiserver health check (BZ# 1942589)

    • Bugs fixed (https://bugzilla.redhat.com/):

    1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension 1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag 1913444 - RFE Make the source code for the endpoint-metrics-operator public 1921286 - CVE-2021-21272 oras: zip-slip vulnerability via oras-pull 1927520 - RHACM 2.3.0 images 1928937 - CVE-2021-23337 nodejs-lodash: command injection via template 1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions 1930294 - CVE-2021-23839 openssl: incorrect SSLv2 rollback protection 1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash() 1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate 1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1936427 - CVE-2021-3377 nodejs-ansi_up: XSS due to insufficient URL sanitization 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1940196 - View Resource YAML option shows 404 error when reviewing a Subscription for an application 1940613 - CVE-2021-27292 nodejs-ua-parser-js: ReDoS via malicious User-Agent header 1941024 - CVE-2021-27358 grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call 1941675 - CVE-2021-23346 html-parse-stringify: Regular Expression DoS 1942178 - CVE-2021-21321 fastify-reply-from: crafted URL allows prefix scape of the proxied backend service 1942182 - CVE-2021-21322 fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service 1942589 - cluster became offline after apiserver health check 1943208 - CVE-2021-23362 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() 1944822 - CVE-2021-29418 nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1945459 - CVE-2020-28469 nodejs-glob-parent: Regular expression denial of service 1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option 1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing 1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js 1954368 - CVE-2021-29482 ulikunitz/xz: Infinite loop in readUvarint allows for denial of service 1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) 1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option 1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe 1957410 - CVE-2021-29477 redis: Integer overflow via STRALGO LCS command 1957414 - CVE-2021-29478 redis: Integer overflow via COPY command for large intsets 1964461 - CVE-2021-33502 normalize-url: ReDoS for data URLs 1966615 - CVE-2021-33623 nodejs-trim-newlines: ReDoS in .end() method 1968122 - clusterdeployment fails because hiveadmission sc does not have correct permissions 1972703 - Subctl fails to join cluster, since it cannot auto-generate a valid cluster id 1983131 - Defragmenting an etcd member doesn't reduce the DB size (7.5GB) on a setup with ~1000 spoke clusters

    1. Solution:

    For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:

    https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html

    For Red Hat OpenShift Logging 5.0, see the following instructions to apply this update:

    https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u pgrading.html

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation

    1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Moderate: Red Hat OpenShift Container Storage 4.6.5 security and bug fix update Advisory ID: RHSA-2021:2479-01 Product: Red Hat OpenShift Container Storage Advisory URL: https://access.redhat.com/errata/RHSA-2021:2479 Issue date: 2021-06-17 CVE Names: CVE-2016-10228 CVE-2017-14502 CVE-2019-2708 CVE-2019-3842 CVE-2019-9169 CVE-2019-13012 CVE-2019-14866 CVE-2019-25013 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2020-8927 CVE-2020-9948 CVE-2020-9951 CVE-2020-9983 CVE-2020-13434 CVE-2020-13543 CVE-2020-13584 CVE-2020-13776 CVE-2020-15358 CVE-2020-24977 CVE-2020-25659 CVE-2020-25678 CVE-2020-26116 CVE-2020-26137 CVE-2020-27618 CVE-2020-27619 CVE-2020-27783 CVE-2020-28196 CVE-2020-29361 CVE-2020-29362 CVE-2020-29363 CVE-2020-36242 CVE-2021-3139 CVE-2021-3177 CVE-2021-3326 CVE-2021-3449 CVE-2021-3450 CVE-2021-3528 CVE-2021-20305 CVE-2021-23239 CVE-2021-23240 CVE-2021-23336 ==================================================================== 1. Summary:

    Updated images that fix one security issue and several bugs are now available for Red Hat OpenShift Container Storage 4.6.5 on Red Hat Enterprise Linux 8 from Red Hat Container Registry.

    Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Description:

    Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API.

    Security Fix(es):

    • NooBaa: noobaa-operator leaking RPC AuthToken into log files (CVE-2021-3528)

    For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

    • Currently, a newly restored PVC cannot be mounted if some of the OpenShift Container Platform nodes are running on a version of Red Hat Enterprise Linux which is less than 8.2, and the snapshot from which the PVC was restored is deleted. Workaround: Do not delete the snapshot from which the PVC was restored until the restored PVC is deleted. (BZ#1962483)

    • Previously, the default backingstore was not created on AWS S3 when OpenShift Container Storage was deployed, due to incorrect identification of AWS S3. With this update, the default backingstore gets created when OpenShift Container Storage is deployed on AWS S3. (BZ#1927307)

    • Previously, log messages were printed to the endpoint pod log even if the debug option was not set. With this update, the log messages are printed to the endpoint pod log only when the debug option is set. (BZ#1938106)

    • Previously, the PVCs could not be provisioned as the rook-ceph-mds did not register the pod IP on the monitor servers, and hence every mount on the filesystem timed out, resulting in CephFS volume provisioning failure. With this update, an argument --public-addr=podIP is added to the MDS pod when the host network is not enabled, and hence the CephFS volume provisioning does not fail. (BZ#1949558)

    • Previously, OpenShift Container Storage 4.2 clusters were not updated with the correct cache value, and hence MDSs in standby-replay might report an oversized cache, as rook did not apply the mds_cache_memory_limit argument during upgrades. With this update, the mds_cache_memory_limit argument is applied during upgrades and the mds daemon operates normally. (BZ#1951348)

    • Previously, the coredumps were not generated in the correct location as rook was setting the config option log_file to an empty string since logging happened on stdout and not on the files, and hence Ceph read the value of the log_file to build the dump path. With this update, rook does not set the log_file and keeps Ceph's internal default, and hence the coredumps are generated in the correct location and are accessible under /var/log/ceph/. (BZ#1938049)

    • Previously, Ceph became inaccessible, as the mons lose quorum if a mon pod was drained while another mon was failing over. With this update, voluntary mon drains are prevented while a mon is failing over, and hence Ceph does not become inaccessible. (BZ#1946573)

    • Previously, the mon quorum was at risk, as the operator could erroneously remove the new mon if the operator was restarted during a mon failover. With this update, the operator completes the same mon failover after the operator is restarted, and hence the mon quorum is more reliable in the node drains and mon failover scenarios. (BZ#1959983)

    All users of Red Hat OpenShift Container Storage are advised to pull these new images from the Red Hat Container Registry.

    1. Solution:

    Before applying this update, make sure all previously released errata relevant to your system have been applied.

    For details on how to apply this update, refer to:

    https://access.redhat.com/articles/11258

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1938106 - [GSS][RFE]Reduce debug level for logs of Nooba Endpoint pod 1950915 - XSS Vulnerability with Noobaa version 5.5.0-3bacc6b 1951348 - [GSS][CephFS] health warning "MDS cache is too large (3GB/1GB); 0 inodes in use by clients, 0 stray files" for the standby-replay 1951600 - [4.6.z][Clone of BZ #1936545] setuid and setgid file bits are not retained after a OCS CephFS CSI restore 1955601 - CVE-2021-3528 NooBaa: noobaa-operator leaking RPC AuthToken into log files 1957189 - [Rebase] Use RHCS4.2z1 container image with OCS 4..6.5[may require doc update for external mode min supported RHCS version] 1959980 - When a node is being drained, increase the mon failover timeout to prevent unnecessary mon failover 1959983 - [GSS][mon] rook-operator scales mons to 4 after healthCheck timeout 1962483 - [RHEL7][RBD][4.6.z clone] FailedMount error when using restored PVC on app pod

    1. References:

    https://access.redhat.com/security/cve/CVE-2016-10228 https://access.redhat.com/security/cve/CVE-2017-14502 https://access.redhat.com/security/cve/CVE-2019-2708 https://access.redhat.com/security/cve/CVE-2019-3842 https://access.redhat.com/security/cve/CVE-2019-9169 https://access.redhat.com/security/cve/CVE-2019-13012 https://access.redhat.com/security/cve/CVE-2019-14866 https://access.redhat.com/security/cve/CVE-2019-25013 https://access.redhat.com/security/cve/CVE-2020-8231 https://access.redhat.com/security/cve/CVE-2020-8284 https://access.redhat.com/security/cve/CVE-2020-8285 https://access.redhat.com/security/cve/CVE-2020-8286 https://access.redhat.com/security/cve/CVE-2020-8927 https://access.redhat.com/security/cve/CVE-2020-9948 https://access.redhat.com/security/cve/CVE-2020-9951 https://access.redhat.com/security/cve/CVE-2020-9983 https://access.redhat.com/security/cve/CVE-2020-13434 https://access.redhat.com/security/cve/CVE-2020-13543 https://access.redhat.com/security/cve/CVE-2020-13584 https://access.redhat.com/security/cve/CVE-2020-13776 https://access.redhat.com/security/cve/CVE-2020-15358 https://access.redhat.com/security/cve/CVE-2020-24977 https://access.redhat.com/security/cve/CVE-2020-25659 https://access.redhat.com/security/cve/CVE-2020-25678 https://access.redhat.com/security/cve/CVE-2020-26116 https://access.redhat.com/security/cve/CVE-2020-26137 https://access.redhat.com/security/cve/CVE-2020-27618 https://access.redhat.com/security/cve/CVE-2020-27619 https://access.redhat.com/security/cve/CVE-2020-27783 https://access.redhat.com/security/cve/CVE-2020-28196 https://access.redhat.com/security/cve/CVE-2020-29361 https://access.redhat.com/security/cve/CVE-2020-29362 https://access.redhat.com/security/cve/CVE-2020-29363 https://access.redhat.com/security/cve/CVE-2020-36242 https://access.redhat.com/security/cve/CVE-2021-3139 https://access.redhat.com/security/cve/CVE-2021-3177 https://access.redhat.com/security/cve/CVE-2021-3326 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/cve/CVE-2021-3528 https://access.redhat.com/security/cve/CVE-2021-20305 https://access.redhat.com/security/cve/CVE-2021-23239 https://access.redhat.com/security/cve/CVE-2021-23240 https://access.redhat.com/security/cve/CVE-2021-23336 https://access.redhat.com/security/updates/classification/#moderate

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBYMtu/9zjgjWX9erEAQh6fhAAm9UPxF0e8ubzCEae+bkQAduwCkzpQ0ND Q1/UcDAAc4ueEhBrwXPhOLrgfBj+VG+QA19YZcNPzbW7I48RGjCm5WccnUyEbFAo FKTspCZW7FkXKBU15u58c/sFCGa4/Yuu+IpqCMuZ6lR2g9WHIBKdVtaB4y59AyfS v59cAorqZ3AoTX4lVys6HfDGySQWlg5P8t6ST72cUJjESi6U0HV00P7ECU2SFxCF HXA4gbXbZ1EPb/1+UkRRnXemJuT8SaRFRTrzj9woTrVAGQFvn+yjxLbZxVZb0WDd 6QeNpiJNICfL+/ExvEmGQucf7NcekYPWud11pnRUfQ+Uqsj+I7YoaepXAAolLzvN kAVVpFNsWADOVz7BrfSKoo4b38UCFOEUSd2d1ijCNE96Q9XyNUpn+kZqz0/wpBQC L+E5N9kEuaLyDBoI0wJAfoqU1NY4Cvl6lIMDgHUv2CE10zxhFwHCDulAfcQgxNQG sIbpSgSegq9HfZSDxa6Rtrox1I7oGhnBy10sIwUUH1+fxAusUk+Xrxf8hUv8KgDz V144yrGwN/6KVxh74A60bJX3ai12l6fC8bkmsxg5K1r/Dk4tUkQeXNdBbaK/rEKO AQs7YDab/0VA2qKtXDRkbnzqBRSbamDNOO/jd28nGMoclaIRHCzQgJRFv6Qb6dwT RCrstqAM5QQ=DHD0 -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce .

    Bug Fix(es):

    • WMCO patch pub-key-hash annotation to Linux node (BZ#1945248)

    • LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath (BZ#1952917)

    • Telemetry info not completely available to identify windows nodes (BZ#1955319)

    • WMCO incorrectly shows node as ready after a failed configuration (BZ#1956412)

    • kube-proxy service terminated unexpectedly after recreated LB service (BZ#1963263)

    • Solution:

    For Windows Machine Config Operator upgrades, see the following documentation:

    https://docs.openshift.com/container-platform/4.7/windows_containers/window s-node-upgrades.html

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1945248 - WMCO patch pub-key-hash annotation to Linux node 1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don't create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM 1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath 1955319 - Telemetry info not completely available to identify windows nodes 1956412 - WMCO incorrectly shows node as ready after a failed configuration 1963263 - kube-proxy service terminated unexpectedly after recreated LB service

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve

    1. JIRA issues fixed (https://issues.jboss.org/):

    TRACING-1725 - Elasticsearch operator reports x509 errors communicating with ElasticSearch in OpenShift Service Mesh project

    1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    APPLE-SA-2021-04-26-2 macOS Big Sur 11.3

    macOS Big Sur 11.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212325.

    APFS Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A logic issue was addressed with improved state management. CVE-2021-1853: Gary Nield of ECSC Group plc and Tim Michaud(@TimGMichaud) of Zoom Video Communications

    AppleMobileFileIntegrity Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences Description: An issue in code signature validation was addressed with improved checks. CVE-2021-1849: Siguza

    Apple Neural Engine Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1867: Zuozhi Fan (@pattern_F_) and Wish Wu(吴潍浠) of Ant Group Tianqiong Security Lab

    Archive Utility Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management. CVE-2021-1810: an anonymous researcher

    Audio Available for: macOS Big Sur Impact: An application may be able to read restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1808: JunDong Xie of Ant Security Light-Year Lab

    CFNetwork Available for: macOS Big Sur Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1857: an anonymous researcher

    CoreAudio Available for: macOS Big Sur Impact: Processing a maliciously crafted audio file may disclose restricted memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1846: JunDong Xie of Ant Security Light-Year Lab

    CoreAudio Available for: macOS Big Sur Impact: A malicious application may be able to read restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1809: JunDong Xie of Ant Security Light-Year Lab

    CoreFoundation Available for: macOS Big Sur Impact: A malicious application may be able to leak sensitive user information Description: A validation issue was addressed with improved logic. CVE-2021-30659: Thijs Alkemade of Computest

    CoreGraphics Available for: macOS Big Sur Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2021-1847: Xuwei Liu of Purdue University

    CoreText Available for: macOS Big Sur Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: A logic issue was addressed with improved state management. CVE-2021-1811: Xingwei Lin of Ant Security Light-Year Lab

    curl Available for: macOS Big Sur Impact: An attacker may provide a fraudulent OCSP response that would appear valid Description: This issue was addressed with improved checks. CVE-2020-8286: an anonymous researcher

    curl Available for: macOS Big Sur Impact: A remote attacker may be able to cause a denial of service Description: A buffer overflow was addressed with improved input validation. CVE-2020-8285: xnynx

    DiskArbitration Available for: macOS Big Sur Impact: A malicious application may be able to modify protected parts of the file system Description: A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks. CVE-2021-1784: Mikko Kenttälä (@Turmio_) of SensorFu, Csaba Fitzl (@theevilbit) of Offensive Security, and an anonymous researcher

    FaceTime Available for: macOS Big Sur Impact: Muting a CallKit call while ringing may not result in mute being enabled Description: A logic issue was addressed with improved state management. CVE-2021-1872: Siraj Zaneer of Facebook

    FontParser Available for: macOS Big Sur Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1881: an anonymous researcher, Xingwei Lin of Ant Security Light-Year Lab, Mickey Jin of Trend Micro, and Hou JingYi (@hjy79425575) of Qihoo 360

    Foundation Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved validation. CVE-2021-1882: Gabe Kirkpatrick (@gabe_k)

    Foundation Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A validation issue was addressed with improved logic. CVE-2021-1813: Cees Elzinga

    Heimdal Available for: macOS Big Sur Impact: Processing maliciously crafted server messages may lead to heap corruption Description: This issue was addressed with improved checks. CVE-2021-1883: Gabe Kirkpatrick (@gabe_k)

    Heimdal Available for: macOS Big Sur Impact: A remote attacker may be able to cause a denial of service Description: A race condition was addressed with improved locking. CVE-2021-1884: Gabe Kirkpatrick (@gabe_k)

    ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-1880: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30653: Ye Zhang of Baidu Security CVE-2021-1814: Ye Zhang of Baidu Security, Mickey Jin & Qi Sun of Trend Micro, and Xingwei Lin of Ant Security Light-Year Lab CVE-2021-1843: Ye Zhang of Baidu Security

    ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1885: CFF of Topsec Alpha Team

    ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-1858: Mickey Jin of Trend Micro

    Installer Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved handling of file metadata. CVE-2021-30658: Wojciech Reguła (@_r3ggi) of SecuRing

    Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-1841: Jack Dates of RET2 Systems, Inc. CVE-2021-1834: ABC Research s.r.o. working with Trend Micro Zero Day Initiative

    Kernel Available for: macOS Big Sur Impact: A malicious application may be able to disclose kernel memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1860: @0xalsr

    Kernel Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A memory corruption issue was addressed with improved validation. CVE-2021-1840: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab

    Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved state management. CVE-2021-1851: @0xalsr

    Kernel Available for: macOS Big Sur Impact: Copied files may not have the expected file permissions Description: The issue was addressed with improved permissions logic. CVE-2021-1832: an anonymous researcher

    Kernel Available for: macOS Big Sur Impact: A malicious application may be able to disclose kernel memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30660: Alex Plaskett

    libxpc Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A race condition was addressed with additional validation. CVE-2021-30652: James Hutchins

    libxslt Available for: macOS Big Sur Impact: Processing a maliciously crafted file may lead to heap corruption Description: A double free issue was addressed with improved memory management. CVE-2021-1875: Found by OSS-Fuzz

    Login Window Available for: macOS Big Sur Impact: A malicious application with root privileges may be able to access private information Description: This issue was addressed with improved entitlements. CVE-2021-1824: Wojciech Reguła (@_r3ggi) of SecuRing

    Notes Available for: macOS Big Sur Impact: Locked Notes content may have been unexpectedly unlocked Description: A logic issue was addressed with improved state management. CVE-2021-1859: Syed Ali Shuja (@SyedAliShuja) of Colour King Pvt. Ltd

    NSRemoteView Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-1876: Matthew Denton of Google Chrome

    Preferences Available for: macOS Big Sur Impact: A local user may be able to modify protected parts of the file system Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2021-1815: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) CVE-2021-1739: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) CVE-2021-1740: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)

    Safari Available for: macOS Big Sur Impact: A malicious website may be able to track users by setting state in a cache Description: An issue existed in determining cache occupancy. The issue was addressed through improved logic. CVE-2021-1861: Konstantinos Solomos of University of Illinois at Chicago

    Safari Available for: macOS Big Sur Impact: A malicious website may be able to force unnecessary network connections to fetch its favicon Description: A logic issue was addressed with improved state management. CVE-2021-1855: Håvard Mikkelsen Ottestad of HASMAC AS

    SampleAnalysis Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A logic issue was addressed with improved state management. CVE-2021-1868: Tim Michaud of Zoom Communications

    smbx Available for: macOS Big Sur Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An integer overflow was addressed with improved input validation. CVE-2021-1878: Aleksandar Nikolic of Cisco Talos (talosintelligence.com)

    System Preferences Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management. CVE-2021-30657: an anonymous researcher

    tcpdump Available for: macOS Big Sur Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2020-8037: an anonymous researcher

    Time Machine Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: The issue was addressed with improved permissions logic. CVE-2021-1839: Tim Michaud(@TimGMichaud) of Zoom Video Communications and Gary Nield of ECSC Group plc

    WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: An input validation issue was addressed with improved input validation. CVE-2021-1825: Alex Camboe of Aon’s Cyber Solutions

    WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2021-1817: an anonymous researcher

    WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved restrictions. CVE-2021-1826: an anonymous researcher

    WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1820: an anonymous researcher

    WebKit Storage Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A use after free issue was addressed with improved memory management. CVE-2021-30661: yangkang(@dnpushme) of 360 ATA

    WebRTC Available for: macOS Big Sur Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: A use after free issue was addressed with improved memory management. CVE-2020-7463: Megan2013678

    Wi-Fi Available for: macOS Big Sur Impact: An application may be able to cause unexpected system termination or write kernel memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1828: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab

    Wi-Fi Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2021-1829: Tielei Wang of Pangu Lab

    Wi-Fi Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with system privileges Description: The issue was addressed with improved permissions logic. CVE-2021-30655: Gary Nield of ECSC Group plc and Tim Michaud(@TimGMichaud) of Zoom Video Communications and Wojciech Reguła (@_r3ggi) of SecuRing

    Windows Server Available for: macOS Big Sur Impact: A malicious application may be able to unexpectedly leak a user's credentials from secure text fields Description: An API issue in Accessibility TCC permissions was addressed with improved state management. CVE-2021-1873: an anonymous researcher

    Installation note:

    This update may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/

    Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

    This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCHO0UACgkQZcsbuWJ6 jjA/XA/7BDDpbLo0btLbUrps6ELmcqFZhpvhuekw8Yd3jVeJihLcJGJpY38ZCcne srCJHuXPzlk3ex0bVkKNRrB04xF0vCA4TEBsJ495754PAKWrxmlx0Ce8zg4h+ey/ cMTaUgfB1sgOFO8kJCKJurCjhyQ3Xj5c5xa8/zxlKoAgI36PmhZsCoXC6KD+5mqn QCRF0kE/y0QSfsq13j4grLGMXLS4pkAJRMWvDiEliYDTw3pOul7ZDOwxLEyucVTv fE60H7ff7jfPbDcQ4yEgEbla40+YZYwl9Sv4zxIU2OBPva6HLbA+PXxk4F1QX7eA ECrfycMSIbQKZ2phryENZCcrX5DN4M/VcGIHq4ujF2CXBJymSWV0O5k5K0GzZ0Ko T2Zr2LOOunvHGrYy0okholNYb0iMA09dvwuDdEGr+vhLZhq1BBbmThhNEnArl7mE /fx2bvaS3o8TxGuh7mbeFK9q5Tafxe5Qhwgz9pnAtqBC8z1NgQoetk9pKPNDIsNY t3/7Xcix+fs28YOjmxPTpntud0EGSjxXm4g0bDbsU922iV1Z3ncgOvd//IzPXniS v4IqR/gPbhg+c2CGoaezD91sE5onLuMmFCogkUyftGHnN0EueKMjI+3fmyG4l4d1 0C3to6hKJNmTm56RgxwfVVOeVnsPF490s9LUYzO4ZUbaQHIuDfo= =9+Ju -----END PGP SIGNATURE-----

    .

    Security Fix(es):

    • golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)
    • golang: net: lookup functions may return invalid host names (CVE-2021-33195)
    • golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)
    • golang: match/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)
    • golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918)
    • golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)
    • golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196)

    It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless client kn 1.16.0. This has been fixed (CVE-2021-3703). Bugs fixed (https://bugzilla.redhat.com/):

    1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1983651 - Release of OpenShift Serverless Serving 1.17.0 1983654 - Release of OpenShift Serverless Eventing 1.17.0 1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names 1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty 1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents 1992955 - CVE-2021-3703 serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196

    5

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "33"
          },
          {
            "_id": null,
            "model": "hci storage node",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "8.2.0"
          },
          {
            "_id": null,
            "model": "communications cloud native core policy",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "1.14.0"
          },
          {
            "_id": null,
            "model": "essbase",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "21.2"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "mac os x",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.15.7"
          },
          {
            "_id": null,
            "model": "clustered data ontap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "8.2.12"
          },
          {
            "_id": null,
            "model": "hci management node",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "macos",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "11.3"
          },
          {
            "_id": null,
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.15.7"
          },
          {
            "_id": null,
            "model": "sinec infrastructure network services",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "1.0.1.1"
          },
          {
            "_id": null,
            "model": "communications billing and revenue management",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.0.0.3.0"
          },
          {
            "_id": null,
            "model": "macos",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "mac os x",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.14.6"
          },
          {
            "_id": null,
            "model": "mac os x",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.15"
          },
          {
            "_id": null,
            "model": "hci bootstrap os",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.14.6"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.1.0"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.74.0"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "32"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.0.6"
          },
          {
            "_id": null,
            "model": "solidfire",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.58"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.0.0"
          },
          {
            "_id": null,
            "model": "simatic tim 1531 irc",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "libcurl",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.41.0"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-8286"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "163747"
          },
          {
            "db": "PACKETSTORM",
            "id": "162837"
          },
          {
            "db": "PACKETSTORM",
            "id": "163209"
          },
          {
            "db": "PACKETSTORM",
            "id": "163257"
          },
          {
            "db": "PACKETSTORM",
            "id": "163267"
          },
          {
            "db": "PACKETSTORM",
            "id": "163276"
          },
          {
            "db": "PACKETSTORM",
            "id": "163496"
          },
          {
            "db": "PACKETSTORM",
            "id": "164192"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-755"
          }
        ],
        "trust": 1.4
      },
      "cve": "CVE-2020-8286",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-8286",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-186411",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-8286",
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-8286",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202012-755",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-186411",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-186411"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-755"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8286"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. HAXX libcurl is an open source client-side URL transfer library developed by Haxx (HAXX) in Sweden. The product supports protocols such as FTP, SFTP, TFTP and HTTP. A security vulnerability exists in libcurl that could be exploited by an attacker to read or write data in a session by acting as a man-in-the-middle through low-level OCSP authentication on libcurl. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.3.0 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. See\nthe following Release Notes documentation, which will be updated shortly\nfor this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana\ngement_for_kubernetes/2.3/html/release_notes/\n\nSecurity:\n\n* fastify-reply-from: crafted URL allows prefix scape of the proxied\nbackend service (CVE-2021-21321)\n\n* fastify-http-proxy: crafted URL allows prefix scape of the proxied\nbackend service (CVE-2021-21322)\n\n* nodejs-netmask: improper input validation of octal input data\n(CVE-2021-28918)\n\n* redis: Integer overflow via STRALGO LCS command (CVE-2021-29477)\n\n* redis: Integer overflow via COPY command for large intsets\n(CVE-2021-29478)\n\n* nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)\n\n* nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions\n(CVE-2020-28500)\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing\n- -u- extension (CVE-2020-28851)\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while processing\nbcp47 tag (CVE-2020-28852)\n\n* nodejs-ansi_up: XSS due to insufficient URL sanitization (CVE-2021-3377)\n\n* oras: zip-slip vulnerability via oras-pull (CVE-2021-21272)\n\n* redis: integer overflow when configurable limit for maximum supported\nbulk input size is too big on 32-bit platforms (CVE-2021-21309)\n\n* nodejs-lodash: command injection via template (CVE-2021-23337)\n\n* nodejs-hosted-git-info: Regular Expression denial of service via\nshortcutMatch in fromUrl() (CVE-2021-23362)\n\n* browserslist: parsing of invalid queries could result in Regular\nExpression Denial of Service (ReDoS) (CVE-2021-23364)\n\n* nodejs-postcss: Regular expression denial of service during source map\nparsing (CVE-2021-23368)\n\n* nodejs-handlebars: Remote code execution when compiling untrusted compile\ntemplates with strict:true option (CVE-2021-23369)\n\n* nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in\nlib/previous-map.js (CVE-2021-23382)\n\n* nodejs-handlebars: Remote code execution when compiling untrusted compile\ntemplates with compat:true option (CVE-2021-23383)\n\n* openssl: integer overflow in CipherUpdate (CVE-2021-23840)\n\n* openssl: NULL pointer dereference in X509_issuer_and_serial_hash()\n(CVE-2021-23841)\n\n* nodejs-ua-parser-js: ReDoS via malicious User-Agent header\n(CVE-2021-27292)\n\n* grafana: snapshot feature allow an unauthenticated remote attacker to\ntrigger a DoS via a remote API call (CVE-2021-27358)\n\n* nodejs-is-svg: ReDoS via malicious string (CVE-2021-28092)\n\n* nodejs-netmask: incorrectly parses an IP address that has octal integer\nwith invalid character (CVE-2021-29418)\n\n* ulikunitz/xz: Infinite loop in readUvarint allows for denial of service\n(CVE-2021-29482)\n\n* normalize-url: ReDoS for data URLs (CVE-2021-33502)\n\n* nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623)\n\n* nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe\n(CVE-2021-23343)\n\n* html-parse-stringify: Regular Expression DoS (CVE-2021-23346)\n\n* openssl: incorrect SSLv2 rollback protection (CVE-2021-23839)\n\nFor more details about the security issues, including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npages listed in the References section. \n\nBugs:\n\n* RFE Make the source code for the endpoint-metrics-operator public (BZ#\n1913444)\n\n* cluster became offline after apiserver health check (BZ# 1942589)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension\n1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag\n1913444 - RFE Make the source code for the endpoint-metrics-operator public\n1921286 - CVE-2021-21272 oras: zip-slip vulnerability via oras-pull\n1927520 - RHACM 2.3.0 images\n1928937 - CVE-2021-23337 nodejs-lodash: command injection via template\n1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions\n1930294 - CVE-2021-23839 openssl: incorrect SSLv2 rollback protection\n1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash()\n1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate\n1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms\n1936427 - CVE-2021-3377 nodejs-ansi_up: XSS due to insufficient URL sanitization\n1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string\n1940196 - View Resource YAML option shows 404 error when reviewing a Subscription for an application\n1940613 - CVE-2021-27292 nodejs-ua-parser-js: ReDoS via malicious User-Agent header\n1941024 - CVE-2021-27358 grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call\n1941675 - CVE-2021-23346 html-parse-stringify: Regular Expression DoS\n1942178 - CVE-2021-21321 fastify-reply-from: crafted URL allows prefix scape of the proxied backend service\n1942182 - CVE-2021-21322 fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service\n1942589 - cluster became offline after apiserver health check\n1943208 - CVE-2021-23362 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()\n1944822 - CVE-2021-29418 nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character\n1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data\n1945459 - CVE-2020-28469 nodejs-glob-parent: Regular expression denial of service\n1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option\n1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing\n1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js\n1954368 - CVE-2021-29482 ulikunitz/xz: Infinite loop in readUvarint allows for denial of service\n1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS)\n1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option\n1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe\n1957410 - CVE-2021-29477 redis: Integer overflow via STRALGO LCS command\n1957414 - CVE-2021-29478 redis: Integer overflow via COPY command for large intsets\n1964461 - CVE-2021-33502 normalize-url: ReDoS for data URLs\n1966615 - CVE-2021-33623 nodejs-trim-newlines: ReDoS in .end() method\n1968122 - clusterdeployment fails because hiveadmission sc does not have correct permissions\n1972703 - Subctl fails to join cluster, since it cannot auto-generate a valid cluster id\n1983131 - Defragmenting an etcd member doesn\u0027t reduce the DB size (7.5GB) on a setup with ~1000 spoke clusters\n\n5. Solution:\n\nFor OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nFor Red Hat OpenShift Logging 5.0, see the following instructions to apply\nthis update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u\npgrading.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: Red Hat OpenShift Container Storage 4.6.5 security and bug fix update\nAdvisory ID:       RHSA-2021:2479-01\nProduct:           Red Hat OpenShift Container Storage\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2021:2479\nIssue date:        2021-06-17\nCVE Names:         CVE-2016-10228 CVE-2017-14502 CVE-2019-2708\n                   CVE-2019-3842 CVE-2019-9169 CVE-2019-13012\n                   CVE-2019-14866 CVE-2019-25013 CVE-2020-8231\n                   CVE-2020-8284 CVE-2020-8285 CVE-2020-8286\n                   CVE-2020-8927 CVE-2020-9948 CVE-2020-9951\n                   CVE-2020-9983 CVE-2020-13434 CVE-2020-13543\n                   CVE-2020-13584 CVE-2020-13776 CVE-2020-15358\n                   CVE-2020-24977 CVE-2020-25659 CVE-2020-25678\n                   CVE-2020-26116 CVE-2020-26137 CVE-2020-27618\n                   CVE-2020-27619 CVE-2020-27783 CVE-2020-28196\n                   CVE-2020-29361 CVE-2020-29362 CVE-2020-29363\n                   CVE-2020-36242 CVE-2021-3139 CVE-2021-3177\n                   CVE-2021-3326 CVE-2021-3449 CVE-2021-3450\n                   CVE-2021-3528 CVE-2021-20305 CVE-2021-23239\n                   CVE-2021-23240 CVE-2021-23336\n====================================================================\n1. Summary:\n\nUpdated images that fix one security issue and several bugs are now\navailable for Red Hat OpenShift Container Storage 4.6.5 on Red Hat\nEnterprise Linux 8 from Red Hat Container Registry. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Storage is software-defined storage integrated\nwith and optimized for the Red Hat OpenShift Container Platform. Red Hat\nOpenShift Container Storage is a highly scalable, production-grade\npersistent storage for stateful applications running in the Red Hat\nOpenShift Container Platform. In addition to persistent storage, Red Hat\nOpenShift Container Storage provisions a multicloud data management service\nwith an S3 compatible API. \n\nSecurity Fix(es):\n\n* NooBaa: noobaa-operator leaking RPC AuthToken into log files\n(CVE-2021-3528)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nBug Fix(es):\n\n* Currently, a newly restored PVC cannot be mounted if some of the\nOpenShift Container Platform nodes are running on a version of Red Hat\nEnterprise Linux which is less than 8.2, and the snapshot from which the\nPVC was restored is deleted. \nWorkaround: Do not delete the snapshot from which the PVC was restored\nuntil the restored PVC is deleted. (BZ#1962483)\n\n* Previously, the default backingstore was not created on AWS S3 when\nOpenShift Container Storage was deployed, due to incorrect identification\nof AWS S3. With this update, the default backingstore gets created when\nOpenShift Container Storage is deployed on AWS S3. (BZ#1927307)\n\n* Previously, log messages were printed to the endpoint pod log even if the\ndebug option was not set. With this update, the log messages are printed to\nthe endpoint pod log only when the debug option is set. (BZ#1938106)\n\n* Previously, the PVCs could not be provisioned as the `rook-ceph-mds` did\nnot register the pod IP on the monitor servers, and hence every mount on\nthe filesystem timed out, resulting in CephFS volume provisioning failure. \nWith this update, an argument `--public-addr=podIP` is added to the MDS pod\nwhen the host network is not enabled, and hence the CephFS volume\nprovisioning does not fail. (BZ#1949558)\n\n* Previously, OpenShift Container Storage 4.2 clusters were not updated\nwith the correct cache value, and hence MDSs in standby-replay might report\nan oversized cache, as rook did not apply the `mds_cache_memory_limit`\nargument during upgrades. With this update, the `mds_cache_memory_limit`\nargument is applied during upgrades and the mds daemon operates normally. \n(BZ#1951348)\n\n* Previously, the coredumps were not generated in the correct location as\nrook was setting the config option `log_file` to an empty string since\nlogging happened on stdout and not on the files, and hence Ceph read the\nvalue of the `log_file` to build the dump path. With this update, rook does\nnot set the `log_file` and keeps Ceph\u0027s internal default, and hence the\ncoredumps are generated in the correct location and are accessible under\n`/var/log/ceph/`. (BZ#1938049)\n\n* Previously, Ceph became inaccessible, as the mons lose quorum if a mon\npod was drained while another mon was failing over. With this update,\nvoluntary mon drains are prevented while a mon is failing over, and hence\nCeph does not become inaccessible. (BZ#1946573)\n\n* Previously, the mon quorum was at risk, as the operator could erroneously\nremove the new mon if the operator was restarted during a mon failover. \nWith this update, the operator completes the same mon failover after the\noperator is restarted, and hence the mon quorum is more reliable in the\nnode drains and mon failover scenarios. (BZ#1959983)\n\nAll users of Red Hat OpenShift Container Storage are advised to pull these\nnew images from the Red Hat Container Registry. \n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1938106 - [GSS][RFE]Reduce debug level for logs of Nooba Endpoint pod\n1950915 - XSS Vulnerability with Noobaa version 5.5.0-3bacc6b\n1951348 - [GSS][CephFS] health warning \"MDS cache is too large (3GB/1GB); 0 inodes in use by clients, 0 stray files\" for the standby-replay\n1951600 - [4.6.z][Clone of BZ #1936545] setuid and setgid file bits are not retained after a OCS CephFS CSI restore\n1955601 - CVE-2021-3528 NooBaa: noobaa-operator leaking RPC AuthToken into log files\n1957189 - [Rebase] Use RHCS4.2z1 container image with OCS 4..6.5[may require doc update for external mode min supported RHCS version]\n1959980 - When a node is being drained, increase the mon failover timeout to prevent unnecessary mon failover\n1959983 - [GSS][mon] rook-operator scales mons to 4 after healthCheck timeout\n1962483 - [RHEL7][RBD][4.6.z clone] FailedMount error when using restored PVC on app pod\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-10228\nhttps://access.redhat.com/security/cve/CVE-2017-14502\nhttps://access.redhat.com/security/cve/CVE-2019-2708\nhttps://access.redhat.com/security/cve/CVE-2019-3842\nhttps://access.redhat.com/security/cve/CVE-2019-9169\nhttps://access.redhat.com/security/cve/CVE-2019-13012\nhttps://access.redhat.com/security/cve/CVE-2019-14866\nhttps://access.redhat.com/security/cve/CVE-2019-25013\nhttps://access.redhat.com/security/cve/CVE-2020-8231\nhttps://access.redhat.com/security/cve/CVE-2020-8284\nhttps://access.redhat.com/security/cve/CVE-2020-8285\nhttps://access.redhat.com/security/cve/CVE-2020-8286\nhttps://access.redhat.com/security/cve/CVE-2020-8927\nhttps://access.redhat.com/security/cve/CVE-2020-9948\nhttps://access.redhat.com/security/cve/CVE-2020-9951\nhttps://access.redhat.com/security/cve/CVE-2020-9983\nhttps://access.redhat.com/security/cve/CVE-2020-13434\nhttps://access.redhat.com/security/cve/CVE-2020-13543\nhttps://access.redhat.com/security/cve/CVE-2020-13584\nhttps://access.redhat.com/security/cve/CVE-2020-13776\nhttps://access.redhat.com/security/cve/CVE-2020-15358\nhttps://access.redhat.com/security/cve/CVE-2020-24977\nhttps://access.redhat.com/security/cve/CVE-2020-25659\nhttps://access.redhat.com/security/cve/CVE-2020-25678\nhttps://access.redhat.com/security/cve/CVE-2020-26116\nhttps://access.redhat.com/security/cve/CVE-2020-26137\nhttps://access.redhat.com/security/cve/CVE-2020-27618\nhttps://access.redhat.com/security/cve/CVE-2020-27619\nhttps://access.redhat.com/security/cve/CVE-2020-27783\nhttps://access.redhat.com/security/cve/CVE-2020-28196\nhttps://access.redhat.com/security/cve/CVE-2020-29361\nhttps://access.redhat.com/security/cve/CVE-2020-29362\nhttps://access.redhat.com/security/cve/CVE-2020-29363\nhttps://access.redhat.com/security/cve/CVE-2020-36242\nhttps://access.redhat.com/security/cve/CVE-2021-3139\nhttps://access.redhat.com/security/cve/CVE-2021-3177\nhttps://access.redhat.com/security/cve/CVE-2021-3326\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-3450\nhttps://access.redhat.com/security/cve/CVE-2021-3528\nhttps://access.redhat.com/security/cve/CVE-2021-20305\nhttps://access.redhat.com/security/cve/CVE-2021-23239\nhttps://access.redhat.com/security/cve/CVE-2021-23240\nhttps://access.redhat.com/security/cve/CVE-2021-23336\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYMtu/9zjgjWX9erEAQh6fhAAm9UPxF0e8ubzCEae+bkQAduwCkzpQ0ND\nQ1/UcDAAc4ueEhBrwXPhOLrgfBj+VG+QA19YZcNPzbW7I48RGjCm5WccnUyEbFAo\nFKTspCZW7FkXKBU15u58c/sFCGa4/Yuu+IpqCMuZ6lR2g9WHIBKdVtaB4y59AyfS\nv59cAorqZ3AoTX4lVys6HfDGySQWlg5P8t6ST72cUJjESi6U0HV00P7ECU2SFxCF\nHXA4gbXbZ1EPb/1+UkRRnXemJuT8SaRFRTrzj9woTrVAGQFvn+yjxLbZxVZb0WDd\n6QeNpiJNICfL+/ExvEmGQucf7NcekYPWud11pnRUfQ+Uqsj+I7YoaepXAAolLzvN\nkAVVpFNsWADOVz7BrfSKoo4b38UCFOEUSd2d1ijCNE96Q9XyNUpn+kZqz0/wpBQC\nL+E5N9kEuaLyDBoI0wJAfoqU1NY4Cvl6lIMDgHUv2CE10zxhFwHCDulAfcQgxNQG\nsIbpSgSegq9HfZSDxa6Rtrox1I7oGhnBy10sIwUUH1+fxAusUk+Xrxf8hUv8KgDz\nV144yrGwN/6KVxh74A60bJX3ai12l6fC8bkmsxg5K1r/Dk4tUkQeXNdBbaK/rEKO\nAQs7YDab/0VA2qKtXDRkbnzqBRSbamDNOO/jd28nGMoclaIRHCzQgJRFv6Qb6dwT\nRCrstqAM5QQ=DHD0\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nBug Fix(es):\n\n* WMCO patch pub-key-hash annotation to Linux node (BZ#1945248)\n\n* LoadBalancer Service type with invalid external loadbalancer IP breaks\nthe datapath (BZ#1952917)\n\n* Telemetry info not completely available to identify windows nodes\n(BZ#1955319)\n\n* WMCO incorrectly shows node as ready after a failed configuration\n(BZ#1956412)\n\n* kube-proxy service terminated unexpectedly after recreated LB service\n(BZ#1963263)\n\n3. Solution:\n\nFor Windows Machine Config Operator upgrades, see the following\ndocumentation:\n\nhttps://docs.openshift.com/container-platform/4.7/windows_containers/window\ns-node-upgrades.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1945248 - WMCO patch pub-key-hash annotation to Linux node\n1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don\u0027t create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM\n1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath\n1955319 - Telemetry info not completely available to identify windows nodes\n1956412 - WMCO incorrectly shows node as ready after a failed configuration\n1963263 - kube-proxy service terminated unexpectedly after recreated LB service\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers\n1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nTRACING-1725 -  Elasticsearch operator reports x509 errors communicating with ElasticSearch in OpenShift Service Mesh project\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-04-26-2 macOS Big Sur 11.3\n\nmacOS Big Sur 11.3 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT212325. \n\nAPFS\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to elevate their privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1853: Gary Nield of ECSC Group plc and Tim\nMichaud(@TimGMichaud) of Zoom Video Communications\n\nAppleMobileFileIntegrity\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2021-1849: Siguza\n\nApple Neural Engine\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-1867: Zuozhi Fan (@pattern_F_) and Wish Wu(\u5434\u6f4d\u6d60) of Ant Group\nTianqiong Security Lab\n\nArchive Utility\nAvailable for: macOS Big Sur\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1810: an anonymous researcher\n\nAudio\nAvailable for: macOS Big Sur\nImpact: An application may be able to read restricted memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1808: JunDong Xie of Ant Security Light-Year Lab\n\nCFNetwork\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2021-1857: an anonymous researcher\n\nCoreAudio\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted audio file may disclose\nrestricted memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-1846: JunDong Xie of Ant Security Light-Year Lab\n\nCoreAudio\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to read restricted memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1809: JunDong Xie of Ant Security Light-Year Lab\n\nCoreFoundation\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to leak sensitive user\ninformation\nDescription: A validation issue was addressed with improved logic. \nCVE-2021-30659: Thijs Alkemade of Computest\n\nCoreGraphics\nAvailable for: macOS Big Sur\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1847: Xuwei Liu of Purdue University\n\nCoreText\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted font may result in the\ndisclosure of process memory\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1811: Xingwei Lin of Ant Security Light-Year Lab\n\ncurl\nAvailable for: macOS Big Sur\nImpact: An attacker may provide a fraudulent OCSP response that would\nappear valid\nDescription: This issue was addressed with improved checks. \nCVE-2020-8286: an anonymous researcher\n\ncurl\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A buffer overflow was addressed with improved input\nvalidation. \nCVE-2020-8285: xnynx\n\nDiskArbitration\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to modify protected parts\nof the file system\nDescription: A permissions issue existed in DiskArbitration. This was\naddressed with additional ownership checks. \nCVE-2021-1784: Mikko Kentt\u00e4l\u00e4 (@Turmio_) of SensorFu, Csaba Fitzl\n(@theevilbit) of Offensive Security, and an anonymous researcher\n\nFaceTime\nAvailable for: macOS Big Sur\nImpact: Muting a CallKit call while ringing may not result in mute\nbeing enabled\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1872: Siraj Zaneer of Facebook\n\nFontParser\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-1881: an anonymous researcher, Xingwei Lin of Ant Security\nLight-Year Lab, Mickey Jin of Trend Micro, and Hou JingYi\n(@hjy79425575) of Qihoo 360\n\nFoundation\nAvailable for: macOS Big Sur\nImpact: An application may be able to gain elevated privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1882: Gabe Kirkpatrick (@gabe_k)\n\nFoundation\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to gain root privileges\nDescription: A validation issue was addressed with improved logic. \nCVE-2021-1813: Cees Elzinga\n\nHeimdal\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted server messages may lead to\nheap corruption\nDescription: This issue was addressed with improved checks. \nCVE-2021-1883: Gabe Kirkpatrick (@gabe_k)\n\nHeimdal\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A race condition was addressed with improved locking. \nCVE-2021-1884: Gabe Kirkpatrick (@gabe_k)\n\nImageIO\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-1880: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-30653: Ye Zhang of Baidu Security\nCVE-2021-1814: Ye Zhang of Baidu Security, Mickey Jin \u0026 Qi Sun of\nTrend Micro, and  Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-1843: Ye Zhang of Baidu Security\n\nImageIO\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-1885: CFF of Topsec Alpha Team\n\nImageIO\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2021-1858: Mickey Jin of Trend Micro\n\nInstaller\nAvailable for: macOS Big Sur\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: This issue was addressed with improved handling of file\nmetadata. \nCVE-2021-30658: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2021-1841: Jack Dates of RET2 Systems, Inc. \nCVE-2021-1834: ABC Research s.r.o. working with Trend Micro Zero Day\nInitiative\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to disclose kernel memory\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2021-1860: @0xalsr\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to elevate their privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1840: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong\nSecurity Lab\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1851: @0xalsr\n\nKernel\nAvailable for: macOS Big Sur\nImpact: Copied files may not have the expected file permissions\nDescription: The issue was addressed with improved permissions logic. \nCVE-2021-1832: an anonymous researcher\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to disclose kernel memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-30660: Alex Plaskett\n\nlibxpc\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to gain root privileges\nDescription: A race condition was addressed with additional\nvalidation. \nCVE-2021-30652: James Hutchins\n\nlibxslt\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted file may lead to heap\ncorruption\nDescription: A double free issue was addressed with improved memory\nmanagement. \nCVE-2021-1875: Found by OSS-Fuzz\n\nLogin Window\nAvailable for: macOS Big Sur\nImpact: A malicious application with root privileges may be able to\naccess private information\nDescription: This issue was addressed with improved entitlements. \nCVE-2021-1824: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nNotes\nAvailable for: macOS Big Sur\nImpact: Locked Notes content may have been unexpectedly unlocked\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1859: Syed Ali Shuja (@SyedAliShuja) of Colour King Pvt. Ltd\n\nNSRemoteView\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-1876: Matthew Denton of Google Chrome\n\nPreferences\nAvailable for: macOS Big Sur\nImpact: A local user may be able to modify protected parts of the\nfile system\nDescription: A parsing issue in the handling of directory paths was\naddressed with improved path validation. \nCVE-2021-1815: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\nCVE-2021-1739: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\nCVE-2021-1740: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nSafari\nAvailable for: macOS Big Sur\nImpact: A malicious website may be able to track users by setting\nstate in a cache\nDescription: An issue existed in determining cache occupancy. The\nissue was addressed through improved logic. \nCVE-2021-1861: Konstantinos Solomos of University of Illinois at\nChicago\n\nSafari\nAvailable for: macOS Big Sur\nImpact: A malicious website may be able to force unnecessary network\nconnections to fetch its favicon\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1855: H\u00e5vard Mikkelsen Ottestad of HASMAC AS\n\nSampleAnalysis\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to elevate their privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1868: Tim Michaud of Zoom Communications\n\nsmbx\nAvailable for: macOS Big Sur\nImpact: An attacker in a privileged network position may be able to\nleak sensitive user information\nDescription: An integer overflow was addressed with improved input\nvalidation. \nCVE-2021-1878: Aleksandar Nikolic of Cisco Talos\n(talosintelligence.com)\n\nSystem Preferences\nAvailable for: macOS Big Sur\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30657: an anonymous researcher\n\ntcpdump\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause a denial of service\nDescription: This issue was addressed with improved checks. \nCVE-2020-8037: an anonymous researcher\n\nTime Machine\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to elevate their privileges\nDescription: The issue was addressed with improved permissions logic. \nCVE-2021-1839: Tim Michaud(@TimGMichaud) of Zoom Video Communications\nand Gary Nield of ECSC Group plc\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to a\ncross site scripting attack\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2021-1825: Alex Camboe of Aon\u2019s Cyber Solutions\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-1817: an anonymous researcher\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2021-1826: an anonymous researcher\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may result in the\ndisclosure of process memory\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2021-1820: an anonymous researcher\n\nWebKit Storage\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution. Apple is aware of a report that this issue\nmay have been actively exploited. \nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-30661: yangkang(@dnpushme) of 360 ATA\n\nWebRTC\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2020-7463: Megan2013678\n\nWi-Fi\nAvailable for: macOS Big Sur\nImpact: An application may be able to cause unexpected system\ntermination or write kernel memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1828: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong\nSecurity Lab\n\nWi-Fi\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2021-1829: Tielei Wang of Pangu Lab\n\nWi-Fi\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: The issue was addressed with improved permissions logic. \nCVE-2021-30655: Gary Nield of ECSC Group plc and Tim\nMichaud(@TimGMichaud) of Zoom Video Communications and Wojciech\nRegu\u0142a (@_r3ggi) of SecuRing\n\nWindows Server\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to unexpectedly leak a\nuser\u0027s credentials from secure text fields\nDescription: An API issue in Accessibility TCC permissions was\naddressed with improved state management. \nCVE-2021-1873: an anonymous researcher\n\nInstallation note:\n\nThis update may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCHO0UACgkQZcsbuWJ6\njjA/XA/7BDDpbLo0btLbUrps6ELmcqFZhpvhuekw8Yd3jVeJihLcJGJpY38ZCcne\nsrCJHuXPzlk3ex0bVkKNRrB04xF0vCA4TEBsJ495754PAKWrxmlx0Ce8zg4h+ey/\ncMTaUgfB1sgOFO8kJCKJurCjhyQ3Xj5c5xa8/zxlKoAgI36PmhZsCoXC6KD+5mqn\nQCRF0kE/y0QSfsq13j4grLGMXLS4pkAJRMWvDiEliYDTw3pOul7ZDOwxLEyucVTv\nfE60H7ff7jfPbDcQ4yEgEbla40+YZYwl9Sv4zxIU2OBPva6HLbA+PXxk4F1QX7eA\nECrfycMSIbQKZ2phryENZCcrX5DN4M/VcGIHq4ujF2CXBJymSWV0O5k5K0GzZ0Ko\nT2Zr2LOOunvHGrYy0okholNYb0iMA09dvwuDdEGr+vhLZhq1BBbmThhNEnArl7mE\n/fx2bvaS3o8TxGuh7mbeFK9q5Tafxe5Qhwgz9pnAtqBC8z1NgQoetk9pKPNDIsNY\nt3/7Xcix+fs28YOjmxPTpntud0EGSjxXm4g0bDbsU922iV1Z3ncgOvd//IzPXniS\nv4IqR/gPbhg+c2CGoaezD91sE5onLuMmFCogkUyftGHnN0EueKMjI+3fmyG4l4d1\n0C3to6hKJNmTm56RgxwfVVOeVnsPF490s9LUYzO4ZUbaQHIuDfo=\n=9+Ju\n-----END PGP SIGNATURE-----\n\n\n. \n\nSecurity Fix(es):\n\n* golang: crypto/tls: certificate of wrong type is causing TLS client to\npanic\n(CVE-2021-34558)\n* golang: net: lookup functions may return invalid host names\n(CVE-2021-33195)\n* golang: net/http/httputil: ReverseProxy forwards connection headers if\nfirst one is empty (CVE-2021-33197)\n* golang: match/big.Rat: may cause a panic or an unrecoverable fatal error\nif passed inputs with very large exponents (CVE-2021-33198)\n* golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a\ncustom TokenReader (CVE-2021-27918)\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a\nvery large header (CVE-2021-31525)\n* golang: archive/zip: malformed archive may cause panic or memory\nexhaustion (CVE-2021-33196)\n\nIt was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196\nhave been incorrectly mentioned as fixed in RHSA for Serverless client kn\n1.16.0. This has been fixed (CVE-2021-3703). Bugs fixed (https://bugzilla.redhat.com/):\n\n1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic\n1983651 - Release of OpenShift Serverless Serving 1.17.0\n1983654 - Release of OpenShift Serverless Eventing 1.17.0\n1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names\n1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty\n1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents\n1992955 - CVE-2021-3703 serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196\n\n5",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-8286"
          },
          {
            "db": "VULHUB",
            "id": "VHN-186411"
          },
          {
            "db": "PACKETSTORM",
            "id": "163747"
          },
          {
            "db": "PACKETSTORM",
            "id": "162837"
          },
          {
            "db": "PACKETSTORM",
            "id": "163209"
          },
          {
            "db": "PACKETSTORM",
            "id": "163257"
          },
          {
            "db": "PACKETSTORM",
            "id": "163267"
          },
          {
            "db": "PACKETSTORM",
            "id": "163276"
          },
          {
            "db": "PACKETSTORM",
            "id": "163496"
          },
          {
            "db": "PACKETSTORM",
            "id": "162358"
          },
          {
            "db": "PACKETSTORM",
            "id": "164192"
          }
        ],
        "trust": 1.8
      },
      "exploit_availability": {
        "_id": null,
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-186411",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-186411"
          }
        ]
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-8286",
            "trust": 2.6
          },
          {
            "db": "HACKERONE",
            "id": "1048457",
            "trust": 1.7
          },
          {
            "db": "SIEMENS",
            "id": "SSA-389290",
            "trust": 1.7
          },
          {
            "db": "SIEMENS",
            "id": "SSA-200951",
            "trust": 1.7
          },
          {
            "db": "PACKETSTORM",
            "id": "163267",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "162358",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "163496",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "163276",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "160706",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "160423",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "162629",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "164192",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2180",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.4343",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0319",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.4364",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.1700",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.1866",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2471",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2657",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2365",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.1409.2",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3141",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2711",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4058",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.4506",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.1114",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.3146",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.1841",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2228",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0635",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2054",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021071516",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021042704",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021051406",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021072050",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021042615",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021061010",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021062315",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021092220",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021072122",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021052026",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022031104",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021062703",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-159-10",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-755",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "163257",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "162362",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "163197",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "163193",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "162360",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-186411",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "163747",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "162837",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "163209",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-186411"
          },
          {
            "db": "PACKETSTORM",
            "id": "163747"
          },
          {
            "db": "PACKETSTORM",
            "id": "162837"
          },
          {
            "db": "PACKETSTORM",
            "id": "163209"
          },
          {
            "db": "PACKETSTORM",
            "id": "163257"
          },
          {
            "db": "PACKETSTORM",
            "id": "163267"
          },
          {
            "db": "PACKETSTORM",
            "id": "163276"
          },
          {
            "db": "PACKETSTORM",
            "id": "163496"
          },
          {
            "db": "PACKETSTORM",
            "id": "162358"
          },
          {
            "db": "PACKETSTORM",
            "id": "164192"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-755"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8286"
          }
        ]
      },
      "id": "VAR-202012-1279",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-186411"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2026-04-10T22:46:25.229000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "HAXX libcurl Repair measures for trust management problem vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=137265"
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-755"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-295",
            "trust": 1.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-186411"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8286"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.3,
            "url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
          },
          {
            "trust": 1.7,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf"
          },
          {
            "trust": 1.7,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
          },
          {
            "trust": 1.7,
            "url": "https://security.netapp.com/advisory/ntap-20210122-0007/"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/kb/ht212325"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/kb/ht212326"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/kb/ht212327"
          },
          {
            "trust": 1.7,
            "url": "https://www.debian.org/security/2021/dsa-4881"
          },
          {
            "trust": 1.7,
            "url": "http://seclists.org/fulldisclosure/2021/apr/50"
          },
          {
            "trust": 1.7,
            "url": "http://seclists.org/fulldisclosure/2021/apr/51"
          },
          {
            "trust": 1.7,
            "url": "http://seclists.org/fulldisclosure/2021/apr/54"
          },
          {
            "trust": 1.7,
            "url": "https://security.gentoo.org/glsa/202012-14"
          },
          {
            "trust": 1.7,
            "url": "https://curl.se/docs/cve-2020-8286.html"
          },
          {
            "trust": 1.7,
            "url": "https://hackerone.com/reports/1048457"
          },
          {
            "trust": 1.7,
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "trust": 1.7,
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "trust": 1.7,
            "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html"
          },
          {
            "trust": 1.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-8286"
          },
          {
            "trust": 1.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8286"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/nzuvsqhn2eshmjxnq2z7t2eelbb5hjxg/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/daehe2s2qlo4ao4meeyl75nb7sah5psl/"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2020-28196"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2020-15358"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2020-13434"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2020-8231"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2020-29362"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2020-8285"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2019-9169"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2020-29361"
          },
          {
            "trust": 0.8,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2021-3326"
          },
          {
            "trust": 0.8,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2019-25013"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2019-2708"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2020-8927"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2020-29363"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2016-10228"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2020-8284"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2020-27618"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/daehe2s2qlo4ao4meeyl75nb7sah5psl/"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/nzuvsqhn2eshmjxnq2z7t2eelbb5hjxg/"
          },
          {
            "trust": 0.7,
            "url": "https://access.redhat.com/security/cve/cve-2021-20305"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27618"
          },
          {
            "trust": 0.7,
            "url": "https://access.redhat.com/security/cve/cve-2017-14502"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28196"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29362"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29361"
          },
          {
            "trust": 0.7,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2021-3449"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2021-3450"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13776"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2019-3842"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2020-13776"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2020-24977"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3842"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8231"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29363"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8285"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/libcurl-man-in-the-middle-via-inferior-ocsp-verification-34068"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/164192/red-hat-security-advisory-2021-3556-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2657"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.1841"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0635"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-curl-libcurl-vulnerabilites-impacting-aspera-high-speed-transfer-server-aspera-high-speed-transfer-endpoint-aspera-desktop-client-4-0-and-earlier-cve-2020-8284-cve-2020-8286-c/"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021042615"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.1409.2"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2180"
          },
          {
            "trust": 0.6,
            "url": "https://www.oracle.com/security-alerts/cpujul2021.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/162629/red-hat-security-advisory-2021-1610-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021061010"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021052026"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/160706/gentoo-linux-security-advisory-202012-14.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021072050"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2228"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/6520474"
          },
          {
            "trust": 0.6,
            "url": "https://support.apple.com/en-us/ht212327"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2471"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021071516"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4058"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/160423/ubuntu-security-notice-usn-4665-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021051406"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.1866"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.1700"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2711"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021042704"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.4343/"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-10"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0319/"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021072122"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.3146"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.1114"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2365"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-curl-affect-powersc-cve-2020-8284-cve-2020-8285-and-cve-2020-8286/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/163276/red-hat-security-advisory-2021-2543-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/162358/apple-security-advisory-2021-04-26-2.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/163496/red-hat-security-advisory-2021-2705-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021062703"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021092220"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.4364/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.4506/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/163267/red-hat-security-advisory-2021-2532-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2054"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021062315"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-qradar-analyst-workflow-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3141"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022031104"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2021-27219"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24977"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8284"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8927"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-26116"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-27619"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-3177"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-23336"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20305"
          },
          {
            "trust": 0.3,
            "url": "https://issues.jboss.org/):"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26116"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27619"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27219"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3326"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-28500"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-3520"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-3537"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-3518"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-23337"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-3516"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-3517"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-3541"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-20271"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28500"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-13543"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-9951"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-9948"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-13012"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-13584"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-26137"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13543"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13584"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-9983"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13012"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28362"
          },
          {
            "trust": 0.2,
            "url": "https://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhb"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-3114"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-28362"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23336"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27918"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31525"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-31525"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-27918"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-33196"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33196"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20454"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-28469"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20934"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-29418"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28852"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-13050"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33034"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-28092"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-20843"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28851"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1730"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33909"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-29482"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-32399"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-27358"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19906"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23369"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-21321"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23368"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-11668"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23362"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23364"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23343"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-21309"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33502"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23841"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23383"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-28918"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-28851"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3560"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-28852"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23840"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33033"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-1000858"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-14889"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-1730"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-13627"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000858"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20934"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-25217"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28469"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:3016"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3377"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-21272"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-29477"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-27292"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23346"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-29478"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11668"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23839"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19906"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33623"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-21322"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23382"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-15903"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13627"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14889"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33910"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14346"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14347"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-36322"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-12114"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25712"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12114"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27835"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25704"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3121"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-10878"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19528"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0431"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14363"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14345"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-18811"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14360"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19528"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-12464"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14314"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14347"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14360"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-12362"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:2136"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14356"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27786"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14314"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25643"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-24394"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-0431"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-0342"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18811"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14344"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14345"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14344"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19523"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14362"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14361"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10543"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25285"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-35508"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12362"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25212"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19523"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-28974"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-10543"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-15437"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25284"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14346"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14356"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10878"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11608"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-11608"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12464"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:2479"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23240"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3139"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26137"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23239"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-36242"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25659"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-14866"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36242"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27783"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25659"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27783"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3528"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25678"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25678"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-25736"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3450"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:2130"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.7/windows_containers/window"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-25736"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:2532"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3114"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-13949"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:2543"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13949"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:2705"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/kb/ht201222"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1813"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1840"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1814"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1820"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1739"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1815"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1828"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1809"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1817"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7463"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8037"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1784"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/downloads/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1846"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1841"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1843"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1810"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1825"
          },
          {
            "trust": 0.1,
            "url": "https://www.apple.com/support/security/pgp/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1811"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1826"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1832"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/ht212325."
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1824"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1839"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1834"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1829"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1740"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1808"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33195"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27218"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33197"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33195"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33198"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33198"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-27218"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-34558"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:3556"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33197"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20271"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3421"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3703"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-186411"
          },
          {
            "db": "PACKETSTORM",
            "id": "163747"
          },
          {
            "db": "PACKETSTORM",
            "id": "162837"
          },
          {
            "db": "PACKETSTORM",
            "id": "163209"
          },
          {
            "db": "PACKETSTORM",
            "id": "163257"
          },
          {
            "db": "PACKETSTORM",
            "id": "163267"
          },
          {
            "db": "PACKETSTORM",
            "id": "163276"
          },
          {
            "db": "PACKETSTORM",
            "id": "163496"
          },
          {
            "db": "PACKETSTORM",
            "id": "162358"
          },
          {
            "db": "PACKETSTORM",
            "id": "164192"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-755"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8286"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-186411",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "163747",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "162837",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "163209",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "163257",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "163267",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "163276",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "163496",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "162358",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164192",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-755",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8286",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2020-12-14T00:00:00",
            "db": "VULHUB",
            "id": "VHN-186411",
            "ident": null
          },
          {
            "date": "2021-08-06T14:02:37",
            "db": "PACKETSTORM",
            "id": "163747",
            "ident": null
          },
          {
            "date": "2021-05-27T13:28:54",
            "db": "PACKETSTORM",
            "id": "162837",
            "ident": null
          },
          {
            "date": "2021-06-17T18:34:10",
            "db": "PACKETSTORM",
            "id": "163209",
            "ident": null
          },
          {
            "date": "2021-06-23T15:44:15",
            "db": "PACKETSTORM",
            "id": "163257",
            "ident": null
          },
          {
            "date": "2021-06-23T16:08:25",
            "db": "PACKETSTORM",
            "id": "163267",
            "ident": null
          },
          {
            "date": "2021-06-24T17:54:53",
            "db": "PACKETSTORM",
            "id": "163276",
            "ident": null
          },
          {
            "date": "2021-07-14T15:02:07",
            "db": "PACKETSTORM",
            "id": "163496",
            "ident": null
          },
          {
            "date": "2021-04-28T14:55:56",
            "db": "PACKETSTORM",
            "id": "162358",
            "ident": null
          },
          {
            "date": "2021-09-17T16:04:56",
            "db": "PACKETSTORM",
            "id": "164192",
            "ident": null
          },
          {
            "date": "2020-12-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202012-755",
            "ident": null
          },
          {
            "date": "2020-12-14T20:15:14.043000",
            "db": "NVD",
            "id": "CVE-2020-8286",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-05-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-186411",
            "ident": null
          },
          {
            "date": "2023-06-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202012-755",
            "ident": null
          },
          {
            "date": "2024-11-21T05:38:39.643000",
            "db": "NVD",
            "id": "CVE-2020-8286",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-755"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "HAXX libcurl Trust Management Issue Vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-755"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "_id": null,
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-755"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202201-0073

    Vulnerability from variot - Updated: 2026-04-10 22:38

    In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. Expat ( alias libexpat) Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. There is a vulnerability in Expat versions before 2.4.3. The vulnerability stems from the fact that m_groupSize in Expat's xmlparse.c does not correctly verify the data boundary when performing operations on memory, resulting in incorrect read and write operations to other associated memory locations. No detailed vulnerability details were provided at this time. Summary:

    The Migration Toolkit for Containers (MTC) 1.7.1 is now available. Description:

    The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.

    Security Fix(es) from Bugzilla:

    • golang: net/http: Limit growth of header canonicalization cache (CVE-2021-44716)

    • golang: debug/macho: Invalid dynamic symbol table command can cause panic (CVE-2021-41771)

    • golang: archive/zip: Reader.Open panics on empty string (CVE-2021-41772)

    • golang: syscall: Don't close fd 0 on ForkExec error (CVE-2021-44717)

    • opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)

    For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Solution:

    For details on how to install and use MTC, refer to:

    https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html

    1. Bugs fixed (https://bugzilla.redhat.com/):

    2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic 2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string 2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error 2040378 - Don't allow Storage class conversion migration if source cluster has only one storage class defined [backend] 2057516 - [MTC UI] UI should not allow PVC mapping for Full migration 2060244 - [MTC] DIM registry route need to be exposed to create inter-cluster state migration plans 2060717 - [MTC] Registry pod goes in CrashLoopBackOff several times when MCG Nooba is used as the Replication Repository 2061347 - [MTC] Log reader pod is missing velero and restic pod logs. 2061653 - [MTC UI] Migration Resources section showing pods from other namespaces 2062682 - [MTC] Destination storage class non-availability warning visible in Intra-cluster source to source state-migration migplan. 2065837 - controller_config.yml.j2 merge type should be set to merge (currently using the default strategic) 2071000 - Storage Conversion: UI doesn't have the ability to skip PVC 2072036 - Migration plan for storage conversion cannot be created if there's no replication repository 2072186 - Wrong migration type description 2072684 - Storage Conversion: PersistentVolumeClaimTemplates in StatefulSets are not updated automatically after migration 2073496 - Errors in rsync pod creation are not printed in the controller logs 2079814 - [MTC UI] Intra-cluster state migration plan showing a warning on PersistentVolumes page

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic

    1. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.

    This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. After installing the updated packages, the httpd daemon will be restarted automatically. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Important: expat security update Advisory ID: RHSA-2022:1069-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1069 Issue date: 2022-03-28 CVE Names: CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-25235 CVE-2022-25236 CVE-2022-25315 ==================================================================== 1. Summary:

    An update for expat is now available for Red Hat Enterprise Linux 7.

    Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

    1. Description:

    Expat is a C library for parsing XML documents.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    After installing the updated packages, applications using the Expat library must be restarted for the update to take effect.

    1. Package List:

    Red Hat Enterprise Linux Client (v. 7):

    Source: expat-2.1.0-14.el7_9.src.rpm

    x86_64: expat-2.1.0-14.el7_9.i686.rpm expat-2.1.0-14.el7_9.x86_64.rpm expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm

    Red Hat Enterprise Linux Client Optional (v. 7):

    x86_64: expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-devel-2.1.0-14.el7_9.i686.rpm expat-devel-2.1.0-14.el7_9.x86_64.rpm expat-static-2.1.0-14.el7_9.i686.rpm expat-static-2.1.0-14.el7_9.x86_64.rpm

    Red Hat Enterprise Linux ComputeNode (v. 7):

    Source: expat-2.1.0-14.el7_9.src.rpm

    x86_64: expat-2.1.0-14.el7_9.i686.rpm expat-2.1.0-14.el7_9.x86_64.rpm expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm

    Red Hat Enterprise Linux ComputeNode Optional (v. 7):

    x86_64: expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-devel-2.1.0-14.el7_9.i686.rpm expat-devel-2.1.0-14.el7_9.x86_64.rpm expat-static-2.1.0-14.el7_9.i686.rpm expat-static-2.1.0-14.el7_9.x86_64.rpm

    Red Hat Enterprise Linux Server (v. 7):

    Source: expat-2.1.0-14.el7_9.src.rpm

    ppc64: expat-2.1.0-14.el7_9.ppc.rpm expat-2.1.0-14.el7_9.ppc64.rpm expat-debuginfo-2.1.0-14.el7_9.ppc.rpm expat-debuginfo-2.1.0-14.el7_9.ppc64.rpm expat-devel-2.1.0-14.el7_9.ppc.rpm expat-devel-2.1.0-14.el7_9.ppc64.rpm

    ppc64le: expat-2.1.0-14.el7_9.ppc64le.rpm expat-debuginfo-2.1.0-14.el7_9.ppc64le.rpm expat-devel-2.1.0-14.el7_9.ppc64le.rpm

    s390x: expat-2.1.0-14.el7_9.s390.rpm expat-2.1.0-14.el7_9.s390x.rpm expat-debuginfo-2.1.0-14.el7_9.s390.rpm expat-debuginfo-2.1.0-14.el7_9.s390x.rpm expat-devel-2.1.0-14.el7_9.s390.rpm expat-devel-2.1.0-14.el7_9.s390x.rpm

    x86_64: expat-2.1.0-14.el7_9.i686.rpm expat-2.1.0-14.el7_9.x86_64.rpm expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-devel-2.1.0-14.el7_9.i686.rpm expat-devel-2.1.0-14.el7_9.x86_64.rpm

    Red Hat Enterprise Linux Server Optional (v. 7):

    ppc64: expat-debuginfo-2.1.0-14.el7_9.ppc.rpm expat-debuginfo-2.1.0-14.el7_9.ppc64.rpm expat-static-2.1.0-14.el7_9.ppc.rpm expat-static-2.1.0-14.el7_9.ppc64.rpm

    ppc64le: expat-debuginfo-2.1.0-14.el7_9.ppc64le.rpm expat-static-2.1.0-14.el7_9.ppc64le.rpm

    s390x: expat-debuginfo-2.1.0-14.el7_9.s390.rpm expat-debuginfo-2.1.0-14.el7_9.s390x.rpm expat-static-2.1.0-14.el7_9.s390.rpm expat-static-2.1.0-14.el7_9.s390x.rpm

    x86_64: expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-static-2.1.0-14.el7_9.i686.rpm expat-static-2.1.0-14.el7_9.x86_64.rpm

    Red Hat Enterprise Linux Workstation (v. 7):

    Source: expat-2.1.0-14.el7_9.src.rpm

    x86_64: expat-2.1.0-14.el7_9.i686.rpm expat-2.1.0-14.el7_9.x86_64.rpm expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-devel-2.1.0-14.el7_9.i686.rpm expat-devel-2.1.0-14.el7_9.x86_64.rpm

    Red Hat Enterprise Linux Workstation Optional (v. 7):

    x86_64: expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-static-2.1.0-14.el7_9.i686.rpm expat-static-2.1.0-14.el7_9.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2021-45960 https://access.redhat.com/security/cve/CVE-2021-46143 https://access.redhat.com/security/cve/CVE-2022-22822 https://access.redhat.com/security/cve/CVE-2022-22823 https://access.redhat.com/security/cve/CVE-2022-22824 https://access.redhat.com/security/cve/CVE-2022-22825 https://access.redhat.com/security/cve/CVE-2022-22826 https://access.redhat.com/security/cve/CVE-2022-22827 https://access.redhat.com/security/cve/CVE-2022-23852 https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25315 https://access.redhat.com/security/updates/classification/#important

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBYkHUz9zjgjWX9erEAQjleA//dK8XzyiK0FY595G0f3CKvLMTMTPEEqf7 3nIHiGzC/lD2o6Y/4ed1iRpndjGVndXyu03AnOFob9P3zqQKBOKiWYcnFNuANAyh WAVTDyjglJ5PvLQe31QHDT1N5KlzN/hskhhyIBgZ+mWq90amXHIX1Xgsy6x72lLD jJF5usHqz4EbIoOn8m0jjDibJFjOOFh2a3qxFnVuMA5+PrcsfnpdVa32I8EMH/sW TODqkz3XLSaaJNWzePOPwZshkriapmU9DqkWdiEVOgJDx0MAn3S5q5MUkHJWRM29 3ZFqQncDQYYYXp8J3AcdX2VXCok0vfIQLWWIvsoGvcpl94lhYsztBGZJttjiVNkV kPX6Wv/W2mMklW7tf0OQOo2Xyh0ZOwB5kfJq7+7SMXzh67M2ifT1Gq7RTAMUProX 3QDm9vVxI7oEBh7HcNychxTaeTwpA2HnGMkUxh0ZX4NkwaOMn0UEBCbxQNXBlPUe 0Qe6srsMV5GSBPk9LoCxpLy+cMc5mya7x1kNS/NZ1CKtqczj4/Oef21I2wqmG/xU 7s9H4o/29X9KhQrOL/sAkqRg2s0yz80Wz1opvXcTgkLj8kzOSN9bQF3ravXXCrUd oqM0cN5PPP/iTqkXs/Dc6HX/iRer15vJ3e4aNu7ZN8+l88mM2BBEmUaDt2ZOHPJb Fq9o8PxEr0c=KN+u -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "active iq unified manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "libexpat",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "libexpat",
            "version": "2.4.3"
          },
          {
            "_id": null,
            "model": "oncommand workflow automation",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "clustered data ontap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "nessus",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "tenable",
            "version": "8.15.3"
          },
          {
            "_id": null,
            "model": "hci baseboard management controller",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": "h610s"
          },
          {
            "_id": null,
            "model": "nessus",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "tenable",
            "version": "10.0.0"
          },
          {
            "_id": null,
            "model": "hci baseboard management controller",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": "h610c"
          },
          {
            "_id": null,
            "model": "sinema remote connect server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "solidfire \\\u0026 hci management node",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "hci baseboard management controller",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": "h615c"
          },
          {
            "_id": null,
            "model": "nessus",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "tenable",
            "version": "10.1.1"
          },
          {
            "_id": null,
            "model": "active iq unified manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "clustered data ontap",
            "scope": null,
            "trust": 0.8,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "libexpat",
            "scope": null,
            "trust": 0.8,
            "vendor": "libexpat",
            "version": null
          },
          {
            "_id": null,
            "model": "oncommand workflow automation",
            "scope": null,
            "trust": 0.8,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "nessus",
            "scope": null,
            "trust": 0.8,
            "vendor": "tenable",
            "version": null
          },
          {
            "_id": null,
            "model": "solidfire \u0026 hci management node",
            "scope": null,
            "trust": 0.8,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "\u65e5\u7acb\u9ad8\u4fe1\u983c\u30b5\u30fc\u30d0 rv3000",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "_id": null,
            "model": "sinema remote connect server",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
            "version": null
          },
          {
            "_id": null,
            "model": "hci baseboard management controller",
            "scope": null,
            "trust": 0.8,
            "vendor": "netapp",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-017676"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-46143"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Siemens notified CISA of these vulnerabilities.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-417"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-46143",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2021-46143",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-411370",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2021-46143",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "cve@mitre.org",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "id": "CVE-2021-46143",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-46143",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-46143",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2021-46143",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-46143",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202201-417",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-411370",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-46143",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411370"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-46143"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-417"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-017676"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-46143"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-46143"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. Expat ( alias libexpat) Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. There is a vulnerability in Expat versions before 2.4.3. The vulnerability stems from the fact that m_groupSize in Expat\u0027s xmlparse.c does not correctly verify the data boundary when performing operations on memory, resulting in incorrect read and write operations to other associated memory locations. No detailed vulnerability details were provided at this time. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.7.1 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. \n\nSecurity Fix(es) from Bugzilla:\n\n* golang: net/http: Limit growth of header canonicalization cache\n(CVE-2021-44716)\n\n* golang: debug/macho: Invalid dynamic symbol table command can cause panic\n(CVE-2021-41771)\n\n* golang: archive/zip: Reader.Open panics on empty string (CVE-2021-41772)\n\n* golang: syscall: Don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n\n* opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. Solution:\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic\n2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string\n2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion\n2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache\n2030806 - CVE-2021-44717 golang: syscall: don\u0027t close fd 0 on ForkExec error\n2040378 - Don\u0027t allow Storage class conversion migration if source cluster has only one storage class defined [backend]\n2057516 - [MTC UI] UI should not allow PVC mapping for Full migration\n2060244 - [MTC] DIM registry route need to be exposed to create inter-cluster state migration plans\n2060717 - [MTC] Registry pod goes in CrashLoopBackOff several times when MCG Nooba is used as the Replication Repository\n2061347 - [MTC] Log reader pod is missing velero and restic pod logs. \n2061653 - [MTC UI] Migration Resources section showing pods from other namespaces\n2062682 - [MTC] Destination storage class non-availability warning visible in Intra-cluster source to source state-migration migplan. \n2065837 - controller_config.yml.j2 merge type should be set to merge (currently using the default strategic)\n2071000 - Storage Conversion: UI doesn\u0027t have the ability to skip PVC\n2072036 - Migration plan for storage conversion cannot be created if there\u0027s no replication repository\n2072186 - Wrong migration type description\n2072684 - Storage Conversion: PersistentVolumeClaimTemplates in StatefulSets are not updated automatically after migration\n2073496 - Errors in rsync pod creation are not printed in the controller logs\n2079814 - [MTC UI] Intra-cluster state migration plan showing a warning on PersistentVolumes page\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic\n\n5. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51\nserves as a replacement for Red Hat JBoss Core Services Apache HTTP Server\n2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are\ndocumented in the Release Notes document linked to in the References. After installing the updated packages, the\nhttpd daemon will be restarted automatically. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: expat security update\nAdvisory ID:       RHSA-2022:1069-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:1069\nIssue date:        2022-03-28\nCVE Names:         CVE-2021-45960 CVE-2021-46143 CVE-2022-22822\n                   CVE-2022-22823 CVE-2022-22824 CVE-2022-22825\n                   CVE-2022-22826 CVE-2022-22827 CVE-2022-23852\n                   CVE-2022-25235 CVE-2022-25236 CVE-2022-25315\n====================================================================\n1. Summary:\n\nAn update for expat is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nExpat is a C library for parsing XML documents. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library\nmust be restarted for the update to take effect. \n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nexpat-2.1.0-14.el7_9.src.rpm\n\nx86_64:\nexpat-2.1.0-14.el7_9.i686.rpm\nexpat-2.1.0-14.el7_9.x86_64.rpm\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\nexpat-devel-2.1.0-14.el7_9.i686.rpm\nexpat-devel-2.1.0-14.el7_9.x86_64.rpm\nexpat-static-2.1.0-14.el7_9.i686.rpm\nexpat-static-2.1.0-14.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nexpat-2.1.0-14.el7_9.src.rpm\n\nx86_64:\nexpat-2.1.0-14.el7_9.i686.rpm\nexpat-2.1.0-14.el7_9.x86_64.rpm\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\nexpat-devel-2.1.0-14.el7_9.i686.rpm\nexpat-devel-2.1.0-14.el7_9.x86_64.rpm\nexpat-static-2.1.0-14.el7_9.i686.rpm\nexpat-static-2.1.0-14.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nexpat-2.1.0-14.el7_9.src.rpm\n\nppc64:\nexpat-2.1.0-14.el7_9.ppc.rpm\nexpat-2.1.0-14.el7_9.ppc64.rpm\nexpat-debuginfo-2.1.0-14.el7_9.ppc.rpm\nexpat-debuginfo-2.1.0-14.el7_9.ppc64.rpm\nexpat-devel-2.1.0-14.el7_9.ppc.rpm\nexpat-devel-2.1.0-14.el7_9.ppc64.rpm\n\nppc64le:\nexpat-2.1.0-14.el7_9.ppc64le.rpm\nexpat-debuginfo-2.1.0-14.el7_9.ppc64le.rpm\nexpat-devel-2.1.0-14.el7_9.ppc64le.rpm\n\ns390x:\nexpat-2.1.0-14.el7_9.s390.rpm\nexpat-2.1.0-14.el7_9.s390x.rpm\nexpat-debuginfo-2.1.0-14.el7_9.s390.rpm\nexpat-debuginfo-2.1.0-14.el7_9.s390x.rpm\nexpat-devel-2.1.0-14.el7_9.s390.rpm\nexpat-devel-2.1.0-14.el7_9.s390x.rpm\n\nx86_64:\nexpat-2.1.0-14.el7_9.i686.rpm\nexpat-2.1.0-14.el7_9.x86_64.rpm\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\nexpat-devel-2.1.0-14.el7_9.i686.rpm\nexpat-devel-2.1.0-14.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nexpat-debuginfo-2.1.0-14.el7_9.ppc.rpm\nexpat-debuginfo-2.1.0-14.el7_9.ppc64.rpm\nexpat-static-2.1.0-14.el7_9.ppc.rpm\nexpat-static-2.1.0-14.el7_9.ppc64.rpm\n\nppc64le:\nexpat-debuginfo-2.1.0-14.el7_9.ppc64le.rpm\nexpat-static-2.1.0-14.el7_9.ppc64le.rpm\n\ns390x:\nexpat-debuginfo-2.1.0-14.el7_9.s390.rpm\nexpat-debuginfo-2.1.0-14.el7_9.s390x.rpm\nexpat-static-2.1.0-14.el7_9.s390.rpm\nexpat-static-2.1.0-14.el7_9.s390x.rpm\n\nx86_64:\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\nexpat-static-2.1.0-14.el7_9.i686.rpm\nexpat-static-2.1.0-14.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nexpat-2.1.0-14.el7_9.src.rpm\n\nx86_64:\nexpat-2.1.0-14.el7_9.i686.rpm\nexpat-2.1.0-14.el7_9.x86_64.rpm\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\nexpat-devel-2.1.0-14.el7_9.i686.rpm\nexpat-devel-2.1.0-14.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\nexpat-static-2.1.0-14.el7_9.i686.rpm\nexpat-static-2.1.0-14.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-45960\nhttps://access.redhat.com/security/cve/CVE-2021-46143\nhttps://access.redhat.com/security/cve/CVE-2022-22822\nhttps://access.redhat.com/security/cve/CVE-2022-22823\nhttps://access.redhat.com/security/cve/CVE-2022-22824\nhttps://access.redhat.com/security/cve/CVE-2022-22825\nhttps://access.redhat.com/security/cve/CVE-2022-22826\nhttps://access.redhat.com/security/cve/CVE-2022-22827\nhttps://access.redhat.com/security/cve/CVE-2022-23852\nhttps://access.redhat.com/security/cve/CVE-2022-25235\nhttps://access.redhat.com/security/cve/CVE-2022-25236\nhttps://access.redhat.com/security/cve/CVE-2022-25315\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYkHUz9zjgjWX9erEAQjleA//dK8XzyiK0FY595G0f3CKvLMTMTPEEqf7\n3nIHiGzC/lD2o6Y/4ed1iRpndjGVndXyu03AnOFob9P3zqQKBOKiWYcnFNuANAyh\nWAVTDyjglJ5PvLQe31QHDT1N5KlzN/hskhhyIBgZ+mWq90amXHIX1Xgsy6x72lLD\njJF5usHqz4EbIoOn8m0jjDibJFjOOFh2a3qxFnVuMA5+PrcsfnpdVa32I8EMH/sW\nTODqkz3XLSaaJNWzePOPwZshkriapmU9DqkWdiEVOgJDx0MAn3S5q5MUkHJWRM29\n3ZFqQncDQYYYXp8J3AcdX2VXCok0vfIQLWWIvsoGvcpl94lhYsztBGZJttjiVNkV\nkPX6Wv/W2mMklW7tf0OQOo2Xyh0ZOwB5kfJq7+7SMXzh67M2ifT1Gq7RTAMUProX\n3QDm9vVxI7oEBh7HcNychxTaeTwpA2HnGMkUxh0ZX4NkwaOMn0UEBCbxQNXBlPUe\n0Qe6srsMV5GSBPk9LoCxpLy+cMc5mya7x1kNS/NZ1CKtqczj4/Oef21I2wqmG/xU\n7s9H4o/29X9KhQrOL/sAkqRg2s0yz80Wz1opvXcTgkLj8kzOSN9bQF3ravXXCrUd\noqM0cN5PPP/iTqkXs/Dc6HX/iRer15vJ3e4aNu7ZN8+l88mM2BBEmUaDt2ZOHPJb\nFq9o8PxEr0c=KN+u\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-46143"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-017676"
          },
          {
            "db": "VULHUB",
            "id": "VHN-411370"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-46143"
          },
          {
            "db": "PACKETSTORM",
            "id": "166976"
          },
          {
            "db": "PACKETSTORM",
            "id": "166789"
          },
          {
            "db": "PACKETSTORM",
            "id": "169540"
          },
          {
            "db": "PACKETSTORM",
            "id": "169541"
          },
          {
            "db": "PACKETSTORM",
            "id": "166496"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-46143",
            "trust": 3.9
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2022/01/17/3",
            "trust": 1.7
          },
          {
            "db": "SIEMENS",
            "id": "SSA-484086",
            "trust": 1.7
          },
          {
            "db": "TENABLE",
            "id": "TNS-2022-05",
            "trust": 1.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-167-17",
            "trust": 1.4
          },
          {
            "db": "PACKETSTORM",
            "id": "166496",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "166976",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "169541",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-23-278-01",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU99030761",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU97425465",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-017676",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "167008",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "169788",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "166348",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "166437",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "168578",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "166516",
            "trust": 0.7
          },
          {
            "db": "CS-HELP",
            "id": "SB2022072065",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022072710",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022021425",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022060617",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022032843",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022072608",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022070734",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022041954",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022032013",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022011713",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022031627",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022022416",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022070605",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022020902",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022033002",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022032445",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022042116",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "166812",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0626",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.4174",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1677",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1154",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1263",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.2025",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.3299",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0369",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0749",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-417",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "169540",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "166433",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166431",
            "trust": 0.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-04545",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-411370",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-46143",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166789",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411370"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-46143"
          },
          {
            "db": "PACKETSTORM",
            "id": "166976"
          },
          {
            "db": "PACKETSTORM",
            "id": "166789"
          },
          {
            "db": "PACKETSTORM",
            "id": "169540"
          },
          {
            "db": "PACKETSTORM",
            "id": "169541"
          },
          {
            "db": "PACKETSTORM",
            "id": "166496"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-417"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-017676"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-46143"
          }
        ]
      },
      "id": "VAR-202201-0073",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411370"
          }
        ],
        "trust": 0.7003805
      },
      "last_update_date": "2026-04-10T22:38:57.986000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "hitachi-sec-2023-204",
            "trust": 0.8,
            "url": "https://github.com/libexpat/libexpat/issues/532"
          },
          {
            "title": "Expat Enter the fix for the verification error vulnerability",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=178019"
          },
          {
            "title": "Red Hat: CVE-2021-46143",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-46143"
          },
          {
            "title": "Red Hat: Important: expat security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220951 - Security Advisory"
          },
          {
            "title": "Amazon Linux AMI: ALAS-2022-1603",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1603"
          },
          {
            "title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221039 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.1 security and bug fix update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221734 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221041 - Security Advisory"
          },
          {
            "title": "Red Hat: Low: Release of OpenShift Serverless  Version 1.22.0",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221747 - Security Advisory"
          },
          {
            "title": "Debian Security Advisories: DSA-5073-1 expat -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=131f3d669e0814049dd7f5b87ef0af84"
          },
          {
            "title": "Amazon Linux 2: ALAS2-2022-1809",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1809"
          },
          {
            "title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221042 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.3.8 security and container updates",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221083 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.4.3 security updates and bug fixes",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221476 - Security Advisory"
          },
          {
            "title": "Tenable Security Advisories: [R1] Nessus Versions 8.15.3 and 10.1.1 Fix Multiple Third-Party Vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2022-05"
          },
          {
            "title": "Amazon Linux 2022: ALAS2022-2022-017",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-017"
          },
          {
            "title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.5.4 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221396 - Security Advisory"
          },
          {
            "title": "Siemens Security Advisories: Siemens Security Advisory",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
          },
          {
            "title": "myapp-container-jaxrs",
            "trust": 0.1,
            "url": "https://github.com/akiraabe/myapp-container-jaxrs "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-46143"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-417"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-017676"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-190",
            "trust": 1.1
          },
          {
            "problemtype": "Integer overflow or wraparound (CWE-190) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411370"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-017676"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-46143"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143"
          },
          {
            "trust": 1.7,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
          },
          {
            "trust": 1.7,
            "url": "https://security.netapp.com/advisory/ntap-20220121-0006/"
          },
          {
            "trust": 1.7,
            "url": "https://www.tenable.com/security/tns-2022-05"
          },
          {
            "trust": 1.7,
            "url": "https://www.debian.org/security/2022/dsa-5073"
          },
          {
            "trust": 1.7,
            "url": "https://security.gentoo.org/glsa/202209-24"
          },
          {
            "trust": 1.7,
            "url": "https://github.com/libexpat/libexpat/issues/532"
          },
          {
            "trust": 1.7,
            "url": "https://github.com/libexpat/libexpat/pull/538"
          },
          {
            "trust": 1.7,
            "url": "http://www.openwall.com/lists/oss-security/2022/01/17/3"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu99030761/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu97425465/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-17"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-278-01"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-167-17"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022072710"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022031627"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1154"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022021425"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022022416"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022041954"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166976/red-hat-security-advisory-2022-1734-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022020902"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166516/red-hat-security-advisory-2022-1083-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.4174"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/169541/red-hat-security-advisory-2022-7143-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166348/red-hat-security-advisory-2022-0951-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022032843"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022070605"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022072608"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/expat-integer-overflow-via-doprolog-37270"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022032445"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166496/red-hat-security-advisory-2022-1069-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168578/gentoo-linux-security-advisory-202209-24.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022072065"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1263"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/169788/red-hat-security-advisory-2022-7692-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022060617"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022042116"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166812/red-hat-security-advisory-2022-1476-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022032013"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022033002"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022011713"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0749"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0626"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.3299"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/167008/red-hat-security-advisory-2022-1747-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166437/red-hat-security-advisory-2022-1039-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.2025"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0369"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1677"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022070734"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-25236"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-22825"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-22827"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-22823"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2021-46143"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-25235"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-22824"
          },
          {
            "trust": 0.5,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.5,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-22826"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-22822"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-23852"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-25315"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2021-45960"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22826"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22827"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23852"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-31566"
          },
          {
            "trust": 0.2,
            "url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23177"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-23177"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0318"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-44717"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-23308"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-41190"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-3999"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-23218"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-44716"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0359"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0413"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0361"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0261"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0392"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0778"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-23219"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31566"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-33193"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-25313"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-36160"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39275"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-41524"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33193"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41524"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-23990"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-25314"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-44224"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36160"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-39275"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41190"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23218"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44717"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44716"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1154"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-41772"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-25636"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1271"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3999"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-4028"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.10/migration_toolkit_for_containers/mtc-release-notes.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1734"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4028"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41772"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41771"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-41771"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1271"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19603"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25710"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0492"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21684"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36085"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-4154"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36084"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25710"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20231"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20232"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-28153"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3445"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36086"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-4122"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36087"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-42574"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-18218"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14155"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-13435"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-0920"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33560"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-16135"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25709"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-17595"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3426"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22817"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3572"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20232"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20838"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-22925"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0847"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1396"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-17594"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-22876"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-13750"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-12762"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3577"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36221"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-28153"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0435"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0532"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22942"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2014-3577"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-22898"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0330"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0516"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22816"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3580"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3800"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-21684"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-13751"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24407"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3200"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20231"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-24370"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-5827"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3521"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-0920"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25709"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:7144"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:7143"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25315"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1069"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25236"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25235"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-411370"
          },
          {
            "db": "PACKETSTORM",
            "id": "166976"
          },
          {
            "db": "PACKETSTORM",
            "id": "166789"
          },
          {
            "db": "PACKETSTORM",
            "id": "169540"
          },
          {
            "db": "PACKETSTORM",
            "id": "169541"
          },
          {
            "db": "PACKETSTORM",
            "id": "166496"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-417"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-017676"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-46143"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-411370",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-46143",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166976",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166789",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "169540",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "169541",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166496",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-417",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-017676",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2021-46143",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-01-06T00:00:00",
            "db": "VULHUB",
            "id": "VHN-411370",
            "ident": null
          },
          {
            "date": "2022-01-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-46143",
            "ident": null
          },
          {
            "date": "2022-05-05T17:35:22",
            "db": "PACKETSTORM",
            "id": "166976",
            "ident": null
          },
          {
            "date": "2022-04-20T15:12:33",
            "db": "PACKETSTORM",
            "id": "166789",
            "ident": null
          },
          {
            "date": "2022-10-27T13:05:19",
            "db": "PACKETSTORM",
            "id": "169540",
            "ident": null
          },
          {
            "date": "2022-10-27T13:05:26",
            "db": "PACKETSTORM",
            "id": "169541",
            "ident": null
          },
          {
            "date": "2022-03-28T15:54:26",
            "db": "PACKETSTORM",
            "id": "166496",
            "ident": null
          },
          {
            "date": "2022-01-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-417",
            "ident": null
          },
          {
            "date": "2023-01-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-017676",
            "ident": null
          },
          {
            "date": "2022-01-06T04:15:07.017000",
            "db": "NVD",
            "id": "CVE-2021-46143",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-10-06T00:00:00",
            "db": "VULHUB",
            "id": "VHN-411370",
            "ident": null
          },
          {
            "date": "2022-10-06T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-46143",
            "ident": null
          },
          {
            "date": "2022-11-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-417",
            "ident": null
          },
          {
            "date": "2023-10-10T05:52:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-017676",
            "ident": null
          },
          {
            "date": "2025-05-05T17:17:28.820000",
            "db": "NVD",
            "id": "CVE-2021-46143",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-417"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Expat\u00a0 Integer overflow vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-017676"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-417"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202109-1805

    Vulnerability from variot - Updated: 2026-04-10 22:36

    Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. The server is fast, reliable and extensible through a simple API. No detailed vulnerability details are currently provided. 7) - noarch, x86_64

    Bug Fix(es):

    • proxy rewrite to unix socket fails with CVE-2021-40438 fix (BZ#2022319)

    Additional changes:

    • To fix CVE-2022-29404, the default value for the "LimitRequestBody" directive in the Apache HTTP Server has been changed from 0 (unlimited) to 1 GiB.

    On systems where the value of "LimitRequestBody" is not explicitly specified in an httpd configuration file, updating the httpd package sets "LimitRequestBody" to the default value of 1 GiB. As a consequence, if the total size of the HTTP request body exceeds this 1 GiB default limit, httpd returns the 413 Request Entity Too Large error code.

    If the new default allowed size of an HTTP request message body is insufficient for your use case, update your httpd configuration files within the respective context (server, per-directory, per-file, or per-location) and set your preferred limit in bytes. For example, to set a new 2 GiB limit, use:

    LimitRequestBody 2147483648

    Systems already configured to use any explicit value for the "LimitRequestBody" directive are unaffected by this change.

    For the oldstable distribution (buster), these problems have been fixed in version 2.4.38-3+deb10u6.

    For the stable distribution (bullseye), these problems have been fixed in version 2.4.51-1~deb11u1.

    We recommend that you upgrade your apache2 packages.

    For the detailed security status of apache2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache2

    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmFgr44ACgkQEMKTtsN8 TjbophAAiZ+fhF2r8BUbQkL8BhpfqjA+hVsp9WEMTn8Gq6kiW0wLvK3jWPM301Ou D4gHqKmFPmYNC1KBOyk/lJdxyD7iTUweUyLi3WXzxhIDMx0kxkRw1oXlyCHzIqSJ M277bgk32h2cDCbsXjrN/8agKPcKgfwDqiyf/igfEq6V8OB2zVvJPKVFq45n54+q 4FPXSyx1g2u5ewSeXbU2uHDej6Qborui4osDdbwx8CT6aETi0cIXJ8RbXF3PUCHG 5DzZagnRq6GumPsl01jcPu7b9Ck8MlkxMSG3FRsSIJVkwpsQ2C34ywIJkFlzUZZh jhdVUrfbyfLpSdcPcipAAjl9I6gDqa9SFdMRK7ixCpQ6iTiVeDZdJ8pA4jnSweNQ THik07di9R0juX0p7peQiIyBKrEf7Y3WSvLOn0SBKXvZnzc/72rH2nP5FclsgCsV TWxptziGridC43KB8/tDJAAOXVF2lzylzF70V/UGTNo1jk9w3/p6btU1iuzKspyY Y4aPZla3DImI8mezrgFrGYNg7bZYLKuJyGDADKih2sUQpzmDZ6MJxKAE3NLRWyQa 7cCJdoNR9yVqytEw1Y/ZRXAXWfMb3Y1ts2EqR8hzLQgMYb0JC58cLMG3T0RgyPoO A4CTIoYpK1WnsykAE8M4XFrnOW3lrtse6T8N/dTVMuodElAEhc0= =/At6 -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Important: httpd security update Advisory ID: RHSA-2022:0143-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0143 Issue date: 2022-01-17 CVE Names: CVE-2021-26691 CVE-2021-34798 CVE-2021-39275 CVE-2021-44790 ==================================================================== 1. Summary:

    An update for httpd is now available for Red Hat Enterprise Linux 7.

    Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

    Security Fix(es):

    • httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)

    • httpd: mod_session: Heap overflow via a crafted SessionHeader value (CVE-2021-26691)

    • httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)

    • httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    After installing the updated packages, the httpd daemon will be restarted automatically.

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1966732 - CVE-2021-26691 httpd: mod_session: Heap overflow via a crafted SessionHeader value 2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input 2005128 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests 2034674 - CVE-2021-44790 httpd: mod_lua: Possible buffer overflow when parsing multipart content

    1. Package List:

    Red Hat Enterprise Linux Client Optional (v. 7):

    Source: httpd-2.4.6-97.el7_9.4.src.rpm

    noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm

    x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm

    Red Hat Enterprise Linux ComputeNode Optional (v. 7):

    Source: httpd-2.4.6-97.el7_9.4.src.rpm

    noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm

    x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm

    Red Hat Enterprise Linux Server (v. 7):

    Source: httpd-2.4.6-97.el7_9.4.src.rpm

    noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm

    ppc64: httpd-2.4.6-97.el7_9.4.ppc64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm httpd-devel-2.4.6-97.el7_9.4.ppc64.rpm httpd-tools-2.4.6-97.el7_9.4.ppc64.rpm mod_session-2.4.6-97.el7_9.4.ppc64.rpm mod_ssl-2.4.6-97.el7_9.4.ppc64.rpm

    ppc64le: httpd-2.4.6-97.el7_9.4.ppc64le.rpm httpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm httpd-devel-2.4.6-97.el7_9.4.ppc64le.rpm httpd-tools-2.4.6-97.el7_9.4.ppc64le.rpm mod_session-2.4.6-97.el7_9.4.ppc64le.rpm mod_ssl-2.4.6-97.el7_9.4.ppc64le.rpm

    s390x: httpd-2.4.6-97.el7_9.4.s390x.rpm httpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm httpd-devel-2.4.6-97.el7_9.4.s390x.rpm httpd-tools-2.4.6-97.el7_9.4.s390x.rpm mod_session-2.4.6-97.el7_9.4.s390x.rpm mod_ssl-2.4.6-97.el7_9.4.s390x.rpm

    x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm

    Red Hat Enterprise Linux Server Optional (v. 7):

    ppc64: httpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm mod_ldap-2.4.6-97.el7_9.4.ppc64.rpm mod_proxy_html-2.4.6-97.el7_9.4.ppc64.rpm

    ppc64le: httpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm mod_ldap-2.4.6-97.el7_9.4.ppc64le.rpm mod_proxy_html-2.4.6-97.el7_9.4.ppc64le.rpm

    s390x: httpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm mod_ldap-2.4.6-97.el7_9.4.s390x.rpm mod_proxy_html-2.4.6-97.el7_9.4.s390x.rpm

    x86_64: httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm

    Red Hat Enterprise Linux Workstation (v. 7):

    Source: httpd-2.4.6-97.el7_9.4.src.rpm

    noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm

    x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm

    Red Hat Enterprise Linux Workstation Optional (v. 7):

    x86_64: httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2021-26691 https://access.redhat.com/security/cve/CVE-2021-34798 https://access.redhat.com/security/cve/CVE-2021-39275 https://access.redhat.com/security/cve/CVE-2021-44790 https://access.redhat.com/security/updates/classification/#important

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBYeVdC9zjgjWX9erEAQgzNw/8CjsxUvDW64dwvpcYH/OWJhKqvD53sX+w ivf4+hhCsEVLvrjD0eTNkbeza+dcZqoR5swL0IjAGXKJ/0q/oh4/yxq2ydgvEYsY rAjts0tnynoswBaFo6eaBlcNxQroGID0uqgXkUFt37m4eetACuOSVRcZ7/sNsqBS iQF4l16vjNvKeOdKY8nSNe77Dt1/Lj41NoL6XbAZPuvaiLBqqGOY9xYfZSSmFHFq H4dB8cfMC4cWysFtnzffJ+dJdzcWNOxklwLlZe72JoAJYP59da2YuIoE2LsQRGPC Occ84zH/UZx4JWJhF7FEEALC/tizfFqu9qWr1OIDmSVTEAZ+6IZ/mDeF83+0Mrc4 AiV3oiJi7Fx4XTDUL8fim+FORaSI2IR7LK1Zjau1qCN04ayyFXwJdK/fwgIWJHon gYhyUsAj7F7At9m8cCVRP5K4jjmr0qrmsF1M1B6xqMLWlYNcWu3obJS/FbiSdwQJ 7jFdBagThGOzIle0eGk0iMZ+vRJSuaSMZ7GDA14o46KB+EkvYLe+wi6jBQXJeD6Q Oueenu2JiMvB8+dJNYrn9uQY+8WHyCVV1HMMmVo9LajA1FJRXgMIQN5ZmDMoDW73 qFV+VCOHtKPI2hC8ngZYy2RyEUhK4t3f7xmJgtoJ4/DuaGsRWL7xZPL7gLHxWnS4 5VjPyLrWg5U=TyMo -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, noarch, ppc64le, s390x, x86_64


    1. Gentoo Linux Security Advisory GLSA 202208-20

                                           https://security.gentoo.org/
    

    Severity: High Title: Apache HTTPD: Multiple Vulnerabilities Date: August 14, 2022 Bugs: #813429, #816399, #816864, #829722, #835131, #850622 ID: 202208-20


    Synopsis

    Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution. Please review the CVE identifiers referenced below for details.

    Impact

    Please review the referenced CVE identifiers for details.

    Workaround

    There is no known workaround at this time.

    Resolution

    All Apache HTTPD users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.54"

    All Apache HTTPD tools users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/apache-tools-2.4.54"

    References

    [ 1 ] CVE-2021-33193 https://nvd.nist.gov/vuln/detail/CVE-2021-33193 [ 2 ] CVE-2021-34798 https://nvd.nist.gov/vuln/detail/CVE-2021-34798 [ 3 ] CVE-2021-36160 https://nvd.nist.gov/vuln/detail/CVE-2021-36160 [ 4 ] CVE-2021-39275 https://nvd.nist.gov/vuln/detail/CVE-2021-39275 [ 5 ] CVE-2021-40438 https://nvd.nist.gov/vuln/detail/CVE-2021-40438 [ 6 ] CVE-2021-41524 https://nvd.nist.gov/vuln/detail/CVE-2021-41524 [ 7 ] CVE-2021-41773 https://nvd.nist.gov/vuln/detail/CVE-2021-41773 [ 8 ] CVE-2021-42013 https://nvd.nist.gov/vuln/detail/CVE-2021-42013 [ 9 ] CVE-2021-44224 https://nvd.nist.gov/vuln/detail/CVE-2021-44224 [ 10 ] CVE-2021-44790 https://nvd.nist.gov/vuln/detail/CVE-2021-44790 [ 11 ] CVE-2022-22719 https://nvd.nist.gov/vuln/detail/CVE-2022-22719 [ 12 ] CVE-2022-22720 https://nvd.nist.gov/vuln/detail/CVE-2022-22720 [ 13 ] CVE-2022-22721 https://nvd.nist.gov/vuln/detail/CVE-2022-22721 [ 14 ] CVE-2022-23943 https://nvd.nist.gov/vuln/detail/CVE-2022-23943 [ 15 ] CVE-2022-26377 https://nvd.nist.gov/vuln/detail/CVE-2022-26377 [ 16 ] CVE-2022-28614 https://nvd.nist.gov/vuln/detail/CVE-2022-28614 [ 17 ] CVE-2022-28615 https://nvd.nist.gov/vuln/detail/CVE-2022-28615 [ 18 ] CVE-2022-29404 https://nvd.nist.gov/vuln/detail/CVE-2022-29404 [ 19 ] CVE-2022-30522 https://nvd.nist.gov/vuln/detail/CVE-2022-30522 [ 20 ] CVE-2022-30556 https://nvd.nist.gov/vuln/detail/CVE-2022-30556 [ 21 ] CVE-2022-31813 https://nvd.nist.gov/vuln/detail/CVE-2022-31813

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    https://security.gentoo.org/glsa/202208-20

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-5090-4 September 28, 2021

    apache2 regression

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 16.04 ESM

    Summary:

    USN-5090-1 introduced a regression in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem.

    Original advisory details:

    James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote attacker could possibly use this issue to perform request splitting or cache poisoning attacks. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2021-34798)

    Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. If the server was configured with third-party modules, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-39275)

    It was discovered that the Apache mod_proxy module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to forward requests to arbitrary origin servers. (CVE-2021-40438)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 16.04 ESM: apache2 2.4.18-2ubuntu3.17+esm3 apache2-bin 2.4.18-2ubuntu3.17+esm3

    In general, a standard system update will make all the necessary changes

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "instantis enterprisetrack",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "17.2"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "34"
          },
          {
            "_id": null,
            "model": "clustered data ontap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "communications cloud native core network function cloud native environment",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "1.10.0"
          },
          {
            "_id": null,
            "model": "storagegrid",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.2.1.3.0"
          },
          {
            "_id": null,
            "model": "sinema remote connect server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.4.48"
          },
          {
            "_id": null,
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.58"
          },
          {
            "_id": null,
            "model": "ruggedcom nms",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "*"
          },
          {
            "_id": null,
            "model": "sinec nms",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "*"
          },
          {
            "_id": null,
            "model": "sinema server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "14.0"
          },
          {
            "_id": null,
            "model": "instantis enterprisetrack",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "17.3"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.2.1.4.0"
          },
          {
            "_id": null,
            "model": "instantis enterprisetrack",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "17.1"
          },
          {
            "_id": null,
            "model": "zfs storage appliance kit",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.8"
          },
          {
            "_id": null,
            "model": "enterprise manager base platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "13.5.0.0"
          },
          {
            "_id": null,
            "model": "enterprise manager base platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "13.4.0.0"
          },
          {
            "_id": null,
            "model": "cloud backup",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "tenable.sc",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "tenable",
            "version": "5.19.1"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "35"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "brocade fabric operating system",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": null
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "apache",
            "version": "\u003c=2.4.48"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-03223"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34798"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Siemens reported these vulnerabilities to CISA.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1109"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-34798",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2021-34798",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2022-03223",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-395042",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-34798",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-34798",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-03223",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202109-1109",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-395042",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-34798",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-03223"
          },
          {
            "db": "VULHUB",
            "id": "VHN-395042"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-34798"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1109"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34798"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. The server is fast, reliable and extensible through a simple API. No detailed vulnerability details are currently provided. 7) - noarch, x86_64\n\n3. \n\nBug Fix(es):\n\n* proxy rewrite to unix socket fails with CVE-2021-40438 fix (BZ#2022319)\n\nAdditional changes:\n\n* To fix CVE-2022-29404, the default value for the \"LimitRequestBody\"\ndirective in the Apache HTTP Server has been changed from 0 (unlimited) to\n1 GiB. \n\nOn systems where the value of \"LimitRequestBody\" is not explicitly\nspecified in an httpd configuration file, updating the httpd package sets\n\"LimitRequestBody\" to the default value of 1 GiB. As a consequence, if the\ntotal size of the HTTP request body exceeds this 1 GiB default limit, httpd\nreturns the 413 Request Entity Too Large error code. \n\nIf the new default allowed size of an HTTP request message body is\ninsufficient for your use case, update your httpd configuration files\nwithin the respective context (server, per-directory, per-file, or\nper-location) and set your preferred limit in bytes. For example, to set a\nnew 2 GiB limit, use:\n\nLimitRequestBody 2147483648\n\nSystems already configured to use any explicit value for the\n\"LimitRequestBody\" directive are unaffected by this change. \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 2.4.38-3+deb10u6. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.4.51-1~deb11u1. \n\nWe recommend that you upgrade your apache2 packages. \n\nFor the detailed security status of apache2 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/apache2\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmFgr44ACgkQEMKTtsN8\nTjbophAAiZ+fhF2r8BUbQkL8BhpfqjA+hVsp9WEMTn8Gq6kiW0wLvK3jWPM301Ou\nD4gHqKmFPmYNC1KBOyk/lJdxyD7iTUweUyLi3WXzxhIDMx0kxkRw1oXlyCHzIqSJ\nM277bgk32h2cDCbsXjrN/8agKPcKgfwDqiyf/igfEq6V8OB2zVvJPKVFq45n54+q\n4FPXSyx1g2u5ewSeXbU2uHDej6Qborui4osDdbwx8CT6aETi0cIXJ8RbXF3PUCHG\n5DzZagnRq6GumPsl01jcPu7b9Ck8MlkxMSG3FRsSIJVkwpsQ2C34ywIJkFlzUZZh\njhdVUrfbyfLpSdcPcipAAjl9I6gDqa9SFdMRK7ixCpQ6iTiVeDZdJ8pA4jnSweNQ\nTHik07di9R0juX0p7peQiIyBKrEf7Y3WSvLOn0SBKXvZnzc/72rH2nP5FclsgCsV\nTWxptziGridC43KB8/tDJAAOXVF2lzylzF70V/UGTNo1jk9w3/p6btU1iuzKspyY\nY4aPZla3DImI8mezrgFrGYNg7bZYLKuJyGDADKih2sUQpzmDZ6MJxKAE3NLRWyQa\n7cCJdoNR9yVqytEw1Y/ZRXAXWfMb3Y1ts2EqR8hzLQgMYb0JC58cLMG3T0RgyPoO\nA4CTIoYpK1WnsykAE8M4XFrnOW3lrtse6T8N/dTVMuodElAEhc0=\n=/At6\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: httpd security update\nAdvisory ID:       RHSA-2022:0143-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:0143\nIssue date:        2022-01-17\nCVE Names:         CVE-2021-26691 CVE-2021-34798 CVE-2021-39275\n                   CVE-2021-44790\n====================================================================\n1. Summary:\n\nAn update for httpd is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. \n\nSecurity Fix(es):\n\n* httpd: mod_lua: Possible buffer overflow when parsing multipart content\n(CVE-2021-44790)\n\n* httpd: mod_session: Heap overflow via a crafted SessionHeader value\n(CVE-2021-26691)\n\n* httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)\n\n* httpd: Out-of-bounds write in ap_escape_quotes() via malicious input\n(CVE-2021-39275)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1966732 - CVE-2021-26691 httpd: mod_session: Heap overflow via a crafted SessionHeader value\n2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input\n2005128 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests\n2034674 - CVE-2021-44790 httpd: mod_lua: Possible buffer overflow when parsing multipart content\n\n6. Package List:\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.4.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.4.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.4.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm\nmod_session-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.4.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.4.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.4.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm\nmod_session-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.4.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.4.noarch.rpm\n\nppc64:\nhttpd-2.4.6-97.el7_9.4.ppc64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.ppc64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.ppc64.rpm\nmod_session-2.4.6-97.el7_9.4.ppc64.rpm\nmod_ssl-2.4.6-97.el7_9.4.ppc64.rpm\n\nppc64le:\nhttpd-2.4.6-97.el7_9.4.ppc64le.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm\nhttpd-devel-2.4.6-97.el7_9.4.ppc64le.rpm\nhttpd-tools-2.4.6-97.el7_9.4.ppc64le.rpm\nmod_session-2.4.6-97.el7_9.4.ppc64le.rpm\nmod_ssl-2.4.6-97.el7_9.4.ppc64le.rpm\n\ns390x:\nhttpd-2.4.6-97.el7_9.4.s390x.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm\nhttpd-devel-2.4.6-97.el7_9.4.s390x.rpm\nhttpd-tools-2.4.6-97.el7_9.4.s390x.rpm\nmod_session-2.4.6-97.el7_9.4.s390x.rpm\nmod_ssl-2.4.6-97.el7_9.4.s390x.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.x86_64.rpm\nmod_session-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nhttpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm\nmod_ldap-2.4.6-97.el7_9.4.ppc64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.ppc64.rpm\n\nppc64le:\nhttpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm\nmod_ldap-2.4.6-97.el7_9.4.ppc64le.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.ppc64le.rpm\n\ns390x:\nhttpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm\nmod_ldap-2.4.6-97.el7_9.4.s390x.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.s390x.rpm\n\nx86_64:\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.4.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.4.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.4.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.x86_64.rpm\nmod_session-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.4.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-26691\nhttps://access.redhat.com/security/cve/CVE-2021-34798\nhttps://access.redhat.com/security/cve/CVE-2021-39275\nhttps://access.redhat.com/security/cve/CVE-2021-44790\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYeVdC9zjgjWX9erEAQgzNw/8CjsxUvDW64dwvpcYH/OWJhKqvD53sX+w\nivf4+hhCsEVLvrjD0eTNkbeza+dcZqoR5swL0IjAGXKJ/0q/oh4/yxq2ydgvEYsY\nrAjts0tnynoswBaFo6eaBlcNxQroGID0uqgXkUFt37m4eetACuOSVRcZ7/sNsqBS\niQF4l16vjNvKeOdKY8nSNe77Dt1/Lj41NoL6XbAZPuvaiLBqqGOY9xYfZSSmFHFq\nH4dB8cfMC4cWysFtnzffJ+dJdzcWNOxklwLlZe72JoAJYP59da2YuIoE2LsQRGPC\nOcc84zH/UZx4JWJhF7FEEALC/tizfFqu9qWr1OIDmSVTEAZ+6IZ/mDeF83+0Mrc4\nAiV3oiJi7Fx4XTDUL8fim+FORaSI2IR7LK1Zjau1qCN04ayyFXwJdK/fwgIWJHon\ngYhyUsAj7F7At9m8cCVRP5K4jjmr0qrmsF1M1B6xqMLWlYNcWu3obJS/FbiSdwQJ\n7jFdBagThGOzIle0eGk0iMZ+vRJSuaSMZ7GDA14o46KB+EkvYLe+wi6jBQXJeD6Q\nOueenu2JiMvB8+dJNYrn9uQY+8WHyCVV1HMMmVo9LajA1FJRXgMIQN5ZmDMoDW73\nqFV+VCOHtKPI2hC8ngZYy2RyEUhK4t3f7xmJgtoJ4/DuaGsRWL7xZPL7gLHxWnS4\n5VjPyLrWg5U=TyMo\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202208-20\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: Apache HTTPD: Multiple Vulnerabilities\n     Date: August 14, 2022\n     Bugs: #813429, #816399, #816864, #829722, #835131, #850622\n       ID: 202208-20\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Apache Webserver, the\nworst of which could result in remote code execution. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Apache HTTPD users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.4.54\"\n\nAll Apache HTTPD tools users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=app-admin/apache-tools-2.4.54\"\n\nReferences\n=========\n[ 1 ] CVE-2021-33193\n      https://nvd.nist.gov/vuln/detail/CVE-2021-33193\n[ 2 ] CVE-2021-34798\n      https://nvd.nist.gov/vuln/detail/CVE-2021-34798\n[ 3 ] CVE-2021-36160\n      https://nvd.nist.gov/vuln/detail/CVE-2021-36160\n[ 4 ] CVE-2021-39275\n      https://nvd.nist.gov/vuln/detail/CVE-2021-39275\n[ 5 ] CVE-2021-40438\n      https://nvd.nist.gov/vuln/detail/CVE-2021-40438\n[ 6 ] CVE-2021-41524\n      https://nvd.nist.gov/vuln/detail/CVE-2021-41524\n[ 7 ] CVE-2021-41773\n      https://nvd.nist.gov/vuln/detail/CVE-2021-41773\n[ 8 ] CVE-2021-42013\n      https://nvd.nist.gov/vuln/detail/CVE-2021-42013\n[ 9 ] CVE-2021-44224\n      https://nvd.nist.gov/vuln/detail/CVE-2021-44224\n[ 10 ] CVE-2021-44790\n      https://nvd.nist.gov/vuln/detail/CVE-2021-44790\n[ 11 ] CVE-2022-22719\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22719\n[ 12 ] CVE-2022-22720\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22720\n[ 13 ] CVE-2022-22721\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22721\n[ 14 ] CVE-2022-23943\n      https://nvd.nist.gov/vuln/detail/CVE-2022-23943\n[ 15 ] CVE-2022-26377\n      https://nvd.nist.gov/vuln/detail/CVE-2022-26377\n[ 16 ] CVE-2022-28614\n      https://nvd.nist.gov/vuln/detail/CVE-2022-28614\n[ 17 ] CVE-2022-28615\n      https://nvd.nist.gov/vuln/detail/CVE-2022-28615\n[ 18 ] CVE-2022-29404\n      https://nvd.nist.gov/vuln/detail/CVE-2022-29404\n[ 19 ] CVE-2022-30522\n      https://nvd.nist.gov/vuln/detail/CVE-2022-30522\n[ 20 ] CVE-2022-30556\n      https://nvd.nist.gov/vuln/detail/CVE-2022-30556\n[ 21 ] CVE-2022-31813\n      https://nvd.nist.gov/vuln/detail/CVE-2022-31813\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-20\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-5090-4\nSeptember 28, 2021\n\napache2 regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n\nSummary:\n\nUSN-5090-1 introduced a regression in Apache HTTP Server. One of the upstream\nfixes introduced a regression in UDS URIs. This update fixes the problem. \n\nOriginal advisory details:\n\n James Kettle discovered that the Apache HTTP Server HTTP/2 module\n incorrectly handled certain crafted methods. A remote attacker could\n possibly use this issue to perform request splitting or cache poisoning\n attacks. A remote attacker could possibly use this issue to\n cause the server to crash, resulting in a denial of service. \n (CVE-2021-34798)\n \n Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly\n handled certain request uri-paths. A remote attacker could possibly use\n this issue to cause the server to crash, resulting in a denial of service. \n This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. If the server was configured with third-party modules, a remote\n attacker could use this issue to cause the server to crash, resulting in a\n denial of service, or possibly execute arbitrary code. (CVE-2021-39275)\n \n It was discovered that the Apache mod_proxy module incorrectly handled\n certain request uri-paths. A remote attacker could possibly use this issue\n to cause the server to forward requests to arbitrary origin servers. \n (CVE-2021-40438)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n  apache2                         2.4.18-2ubuntu3.17+esm3\n  apache2-bin                     2.4.18-2ubuntu3.17+esm3\n\nIn general, a standard system update will make all the necessary changes",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-34798"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-03223"
          },
          {
            "db": "VULHUB",
            "id": "VHN-395042"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-34798"
          },
          {
            "db": "PACKETSTORM",
            "id": "168565"
          },
          {
            "db": "PACKETSTORM",
            "id": "169132"
          },
          {
            "db": "PACKETSTORM",
            "id": "165587"
          },
          {
            "db": "PACKETSTORM",
            "id": "166321"
          },
          {
            "db": "PACKETSTORM",
            "id": "168072"
          },
          {
            "db": "PACKETSTORM",
            "id": "164307"
          },
          {
            "db": "PACKETSTORM",
            "id": "164305"
          },
          {
            "db": "PACKETSTORM",
            "id": "164329"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-34798",
            "trust": 3.2
          },
          {
            "db": "TENABLE",
            "id": "TNS-2021-17",
            "trust": 1.8
          },
          {
            "db": "MCAFEE",
            "id": "SB10379",
            "trust": 1.8
          },
          {
            "db": "SIEMENS",
            "id": "SSA-685781",
            "trust": 1.8
          },
          {
            "db": "PACKETSTORM",
            "id": "165587",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "166321",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "168072",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "168565",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-03223",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1109",
            "trust": 0.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-167-06",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "164329",
            "trust": 0.7
          },
          {
            "db": "CS-HELP",
            "id": "SB2022012040",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021101308",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022030119",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021092301",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022051316",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022031528",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022011749",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021091707",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021101513",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021101922",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021101005",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022060624",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021101101",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022042112",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021112902",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3229",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3405",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3341",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4004.7",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3148",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3591",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0850",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3482",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.2978",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4004.5",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4004.2",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.2352",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0217",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3357",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3250",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4004.3",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3387",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-132-02",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "164318",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-395042",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-34798",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169132",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "164307",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "164305",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-03223"
          },
          {
            "db": "VULHUB",
            "id": "VHN-395042"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-34798"
          },
          {
            "db": "PACKETSTORM",
            "id": "168565"
          },
          {
            "db": "PACKETSTORM",
            "id": "169132"
          },
          {
            "db": "PACKETSTORM",
            "id": "165587"
          },
          {
            "db": "PACKETSTORM",
            "id": "166321"
          },
          {
            "db": "PACKETSTORM",
            "id": "168072"
          },
          {
            "db": "PACKETSTORM",
            "id": "164307"
          },
          {
            "db": "PACKETSTORM",
            "id": "164305"
          },
          {
            "db": "PACKETSTORM",
            "id": "164329"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1109"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34798"
          }
        ]
      },
      "id": "VAR-202109-1805",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-03223"
          },
          {
            "db": "VULHUB",
            "id": "VHN-395042"
          }
        ],
        "trust": 1.3031922749999998
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-03223"
          }
        ]
      },
      "last_update_date": "2026-04-10T22:36:56.215000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Patch for Apache HTTP Server Code Issue Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/313156"
          },
          {
            "title": "Apache HTTP Server Fixes for code issue vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=171210"
          },
          {
            "title": "Red Hat: Moderate: httpd:2.4 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220891 - Security Advisory"
          },
          {
            "title": "Red Hat: CVE-2021-34798",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-34798"
          },
          {
            "title": "Debian Security Advisories: DSA-4982-1 apache2 -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=93a29f7ecf9a6aaba79d3b3320aa4b85"
          },
          {
            "title": "Arch Linux Issues: ",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-34798 log"
          },
          {
            "title": "Red Hat: Moderate: httpd24-httpd security and bug fix update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226753 - Security Advisory"
          },
          {
            "title": "Tenable Security Advisories: [R1] Stand-alone Security Patch Available for Tenable.sc versions 5.16.0 to 5.19.1: Patch 202110.1",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2021-17"
          },
          {
            "title": "Brocade Security Advisories: CVE-2021-34798. NULL pointer dereference in httpd core.",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories\u0026qid=2142ed2ad0c6564b6dfdd2779d3117ce"
          },
          {
            "title": "Brocade Security Advisories: Access Denied",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories\u0026qid=3499da969fe529a2e6d5812690c8f102"
          },
          {
            "title": "Amazon Linux AMI: ALAS-2021-1543",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2021-1543"
          },
          {
            "title": "Amazon Linux 2: ALAS2-2021-1716",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1716"
          },
          {
            "title": "Cisco: Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-apache-httpd-2.4.49-VWL69sWQ"
          },
          {
            "title": "PROJET TUTEURE",
            "trust": 0.1,
            "url": "https://github.com/PierreChrd/py-projet-tut "
          },
          {
            "title": "Tier 0\nTier 1\nTier 2",
            "trust": 0.1,
            "url": "https://github.com/Totes5706/TotesHTB "
          },
          {
            "title": "Requirements\nvulnsearch-cve\nUsage\nvulnsearch\nUsage\nTest Sample",
            "trust": 0.1,
            "url": "https://github.com/kasem545/vulnsearch "
          },
          {
            "title": "Skynet",
            "trust": 0.1,
            "url": "https://github.com/bioly230/THM_Skynet "
          },
          {
            "title": "Shodan Search Script",
            "trust": 0.1,
            "url": "https://github.com/firatesatoglu/shodanSearch "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-03223"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-34798"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1109"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-476",
            "trust": 1.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-395042"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34798"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.9,
            "url": "https://security.gentoo.org/glsa/202208-20"
          },
          {
            "trust": 1.8,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf"
          },
          {
            "trust": 1.8,
            "url": "https://security.netapp.com/advisory/ntap-20211008-0004/"
          },
          {
            "trust": 1.8,
            "url": "https://www.tenable.com/security/tns-2021-17"
          },
          {
            "trust": 1.8,
            "url": "https://www.debian.org/security/2021/dsa-4982"
          },
          {
            "trust": 1.8,
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "trust": 1.8,
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "trust": 1.8,
            "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html"
          },
          {
            "trust": 1.7,
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10379"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34798"
          },
          {
            "trust": 1.2,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-httpd-2.4.49-vwl69swq"
          },
          {
            "trust": 1.2,
            "url": "http://httpd.apache.org/security/vulnerabilities_24.html"
          },
          {
            "trust": 1.2,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-"
          },
          {
            "trust": 1.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/"
          },
          {
            "trust": 1.1,
            "url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3cusers.httpd.apache.org%3e"
          },
          {
            "trust": 1.1,
            "url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3cusers.httpd.apache.org%3e"
          },
          {
            "trust": 1.1,
            "url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3cusers.httpd.apache.org%3e"
          },
          {
            "trust": 1.1,
            "url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3cusers.httpd.apache.org%3e"
          },
          {
            "trust": 1.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/"
          },
          {
            "trust": 1.0,
            "url": "https://access.redhat.com/security/cve/cve-2021-34798"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39275"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/"
          },
          {
            "trust": 0.6,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-34798"
          },
          {
            "trust": 0.6,
            "url": "httpd.apache.org/security/vulnerabilities_24.html"
          },
          {
            "trust": 0.6,
            "url": "http://"
          },
          {
            "trust": 0.6,
            "url": "httpd.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3cusers."
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3cusers."
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3cusers."
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3cusers."
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022051316"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022030119"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022031528"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3229"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3405"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/165587/red-hat-security-advisory-2022-0143-03.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166321/red-hat-security-advisory-2022-0891-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021112902"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022060624"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021101513"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3357"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.2352"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0217"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3250"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3591"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168072/gentoo-linux-security-advisory-202208-20.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4004.7"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/164318/ubuntu-security-notice-usn-5090-3.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0850"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/6520016"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-167-06"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168565/red-hat-security-advisory-2022-6753-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.2978"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4004.3"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4004.2"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4004.5"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022012040"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022011749"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-132-02"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022042112"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021092301"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3387"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3341"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021101922"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/164329/ubuntu-security-notice-usn-5090-4.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021101308"
          },
          {
            "trust": 0.6,
            "url": "httpd-2.4.49-vwl69swq"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3148"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021091707"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021101101"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/apache-http-server-four-vulnerabilities-36444"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3482"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021101005"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36160"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-40438"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33193"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-39275"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.3,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.3,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.3,
            "url": "https://ubuntu.com/security/notices/usn-5090-1"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/errata/rhsa-2022:0891"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28614"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29404"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28615"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30522"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22719"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30556"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23943"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26377"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44790"
          },
          {
            "trust": 0.1,
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10379"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3cusers.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3cusers.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3cusers.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3cusers.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/476.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-06"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/totes5706/toteshtb"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/articles/6975397"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-30556"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36160"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22719"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-28614"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:6753"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-28615"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-31813"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-30522"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-44224"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22721"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-29404"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33193"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23943"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26377"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/"
          },
          {
            "trust": 0.1,
            "url": "https://security-tracker.debian.org/tracker/apache2"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-44790"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-26691"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-26691"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:0143"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-31813"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "https://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41773"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41524"
          },
          {
            "trust": 0.1,
            "url": "https://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-42013"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22720"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-5090-2"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.17"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.5"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.46-4ubuntu1.2"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/bugs/xxxxxx"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-5090-4"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-03223"
          },
          {
            "db": "VULHUB",
            "id": "VHN-395042"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-34798"
          },
          {
            "db": "PACKETSTORM",
            "id": "168565"
          },
          {
            "db": "PACKETSTORM",
            "id": "169132"
          },
          {
            "db": "PACKETSTORM",
            "id": "165587"
          },
          {
            "db": "PACKETSTORM",
            "id": "166321"
          },
          {
            "db": "PACKETSTORM",
            "id": "168072"
          },
          {
            "db": "PACKETSTORM",
            "id": "164307"
          },
          {
            "db": "PACKETSTORM",
            "id": "164305"
          },
          {
            "db": "PACKETSTORM",
            "id": "164329"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1109"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34798"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-03223",
            "ident": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-395042",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-34798",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "168565",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "169132",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "165587",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166321",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "168072",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164307",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164305",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164329",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1109",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34798",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-01-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-03223",
            "ident": null
          },
          {
            "date": "2021-09-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-395042",
            "ident": null
          },
          {
            "date": "2021-09-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-34798",
            "ident": null
          },
          {
            "date": "2022-09-30T14:51:18",
            "db": "PACKETSTORM",
            "id": "168565",
            "ident": null
          },
          {
            "date": "2021-10-28T19:12:00",
            "db": "PACKETSTORM",
            "id": "169132",
            "ident": null
          },
          {
            "date": "2022-01-17T16:53:40",
            "db": "PACKETSTORM",
            "id": "165587",
            "ident": null
          },
          {
            "date": "2022-03-15T15:50:26",
            "db": "PACKETSTORM",
            "id": "166321",
            "ident": null
          },
          {
            "date": "2022-08-15T16:02:48",
            "db": "PACKETSTORM",
            "id": "168072",
            "ident": null
          },
          {
            "date": "2021-09-28T15:13:59",
            "db": "PACKETSTORM",
            "id": "164307",
            "ident": null
          },
          {
            "date": "2021-09-28T15:06:35",
            "db": "PACKETSTORM",
            "id": "164305",
            "ident": null
          },
          {
            "date": "2021-09-29T14:50:01",
            "db": "PACKETSTORM",
            "id": "164329",
            "ident": null
          },
          {
            "date": "2021-09-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202109-1109",
            "ident": null
          },
          {
            "date": "2021-09-16T15:15:07.267000",
            "db": "NVD",
            "id": "CVE-2021-34798",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-01-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-03223",
            "ident": null
          },
          {
            "date": "2022-10-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-395042",
            "ident": null
          },
          {
            "date": "2023-11-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-34798",
            "ident": null
          },
          {
            "date": "2023-02-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202109-1109",
            "ident": null
          },
          {
            "date": "2023-11-07T03:36:26.910000",
            "db": "NVD",
            "id": "CVE-2021-34798",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "168072"
          },
          {
            "db": "PACKETSTORM",
            "id": "164307"
          },
          {
            "db": "PACKETSTORM",
            "id": "164305"
          },
          {
            "db": "PACKETSTORM",
            "id": "164329"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1109"
          }
        ],
        "trust": 1.0
      },
      "title": {
        "_id": null,
        "data": "Apache HTTP Server Code Issue Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-03223"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "_id": null,
        "data": "code problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1109"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202109-1802

    Vulnerability from variot - Updated: 2026-04-10 22:19

    A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. This vulnerability allows remote attackers to initiate arbitrary server-side requests on affected installations of Hewlett Packard Enterprise OneView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the REST service, which listens on TCP port 443 by default. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. The server is fast, reliable and extensible through a simple API. The vulnerability stems from the mod_proxy module failing to properly validate user input. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ===================================================================== Red Hat Security Advisory

    Synopsis: Important: httpd security update Advisory ID: RHSA-2021:3856-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3856 Issue date: 2021-10-14 CVE Names: CVE-2021-40438 =====================================================================

    1. Summary:

    An update for httpd is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.6 Advanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update Support, Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions, Red Hat Enterprise Linux 7.7 Advanced Update Support, Red Hat Enterprise Linux 7.7 Telco Extended Update Support, and Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions.

    Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server AUS (v. 7.2) - noarch, x86_64 Red Hat Enterprise Linux Server AUS (v. 7.3) - noarch, x86_64 Red Hat Enterprise Linux Server AUS (v. 7.4) - noarch, x86_64 Red Hat Enterprise Linux Server AUS (v. 7.6) - noarch, x86_64 Red Hat Enterprise Linux Server AUS (v. 7.7) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.6) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.7) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.2) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.3) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.7) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.6) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.7) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.6) - noarch, x86_64 Red Hat Enterprise Linux Server TUS (v. 7.7) - noarch, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

    Security Fix(es):

    • httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:" (CVE-2021-40438)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    After installing the updated packages, the httpd daemon will be restarted automatically.

    1. Bugs fixed (https://bugzilla.redhat.com/):

    2005117 - CVE-2021-40438 httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:"

    1. Package List:

    Red Hat Enterprise Linux Client Optional (v. 7):

    Source: httpd-2.4.6-97.el7_9.1.src.rpm

    noarch: httpd-manual-2.4.6-97.el7_9.1.noarch.rpm

    x86_64: httpd-2.4.6-97.el7_9.1.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm httpd-devel-2.4.6-97.el7_9.1.x86_64.rpm httpd-tools-2.4.6-97.el7_9.1.x86_64.rpm mod_ldap-2.4.6-97.el7_9.1.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.1.x86_64.rpm mod_session-2.4.6-97.el7_9.1.x86_64.rpm mod_ssl-2.4.6-97.el7_9.1.x86_64.rpm

    Red Hat Enterprise Linux ComputeNode Optional (v. 7):

    Source: httpd-2.4.6-97.el7_9.1.src.rpm

    noarch: httpd-manual-2.4.6-97.el7_9.1.noarch.rpm

    x86_64: httpd-2.4.6-97.el7_9.1.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm httpd-devel-2.4.6-97.el7_9.1.x86_64.rpm httpd-tools-2.4.6-97.el7_9.1.x86_64.rpm mod_ldap-2.4.6-97.el7_9.1.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.1.x86_64.rpm mod_session-2.4.6-97.el7_9.1.x86_64.rpm mod_ssl-2.4.6-97.el7_9.1.x86_64.rpm

    Red Hat Enterprise Linux Server AUS (v. 7.2):

    Source: httpd-2.4.6-40.el7_2.7.src.rpm

    noarch: httpd-manual-2.4.6-40.el7_2.7.noarch.rpm

    x86_64: httpd-2.4.6-40.el7_2.7.x86_64.rpm httpd-debuginfo-2.4.6-40.el7_2.7.x86_64.rpm httpd-devel-2.4.6-40.el7_2.7.x86_64.rpm httpd-tools-2.4.6-40.el7_2.7.x86_64.rpm mod_ssl-2.4.6-40.el7_2.7.x86_64.rpm

    Red Hat Enterprise Linux Server AUS (v. 7.3):

    Source: httpd-2.4.6-45.el7_3.6.src.rpm

    noarch: httpd-manual-2.4.6-45.el7_3.6.noarch.rpm

    x86_64: httpd-2.4.6-45.el7_3.6.x86_64.rpm httpd-debuginfo-2.4.6-45.el7_3.6.x86_64.rpm httpd-devel-2.4.6-45.el7_3.6.x86_64.rpm httpd-tools-2.4.6-45.el7_3.6.x86_64.rpm mod_ssl-2.4.6-45.el7_3.6.x86_64.rpm

    Red Hat Enterprise Linux Server AUS (v. 7.4):

    Source: httpd-2.4.6-67.el7_4.7.src.rpm

    noarch: httpd-manual-2.4.6-67.el7_4.7.noarch.rpm

    x86_64: httpd-2.4.6-67.el7_4.7.x86_64.rpm httpd-debuginfo-2.4.6-67.el7_4.7.x86_64.rpm httpd-devel-2.4.6-67.el7_4.7.x86_64.rpm httpd-tools-2.4.6-67.el7_4.7.x86_64.rpm mod_session-2.4.6-67.el7_4.7.x86_64.rpm mod_ssl-2.4.6-67.el7_4.7.x86_64.rpm

    Red Hat Enterprise Linux Server AUS (v. 7.6):

    Source: httpd-2.4.6-89.el7_6.2.src.rpm

    noarch: httpd-manual-2.4.6-89.el7_6.2.noarch.rpm

    x86_64: httpd-2.4.6-89.el7_6.2.x86_64.rpm httpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm httpd-devel-2.4.6-89.el7_6.2.x86_64.rpm httpd-tools-2.4.6-89.el7_6.2.x86_64.rpm mod_session-2.4.6-89.el7_6.2.x86_64.rpm mod_ssl-2.4.6-89.el7_6.2.x86_64.rpm

    Red Hat Enterprise Linux Server E4S (v. 7.6):

    Source: httpd-2.4.6-89.el7_6.2.src.rpm

    noarch: httpd-manual-2.4.6-89.el7_6.2.noarch.rpm

    ppc64le: httpd-2.4.6-89.el7_6.2.ppc64le.rpm httpd-debuginfo-2.4.6-89.el7_6.2.ppc64le.rpm httpd-devel-2.4.6-89.el7_6.2.ppc64le.rpm httpd-tools-2.4.6-89.el7_6.2.ppc64le.rpm mod_session-2.4.6-89.el7_6.2.ppc64le.rpm mod_ssl-2.4.6-89.el7_6.2.ppc64le.rpm

    x86_64: httpd-2.4.6-89.el7_6.2.x86_64.rpm httpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm httpd-devel-2.4.6-89.el7_6.2.x86_64.rpm httpd-tools-2.4.6-89.el7_6.2.x86_64.rpm mod_session-2.4.6-89.el7_6.2.x86_64.rpm mod_ssl-2.4.6-89.el7_6.2.x86_64.rpm

    Red Hat Enterprise Linux Server TUS (v. 7.6):

    Source: httpd-2.4.6-89.el7_6.2.src.rpm

    noarch: httpd-manual-2.4.6-89.el7_6.2.noarch.rpm

    x86_64: httpd-2.4.6-89.el7_6.2.x86_64.rpm httpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm httpd-devel-2.4.6-89.el7_6.2.x86_64.rpm httpd-tools-2.4.6-89.el7_6.2.x86_64.rpm mod_session-2.4.6-89.el7_6.2.x86_64.rpm mod_ssl-2.4.6-89.el7_6.2.x86_64.rpm

    Red Hat Enterprise Linux Server AUS (v. 7.7):

    Source: httpd-2.4.6-90.el7_7.1.src.rpm

    noarch: httpd-manual-2.4.6-90.el7_7.1.noarch.rpm

    x86_64: httpd-2.4.6-90.el7_7.1.x86_64.rpm httpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm httpd-devel-2.4.6-90.el7_7.1.x86_64.rpm httpd-tools-2.4.6-90.el7_7.1.x86_64.rpm mod_session-2.4.6-90.el7_7.1.x86_64.rpm mod_ssl-2.4.6-90.el7_7.1.x86_64.rpm

    Red Hat Enterprise Linux Server E4S (v. 7.7):

    Source: httpd-2.4.6-90.el7_7.1.src.rpm

    noarch: httpd-manual-2.4.6-90.el7_7.1.noarch.rpm

    ppc64le: httpd-2.4.6-90.el7_7.1.ppc64le.rpm httpd-debuginfo-2.4.6-90.el7_7.1.ppc64le.rpm httpd-devel-2.4.6-90.el7_7.1.ppc64le.rpm httpd-tools-2.4.6-90.el7_7.1.ppc64le.rpm mod_session-2.4.6-90.el7_7.1.ppc64le.rpm mod_ssl-2.4.6-90.el7_7.1.ppc64le.rpm

    x86_64: httpd-2.4.6-90.el7_7.1.x86_64.rpm httpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm httpd-devel-2.4.6-90.el7_7.1.x86_64.rpm httpd-tools-2.4.6-90.el7_7.1.x86_64.rpm mod_session-2.4.6-90.el7_7.1.x86_64.rpm mod_ssl-2.4.6-90.el7_7.1.x86_64.rpm

    Red Hat Enterprise Linux Server TUS (v. 7.7):

    Source: httpd-2.4.6-90.el7_7.1.src.rpm

    noarch: httpd-manual-2.4.6-90.el7_7.1.noarch.rpm

    x86_64: httpd-2.4.6-90.el7_7.1.x86_64.rpm httpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm httpd-devel-2.4.6-90.el7_7.1.x86_64.rpm httpd-tools-2.4.6-90.el7_7.1.x86_64.rpm mod_session-2.4.6-90.el7_7.1.x86_64.rpm mod_ssl-2.4.6-90.el7_7.1.x86_64.rpm

    Red Hat Enterprise Linux Server (v. 7):

    Source: httpd-2.4.6-97.el7_9.1.src.rpm

    noarch: httpd-manual-2.4.6-97.el7_9.1.noarch.rpm

    ppc64: httpd-2.4.6-97.el7_9.1.ppc64.rpm httpd-debuginfo-2.4.6-97.el7_9.1.ppc64.rpm httpd-devel-2.4.6-97.el7_9.1.ppc64.rpm httpd-tools-2.4.6-97.el7_9.1.ppc64.rpm mod_session-2.4.6-97.el7_9.1.ppc64.rpm mod_ssl-2.4.6-97.el7_9.1.ppc64.rpm

    ppc64le: httpd-2.4.6-97.el7_9.1.ppc64le.rpm httpd-debuginfo-2.4.6-97.el7_9.1.ppc64le.rpm httpd-devel-2.4.6-97.el7_9.1.ppc64le.rpm httpd-tools-2.4.6-97.el7_9.1.ppc64le.rpm mod_session-2.4.6-97.el7_9.1.ppc64le.rpm mod_ssl-2.4.6-97.el7_9.1.ppc64le.rpm

    s390x: httpd-2.4.6-97.el7_9.1.s390x.rpm httpd-debuginfo-2.4.6-97.el7_9.1.s390x.rpm httpd-devel-2.4.6-97.el7_9.1.s390x.rpm httpd-tools-2.4.6-97.el7_9.1.s390x.rpm mod_session-2.4.6-97.el7_9.1.s390x.rpm mod_ssl-2.4.6-97.el7_9.1.s390x.rpm

    x86_64: httpd-2.4.6-97.el7_9.1.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm httpd-devel-2.4.6-97.el7_9.1.x86_64.rpm httpd-tools-2.4.6-97.el7_9.1.x86_64.rpm mod_session-2.4.6-97.el7_9.1.x86_64.rpm mod_ssl-2.4.6-97.el7_9.1.x86_64.rpm

    Red Hat Enterprise Linux Server Optional AUS (v. 7.2):

    x86_64: httpd-debuginfo-2.4.6-40.el7_2.7.x86_64.rpm mod_ldap-2.4.6-40.el7_2.7.x86_64.rpm mod_proxy_html-2.4.6-40.el7_2.7.x86_64.rpm mod_session-2.4.6-40.el7_2.7.x86_64.rpm

    Red Hat Enterprise Linux Server Optional AUS (v. 7.3):

    x86_64: httpd-debuginfo-2.4.6-45.el7_3.6.x86_64.rpm mod_ldap-2.4.6-45.el7_3.6.x86_64.rpm mod_proxy_html-2.4.6-45.el7_3.6.x86_64.rpm mod_session-2.4.6-45.el7_3.6.x86_64.rpm

    Red Hat Enterprise Linux Server Optional AUS (v. 7.4):

    x86_64: httpd-debuginfo-2.4.6-67.el7_4.7.x86_64.rpm mod_ldap-2.4.6-67.el7_4.7.x86_64.rpm mod_proxy_html-2.4.6-67.el7_4.7.x86_64.rpm

    Red Hat Enterprise Linux Server Optional AUS (v. 7.6):

    x86_64: httpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm mod_ldap-2.4.6-89.el7_6.2.x86_64.rpm mod_proxy_html-2.4.6-89.el7_6.2.x86_64.rpm

    Red Hat Enterprise Linux Server Optional E4S (v. 7.6):

    ppc64le: httpd-debuginfo-2.4.6-89.el7_6.2.ppc64le.rpm mod_ldap-2.4.6-89.el7_6.2.ppc64le.rpm mod_proxy_html-2.4.6-89.el7_6.2.ppc64le.rpm

    x86_64: httpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm mod_ldap-2.4.6-89.el7_6.2.x86_64.rpm mod_proxy_html-2.4.6-89.el7_6.2.x86_64.rpm

    Red Hat Enterprise Linux Server Optional TUS (v. 7.6):

    x86_64: httpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm mod_ldap-2.4.6-89.el7_6.2.x86_64.rpm mod_proxy_html-2.4.6-89.el7_6.2.x86_64.rpm

    Red Hat Enterprise Linux Server Optional AUS (v. 7.7):

    x86_64: httpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm mod_ldap-2.4.6-90.el7_7.1.x86_64.rpm mod_proxy_html-2.4.6-90.el7_7.1.x86_64.rpm

    Red Hat Enterprise Linux Server Optional E4S (v. 7.6):

    ppc64le: httpd-debuginfo-2.4.6-90.el7_7.1.ppc64le.rpm mod_ldap-2.4.6-90.el7_7.1.ppc64le.rpm mod_proxy_html-2.4.6-90.el7_7.1.ppc64le.rpm

    x86_64: httpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm mod_ldap-2.4.6-90.el7_7.1.x86_64.rpm mod_proxy_html-2.4.6-90.el7_7.1.x86_64.rpm

    Red Hat Enterprise Linux Server Optional TUS (v. 7.7):

    x86_64: httpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm mod_ldap-2.4.6-90.el7_7.1.x86_64.rpm mod_proxy_html-2.4.6-90.el7_7.1.x86_64.rpm

    Red Hat Enterprise Linux Server Optional (v. 7):

    ppc64: httpd-debuginfo-2.4.6-97.el7_9.1.ppc64.rpm mod_ldap-2.4.6-97.el7_9.1.ppc64.rpm mod_proxy_html-2.4.6-97.el7_9.1.ppc64.rpm

    ppc64le: httpd-debuginfo-2.4.6-97.el7_9.1.ppc64le.rpm mod_ldap-2.4.6-97.el7_9.1.ppc64le.rpm mod_proxy_html-2.4.6-97.el7_9.1.ppc64le.rpm

    s390x: httpd-debuginfo-2.4.6-97.el7_9.1.s390x.rpm mod_ldap-2.4.6-97.el7_9.1.s390x.rpm mod_proxy_html-2.4.6-97.el7_9.1.s390x.rpm

    x86_64: httpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm mod_ldap-2.4.6-97.el7_9.1.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.1.x86_64.rpm

    Red Hat Enterprise Linux Workstation (v. 7):

    Source: httpd-2.4.6-97.el7_9.1.src.rpm

    noarch: httpd-manual-2.4.6-97.el7_9.1.noarch.rpm

    x86_64: httpd-2.4.6-97.el7_9.1.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm httpd-devel-2.4.6-97.el7_9.1.x86_64.rpm httpd-tools-2.4.6-97.el7_9.1.x86_64.rpm mod_session-2.4.6-97.el7_9.1.x86_64.rpm mod_ssl-2.4.6-97.el7_9.1.x86_64.rpm

    Red Hat Enterprise Linux Workstation Optional (v. 7):

    x86_64: httpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm mod_ldap-2.4.6-97.el7_9.1.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.1.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2021-40438 https://access.redhat.com/security/updates/classification/#important

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBYWfxl9zjgjWX9erEAQiHUQ//augswljuYjRC9IwK5XgDLjrigqEshGaa v5C3gfY1a4SwE/x0FQCawiBmh+8VMv5as3c0eeU5C6QB/05BSBycgboIZG3H6HdF sNOxNzkcG6WmooNZNJ0/c/ykvkn0tRq812yzDTxr2IB3+LxH5cYaw9wQnt62l3yF gjtWedH9xntGpqrVK17NVe/o9Jg4tL0CEPDk+NrbXeSgwnAnLKsLjpwQT72+GVJx ZLC9DYkFguzQN+wckKPRfxGtce0GtuXHkpEShCnH32RPrNyImFMn/Nc8IyOmTadT jCd07H2MNH6+Txxt6dh2aI+SI5JwdeGRNP7IXs86H+KPNZhphS/BqFt3qHGTsw4l 3f6jGfywbWfNdLw+s0qHaWvJ2ZgTw7O1QPncfozKn8cU3Rw9OunN+r2yVTcU3KW9 0ZGHpej56UhthE1qqS5vQjUPQ6SQgC1QHGDNgYkZk0mqIL3Vkv6gEqIF8TH4ezxZ LhZcY3N6HI5LC7568idurO0uLTdjPZq8+xMmDDAXA4QvIxOsOk6x4Rf1dzCtDpGo QSzxx6a6uYXF7EWIlkaR/qY5zcyk4i8aJN8yzrxu6oNulVSIsSuMnb00SIOk8cX7 lUt5V1/RhnWSRytHE5Tz68PyfNyqgJwFDg8D/p0nxZE1Q3tXmgtLwPOY0l2zkkjB 95kGnxWCYaA= =gPcK -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, noarch, ppc64le, s390x, x86_64

    1. 7) - noarch, x86_64

    2. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. Refer to the Release Notes for information on the security fix included in this release. Solution:

    Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.

    The References section of this erratum contains a download link for the update. You must be logged in to download the update. ========================================================================== Ubuntu Security Notice USN-5090-3 September 28, 2021

    apache2 regression

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 21.04
    • Ubuntu 20.04 LTS
    • Ubuntu 18.04 LTS

    Summary:

    USN-5090-1 introduced a regression in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem.

    Original advisory details:

    James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote attacker could possibly use this issue to perform request splitting or cache poisoning attacks. (CVE-2021-34798) Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly handled certain request uri-paths. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. If the server was configured with third-party modules, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-39275) It was discovered that the Apache mod_proxy module incorrectly handled certain request uri-paths. (CVE-2021-40438)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 21.04: apache2 2.4.46-4ubuntu1.3 apache2-bin 2.4.46-4ubuntu1.3

    Ubuntu 20.04 LTS: apache2 2.4.41-4ubuntu3.6 apache2-bin 2.4.41-4ubuntu3.6

    Ubuntu 18.04 LTS: apache2 2.4.29-1ubuntu4.18 apache2-bin 2.4.29-1ubuntu4.18

    In general, a standard system update will make all the necessary changes

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "enterprise linux for ibm z systems",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.0_s390x"
          },
          {
            "_id": null,
            "model": "enterprise linux update services for sap solutions",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.6"
          },
          {
            "_id": null,
            "model": "enterprise linux server update services for sap solutions",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.7"
          },
          {
            "_id": null,
            "model": "enterprise linux for power little endian eus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.1"
          },
          {
            "_id": null,
            "model": "enterprise linux for power little endian eus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.4"
          },
          {
            "_id": null,
            "model": "enterprise linux server aus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "enterprise linux server tus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.6"
          },
          {
            "_id": null,
            "model": "enterprise linux server aus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.7"
          },
          {
            "_id": null,
            "model": "enterprise linux for arm 64",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.4.48"
          },
          {
            "_id": null,
            "model": "enterprise linux server for power little endian update services for sap solutions",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.2"
          },
          {
            "_id": null,
            "model": "enterprise linux for ibm z systems eus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.8"
          },
          {
            "_id": null,
            "model": "enterprise linux for power big endian",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "enterprise linux eus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.6"
          },
          {
            "_id": null,
            "model": "enterprise linux server for power little endian update services for sap solutions",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.6"
          },
          {
            "_id": null,
            "model": "enterprise linux server for power little endian update services for sap solutions",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.6"
          },
          {
            "_id": null,
            "model": "enterprise linux server tus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.7"
          },
          {
            "_id": null,
            "model": "enterprise linux for arm 64 eus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.6"
          },
          {
            "_id": null,
            "model": "brocade fabric operating system",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": null
          },
          {
            "_id": null,
            "model": "instantis enterprisetrack",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "17.1"
          },
          {
            "_id": null,
            "model": "ruggedcom nms",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "*"
          },
          {
            "_id": null,
            "model": "instantis enterprisetrack",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "17.2"
          },
          {
            "_id": null,
            "model": "enterprise linux server aus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.4"
          },
          {
            "_id": null,
            "model": "enterprise linux server update services for sap solutions",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.6"
          },
          {
            "_id": null,
            "model": "f5os",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "1.1.4"
          },
          {
            "_id": null,
            "model": "enterprise linux server aus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.3"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "enterprise linux server aus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.2"
          },
          {
            "_id": null,
            "model": "enterprise linux for power little endian eus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.8"
          },
          {
            "_id": null,
            "model": "enterprise linux update services for sap solutions",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.4"
          },
          {
            "_id": null,
            "model": "sinec nms",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "1.0.3"
          },
          {
            "_id": null,
            "model": "tenable.sc",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "tenable",
            "version": "5.19.1"
          },
          {
            "_id": null,
            "model": "enterprise linux update services for sap solutions",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.2"
          },
          {
            "_id": null,
            "model": "enterprise linux server aus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.6"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "34"
          },
          {
            "_id": null,
            "model": "enterprise linux server tus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.4"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "enterprise linux server tus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.2"
          },
          {
            "_id": null,
            "model": "rocky linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "resf",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "secure global desktop",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "5.6"
          },
          {
            "_id": null,
            "model": "cloud backup",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "instantis enterprisetrack",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "17.3"
          },
          {
            "_id": null,
            "model": "enterprise linux eus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.4"
          },
          {
            "_id": null,
            "model": "enterprise linux for scientific computing",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "enterprise linux server tus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.6"
          },
          {
            "_id": null,
            "model": "enterprise linux eus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.2"
          },
          {
            "_id": null,
            "model": "enterprise linux server for power little endian update services for sap solutions",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.1"
          },
          {
            "_id": null,
            "model": "enterprise linux for power little endian eus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.2"
          },
          {
            "_id": null,
            "model": "enterprise linux server for power little endian update services for sap solutions",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.4"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "enterprise linux server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.2.1.4.0"
          },
          {
            "_id": null,
            "model": "jboss core services",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "f5os",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "1.2.1"
          },
          {
            "_id": null,
            "model": "enterprise linux for power little endian eus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.6"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.2.1.3.0"
          },
          {
            "_id": null,
            "model": "f5os",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "1.2.0"
          },
          {
            "_id": null,
            "model": "sinema remote connect server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "f5os",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "f5",
            "version": "1.1.0"
          },
          {
            "_id": null,
            "model": "enterprise linux update services for sap solutions",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.8"
          },
          {
            "_id": null,
            "model": "enterprise linux for ibm z systems",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "enterprise linux for ibm z systems eus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.1"
          },
          {
            "_id": null,
            "model": "enterprise linux for ibm z systems eus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.4"
          },
          {
            "_id": null,
            "model": "sinema server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "14.0"
          },
          {
            "_id": null,
            "model": "enterprise linux server tus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.8"
          },
          {
            "_id": null,
            "model": "enterprise linux update services for sap solutions",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.1"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "35"
          },
          {
            "_id": null,
            "model": "enterprise linux server for power little endian update services for sap solutions",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.7"
          },
          {
            "_id": null,
            "model": "enterprise linux server aus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.4"
          },
          {
            "_id": null,
            "model": "enterprise linux eus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.8"
          },
          {
            "_id": null,
            "model": "software collections",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "zfs storage appliance kit",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.8"
          },
          {
            "_id": null,
            "model": "enterprise manager ops center",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.4.0.0"
          },
          {
            "_id": null,
            "model": "clustered data ontap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise linux server for power little endian update services for sap solutions",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.8"
          },
          {
            "_id": null,
            "model": "enterprise linux for power little endian",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "enterprise linux for arm 64 eus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.8"
          },
          {
            "_id": null,
            "model": "enterprise linux for power little endian",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "enterprise linux for ibm z systems eus s390x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.2"
          },
          {
            "_id": null,
            "model": "enterprise linux server aus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.6"
          },
          {
            "_id": null,
            "model": "enterprise linux workstation",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "sinema remote connect server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "storagegrid",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise linux eus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "8.1"
          },
          {
            "_id": null,
            "model": "gnu/linux",
            "scope": null,
            "trust": 0.8,
            "vendor": "debian",
            "version": null
          },
          {
            "_id": null,
            "model": "ontap",
            "scope": null,
            "trust": 0.8,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "f5os",
            "scope": null,
            "trust": 0.8,
            "vendor": "f5",
            "version": null
          },
          {
            "_id": null,
            "model": "hitachi device manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "_id": null,
            "model": "hitachi infrastructure analytics advisor",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "_id": null,
            "model": "storagegrid",
            "scope": null,
            "trust": 0.8,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "hitachi ops center api configuration manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "_id": null,
            "model": "http server",
            "scope": null,
            "trust": 0.8,
            "vendor": "apache",
            "version": null
          },
          {
            "_id": null,
            "model": "hitachi configuration manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": null,
            "trust": 0.8,
            "vendor": "fedora",
            "version": null
          },
          {
            "_id": null,
            "model": "hitachi ops center analyzer",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "_id": null,
            "model": "oneview",
            "scope": null,
            "trust": 0.7,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "apache",
            "version": "\u003c=2.4.48"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-812"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-03224"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004150"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40438"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Anonymous",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-812"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2021-40438",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2021-40438",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2022-03224",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-401786",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.0,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "id": "CVE-2021-40438",
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.0,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-40438",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "ZDI",
                "availabilityImpact": "NONE",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-40438",
                "impactScore": 4.2,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "NONE",
                "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-40438",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2021-40438",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-40438",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "ZDI",
                "id": "CVE-2021-40438",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-03224",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202109-1094",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-401786",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-40438",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-812"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-03224"
          },
          {
            "db": "VULHUB",
            "id": "VHN-401786"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-40438"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1094"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004150"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40438"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40438"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. This vulnerability allows remote attackers to initiate arbitrary server-side requests on affected installations of Hewlett Packard Enterprise OneView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the REST service, which listens on TCP port 443 by default. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. The server is fast, reliable and extensible through a simple API. The vulnerability stems from the mod_proxy module failing to properly validate user input. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: httpd security update\nAdvisory ID:       RHSA-2021:3856-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2021:3856\nIssue date:        2021-10-14\nCVE Names:         CVE-2021-40438 \n=====================================================================\n\n1. Summary:\n\nAn update for httpd is now available for Red Hat Enterprise Linux 7, Red\nHat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux\n7.3 Advanced Update Support, Red Hat Enterprise Linux 7.4 Advanced Update\nSupport, Red Hat Enterprise Linux 7.6 Advanced Update Support, Red Hat\nEnterprise Linux 7.6 Telco Extended Update Support, Red Hat Enterprise\nLinux 7.6 Update Services for SAP Solutions, Red Hat Enterprise Linux 7.7\nAdvanced Update Support, Red Hat Enterprise Linux 7.7 Telco Extended Update\nSupport, and Red Hat Enterprise Linux 7.7 Update Services for SAP\nSolutions. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server AUS (v. 7.2) - noarch, x86_64\nRed Hat Enterprise Linux Server AUS (v. 7.3) - noarch, x86_64\nRed Hat Enterprise Linux Server AUS (v. 7.4) - noarch, x86_64\nRed Hat Enterprise Linux Server AUS (v. 7.6) - noarch, x86_64\nRed Hat Enterprise Linux Server AUS (v. 7.7) - noarch, x86_64\nRed Hat Enterprise Linux Server E4S (v. 7.6) - noarch, ppc64le, x86_64\nRed Hat Enterprise Linux Server E4S (v. 7.7) - noarch, ppc64le, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 7.2) - x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 7.3) - x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 7.6) - x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 7.7) - x86_64\nRed Hat Enterprise Linux Server Optional E4S (v. 7.6) - ppc64le, x86_64\nRed Hat Enterprise Linux Server Optional TUS (v. 7.6) - x86_64\nRed Hat Enterprise Linux Server Optional TUS (v. 7.7) - x86_64\nRed Hat Enterprise Linux Server TUS (v. 7.6) - noarch, x86_64\nRed Hat Enterprise Linux Server TUS (v. 7.7) - noarch, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. \n\nSecurity Fix(es):\n\n* httpd: mod_proxy: SSRF via a crafted request uri-path containing \"unix:\"\n(CVE-2021-40438)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2005117 - CVE-2021-40438 httpd: mod_proxy: SSRF via a crafted request uri-path containing \"unix:\"\n\n6. Package List:\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.1.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.1.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.1.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.1.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.1.x86_64.rpm\nmod_session-2.4.6-97.el7_9.1.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.1.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.1.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.1.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.1.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.1.x86_64.rpm\nmod_session-2.4.6-97.el7_9.1.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 7.2):\n\nSource:\nhttpd-2.4.6-40.el7_2.7.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-40.el7_2.7.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-40.el7_2.7.x86_64.rpm\nhttpd-debuginfo-2.4.6-40.el7_2.7.x86_64.rpm\nhttpd-devel-2.4.6-40.el7_2.7.x86_64.rpm\nhttpd-tools-2.4.6-40.el7_2.7.x86_64.rpm\nmod_ssl-2.4.6-40.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 7.3):\n\nSource:\nhttpd-2.4.6-45.el7_3.6.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-45.el7_3.6.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-45.el7_3.6.x86_64.rpm\nhttpd-debuginfo-2.4.6-45.el7_3.6.x86_64.rpm\nhttpd-devel-2.4.6-45.el7_3.6.x86_64.rpm\nhttpd-tools-2.4.6-45.el7_3.6.x86_64.rpm\nmod_ssl-2.4.6-45.el7_3.6.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 7.4):\n\nSource:\nhttpd-2.4.6-67.el7_4.7.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-67.el7_4.7.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-67.el7_4.7.x86_64.rpm\nhttpd-debuginfo-2.4.6-67.el7_4.7.x86_64.rpm\nhttpd-devel-2.4.6-67.el7_4.7.x86_64.rpm\nhttpd-tools-2.4.6-67.el7_4.7.x86_64.rpm\nmod_session-2.4.6-67.el7_4.7.x86_64.rpm\nmod_ssl-2.4.6-67.el7_4.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 7.6):\n\nSource:\nhttpd-2.4.6-89.el7_6.2.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-89.el7_6.2.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-89.el7_6.2.x86_64.rpm\nhttpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm\nhttpd-devel-2.4.6-89.el7_6.2.x86_64.rpm\nhttpd-tools-2.4.6-89.el7_6.2.x86_64.rpm\nmod_session-2.4.6-89.el7_6.2.x86_64.rpm\nmod_ssl-2.4.6-89.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server E4S (v. 7.6):\n\nSource:\nhttpd-2.4.6-89.el7_6.2.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-89.el7_6.2.noarch.rpm\n\nppc64le:\nhttpd-2.4.6-89.el7_6.2.ppc64le.rpm\nhttpd-debuginfo-2.4.6-89.el7_6.2.ppc64le.rpm\nhttpd-devel-2.4.6-89.el7_6.2.ppc64le.rpm\nhttpd-tools-2.4.6-89.el7_6.2.ppc64le.rpm\nmod_session-2.4.6-89.el7_6.2.ppc64le.rpm\nmod_ssl-2.4.6-89.el7_6.2.ppc64le.rpm\n\nx86_64:\nhttpd-2.4.6-89.el7_6.2.x86_64.rpm\nhttpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm\nhttpd-devel-2.4.6-89.el7_6.2.x86_64.rpm\nhttpd-tools-2.4.6-89.el7_6.2.x86_64.rpm\nmod_session-2.4.6-89.el7_6.2.x86_64.rpm\nmod_ssl-2.4.6-89.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server TUS (v. 7.6):\n\nSource:\nhttpd-2.4.6-89.el7_6.2.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-89.el7_6.2.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-89.el7_6.2.x86_64.rpm\nhttpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm\nhttpd-devel-2.4.6-89.el7_6.2.x86_64.rpm\nhttpd-tools-2.4.6-89.el7_6.2.x86_64.rpm\nmod_session-2.4.6-89.el7_6.2.x86_64.rpm\nmod_ssl-2.4.6-89.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 7.7):\n\nSource:\nhttpd-2.4.6-90.el7_7.1.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-90.el7_7.1.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-90.el7_7.1.x86_64.rpm\nhttpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm\nhttpd-devel-2.4.6-90.el7_7.1.x86_64.rpm\nhttpd-tools-2.4.6-90.el7_7.1.x86_64.rpm\nmod_session-2.4.6-90.el7_7.1.x86_64.rpm\nmod_ssl-2.4.6-90.el7_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server E4S (v. 7.7):\n\nSource:\nhttpd-2.4.6-90.el7_7.1.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-90.el7_7.1.noarch.rpm\n\nppc64le:\nhttpd-2.4.6-90.el7_7.1.ppc64le.rpm\nhttpd-debuginfo-2.4.6-90.el7_7.1.ppc64le.rpm\nhttpd-devel-2.4.6-90.el7_7.1.ppc64le.rpm\nhttpd-tools-2.4.6-90.el7_7.1.ppc64le.rpm\nmod_session-2.4.6-90.el7_7.1.ppc64le.rpm\nmod_ssl-2.4.6-90.el7_7.1.ppc64le.rpm\n\nx86_64:\nhttpd-2.4.6-90.el7_7.1.x86_64.rpm\nhttpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm\nhttpd-devel-2.4.6-90.el7_7.1.x86_64.rpm\nhttpd-tools-2.4.6-90.el7_7.1.x86_64.rpm\nmod_session-2.4.6-90.el7_7.1.x86_64.rpm\nmod_ssl-2.4.6-90.el7_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server TUS (v. 7.7):\n\nSource:\nhttpd-2.4.6-90.el7_7.1.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-90.el7_7.1.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-90.el7_7.1.x86_64.rpm\nhttpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm\nhttpd-devel-2.4.6-90.el7_7.1.x86_64.rpm\nhttpd-tools-2.4.6-90.el7_7.1.x86_64.rpm\nmod_session-2.4.6-90.el7_7.1.x86_64.rpm\nmod_ssl-2.4.6-90.el7_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.1.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.1.noarch.rpm\n\nppc64:\nhttpd-2.4.6-97.el7_9.1.ppc64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.1.ppc64.rpm\nhttpd-devel-2.4.6-97.el7_9.1.ppc64.rpm\nhttpd-tools-2.4.6-97.el7_9.1.ppc64.rpm\nmod_session-2.4.6-97.el7_9.1.ppc64.rpm\nmod_ssl-2.4.6-97.el7_9.1.ppc64.rpm\n\nppc64le:\nhttpd-2.4.6-97.el7_9.1.ppc64le.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.1.ppc64le.rpm\nhttpd-devel-2.4.6-97.el7_9.1.ppc64le.rpm\nhttpd-tools-2.4.6-97.el7_9.1.ppc64le.rpm\nmod_session-2.4.6-97.el7_9.1.ppc64le.rpm\nmod_ssl-2.4.6-97.el7_9.1.ppc64le.rpm\n\ns390x:\nhttpd-2.4.6-97.el7_9.1.s390x.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.1.s390x.rpm\nhttpd-devel-2.4.6-97.el7_9.1.s390x.rpm\nhttpd-tools-2.4.6-97.el7_9.1.s390x.rpm\nmod_session-2.4.6-97.el7_9.1.s390x.rpm\nmod_ssl-2.4.6-97.el7_9.1.s390x.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.1.x86_64.rpm\nmod_session-2.4.6-97.el7_9.1.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 7.2):\n\nx86_64:\nhttpd-debuginfo-2.4.6-40.el7_2.7.x86_64.rpm\nmod_ldap-2.4.6-40.el7_2.7.x86_64.rpm\nmod_proxy_html-2.4.6-40.el7_2.7.x86_64.rpm\nmod_session-2.4.6-40.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 7.3):\n\nx86_64:\nhttpd-debuginfo-2.4.6-45.el7_3.6.x86_64.rpm\nmod_ldap-2.4.6-45.el7_3.6.x86_64.rpm\nmod_proxy_html-2.4.6-45.el7_3.6.x86_64.rpm\nmod_session-2.4.6-45.el7_3.6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 7.4):\n\nx86_64:\nhttpd-debuginfo-2.4.6-67.el7_4.7.x86_64.rpm\nmod_ldap-2.4.6-67.el7_4.7.x86_64.rpm\nmod_proxy_html-2.4.6-67.el7_4.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 7.6):\n\nx86_64:\nhttpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm\nmod_ldap-2.4.6-89.el7_6.2.x86_64.rpm\nmod_proxy_html-2.4.6-89.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional E4S (v. 7.6):\n\nppc64le:\nhttpd-debuginfo-2.4.6-89.el7_6.2.ppc64le.rpm\nmod_ldap-2.4.6-89.el7_6.2.ppc64le.rpm\nmod_proxy_html-2.4.6-89.el7_6.2.ppc64le.rpm\n\nx86_64:\nhttpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm\nmod_ldap-2.4.6-89.el7_6.2.x86_64.rpm\nmod_proxy_html-2.4.6-89.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional TUS (v. 7.6):\n\nx86_64:\nhttpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm\nmod_ldap-2.4.6-89.el7_6.2.x86_64.rpm\nmod_proxy_html-2.4.6-89.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 7.7):\n\nx86_64:\nhttpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm\nmod_ldap-2.4.6-90.el7_7.1.x86_64.rpm\nmod_proxy_html-2.4.6-90.el7_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional E4S (v. 7.6):\n\nppc64le:\nhttpd-debuginfo-2.4.6-90.el7_7.1.ppc64le.rpm\nmod_ldap-2.4.6-90.el7_7.1.ppc64le.rpm\nmod_proxy_html-2.4.6-90.el7_7.1.ppc64le.rpm\n\nx86_64:\nhttpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm\nmod_ldap-2.4.6-90.el7_7.1.x86_64.rpm\nmod_proxy_html-2.4.6-90.el7_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional TUS (v. 7.7):\n\nx86_64:\nhttpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm\nmod_ldap-2.4.6-90.el7_7.1.x86_64.rpm\nmod_proxy_html-2.4.6-90.el7_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nhttpd-debuginfo-2.4.6-97.el7_9.1.ppc64.rpm\nmod_ldap-2.4.6-97.el7_9.1.ppc64.rpm\nmod_proxy_html-2.4.6-97.el7_9.1.ppc64.rpm\n\nppc64le:\nhttpd-debuginfo-2.4.6-97.el7_9.1.ppc64le.rpm\nmod_ldap-2.4.6-97.el7_9.1.ppc64le.rpm\nmod_proxy_html-2.4.6-97.el7_9.1.ppc64le.rpm\n\ns390x:\nhttpd-debuginfo-2.4.6-97.el7_9.1.s390x.rpm\nmod_ldap-2.4.6-97.el7_9.1.s390x.rpm\nmod_proxy_html-2.4.6-97.el7_9.1.s390x.rpm\n\nx86_64:\nhttpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.1.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.1.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.1.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.1.x86_64.rpm\nmod_session-2.4.6-97.el7_9.1.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nhttpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.1.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-40438\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYWfxl9zjgjWX9erEAQiHUQ//augswljuYjRC9IwK5XgDLjrigqEshGaa\nv5C3gfY1a4SwE/x0FQCawiBmh+8VMv5as3c0eeU5C6QB/05BSBycgboIZG3H6HdF\nsNOxNzkcG6WmooNZNJ0/c/ykvkn0tRq812yzDTxr2IB3+LxH5cYaw9wQnt62l3yF\ngjtWedH9xntGpqrVK17NVe/o9Jg4tL0CEPDk+NrbXeSgwnAnLKsLjpwQT72+GVJx\nZLC9DYkFguzQN+wckKPRfxGtce0GtuXHkpEShCnH32RPrNyImFMn/Nc8IyOmTadT\njCd07H2MNH6+Txxt6dh2aI+SI5JwdeGRNP7IXs86H+KPNZhphS/BqFt3qHGTsw4l\n3f6jGfywbWfNdLw+s0qHaWvJ2ZgTw7O1QPncfozKn8cU3Rw9OunN+r2yVTcU3KW9\n0ZGHpej56UhthE1qqS5vQjUPQ6SQgC1QHGDNgYkZk0mqIL3Vkv6gEqIF8TH4ezxZ\nLhZcY3N6HI5LC7568idurO0uLTdjPZq8+xMmDDAXA4QvIxOsOk6x4Rf1dzCtDpGo\nQSzxx6a6uYXF7EWIlkaR/qY5zcyk4i8aJN8yzrxu6oNulVSIsSuMnb00SIOk8cX7\nlUt5V1/RhnWSRytHE5Tz68PyfNyqgJwFDg8D/p0nxZE1Q3tXmgtLwPOY0l2zkkjB\n95kGnxWCYaA=\n=gPcK\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. 7) - noarch, x86_64\n\n3. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. Refer to the Release Notes for information on the security fix\nincluded in this release. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update. ==========================================================================\nUbuntu Security Notice USN-5090-3\nSeptember 28, 2021\n\napache2 regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.04\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nUSN-5090-1 introduced a regression in Apache HTTP Server. One of the upstream\nfixes introduced a regression in UDS URIs. This update fixes the problem. \n\nOriginal advisory details:\n\n James Kettle discovered that the Apache HTTP Server HTTP/2 module\n incorrectly handled certain crafted methods. A remote attacker could\n possibly use this issue to perform request splitting or cache poisoning\n attacks. \n (CVE-2021-34798)\n  Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly\n handled certain request uri-paths. \n This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. If the server was configured with third-party modules, a remote\n attacker could use this issue to cause the server to crash, resulting in a\n denial of service, or possibly execute arbitrary code. (CVE-2021-39275)\n  It was discovered that the Apache mod_proxy module incorrectly handled\n certain request uri-paths. \n (CVE-2021-40438)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.04:\n  apache2                         2.4.46-4ubuntu1.3\n  apache2-bin                     2.4.46-4ubuntu1.3\n\nUbuntu 20.04 LTS:\n  apache2                         2.4.41-4ubuntu3.6\n  apache2-bin                     2.4.41-4ubuntu3.6\n\nUbuntu 18.04 LTS:\n  apache2                         2.4.29-1ubuntu4.18\n  apache2-bin                     2.4.29-1ubuntu4.18\n\nIn general, a standard system update will make all the necessary changes",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-40438"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004150"
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-812"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-03224"
          },
          {
            "db": "VULHUB",
            "id": "VHN-401786"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-40438"
          },
          {
            "db": "PACKETSTORM",
            "id": "164513"
          },
          {
            "db": "PACKETSTORM",
            "id": "164493"
          },
          {
            "db": "PACKETSTORM",
            "id": "164505"
          },
          {
            "db": "PACKETSTORM",
            "id": "164460"
          },
          {
            "db": "PACKETSTORM",
            "id": "164443"
          },
          {
            "db": "PACKETSTORM",
            "id": "164307"
          },
          {
            "db": "PACKETSTORM",
            "id": "164305"
          },
          {
            "db": "PACKETSTORM",
            "id": "164318"
          }
        ],
        "trust": 3.69
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-40438",
            "trust": 5.5
          },
          {
            "db": "SIEMENS",
            "id": "SSA-685781",
            "trust": 1.7
          },
          {
            "db": "TENABLE",
            "id": "TNS-2021-17",
            "trust": 1.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-25-259-04",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU99030761",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004150",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-22691",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-24-812",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-03224",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "168072",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "164513",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "164505",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "164460",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "164318",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "164448",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "164329",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4004.7",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4004.2",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3591",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3229",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3250",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3482",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3429",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4004.5",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3784",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3387",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3341",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3524",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4004.3",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3373",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.2978",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3366",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3357",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3148",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021101005",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022041953",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021091707",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021112904",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021101340",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021101922",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022011836",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022060811",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022042112",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021101906",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021102601",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021092301",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021101116",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021111732",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-167-06",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1094",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-401786",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-40438",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "164493",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "164443",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "164307",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "164305",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-812"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-03224"
          },
          {
            "db": "VULHUB",
            "id": "VHN-401786"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-40438"
          },
          {
            "db": "PACKETSTORM",
            "id": "164513"
          },
          {
            "db": "PACKETSTORM",
            "id": "164493"
          },
          {
            "db": "PACKETSTORM",
            "id": "164505"
          },
          {
            "db": "PACKETSTORM",
            "id": "164460"
          },
          {
            "db": "PACKETSTORM",
            "id": "164443"
          },
          {
            "db": "PACKETSTORM",
            "id": "164307"
          },
          {
            "db": "PACKETSTORM",
            "id": "164305"
          },
          {
            "db": "PACKETSTORM",
            "id": "164318"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1094"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004150"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40438"
          }
        ]
      },
      "id": "VAR-202109-1802",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-03224"
          },
          {
            "db": "VULHUB",
            "id": "VHN-401786"
          }
        ],
        "trust": 1.3031922749999998
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-03224"
          }
        ]
      },
      "last_update_date": "2026-04-10T22:19:03.696000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "hitachi-sec-2021-139",
            "trust": 0.8,
            "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
          },
          {
            "title": "Hewlett Packard Enterprise has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04586en_us\u0026docLocale=en_US"
          },
          {
            "title": "Patch for Apache HTTP Server mod_proxy server request forgery vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/313356"
          },
          {
            "title": "Apache HTTP Server Fixes for code issue vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=178533"
          },
          {
            "title": "Red Hat: CVE-2021-40438",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-40438"
          },
          {
            "title": "Debian Security Advisories: DSA-4982-1 apache2 -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=93a29f7ecf9a6aaba79d3b3320aa4b85"
          },
          {
            "title": "Arch Linux Issues: ",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-40438 log"
          },
          {
            "title": "Hitachi Security Advisories: Vulnerability in Hitachi Command Suite, Hitachi Ops Center API Configuration Manager\u00ef\u00bc\u0152Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-139"
          },
          {
            "title": "Tenable Security Advisories: [R1] Stand-alone Security Patch Available for Tenable.sc versions 5.16.0 to 5.19.1: Patch 202110.1",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2021-17"
          },
          {
            "title": "Amazon Linux AMI: ALAS-2021-1543",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2021-1543"
          },
          {
            "title": "Amazon Linux 2: ALAS2-2021-1716",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1716"
          },
          {
            "title": "Cisco: Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-apache-httpd-2.4.49-VWL69sWQ"
          },
          {
            "title": "CVE-2021-40438 exploit PoC with Docker setup",
            "trust": 0.1,
            "url": "https://github.com/sixpacksecurity/CVE-2021-40438 "
          },
          {
            "title": "CVE-2021-40438",
            "trust": 0.1,
            "url": "https://github.com/gassara-kys/CVE-2021-40438 "
          },
          {
            "title": "CVE-2021-40438",
            "trust": 0.1,
            "url": "https://github.com/Kashkovsky/CVE-2021-40438 "
          },
          {
            "title": "scan_ssrf.sh",
            "trust": 0.1,
            "url": "https://github.com/vsh00t/BB-PoC "
          },
          {
            "title": "CVE-2021-40438",
            "trust": 0.1,
            "url": "https://github.com/xiaojiangxl/CVE-2021-40438 "
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-812"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-03224"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-40438"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1094"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004150"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-918",
            "trust": 1.1
          },
          {
            "problemtype": "Server-side request forgery (CWE-918) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-401786"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004150"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40438"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.3,
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "trust": 2.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-40438"
          },
          {
            "trust": 1.7,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf"
          },
          {
            "trust": 1.7,
            "url": "https://security.netapp.com/advisory/ntap-20211008-0004/"
          },
          {
            "trust": 1.7,
            "url": "https://www.tenable.com/security/tns-2021-17"
          },
          {
            "trust": 1.7,
            "url": "https://www.debian.org/security/2021/dsa-4982"
          },
          {
            "trust": 1.7,
            "url": "https://security.gentoo.org/glsa/202208-20"
          },
          {
            "trust": 1.7,
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "trust": 1.7,
            "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html"
          },
          {
            "trust": 1.1,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-httpd-2.4.49-vwl69swq"
          },
          {
            "trust": 1.1,
            "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
          },
          {
            "trust": 1.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-40438"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3cbugs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3cusers.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3cusers.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3cusers.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2021-40438"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3cusers.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3cusers.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3cusers.httpd.apache.org%3e"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu99030761/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-259-04"
          },
          {
            "trust": 0.7,
            "url": "https://support.hpe.com/hpesc/public/docdisplay?docid=hpesbgn04586en_us\u0026doclocale=en_us"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/"
          },
          {
            "trust": 0.6,
            "url": "httpd.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37@%3cbugs."
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00@%3cusers."
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3cusers."
          },
          {
            "trust": 0.6,
            "url": "httpd-2.4.49-vwl69swq"
          },
          {
            "trust": 0.6,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a@%3cusers."
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3cusers."
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3cusers."
          },
          {
            "trust": 0.6,
            "url": "httpd.apache.org/security/vulnerabilities_24.html"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3cusers."
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/164505/red-hat-security-advisory-2021-3836-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021101906"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3229"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021112904"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3524"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022041953"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/6528442"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021111732"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3429"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/164448/red-hat-security-advisory-2021-3746-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3373"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3357"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3250"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3591"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021102601"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168072/gentoo-linux-security-advisory-202208-20.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021101116"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4004.7"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/164318/ubuntu-security-notice-usn-5090-3.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/6520016"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-167-06"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.2978"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/164460/red-hat-security-advisory-2021-3754-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4004.3"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4004.2"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4004.5"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/6493841"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022042112"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022060811"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021092301"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3387"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3341"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021101922"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/164329/ubuntu-security-notice-usn-5090-4.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3148"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/164513/red-hat-security-advisory-2021-3856-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3366"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3784"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022011836"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021101340"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021091707"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/apache-http-server-four-vulnerabilities-36444"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3482"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021101005"
          },
          {
            "trust": 0.5,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.5,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34798"
          },
          {
            "trust": 0.3,
            "url": "https://ubuntu.com/security/notices/usn-5090-1"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39275"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33193"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36160"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37@%3cbugs.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3cusers.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3cusers.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3cusers.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3cusers.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00@%3cusers.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a@%3cusers.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:3856"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:3816"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-26691"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-26691"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:3836"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:3754"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:3745"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-5090-2"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.17"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.5"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.46-4ubuntu1.2"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-5090-3"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.6"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/bugs/1945311"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.18"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.46-4ubuntu1.3"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-24-812"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-03224"
          },
          {
            "db": "VULHUB",
            "id": "VHN-401786"
          },
          {
            "db": "PACKETSTORM",
            "id": "164513"
          },
          {
            "db": "PACKETSTORM",
            "id": "164493"
          },
          {
            "db": "PACKETSTORM",
            "id": "164505"
          },
          {
            "db": "PACKETSTORM",
            "id": "164460"
          },
          {
            "db": "PACKETSTORM",
            "id": "164443"
          },
          {
            "db": "PACKETSTORM",
            "id": "164307"
          },
          {
            "db": "PACKETSTORM",
            "id": "164305"
          },
          {
            "db": "PACKETSTORM",
            "id": "164318"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1094"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004150"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40438"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-24-812",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-03224",
            "ident": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-401786",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-40438",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164513",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164493",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164505",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164460",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164443",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164307",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164305",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164318",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1094",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004150",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2021-40438",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2024-06-18T00:00:00",
            "db": "ZDI",
            "id": "ZDI-24-812",
            "ident": null
          },
          {
            "date": "2022-01-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-03224",
            "ident": null
          },
          {
            "date": "2021-09-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-401786",
            "ident": null
          },
          {
            "date": "2021-09-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-40438",
            "ident": null
          },
          {
            "date": "2021-10-14T15:26:45",
            "db": "PACKETSTORM",
            "id": "164513",
            "ident": null
          },
          {
            "date": "2021-10-13T14:52:48",
            "db": "PACKETSTORM",
            "id": "164493",
            "ident": null
          },
          {
            "date": "2021-10-13T15:23:01",
            "db": "PACKETSTORM",
            "id": "164505",
            "ident": null
          },
          {
            "date": "2021-10-11T14:23:47",
            "db": "PACKETSTORM",
            "id": "164460",
            "ident": null
          },
          {
            "date": "2021-10-08T15:12:22",
            "db": "PACKETSTORM",
            "id": "164443",
            "ident": null
          },
          {
            "date": "2021-09-28T15:13:59",
            "db": "PACKETSTORM",
            "id": "164307",
            "ident": null
          },
          {
            "date": "2021-09-28T15:06:35",
            "db": "PACKETSTORM",
            "id": "164305",
            "ident": null
          },
          {
            "date": "2021-09-28T15:23:06",
            "db": "PACKETSTORM",
            "id": "164318",
            "ident": null
          },
          {
            "date": "2021-09-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202109-1094",
            "ident": null
          },
          {
            "date": "2021-11-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-004150",
            "ident": null
          },
          {
            "date": "2021-09-16T15:15:07.633000",
            "db": "NVD",
            "id": "CVE-2021-40438",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2024-08-15T00:00:00",
            "db": "ZDI",
            "id": "ZDI-24-812",
            "ident": null
          },
          {
            "date": "2022-01-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-03224",
            "ident": null
          },
          {
            "date": "2022-10-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-401786",
            "ident": null
          },
          {
            "date": "2023-11-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-40438",
            "ident": null
          },
          {
            "date": "2022-08-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202109-1094",
            "ident": null
          },
          {
            "date": "2025-09-22T01:14:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-004150",
            "ident": null
          },
          {
            "date": "2025-10-27T17:37:06.747000",
            "db": "NVD",
            "id": "CVE-2021-40438",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "164307"
          },
          {
            "db": "PACKETSTORM",
            "id": "164305"
          },
          {
            "db": "PACKETSTORM",
            "id": "164318"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1094"
          }
        ],
        "trust": 0.9
      },
      "title": {
        "_id": null,
        "data": "Apache\u00a0HTTP\u00a0Server\u00a0 Vulnerability that allows requests to be forwarded to an origin server selected by a remote user",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004150"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "code problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1094"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202210-0997

    Vulnerability from variot - Updated: 2026-04-10 22:15

    An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault. It is written in C language and can be called by many languages, such as C language, C++, XSH. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. Summary:

    OpenShift API for Data Protection (OADP) 1.1.2 is now available. Description:

    OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Solution:

    Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):

    2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers 2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps 2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests

    1. JIRA issues fixed (https://issues.jboss.org/):

    OADP-1056 - DPA fails validation if multiple BSLs have the same provider OADP-1150 - Handle docker env config changes in the oadp-operator OADP-1217 - update velero + restic to 1.9.5 OADP-1256 - Backup stays in progress status after restic pod is restarted due to OOM killed OADP-1289 - Restore partially fails with error "Secrets \"deployer-token-rrjqx\" not found" OADP-290 - Remove creation/usage of velero-privileged SCC

    1. Description:

    Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):

    2160492 - CVE-2023-22482 ArgoCD: JWT audience claim is not verified 2162517 - CVE-2023-22736 argocd: Controller reconciles apps outside configured namespaces when sharding is enabled

    1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Moderate: libxml2 security update Advisory ID: RHSA-2023:0338-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:0338 Issue date: 2023-01-23 CVE Names: CVE-2022-40303 CVE-2022-40304 ==================================================================== 1. Summary:

    An update for libxml2 is now available for Red Hat Enterprise Linux 9.

    Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64

    1. Description:

    The libxml2 library is a development toolbox providing the implementation of various XML standards.

    Security Fix(es):

    • libxml2: integer overflows with XML_PARSE_HUGE (CVE-2022-40303)

    • libxml2: dict corruption caused by entity reference cycles (CVE-2022-40304)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    The desktop must be restarted (log out, then log back in) for this update to take effect.

    1. Bugs fixed (https://bugzilla.redhat.com/):

    2136266 - CVE-2022-40303 libxml2: integer overflows with XML_PARSE_HUGE 2136288 - CVE-2022-40304 libxml2: dict corruption caused by entity reference cycles

    1. Package List:

    Red Hat Enterprise Linux AppStream (v. 9):

    aarch64: libxml2-debuginfo-2.9.13-3.el9_1.aarch64.rpm libxml2-debugsource-2.9.13-3.el9_1.aarch64.rpm libxml2-devel-2.9.13-3.el9_1.aarch64.rpm python3-libxml2-debuginfo-2.9.13-3.el9_1.aarch64.rpm

    ppc64le: libxml2-debuginfo-2.9.13-3.el9_1.ppc64le.rpm libxml2-debugsource-2.9.13-3.el9_1.ppc64le.rpm libxml2-devel-2.9.13-3.el9_1.ppc64le.rpm python3-libxml2-debuginfo-2.9.13-3.el9_1.ppc64le.rpm

    s390x: libxml2-debuginfo-2.9.13-3.el9_1.s390x.rpm libxml2-debugsource-2.9.13-3.el9_1.s390x.rpm libxml2-devel-2.9.13-3.el9_1.s390x.rpm python3-libxml2-debuginfo-2.9.13-3.el9_1.s390x.rpm

    x86_64: libxml2-debuginfo-2.9.13-3.el9_1.i686.rpm libxml2-debuginfo-2.9.13-3.el9_1.x86_64.rpm libxml2-debugsource-2.9.13-3.el9_1.i686.rpm libxml2-debugsource-2.9.13-3.el9_1.x86_64.rpm libxml2-devel-2.9.13-3.el9_1.i686.rpm libxml2-devel-2.9.13-3.el9_1.x86_64.rpm python3-libxml2-debuginfo-2.9.13-3.el9_1.i686.rpm python3-libxml2-debuginfo-2.9.13-3.el9_1.x86_64.rpm

    Red Hat Enterprise Linux BaseOS (v. 9):

    Source: libxml2-2.9.13-3.el9_1.src.rpm

    aarch64: libxml2-2.9.13-3.el9_1.aarch64.rpm libxml2-debuginfo-2.9.13-3.el9_1.aarch64.rpm libxml2-debugsource-2.9.13-3.el9_1.aarch64.rpm python3-libxml2-2.9.13-3.el9_1.aarch64.rpm python3-libxml2-debuginfo-2.9.13-3.el9_1.aarch64.rpm

    ppc64le: libxml2-2.9.13-3.el9_1.ppc64le.rpm libxml2-debuginfo-2.9.13-3.el9_1.ppc64le.rpm libxml2-debugsource-2.9.13-3.el9_1.ppc64le.rpm python3-libxml2-2.9.13-3.el9_1.ppc64le.rpm python3-libxml2-debuginfo-2.9.13-3.el9_1.ppc64le.rpm

    s390x: libxml2-2.9.13-3.el9_1.s390x.rpm libxml2-debuginfo-2.9.13-3.el9_1.s390x.rpm libxml2-debugsource-2.9.13-3.el9_1.s390x.rpm python3-libxml2-2.9.13-3.el9_1.s390x.rpm python3-libxml2-debuginfo-2.9.13-3.el9_1.s390x.rpm

    x86_64: libxml2-2.9.13-3.el9_1.i686.rpm libxml2-2.9.13-3.el9_1.x86_64.rpm libxml2-debuginfo-2.9.13-3.el9_1.i686.rpm libxml2-debuginfo-2.9.13-3.el9_1.x86_64.rpm libxml2-debugsource-2.9.13-3.el9_1.i686.rpm libxml2-debugsource-2.9.13-3.el9_1.x86_64.rpm python3-libxml2-2.9.13-3.el9_1.x86_64.rpm python3-libxml2-debuginfo-2.9.13-3.el9_1.i686.rpm python3-libxml2-debuginfo-2.9.13-3.el9_1.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2022-40303 https://access.redhat.com/security/cve/CVE-2022-40304 https://access.redhat.com/security/updates/classification/#moderate

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    APPLE-SA-2022-12-13-7 tvOS 16.2

    tvOS 16.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213535.

    Accounts Available for: Apple TV 4K, Apple TV 4K (2nd generation and later), and Apple TV HD Impact: A user may be able to view sensitive user information Description: This issue was addressed with improved data protection. CVE-2022-42843: Mickey Jin (@patch1t)

    AppleAVD Available for: Apple TV 4K, Apple TV 4K (2nd generation and later), and Apple TV HD Impact: Parsing a maliciously crafted video file may lead to kernel code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-46694: Andrey Labunets and Nikita Tarakanov

    AppleMobileFileIntegrity Available for: Apple TV 4K, Apple TV 4K (2nd generation and later), and Apple TV HD Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed by enabling hardened runtime. CVE-2022-42865: Wojciech Reguła (@_r3ggi) of SecuRing

    AVEVideoEncoder Available for: Apple TV 4K, Apple TV 4K (2nd generation and later), and Apple TV HD Impact: An app may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved checks. CVE-2022-42848: ABC Research s.r.o

    ImageIO Available for: Apple TV 4K, Apple TV 4K (2nd generation and later), and Apple TV HD Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-46693: Mickey Jin (@patch1t)

    ImageIO Available for: Apple TV 4K, Apple TV 4K (2nd generation and later), and Apple TV HD Impact: Parsing a maliciously crafted TIFF file may lead to disclosure of user information Description: The issue was addressed with improved memory handling. CVE-2022-42851: Mickey Jin (@patch1t)

    IOHIDFamily Available for: Apple TV 4K, Apple TV 4K (2nd generation and later), and Apple TV HD Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2022-42864: Tommy Muir (@Muirey03)

    IOMobileFrameBuffer Available for: Apple TV 4K, Apple TV 4K (2nd generation and later), and Apple TV HD Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-46690: John Aakerblom (@jaakerblom)

    Kernel Available for: Apple TV 4K, Apple TV 4K (2nd generation and later), and Apple TV HD Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with additional validation. CVE-2022-46689: Ian Beer of Google Project Zero

    Kernel Available for: Apple TV 4K, Apple TV 4K (2nd generation and later), and Apple TV HD Impact: Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-46701: Felix Poulin-Belanger

    Kernel Available for: Apple TV 4K, Apple TV 4K (2nd generation and later), and Apple TV HD Impact: A remote user may be able to cause kernel code execution Description: The issue was addressed with improved memory handling. CVE-2022-42842: pattern-f (@pattern_F_) of Ant Security Light-Year Lab

    Kernel Available for: Apple TV 4K, Apple TV 4K (2nd generation and later), and Apple TV HD Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-42845: Adam Doupé of ASU SEFCOM

    libxml2 Available for: Apple TV 4K, Apple TV 4K (2nd generation and later), and Apple TV HD Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: An integer overflow was addressed through improved input validation. CVE-2022-40303: Maddie Stone of Google Project Zero

    libxml2 Available for: Apple TV 4K, Apple TV 4K (2nd generation and later), and Apple TV HD Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-40304: Ned Williamson and Nathan Wachholz of Google Project Zero

    Preferences Available for: Apple TV 4K, Apple TV 4K (2nd generation and later), and Apple TV HD Impact: An app may be able to use arbitrary entitlements Description: A logic issue was addressed with improved state management. CVE-2022-42855: Ivan Fratric of Google Project Zero

    Safari Available for: Apple TV 4K, Apple TV 4K (2nd generation and later), and Apple TV HD Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. CVE-2022-46695: KirtiKumar Anandrao Ramchandani

    Software Update Available for: Apple TV 4K, Apple TV 4K (2nd generation and later), and Apple TV HD Impact: A user may be able to elevate privileges Description: An access issue existed with privileged API calls. This issue was addressed with additional restrictions. CVE-2022-42849: Mickey Jin (@patch1t)

    Weather Available for: Apple TV 4K, Apple TV 4K (2nd generation and later), and Apple TV HD Impact: An app may be able to read sensitive location information Description: The issue was addressed with improved handling of caches. CVE-2022-42866: an anonymous researcher

    WebKit Available for: Apple TV 4K, Apple TV 4K (2nd generation and later), and Apple TV HD Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 245521 CVE-2022-42867: Maddie Stone of Google Project Zero

    WebKit Available for: Apple TV 4K, Apple TV 4K (2nd generation and later), and Apple TV HD Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling. WebKit Bugzilla: 245466 CVE-2022-46691: an anonymous researcher

    WebKit Available for: Apple TV 4K, Apple TV 4K (2nd generation and later), and Apple TV HD Impact: Processing maliciously crafted web content may bypass Same Origin Policy Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 246783 CVE-2022-46692: KirtiKumar Anandrao Ramchandani

    WebKit Available for: Apple TV 4K, Apple TV 4K (2nd generation and later), and Apple TV HD Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: The issue was addressed with improved memory handling. CVE-2022-42852: hazbinhotel working with Trend Micro Zero Day Initiative

    WebKit Available for: Apple TV 4K, Apple TV 4K (2nd generation and later), and Apple TV HD Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. WebKit Bugzilla: 246942 CVE-2022-46696: Samuel Groß of Google V8 Security WebKit Bugzilla: 247562 CVE-2022-46700: Samuel Groß of Google V8 Security

    WebKit Available for: Apple TV 4K, Apple TV 4K (2nd generation and later), and Apple TV HD Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A logic issue was addressed with improved checks. CVE-2022-46698: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.

    WebKit Available for: Apple TV 4K, Apple TV 4K (2nd generation and later), and Apple TV HD Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 247420 CVE-2022-46699: Samuel Groß of Google V8 Security WebKit Bugzilla: 244622 CVE-2022-42863: an anonymous researcher

    WebKit Available for: Apple TV 4K, Apple TV 4K (2nd generation and later), and Apple TV HD Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1. Description: A type confusion issue was addressed with improved state handling. WebKit Bugzilla: 248266 CVE-2022-42856: Clément Lecigne of Google's Threat Analysis Group

    Additional recognition

    Kernel We would like to acknowledge Zweig of Kunlun Lab for their assistance.

    Safari Extensions We would like to acknowledge Oliver Dunk and Christian R. of 1Password for their assistance.

    WebKit We would like to acknowledge an anonymous researcher and scarlet for their assistance.

    Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software." To check the current version of software, select "Settings -> General -> About." All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.

    This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmOZFX4ACgkQ4RjMIDke NxkItA/+LIwJ66Odl7Uwp1N/qek5Z/TBuPKlbgTwRZGT3LBVMVmyHTBzebA88aNq Pae1RKQ2Txw4w9Tb7a08eeqRQD51MBoSjTxf23tO1o0B1UR3Hgq3gsOSjh/dTq9V Jvy4DpO15xdVHP3BH/li114JpgR+FoD5Du0rPffL01p6YtqeWMSvnRoCmwNcIqou i2ZObfdrL2WJ+IiDIlMoJ3v+B1tDxOWR6Mn37iRdzl+QgrQMQtP9pSsiAPCntA+y eFM5Hp0JlOMtCfA+xT+LRoZHCbjTCFMRlRbNffGvrNwwdTY4MXrSYlKcIo3yFT2m KSHrQNvqzWhmSLAcHlUNo0lVvtPAlrgyilCYaeRNgRC1+x8KRf/AcErXr23oKknJ lzIF6eVk1K3mxUmR+M+P8+cr14pbrUwJcQlm0In6/8fUulHtcElLE3fJ+HJVImx8 RtvNmuCng5iEK1zlwgDvAKO3EgMrMtduF8aygaCcBmt65GMkHwvOGCDXcIrKfH9U sP4eY7V3t4CQd9TX3Vlmt47MwRTSVuUtMcQeQPhEUTdUbM7UlvtW8igrLvkz9uPn CpuE2mzhd/dJANXvMFBR9A0ilAdJO1QD/uSWL+UbKq4BlyiW5etd8gObQfHqqW3C sh0EwxLh4ATicRS9btAJMwIfK/ulYDWp4yuIsUamDj/sN9xWvXY= =i2O9 -----END PGP SIGNATURE-----

    . Bugs fixed (https://bugzilla.redhat.com/):

    2156729 - CVE-2021-4238 goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be 2163037 - CVE-2022-3064 go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents 2167819 - CVE-2023-23947 ArgoCD: Users with any cluster secret update access may update out-of-bounds cluster secrets

    1. ========================================================================== Ubuntu Security Notice USN-5760-2 December 05, 2022

    libxml2 vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 16.04 ESM
    • Ubuntu 14.04 ESM

    Summary:

    Several security issues were fixed in libxml2. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

    Original advisory details:

    It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information or cause a crash. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-40304)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 16.04 ESM: libxml2 2.9.3+dfsg1-1ubuntu0.7+esm4 libxml2-utils 2.9.3+dfsg1-1ubuntu0.7+esm4

    Ubuntu 14.04 ESM: libxml2 2.9.1+dfsg1-3ubuntu4.13+esm4 libxml2-utils 2.9.1+dfsg1-3ubuntu4.13+esm4

    In general, a standard system update will make all the necessary changes

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "h410c",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "tvos",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "16.2"
          },
          {
            "_id": null,
            "model": "h500s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "clustered data ontap antivirus connector",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "clustered data ontap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "macos",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "macos",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "iphone os",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "15.7.2"
          },
          {
            "_id": null,
            "model": "h300s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "manageability sdk",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "h410s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "ipados",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "15.7.2"
          },
          {
            "_id": null,
            "model": "libxml2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "xmlsoft",
            "version": "2.10.3"
          },
          {
            "_id": null,
            "model": "macos",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "11.7.2"
          },
          {
            "_id": null,
            "model": "ontap select deploy administration utility",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "watchos",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "9.2"
          },
          {
            "_id": null,
            "model": "active iq unified manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "h700s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "snapmanager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "macos",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "12.6.2"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-40303"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "171310"
          },
          {
            "db": "PACKETSTORM",
            "id": "170754"
          },
          {
            "db": "PACKETSTORM",
            "id": "170753"
          },
          {
            "db": "PACKETSTORM",
            "id": "170752"
          },
          {
            "db": "PACKETSTORM",
            "id": "170668"
          },
          {
            "db": "PACKETSTORM",
            "id": "171043"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2022-40303",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-40303",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-40303",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-40303",
                "trust": 1.0,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-40303"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40303"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault. It is written in C language and can be called by many languages, such as C language, C++, XSH. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. Summary:\n\nOpenShift API for Data Protection (OADP) 1.1.2 is now available. Description:\n\nOpenShift API for Data Protection (OADP) enables you to back up and restore\napplication resources, persistent volume data, and internal container\nimages to external backup storage. OADP enables both file system-based and\nsnapshot-based backups for persistent volumes. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers\n2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters\n2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps\n2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nOADP-1056 - DPA fails validation if multiple BSLs have the same provider\nOADP-1150 - Handle docker env config changes in the oadp-operator\nOADP-1217 - update velero + restic to 1.9.5\nOADP-1256 - Backup stays in progress status after restic pod is restarted due to OOM killed\nOADP-1289 - Restore partially fails with error \"Secrets \\\"deployer-token-rrjqx\\\" not found\"\nOADP-290 - Remove creation/usage of velero-privileged SCC\n\n6. Description:\n\nRed Hat Openshift GitOps is a declarative way to implement continuous\ndeployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):\n\n2160492 - CVE-2023-22482 ArgoCD: JWT audience claim is not verified\n2162517 - CVE-2023-22736 argocd: Controller reconciles apps outside configured namespaces when sharding is enabled\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: libxml2 security update\nAdvisory ID:       RHSA-2023:0338-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2023:0338\nIssue date:        2023-01-23\nCVE Names:         CVE-2022-40303 CVE-2022-40304\n====================================================================\n1. Summary:\n\nAn update for libxml2 is now available for Red Hat Enterprise Linux 9. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe libxml2 library is a development toolbox providing the implementation\nof various XML standards. \n\nSecurity Fix(es):\n\n* libxml2: integer overflows with XML_PARSE_HUGE (CVE-2022-40303)\n\n* libxml2: dict corruption caused by entity reference cycles\n(CVE-2022-40304)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update\nto take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2136266 - CVE-2022-40303 libxml2: integer overflows with XML_PARSE_HUGE\n2136288 - CVE-2022-40304 libxml2: dict corruption caused by entity reference cycles\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 9):\n\naarch64:\nlibxml2-debuginfo-2.9.13-3.el9_1.aarch64.rpm\nlibxml2-debugsource-2.9.13-3.el9_1.aarch64.rpm\nlibxml2-devel-2.9.13-3.el9_1.aarch64.rpm\npython3-libxml2-debuginfo-2.9.13-3.el9_1.aarch64.rpm\n\nppc64le:\nlibxml2-debuginfo-2.9.13-3.el9_1.ppc64le.rpm\nlibxml2-debugsource-2.9.13-3.el9_1.ppc64le.rpm\nlibxml2-devel-2.9.13-3.el9_1.ppc64le.rpm\npython3-libxml2-debuginfo-2.9.13-3.el9_1.ppc64le.rpm\n\ns390x:\nlibxml2-debuginfo-2.9.13-3.el9_1.s390x.rpm\nlibxml2-debugsource-2.9.13-3.el9_1.s390x.rpm\nlibxml2-devel-2.9.13-3.el9_1.s390x.rpm\npython3-libxml2-debuginfo-2.9.13-3.el9_1.s390x.rpm\n\nx86_64:\nlibxml2-debuginfo-2.9.13-3.el9_1.i686.rpm\nlibxml2-debuginfo-2.9.13-3.el9_1.x86_64.rpm\nlibxml2-debugsource-2.9.13-3.el9_1.i686.rpm\nlibxml2-debugsource-2.9.13-3.el9_1.x86_64.rpm\nlibxml2-devel-2.9.13-3.el9_1.i686.rpm\nlibxml2-devel-2.9.13-3.el9_1.x86_64.rpm\npython3-libxml2-debuginfo-2.9.13-3.el9_1.i686.rpm\npython3-libxml2-debuginfo-2.9.13-3.el9_1.x86_64.rpm\n\nRed Hat Enterprise Linux BaseOS (v. 9):\n\nSource:\nlibxml2-2.9.13-3.el9_1.src.rpm\n\naarch64:\nlibxml2-2.9.13-3.el9_1.aarch64.rpm\nlibxml2-debuginfo-2.9.13-3.el9_1.aarch64.rpm\nlibxml2-debugsource-2.9.13-3.el9_1.aarch64.rpm\npython3-libxml2-2.9.13-3.el9_1.aarch64.rpm\npython3-libxml2-debuginfo-2.9.13-3.el9_1.aarch64.rpm\n\nppc64le:\nlibxml2-2.9.13-3.el9_1.ppc64le.rpm\nlibxml2-debuginfo-2.9.13-3.el9_1.ppc64le.rpm\nlibxml2-debugsource-2.9.13-3.el9_1.ppc64le.rpm\npython3-libxml2-2.9.13-3.el9_1.ppc64le.rpm\npython3-libxml2-debuginfo-2.9.13-3.el9_1.ppc64le.rpm\n\ns390x:\nlibxml2-2.9.13-3.el9_1.s390x.rpm\nlibxml2-debuginfo-2.9.13-3.el9_1.s390x.rpm\nlibxml2-debugsource-2.9.13-3.el9_1.s390x.rpm\npython3-libxml2-2.9.13-3.el9_1.s390x.rpm\npython3-libxml2-debuginfo-2.9.13-3.el9_1.s390x.rpm\n\nx86_64:\nlibxml2-2.9.13-3.el9_1.i686.rpm\nlibxml2-2.9.13-3.el9_1.x86_64.rpm\nlibxml2-debuginfo-2.9.13-3.el9_1.i686.rpm\nlibxml2-debuginfo-2.9.13-3.el9_1.x86_64.rpm\nlibxml2-debugsource-2.9.13-3.el9_1.i686.rpm\nlibxml2-debugsource-2.9.13-3.el9_1.x86_64.rpm\npython3-libxml2-2.9.13-3.el9_1.x86_64.rpm\npython3-libxml2-debuginfo-2.9.13-3.el9_1.i686.rpm\npython3-libxml2-debuginfo-2.9.13-3.el9_1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-40303\nhttps://access.redhat.com/security/cve/CVE-2022-40304\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-12-13-7 tvOS 16.2\n\ntvOS 16.2 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213535. \n\nAccounts\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation and later),\nand Apple TV HD\nImpact: A user may be able to view sensitive user information\nDescription: This issue was addressed with improved data protection. \nCVE-2022-42843: Mickey Jin (@patch1t)\n\nAppleAVD\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation and later),\nand Apple TV HD\nImpact: Parsing a maliciously crafted video file may lead to kernel\ncode execution\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-46694: Andrey Labunets and Nikita Tarakanov\n\nAppleMobileFileIntegrity\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation and later),\nand Apple TV HD\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed by enabling hardened runtime. \nCVE-2022-42865: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nAVEVideoEncoder\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation and later),\nand Apple TV HD\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-42848: ABC Research s.r.o\n\nImageIO\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation and later),\nand Apple TV HD\nImpact: Processing a maliciously crafted file may lead to arbitrary\ncode execution\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-46693: Mickey Jin (@patch1t)\n\nImageIO\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation and later),\nand Apple TV HD\nImpact: Parsing a maliciously crafted TIFF file may lead to\ndisclosure of user information\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42851: Mickey Jin (@patch1t)\n\nIOHIDFamily\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation and later),\nand Apple TV HD\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-42864: Tommy Muir (@Muirey03)\n\nIOMobileFrameBuffer\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation and later),\nand Apple TV HD\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-46690: John Aakerblom (@jaakerblom)\n\nKernel\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation and later),\nand Apple TV HD\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with additional\nvalidation. \nCVE-2022-46689: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation and later),\nand Apple TV HD\nImpact: Connecting to a malicious NFS server may lead to arbitrary\ncode execution with kernel privileges\nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-46701: Felix Poulin-Belanger\n\nKernel\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation and later),\nand Apple TV HD\nImpact: A remote user may be able to cause kernel code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42842: pattern-f (@pattern_F_) of Ant Security Light-Year\nLab\n\nKernel\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation and later),\nand Apple TV HD\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42845: Adam Doup\u00e9 of ASU SEFCOM\n\nlibxml2\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation and later),\nand Apple TV HD\nImpact: A remote user may be able to cause unexpected app termination\nor arbitrary code execution\nDescription: An integer overflow was addressed through improved input\nvalidation. \nCVE-2022-40303: Maddie Stone of Google Project Zero\n\nlibxml2\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation and later),\nand Apple TV HD\nImpact: A remote user may be able to cause unexpected app termination\nor arbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2022-40304: Ned Williamson and Nathan Wachholz of Google Project\nZero\n\nPreferences\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation and later),\nand Apple TV HD\nImpact: An app may be able to use arbitrary entitlements\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-42855: Ivan Fratric of Google Project Zero\n\nSafari\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation and later),\nand Apple TV HD\nImpact: Visiting a website that frames malicious content may lead to\nUI spoofing\nDescription: A spoofing issue existed in the handling of URLs. This\nissue was addressed with improved input validation. \nCVE-2022-46695: KirtiKumar Anandrao Ramchandani\n\nSoftware Update\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation and later),\nand Apple TV HD\nImpact: A user may be able to elevate privileges\nDescription: An access issue existed with privileged API calls. This\nissue was addressed with additional restrictions. \nCVE-2022-42849: Mickey Jin (@patch1t)\n\nWeather\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation and later),\nand Apple TV HD\nImpact: An app may be able to read sensitive location information\nDescription: The issue was addressed with improved handling of\ncaches. \nCVE-2022-42866: an anonymous researcher\n\nWebKit\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation and later),\nand Apple TV HD\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 245521\nCVE-2022-42867: Maddie Stone of Google Project Zero\n\nWebKit\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation and later),\nand Apple TV HD\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 245466\nCVE-2022-46691: an anonymous researcher\n\nWebKit\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation and later),\nand Apple TV HD\nImpact: Processing maliciously crafted web content may bypass Same\nOrigin Policy\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 246783\nCVE-2022-46692: KirtiKumar Anandrao Ramchandani\n\nWebKit\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation and later),\nand Apple TV HD\nImpact: Processing maliciously crafted web content may result in the\ndisclosure of process memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42852: hazbinhotel working with Trend Micro Zero Day\nInitiative\n\nWebKit\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation and later),\nand Apple TV HD\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nWebKit Bugzilla: 246942\nCVE-2022-46696: Samuel Gro\u00df of Google V8 Security\nWebKit Bugzilla: 247562\nCVE-2022-46700: Samuel Gro\u00df of Google V8 Security\n\nWebKit\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation and later),\nand Apple TV HD\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-46698: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs\n\u0026 DNSLab, Korea Univ. \n\nWebKit\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation and later),\nand Apple TV HD\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 247420\nCVE-2022-46699: Samuel Gro\u00df of Google V8 Security\nWebKit Bugzilla: 244622\nCVE-2022-42863: an anonymous researcher\n\nWebKit\nAvailable for: Apple TV 4K, Apple TV 4K (2nd generation and later),\nand Apple TV HD\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution. Apple is aware of a report that this issue\nmay have been actively exploited against versions of iOS released\nbefore iOS 15.1. \nDescription: A type confusion issue was addressed with improved state\nhandling. \nWebKit Bugzilla: 248266\nCVE-2022-42856: Cl\u00e9ment Lecigne of Google\u0027s Threat Analysis Group\n\nAdditional recognition\n\nKernel\nWe would like to acknowledge Zweig of Kunlun Lab for their\nassistance. \n\nSafari Extensions\nWe would like to acknowledge Oliver Dunk and Christian R. of\n1Password for their assistance. \n\nWebKit\nWe would like to acknowledge an anonymous researcher and scarlet for\ntheir assistance. \n\nApple TV will periodically check for software updates. Alternatively,\nyou may manually check for software updates by selecting \"Settings -\u003e\nSystem -\u003e Software Update -\u003e Update Software.\"  To check the current\nversion of software, select \"Settings -\u003e General -\u003e About.\"\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmOZFX4ACgkQ4RjMIDke\nNxkItA/+LIwJ66Odl7Uwp1N/qek5Z/TBuPKlbgTwRZGT3LBVMVmyHTBzebA88aNq\nPae1RKQ2Txw4w9Tb7a08eeqRQD51MBoSjTxf23tO1o0B1UR3Hgq3gsOSjh/dTq9V\nJvy4DpO15xdVHP3BH/li114JpgR+FoD5Du0rPffL01p6YtqeWMSvnRoCmwNcIqou\ni2ZObfdrL2WJ+IiDIlMoJ3v+B1tDxOWR6Mn37iRdzl+QgrQMQtP9pSsiAPCntA+y\neFM5Hp0JlOMtCfA+xT+LRoZHCbjTCFMRlRbNffGvrNwwdTY4MXrSYlKcIo3yFT2m\nKSHrQNvqzWhmSLAcHlUNo0lVvtPAlrgyilCYaeRNgRC1+x8KRf/AcErXr23oKknJ\nlzIF6eVk1K3mxUmR+M+P8+cr14pbrUwJcQlm0In6/8fUulHtcElLE3fJ+HJVImx8\nRtvNmuCng5iEK1zlwgDvAKO3EgMrMtduF8aygaCcBmt65GMkHwvOGCDXcIrKfH9U\nsP4eY7V3t4CQd9TX3Vlmt47MwRTSVuUtMcQeQPhEUTdUbM7UlvtW8igrLvkz9uPn\nCpuE2mzhd/dJANXvMFBR9A0ilAdJO1QD/uSWL+UbKq4BlyiW5etd8gObQfHqqW3C\nsh0EwxLh4ATicRS9btAJMwIfK/ulYDWp4yuIsUamDj/sN9xWvXY=\n=i2O9\n-----END PGP SIGNATURE-----\n\n\n. Bugs fixed (https://bugzilla.redhat.com/):\n\n2156729 - CVE-2021-4238 goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be\n2163037 - CVE-2022-3064 go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents\n2167819 - CVE-2023-23947 ArgoCD: Users with any cluster secret update access may update out-of-bounds cluster secrets\n\n5. ==========================================================================\nUbuntu Security Notice USN-5760-2\nDecember 05, 2022\n\nlibxml2 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in libxml2. This update provides the\ncorresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. \n\nOriginal advisory details:\n\n  It was discovered that libxml2 incorrectly handled certain XML files. \n  An attacker could possibly use this issue to expose sensitive information\n  or cause a crash. \n  An attacker could possibly use this issue to execute arbitrary code. \n  (CVE-2022-40304)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n   libxml2                         2.9.3+dfsg1-1ubuntu0.7+esm4\n   libxml2-utils                   2.9.3+dfsg1-1ubuntu0.7+esm4\n\nUbuntu 14.04 ESM:\n   libxml2                         2.9.1+dfsg1-3ubuntu4.13+esm4\n   libxml2-utils                   2.9.1+dfsg1-3ubuntu4.13+esm4\n\nIn general, a standard system update will make all the necessary changes",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-40303"
          },
          {
            "db": "VULHUB",
            "id": "VHN-429429"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-40303"
          },
          {
            "db": "PACKETSTORM",
            "id": "171310"
          },
          {
            "db": "PACKETSTORM",
            "id": "170754"
          },
          {
            "db": "PACKETSTORM",
            "id": "170753"
          },
          {
            "db": "PACKETSTORM",
            "id": "170752"
          },
          {
            "db": "PACKETSTORM",
            "id": "170668"
          },
          {
            "db": "PACKETSTORM",
            "id": "170317"
          },
          {
            "db": "PACKETSTORM",
            "id": "171043"
          },
          {
            "db": "PACKETSTORM",
            "id": "170097"
          }
        ],
        "trust": 1.8
      },
      "exploit_availability": {
        "_id": null,
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-429429",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-429429"
          }
        ]
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-40303",
            "trust": 2.0
          },
          {
            "db": "PACKETSTORM",
            "id": "170317",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "170753",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "171043",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "170752",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "170097",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "170754",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "170316",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169857",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "171016",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "170318",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169825",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "170555",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "171173",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169620",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "170899",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "170096",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "170312",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "170955",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169858",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169732",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "171042",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "171017",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "170315",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "171040",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "171260",
            "trust": 0.1
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1031",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-429429",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-40303",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "171310",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "170668",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-429429"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-40303"
          },
          {
            "db": "PACKETSTORM",
            "id": "171310"
          },
          {
            "db": "PACKETSTORM",
            "id": "170754"
          },
          {
            "db": "PACKETSTORM",
            "id": "170753"
          },
          {
            "db": "PACKETSTORM",
            "id": "170752"
          },
          {
            "db": "PACKETSTORM",
            "id": "170668"
          },
          {
            "db": "PACKETSTORM",
            "id": "170317"
          },
          {
            "db": "PACKETSTORM",
            "id": "171043"
          },
          {
            "db": "PACKETSTORM",
            "id": "170097"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40303"
          }
        ]
      },
      "id": "VAR-202210-0997",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-429429"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2026-04-10T22:15:13.442000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Debian CVElist Bug Report Logs: libxml2: CVE-2022-40303: Integer overflows with XML_PARSE_HUGE",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=5e77d7ff7e5e68d6c261fad482d55aba"
          },
          {
            "title": "Red Hat: ",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-40303"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-40303"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-190",
            "trust": 1.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-429429"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40303"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.1,
            "url": "https://security.netapp.com/advisory/ntap-20221209-0003/"
          },
          {
            "trust": 1.1,
            "url": "https://support.apple.com/kb/ht213531"
          },
          {
            "trust": 1.1,
            "url": "https://support.apple.com/kb/ht213533"
          },
          {
            "trust": 1.1,
            "url": "https://support.apple.com/kb/ht213534"
          },
          {
            "trust": 1.1,
            "url": "https://support.apple.com/kb/ht213535"
          },
          {
            "trust": 1.1,
            "url": "https://support.apple.com/kb/ht213536"
          },
          {
            "trust": 1.1,
            "url": "http://seclists.org/fulldisclosure/2022/dec/21"
          },
          {
            "trust": 1.1,
            "url": "http://seclists.org/fulldisclosure/2022/dec/24"
          },
          {
            "trust": 1.1,
            "url": "http://seclists.org/fulldisclosure/2022/dec/25"
          },
          {
            "trust": 1.1,
            "url": "http://seclists.org/fulldisclosure/2022/dec/26"
          },
          {
            "trust": 1.1,
            "url": "http://seclists.org/fulldisclosure/2022/dec/27"
          },
          {
            "trust": 1.1,
            "url": "https://gitlab.gnome.org/gnome/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0"
          },
          {
            "trust": 1.1,
            "url": "https://gitlab.gnome.org/gnome/libxml2/-/tags/v2.10.3"
          },
          {
            "trust": 0.7,
            "url": "https://access.redhat.com/security/cve/cve-2022-40303"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-40304"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-40303"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.6,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2022-40304"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.6,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-43680"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-42011"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-35737"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-46848"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-46848"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-42010"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-42012"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-43680"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42012"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2023-22482"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-22482"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-35737"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42010"
          },
          {
            "trust": 0.3,
            "url": "https://docs.openshift.com/container-platform/latest/cicd/gitops/understanding-openshift-gitops.html"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42011"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-47629"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-3821"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3821"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022224"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-46285"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-25308"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-2953"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-48303"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22662"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-2879"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-2880"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1304"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-2869"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-4415"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-27404"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-2058"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22624"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-25310"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-42898"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22628"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-25309"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:1174"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26710"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2057"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1304"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26700"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-4883"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26719"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-44617"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2058"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-41717"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-2521"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26709"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26717"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2519"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26716"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22629"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2056"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2521"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2520"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-27405"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-41715"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22629"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-27406"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-2056"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-2868"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1122"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-2520"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22628"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1122"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22662"
          },
          {
            "trust": 0.1,
            "url": "https://issues.jboss.org/):"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22624"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-2867"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-30293"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-2519"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-2057"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25308"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:0468"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:0466"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:0467"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-22736"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-22736"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:0338"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.1,
            "url": "https://www.apple.com/support/security/pgp/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42849"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42848"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42842"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42855"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42845"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/en-us/ht201222."
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42865"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42863"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42851"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42843"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42852"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42856"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42864"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/ht213535."
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-4238"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3064"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23947"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23521"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23521"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-47629"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-3064"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4238"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-41903"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-23947"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:0803"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-41903"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-5760-2"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-5760-1"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-429429"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-40303"
          },
          {
            "db": "PACKETSTORM",
            "id": "171310"
          },
          {
            "db": "PACKETSTORM",
            "id": "170754"
          },
          {
            "db": "PACKETSTORM",
            "id": "170753"
          },
          {
            "db": "PACKETSTORM",
            "id": "170752"
          },
          {
            "db": "PACKETSTORM",
            "id": "170668"
          },
          {
            "db": "PACKETSTORM",
            "id": "170317"
          },
          {
            "db": "PACKETSTORM",
            "id": "171043"
          },
          {
            "db": "PACKETSTORM",
            "id": "170097"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40303"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-429429",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-40303",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "171310",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "170754",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "170753",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "170752",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "170668",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "170317",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "171043",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "170097",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2022-40303",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-11-23T00:00:00",
            "db": "VULHUB",
            "id": "VHN-429429",
            "ident": null
          },
          {
            "date": "2023-03-09T15:14:10",
            "db": "PACKETSTORM",
            "id": "171310",
            "ident": null
          },
          {
            "date": "2023-01-26T15:35:03",
            "db": "PACKETSTORM",
            "id": "170754",
            "ident": null
          },
          {
            "date": "2023-01-26T15:34:56",
            "db": "PACKETSTORM",
            "id": "170753",
            "ident": null
          },
          {
            "date": "2023-01-26T15:34:49",
            "db": "PACKETSTORM",
            "id": "170752",
            "ident": null
          },
          {
            "date": "2023-01-24T16:30:22",
            "db": "PACKETSTORM",
            "id": "170668",
            "ident": null
          },
          {
            "date": "2022-12-22T02:12:53",
            "db": "PACKETSTORM",
            "id": "170317",
            "ident": null
          },
          {
            "date": "2023-02-17T16:07:29",
            "db": "PACKETSTORM",
            "id": "171043",
            "ident": null
          },
          {
            "date": "2022-12-05T15:18:44",
            "db": "PACKETSTORM",
            "id": "170097",
            "ident": null
          },
          {
            "date": "2022-11-23T00:15:11.007000",
            "db": "NVD",
            "id": "CVE-2022-40303",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2023-01-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-429429",
            "ident": null
          },
          {
            "date": "2025-04-29T05:15:43.693000",
            "db": "NVD",
            "id": "CVE-2022-40303",
            "ident": null
          }
        ]
      },
      "title": {
        "_id": null,
        "data": "Red Hat Security Advisory 2023-1174-01",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "171310"
          }
        ],
        "trust": 0.1
      },
      "type": {
        "_id": null,
        "data": "bypass",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "170752"
          }
        ],
        "trust": 0.1
      }
    }

    VAR-201912-1044

    Vulnerability from variot - Updated: 2026-04-10 21:48

    xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API.

    These updated images include numerous security fixes, bug fixes, and enhancements. Solution:

    Before applying this update, make sure all previously released errata relevant to your system have been applied.

    For details on how to apply this update, refer to:

    https://access.redhat.com/articles/11258

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1806266 - Require an extension to the cephfs subvolume commands, that can return metadata regarding a subvolume 1813506 - Dockerfile not compatible with docker and buildah 1817438 - OSDs not distributed uniformly across OCS nodes on a 9-node AWS IPI setup 1817850 - [BAREMETAL] rook-ceph-operator does not reconcile when osd deployment is deleted when performed node replacement 1827157 - OSD hitting default CPU limit on AWS i3en.2xlarge instances limiting performance 1829055 - [RFE] add insecureEdgeTerminationPolicy: Redirect to noobaa mgmt route (http to https) 1833153 - add a variable for sleep time of rook operator between checks of downed OSD+Node. 1836299 - NooBaa Operator deploys with HPA that fires maxreplicas alerts by default 1842254 - [NooBaa] Compression stats do not add up when compression id disabled 1845976 - OCS 4.5 Independent mode: must-gather commands fails to collect ceph command outputs from external cluster 1849771 - [RFE] Account created by OBC should have same permissions as bucket owner 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1854500 - [tracker-rhcs bug 1838931] mgr/volumes: add command to return metadata of a subvolume snapshot 1854501 - [Tracker-rhcs bug 1848494 ]pybind/mgr/volumes: Add the ability to keep snapshots of subvolumes independent of the source subvolume 1854503 - [tracker-rhcs-bug 1848503] cephfs: Provide alternatives to increase the total cephfs subvolume snapshot counts to greater than the current 400 across a Cephfs volume 1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS 1858195 - [GSS] registry pod stuck in ContainerCreating due to pvc from cephfs storage class fail to mount 1859183 - PV expansion is failing in retry loop in pre-existing PV after upgrade to OCS 4.5 (i.e. if the PV spec does not contain expansion params) 1859229 - Rook should delete extra MON PVCs in case first reconcile takes too long and rook skips "b" and "c" (spawned from Bug 1840084#c14) 1859478 - OCS 4.6 : Upon deployment, CSI Pods in CLBO with error - flag provided but not defined: -metadatastorage 1860022 - OCS 4.6 Deployment: LBP CSV and pod should not be deployed since ob/obc CRDs are owned from OCS 4.5 onwards 1860034 - OCS 4.6 Deployment in ocs-ci : Toolbox pod in ContainerCreationError due to key admin-secret not found 1860670 - OCS 4.5 Uninstall External: Openshift-storage namespace in Terminating state as CephObjectStoreUser had finalizers remaining 1860848 - Add validation for rgw-pool-prefix in the ceph-external-cluster-details-exporter script 1861780 - [Tracker BZ1866386][IBM s390x] Mount Failed for CEPH while running couple of OCS test cases. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ===================================================================== Red Hat Security Advisory

    Synopsis: Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update Advisory ID: RHSA-2020:5633-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2020:5633 Issue date: 2021-02-24 CVE Names: CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 CVE-2018-14553 CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16451 CVE-2018-16452 CVE-2018-20843 CVE-2019-3884 CVE-2019-5018 CVE-2019-6977 CVE-2019-6978 CVE-2019-8625 CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2019-9455 CVE-2019-9458 CVE-2019-11068 CVE-2019-12614 CVE-2019-13050 CVE-2019-13225 CVE-2019-13627 CVE-2019-14889 CVE-2019-15165 CVE-2019-15166 CVE-2019-15903 CVE-2019-15917 CVE-2019-15925 CVE-2019-16167 CVE-2019-16168 CVE-2019-16231 CVE-2019-16233 CVE-2019-16935 CVE-2019-17450 CVE-2019-17546 CVE-2019-18197 CVE-2019-18808 CVE-2019-18809 CVE-2019-19046 CVE-2019-19056 CVE-2019-19062 CVE-2019-19063 CVE-2019-19068 CVE-2019-19072 CVE-2019-19221 CVE-2019-19319 CVE-2019-19332 CVE-2019-19447 CVE-2019-19524 CVE-2019-19533 CVE-2019-19537 CVE-2019-19543 CVE-2019-19602 CVE-2019-19767 CVE-2019-19770 CVE-2019-19906 CVE-2019-19956 CVE-2019-20054 CVE-2019-20218 CVE-2019-20386 CVE-2019-20387 CVE-2019-20388 CVE-2019-20454 CVE-2019-20636 CVE-2019-20807 CVE-2019-20812 CVE-2019-20907 CVE-2019-20916 CVE-2020-0305 CVE-2020-0444 CVE-2020-1716 CVE-2020-1730 CVE-2020-1751 CVE-2020-1752 CVE-2020-1971 CVE-2020-2574 CVE-2020-2752 CVE-2020-2922 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3898 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-6405 CVE-2020-7595 CVE-2020-7774 CVE-2020-8177 CVE-2020-8492 CVE-2020-8563 CVE-2020-8566 CVE-2020-8619 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 CVE-2020-8647 CVE-2020-8648 CVE-2020-8649 CVE-2020-9327 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 CVE-2020-10018 CVE-2020-10029 CVE-2020-10732 CVE-2020-10749 CVE-2020-10751 CVE-2020-10763 CVE-2020-10773 CVE-2020-10774 CVE-2020-10942 CVE-2020-11565 CVE-2020-11668 CVE-2020-11793 CVE-2020-12465 CVE-2020-12655 CVE-2020-12659 CVE-2020-12770 CVE-2020-12826 CVE-2020-13249 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-14019 CVE-2020-14040 CVE-2020-14381 CVE-2020-14382 CVE-2020-14391 CVE-2020-14422 CVE-2020-15157 CVE-2020-15503 CVE-2020-15862 CVE-2020-15999 CVE-2020-16166 CVE-2020-24490 CVE-2020-24659 CVE-2020-25211 CVE-2020-25641 CVE-2020-25658 CVE-2020-25661 CVE-2020-25662 CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687 CVE-2020-25694 CVE-2020-25696 CVE-2020-26160 CVE-2020-27813 CVE-2020-27846 CVE-2020-28362 CVE-2020-29652 CVE-2021-2007 CVE-2021-3121 =====================================================================

    1. Summary:

    Red Hat OpenShift Container Platform release 4.7.0 is now available.

    Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Description:

    Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

    This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.0. See the following advisory for the RPM packages for this release:

    https://access.redhat.com/errata/RHSA-2020:5634

    Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

    https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html

    You may download the oc tool and use it to inspect release image metadata as follows:

    (For x86_64 architecture)

    $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-x86_64

    The image digest is sha256:d74b1cfa81f8c9cc23336aee72d8ae9c9905e62c4874b071317a078c316f8a70

    (For s390x architecture)

    $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-s390x

    The image digest is sha256:a68ca03d87496ddfea0ac26b82af77231583a58a7836b95de85efe5e390ad45d

    (For ppc64le architecture)

    $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-ppc64le

    The image digest is sha256:bc7b04e038c8ff3a33b827f4ee19aa79b26e14c359a7dcc1ced9f3b58e5f1ac6

    All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor.

    Security Fix(es):

    • crewjam/saml: authentication bypass in saml authentication (CVE-2020-27846)

    • golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference (CVE-2020-29652)

    • gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)

    • nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)

    • kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider (CVE-2020-8563)

    • containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters (CVE-2020-10749)

    • heketi: gluster-block volume password details available in logs (CVE-2020-10763)

    • golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)

    • jwt-go: access restriction bypass vulnerability (CVE-2020-26160)

    • golang-github-gorilla-websocket: integer overflow leads to denial of service (CVE-2020-27813)

    • golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    1. Solution:

    For OpenShift Container Platform 4.7, see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

    https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html

    Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html.

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1620608 - Restoring deployment config with history leads to weird state 1752220 - [OVN] Network Policy fails to work when project label gets overwritten 1756096 - Local storage operator should implement must-gather spec 1756173 - /etc/udev/rules.d/66-azure-storage.rules missing from initramfs 1768255 - installer reports 100% complete but failing components 1770017 - Init containers restart when the exited container is removed from node. 1775057 - [MSTR-485] Cluster is abnormal after etcd backup/restore when the backup is conducted during etcd encryption is migrating 1775444 - RFE: k8s cpu manager does not restrict /usr/bin/pod cpuset 1777038 - Cluster scaled beyond host subnet limits does not fire alert or cleanly report why it cannot scale 1777224 - InfraID in metadata.json and .openshift_install_state.json is not consistent when repeating create commands 1784298 - "Displaying with reduced resolution due to large dataset." would show under some conditions 1785399 - Under condition of heavy pod creation, creation fails with 'error reserving pod name ...: name is reserved" 1797766 - Resource Requirements" specDescriptor fields - CPU and Memory injects empty string YAML editor 1801089 - [OVN] Installation failed and monitoring pod not created due to some network error. 1805025 - [OSP] Machine status doesn't become "Failed" when creating a machine with invalid image 1805639 - Machine status should be "Failed" when creating a machine with invalid machine configuration 1806000 - CRI-O failing with: error reserving ctr name 1806915 - openshift-service-ca: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be 1806917 - openshift-service-ca-operator: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be 1810438 - Installation logs are not gathered from OCP nodes 1812085 - kubernetes-networking-namespace-pods dashboard doesn't exist 1812412 - Monitoring Dashboard: on restricted cluster, query timed out in expression evaluation 1813012 - EtcdDiscoveryDomain no longer needed 1813949 - openshift-install doesn't use env variables for OS_* for some of API endpoints 1816812 - OpenShift test suites are not resilient to rate limited registries (like docker.io) and cannot control their dependencies for offline use 1819053 - loading OpenAPI spec for "v1beta1.metrics.k8s.io" failed with: OpenAPI spec does not exist 1819457 - Package Server is in 'Cannot update' status despite properly working 1820141 - [RFE] deploy qemu-quest-agent on the nodes 1822744 - OCS Installation CI test flaking 1824038 - Integration Tests: StaleElementReferenceError in OLM single-installmode scenario 1825892 - StorageClasses and PVs are not cleaned completely after running the csi verification tool 1826301 - Wrong NodeStatus reports in file-integrity scan when configuration error in aide.conf file 1829723 - User workload monitoring alerts fire out of the box 1832968 - oc adm catalog mirror does not mirror the index image itself 1833012 - Lower OVNKubernetes HTTP E/W performance compared with OpenShiftSDN 1833220 - CVE-2020-10749 containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters 1834995 - olmFull suite always fails once th suite is run on the same cluster 1836017 - vSphere UPI: Both Internal and External load balancers for kube-apiserver should use /readyz 1837953 - Replacing masters doesn't work for ovn-kubernetes 4.4 1838352 - OperatorExited, Pending marketplace-operator-... pod for several weeks 1838751 - [oVirt][Tracker] Re-enable skipped network tests 1839239 - csi-snapshot-controller flickers Degraded=True on etcd hiccups 1840759 - [aws-ebs-csi-driver] The volume created by aws ebs csi driver can not be deleted when the cluster is destroyed 1841039 - authentication-operator: Add e2e test for password grants to Keycloak being set as OIDC IdP 1841119 - Get rid of config patches and pass flags directly to kcm 1841175 - When an Install Plan gets deleted, OLM does not create a new one 1841381 - Issue with memoryMB validation 1841885 - oc adm catalog mirror command attempts to pull from registry.redhat.io when using --from-dir option 1844727 - Etcd container leaves grep and lsof zombie processes 1845387 - CVE-2020-10763 heketi: gluster-block volume password details available in logs 1847074 - Filter bar layout issues at some screen widths on search page 1848358 - CRDs with preserveUnknownFields:true don't reflect in status that they are non-structural 1849543 - [4.5]kubeletconfig's description will show multiple lines for finalizers when upgrade from 4.4.8->4.5 1851103 - Use of NetworkManager-wait-online.service in rhcos-growpart.service 1851203 - [GSS] [RFE] Need a simpler representation of capactiy breakdown in total usage and per project breakdown in OCS 4 dashboard 1851351 - OCP 4.4.9: EtcdMemberIPMigratorDegraded: rpc error: code = Canceled desc = grpc: the client connection is closing 1851693 - The oc apply should return errors instead of hanging there when failing to create the CRD 1852289 - Upgrade testsuite fails on ppc64le environment - Unsupported LoadBalancer service 1853115 - the restriction of --cloud option should be shown in help text. 1853116 - --to option does not work with --credentials-requests flag. 1853352 - [v2v][UI] Storage Class fields Should Not be empty in VM disks view 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1854567 - "Installed Operators" list showing "duplicated" entries during installation 1855325 - [Feature:Prometheus][Conformance] Prometheus when installed on the cluster [Top Level] [Feature:Prometheus][Conformance] Prometheus when installed on the cluster should report telemetry if a cloud.openshift.com token is present 1855351 - Inconsistent Installer reactions to Ctrl-C during user input process 1855408 - OVN cluster unstable after running minimal scale test 1856351 - Build page should show metrics for when the build ran, not the last 30 minutes 1856354 - New APIServices missing from OpenAPI definitions 1857446 - ARO/Azure: excessive pod memory allocation causes node lockup 1857877 - Operator upgrades can delete existing CSV before completion 1858578 - [v2v] [ui] VM import RHV to CNV Target VM Name longer than 63 chars should not be allowed 1859174 - [IPI][OSP] Having errors from 4.3 to 4.6 about Security group rule already created 1860136 - default ingress does not propagate annotations to route object on update 1860322 - [OCPv4.5.2] after unexpected shutdown one of RHV Hypervisors, OCP worker nodes machine are marked as "Failed" 1860518 - unable to stop a crio pod 1861383 - Route with haproxy.router.openshift.io/timeout: 365d kills the ingress controller 1862430 - LSO: PV creation lock should not be acquired in a loop 1862489 - LSO autoprovisioning should exclude top level disks that are part of LVM volume group. 1862608 - Virtual media does not work on hosts using BIOS, only UEFI 1862918 - [v2v] User should only select SRIOV network when importin vm with SRIOV network 1865743 - Some pods are stuck in ContainerCreating and some sdn pods are in CrashLoopBackOff 1865839 - rpm-ostree fails with "System transaction in progress" when moving to kernel-rt 1866043 - Configurable table column headers can be illegible 1866087 - Examining agones helm chart resources results in "Oh no!" 1866261 - Need to indicate the intentional behavior for Ansible in the create api help info 1866298 - [RHOCS Usability Study][Installation] Labeling the namespace should be a part of the installation flow or be clearer as a requirement 1866320 - [RHOCS Usability Study][Dashboard] Users were confused by Available Capacity and the Total Capacity 1866334 - [RHOCS Usability Study][Installation] On the Operator installation page, there’s no indication on which labels offer tooltip/help 1866340 - [RHOCS Usability Study][Dashboard] It was not clear why “No persistent storage alerts” was prominently displayed 1866343 - [RHOCS Usability Study][Dashboard] User wanted to know the time frame for Data Consumption, e.g I/O Operations 1866445 - kola --basic-qemu-scenarios scenario fail on ppc64le & s390x 1866482 - Few errors are seen when oc adm must-gather is run 1866605 - No metadata.generation set for build and buildconfig objects 1866873 - MCDDrainError "Drain failed on , updates may be blocked" missing rendered node name 1866901 - Deployment strategy for BMO allows multiple pods to run at the same time 1866925 - openshift-install destroy cluster should fail quickly when provided with invalid credentials on Azure. 1867165 - Cannot assign static address to baremetal install bootstrap vm 1867380 - When using webhooks in OCP 4.5 fails to rollout latest deploymentconfig 1867400 - [OCs 4.5]UI should not allow creation of second storagecluster of different mode in a single OCS 1867477 - HPA monitoring cpu utilization fails for deployments which have init containers 1867518 - [oc] oc should not print so many goroutines when ANY command fails 1867608 - ds/machine-config-daemon takes 100+ minutes to rollout on 250 node cluster 1867965 - OpenShift Console Deployment Edit overwrites deployment yaml 1868004 - opm index add appears to produce image with wrong registry server binary 1868065 - oc -o jsonpath prints possible warning / bug "Unable to decode server response into a Table" 1868104 - Baremetal actuator should not delete Machine objects 1868125 - opm index add is not creating an index with valid images when --permissive flag is added, the index is empty instead 1868384 - CLI does not save login credentials as expected when using the same username in multiple clusters 1868527 - OpenShift Storage using VMWare vSAN receives error "Failed to add disk 'scsi0:2'" when mounted pod is created on separate node 1868645 - After a disaster recovery pods a stuck in "NodeAffinity" state and not running 1868748 - ClusterProvisioningIP in baremetal platform has wrong JSON annotation 1868765 - [vsphere][ci] could not reserve an IP address: no available addresses 1868770 - catalogSource named "redhat-operators" deleted in a disconnected cluster 1868976 - Prometheus error opening query log file on EBS backed PVC 1869293 - The configmap name looks confusing in aide-ds pod logs 1869606 - crio's failing to delete a network namespace 1870337 - [sig-storage] Managed cluster should have no crashlooping recycler pods over four minutes 1870342 - [sig-scheduling] SchedulerPredicates [Serial] validates resource limits of pods that are allowed to run [Conformance] 1870373 - Ingress Operator reports available when DNS fails to provision 1870467 - D/DC Part of Helm / Operator Backed should not have HPA 1870728 - openshift-install creates expired ignition files from stale .openshift_install_state.json 1870800 - [4.6] Managed Column not appearing on Pods Details page 1871170 - e2e tests are needed to validate the functionality of the etcdctl container 1872001 - EtcdDiscoveryDomain no longer needed 1872095 - content are expanded to the whole line when only one column in table on Resource Details page 1872124 - Could not choose device type as "disk" or "part" when create localvolumeset from web console 1872128 - Can't run container with hostPort on ipv6 cluster 1872166 - 'Silences' link redirects to unexpected 'Alerts' view after creating a silence in the Developer perspective 1872251 - [aws-ebs-csi-driver] Verify job in CI doesn't check for vendor dir sanity 1872786 - Rules in kube-apiserver.rules are taking too long and consuming too much memory for Prometheus to evaluate them 1872821 - [DOC] Typo in Ansible Operator Tutorial 1872907 - Fail to create CR from generated Helm Base Operator 1872923 - Click "Cancel" button on the "initialization-resource" creation form page should send users to the "Operator details" page instead of "Install Operator" page (previous page) 1873007 - [downstream] failed to read config when running the operator-sdk in the home path 1873030 - Subscriptions without any candidate operators should cause resolution to fail 1873043 - Bump to latest available 1.19.x k8s 1873114 - Nodes goes into NotReady state (VMware) 1873288 - Changing Cluster-Wide Pull Secret Does Not Trigger Updates In Kubelet Filesystem 1873305 - Failed to power on /inspect node when using Redfish protocol 1873326 - Accessibility - The symbols e.g checkmark in the overview page has no text description, label, or other accessible information 1873480 - Accessibility - No text description, alt text, label, or other accessible information associated with the help icon: “?” button/icon in Developer Console ->Navigation 1873556 - [Openstack] HTTP_PROXY setting for NetworkManager-resolv-prepender not working 1873593 - MCO fails to cope with ContainerRuntimeConfig thas has a name > 63 characters 1874057 - Pod stuck in CreateContainerError - error msg="container_linux.go:348: starting container process caused \"chdir to cwd (\\"/mount-point\\") set in config.json failed: permission denied\"" 1874074 - [CNV] Windows 2019 Default Template Not Defaulting to Proper NIC/Storage Driver 1874192 - [RFE] "Create Backing Store" page doesn't allow to select already defined k8s secret as target bucket credentials when Google Cloud Storage is selected as a provider 1874240 - [vsphere] unable to deprovision - Runtime error list attached objects 1874248 - Include validation for vcenter host in the install-config 1874340 - vmware: NodeClockNotSynchronising alert is triggered in openshift cluster after upgrading form 4.4.16 to 4.5.6 1874583 - apiserver tries and fails to log an event when shutting down 1874584 - add retry for etcd errors in kube-apiserver 1874638 - Missing logging for nbctl daemon 1874736 - [downstream] no version info for the helm-operator 1874901 - add utm_source parameter to Red Hat Marketplace URLs for attribution 1874968 - Accessibility: The project selection drop down is a keyboard trap 1875247 - Dependency resolution error "found more than one head for channel" is unhelpful for users 1875516 - disabled scheduling is easy to miss in node page of OCP console 1875598 - machine status is Running for a master node which has been terminated from the console 1875806 - When creating a service of type "LoadBalancer" (Kuryr,OVN) communication through this loadbalancer failes after 2-5 minutes. 1876166 - need to be able to disable kube-apiserver connectivity checks 1876469 - Invalid doc link on yaml template schema description 1876701 - podCount specDescriptor change doesn't take effect on operand details page 1876815 - Installer uses the environment variable OS_CLOUD for manifest generation despite explicit prompt 1876935 - AWS volume snapshot is not deleted after the cluster is destroyed 1877071 - vSphere IPI - Nameserver limits were exceeded, some nameservers have been omitted 1877105 - add redfish to enabled_bios_interfaces 1877116 - e2e aws calico tests fail with rpc error: code = ResourceExhausted 1877273 - [OVN] EgressIP cannot fail over to available nodes after one egressIP node shutdown 1877648 - [sriov]VF from allocatable and capacity of node is incorrect when the policy is only 'rootDevices' 1877681 - Manually created PV can not be used 1877693 - dnsrecords specify recordTTL as 30 but the value is null in AWS Route 53 1877740 - RHCOS unable to get ip address during first boot 1877812 - [ROKS] IBM cloud failed to terminate OSDs when upgraded between internal builds of OCS 4.5 1877919 - panic in multus-admission-controller 1877924 - Cannot set BIOS config using Redfish with Dell iDracs 1878022 - Met imagestreamimport error when import the whole image repository 1878086 - OCP 4.6+OCS 4.6(multiple SC) Internal Mode- UI should populate the default "Filesystem Name" instead of providing a textbox, & the name should be validated 1878301 - [4.6] [UI] Unschedulable used to always be displayed when Node is Ready status 1878701 - After deleting and recreating a VM with same name, the VM events contain the events from the old VM 1878766 - CPU consumption on nodes is higher than the CPU count of the node. 1878772 - On the nodes there are up to 547 zombie processes caused by thanos and Prometheus. 1878823 - "oc adm release mirror" generating incomplete imageContentSources when using "--to" and "--to-release-image" 1878845 - 4.5 to 4.6.rc.4 upgrade failure: authentication operator health check connection refused for multitenant mode 1878900 - Installer complains about not enough vcpu for the baremetal flavor where generic bm flavor is being used 1878953 - RBAC error shows when normal user access pvc upload page 1878956 - oc api-resources does not include API version 1878972 - oc adm release mirror removes the architecture information 1879013 - [RFE]Improve CD-ROM interface selection 1879056 - UI should allow to change or unset the evictionStrategy 1879057 - [CSI Certificate Test] Test failed for CSI certification tests for CSIdriver openshift-storage.rbd.csi.ceph.com with RWX enabled 1879094 - RHCOS dhcp kernel parameters not working as expected 1879099 - Extra reboot during 4.5 -> 4.6 upgrade 1879244 - Error adding container to network "ipvlan-host-local": "master" field is required 1879248 - OLM Cert Dir for Webhooks does not align SDK/Kubebuilder 1879282 - Update OLM references to point to the OLM's new doc site 1879283 - panic after nil pointer dereference in pkg/daemon/update.go 1879365 - Overlapping, divergent openshift-cluster-storage-operator manifests 1879419 - [RFE]Improve boot source description for 'Container' and ‘URL’ 1879430 - openshift-object-counts quota is not dynamically updating as the resource is deleted. 1879565 - IPv6 installation fails on node-valid-hostname 1879777 - Overlapping, divergent openshift-machine-api namespace manifests 1879878 - Messages flooded in thanos-querier pod- oauth-proxy container: Authorization header does not start with 'Basic', skipping basic authentication in Log message in thanos-querier pod the oauth-proxy 1879930 - Annotations shouldn't be removed during object reconciliation 1879976 - No other channel visible from console 1880068 - image pruner is not aware of image policy annotation, StatefulSets, etc. 1880148 - dns daemonset rolls out slowly in large clusters 1880161 - Actuator Update calls should have fixed retry time 1880259 - additional network + OVN network installation failed 1880389 - Pipeline Runs with skipped Tasks incorrectly show Tasks as "Failed" 1880410 - Convert Pipeline Visualization node to SVG 1880417 - [vmware] Fail to boot with Secure Boot enabled, kernel lockdown denies iopl access to afterburn 1880443 - broken machine pool management on OpenStack 1880450 - Host failed to install because its installation stage joined took longer than expected 20m0s. 1880473 - IBM Cloudpak operators installation stuck "UpgradePending" with InstallPlan status updates failing due to size limitation 1880680 - [4.3] [Tigera plugin] - openshift-kube-proxy fails - Failed to execute iptables-restore: exit status 4 (iptables-restore v1.8.4 (nf_tables) 1880785 - CredentialsRequest missing description in oc explain 1880787 - No description for Provisioning CRD for oc explain 1880902 - need dnsPlocy set in crd ingresscontrollers 1880913 - [DeScheduler] - change loglevel from Info to Error when priority class given in the descheduler params is not present in the cluster 1881027 - Cluster installation fails at with error : the container name \"assisted-installer\" is already in use 1881046 - [OSP] openstack-cinder-csi-driver-operator doesn't contain required manifests and assets 1881155 - operator install authentication: Authentication require functional ingress which requires at least one schedulable and ready node 1881268 - Image uploading failed but wizard claim the source is available 1881322 - kube-scheduler not scheduling pods for certificates not renewed automatically after nodes restoration 1881347 - [v2v][ui]VM Import Wizard does not call Import provider cleanup 1881881 - unable to specify target port manually resulting in application not reachable 1881898 - misalignment of sub-title in quick start headers 1882022 - [vsphere][ipi] directory path is incomplete, terraform can't find the cluster 1882057 - Not able to select access modes for snapshot and clone 1882140 - No description for spec.kubeletConfig 1882176 - Master recovery instructions don't handle IP change well 1882191 - Installation fails against external resources which lack DNS Subject Alternative Name 1882209 - [ BateMetal IPI ] local coredns resolution not working 1882210 - [release 4.7] insights-operator: Fix bug in reflector not recovering from "Too large resource version" 1882268 - [e2e][automation]Add Integration Test for Snapshots 1882361 - Retrieve and expose the latest report for the cluster 1882485 - dns-node-resolver corrupts /etc/hosts if internal registry is not in use 1882556 - git:// protocol in origin tests is not currently proxied 1882569 - CNO: Replacing masters doesn't work for ovn-kubernetes 4.4 1882608 - Spot instance not getting created on AzureGovCloud 1882630 - Fstype is changed after deleting pv provisioned by localvolumeset instance 1882649 - IPI installer labels all images it uploads into glance as qcow2 1882653 - The Approval should display the Manual after the APPROVAL changed to Manual from the Automatic 1882658 - [RFE] Volume Snapshot is not listed under inventory in Project Details page 1882660 - Operators in a namespace should be installed together when approve one 1882667 - [ovn] br-ex Link not found when scale up RHEL worker 1882723 - [vsphere]Suggested mimimum value for providerspec not working 1882730 - z systems not reporting correct core count in recording rule 1882750 - [sig-api-machinery][Feature:APIServer][Late] kubelet terminates kube-apiserver gracefully 1882781 - nameserver= option to dracut creates extra NM connection profile 1882785 - Multi-Arch CI Jobs destroy libvirt network but occasionally leave it defined 1882844 - [IPI on vsphere] Executing 'openshift-installer destroy cluster' leaves installer tag categories in vsphere 1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability 1883388 - Bare Metal Hosts Details page doesn't show Mainitenance and Power On/Off status 1883422 - operator-sdk cleanup fail after installing operator with "run bundle" without installmode and og with ownnamespace 1883425 - Gather top installplans and their count 1883502 - Logging is broken due to mix of k8s.io/klog v1 and v2 1883523 - [sig-cli] oc adm must-gather runs successfully for audit logs [Suite:openshift/conformance/parallel] 1883538 - must gather report "cannot file manila/aws ebs/ovirt csi related namespaces and objects" error 1883560 - operator-registry image needs clean up in /tmp 1883563 - Creating duplicate namespace from create namespace modal breaks the UI 1883614 - [OCP 4.6] [UI] UI should not describe power cycle as "graceful" 1883642 - [sig-imageregistry][Feature:ImageTriggers][Serial] ImageStream admission TestImageStreamAdmitSpecUpdate 1883660 - e2e-metal-ipi CI job consistently failing on 4.4 1883765 - [user workload monitoring] improve latency of Thanos sidecar when streaming read requests 1883766 - [e2e][automation] Adjust tests for UI changes 1883768 - [user workload monitoring] The Prometheus operator should discard invalid TLS configurations 1883773 - opm alpha bundle build fails on win10 home 1883790 - revert "force cert rotation every couple days for development" in 4.7 1883803 - node pull secret feature is not working as expected 1883836 - Jenkins imagestream ubi8 and nodejs12 update 1883847 - The UI does not show checkbox for enable encryption at rest for OCS 1883853 - go list -m all does not work 1883905 - race condition in opm index add --overwrite-latest 1883946 - Understand why trident CSI pods are getting deleted by OCP 1884035 - Pods are illegally transitioning back to pending 1884041 - e2e should provide error info when minimum number of pods aren't ready in kube-system namespace 1884131 - oauth-proxy repository should run tests 1884165 - Repos should be disabled in -firstboot.service before OS extensions are applied 1884221 - IO becomes unhealthy due to a file change 1884258 - Node network alerts should work on ratio rather than absolute values 1884270 - Git clone does not support SCP-style ssh locations 1884334 - CVO marks an upgrade as failed when an operator takes more than 20 minutes to rollout 1884435 - vsphere - loopback is randomly not being added to resolver 1884565 - oauth-proxy crashes on invalid usage 1884584 - Kuryr controller continuously restarting due to unable to clean up Network Policy 1884613 - Create Instance of Prometheus from operator returns blank page for non cluster-admin users 1884628 - ovs-configuration service fails when the external network is configured on a tagged vlan on top of a bond device on a baremetal IPI deployment 1884629 - Visusally impaired user using screen reader not able to select Admin/Developer console options in drop down menu. 1884632 - Adding BYOK disk encryption through DES 1884654 - Utilization of a VMI is not populated 1884655 - KeyError on self._existing_vifs[port_id] 1884664 - Operator install page shows "installing..." instead of going to install status page 1884672 - Failed to inspect hardware. Reason: unable to start inspection: 'idrac' 1884691 - Installer blocks cloud-credential-operator manual mode on GCP and Azure 1884724 - Quick Start: Serverless quickstart doesn't match Operator install steps 1884739 - Node process segfaulted 1884824 - Update baremetal-operator libraries to k8s 1.19 1885002 - network kube-rbac-proxy scripts crashloop rather than non-crash looping 1885138 - Wrong detection of pending state in VM details 1885151 - [Cloud Team - Cluster API Provider Azure] Logging is broken due to mix of k8s.io/klog v1 and v2 1885165 - NoRunningOvnMaster alert falsely triggered 1885170 - Nil pointer when verifying images 1885173 - [e2e][automation] Add test for next run configuration feature 1885179 - oc image append fails on push (uploading a new layer) 1885213 - Vertical Pod Autoscaler (VPA) not working with DeploymentConfig 1885218 - [e2e][automation] Add virtctl to gating script 1885223 - Sync with upstream (fix panicking cluster-capacity binary) 1885235 - Prometheus: Logging is broken due to mix of k8s.io/klog v1 and v2 1885241 - kube-rbac-proxy: Logging is broken due to mix of k8s.io/klog v1 and v2 1885243 - prometheus-adapter: Logging is broken due to mix of k8s.io/klog v1 and v2 1885244 - prometheus-operator: Logging is broken due to mix of k8s.io/klog v1 and v2 1885246 - cluster-monitoring-operator: Logging is broken due to mix of k8s.io/klog v1 and v2 1885249 - openshift-state-metrics: Logging is broken due to mix of k8s.io/klog v1 and v2 1885308 - Supermicro nodes failed to boot via disk during installation when using IPMI and UEFI 1885315 - unit tests fail on slow disks 1885319 - Remove redundant use of group and kind of DataVolumeTemplate 1885343 - Console doesn't load in iOS Safari when using self-signed certificates 1885344 - 4.7 upgrade - dummy bug for 1880591 1885358 - add p&f configuration to protect openshift traffic 1885365 - MCO does not respect the install section of systemd files when enabling 1885376 - failed to initialize the cluster: Cluster operator marketplace is still updating 1885398 - CSV with only Webhook conversion can't be installed 1885403 - Some OLM events hide the underlying errors 1885414 - Need to disable HTX when not using HTTP/2 in order to preserve HTTP header name case 1885425 - opm index add cannot batch add multiple bundles that use skips 1885543 - node tuning operator builds and installs an unsigned RPM 1885644 - Panic output due to timeouts in openshift-apiserver 1885676 - [OCP 4.7]UI should fallback to minimal deployment only after total CPU < 30 || totalMemory < 72 GiB for initial deployment 1885702 - Cypress: Fix 'aria-hidden-focus' accesibility violations 1885706 - Cypress: Fix 'link-name' accesibility violation 1885761 - DNS fails to resolve in some pods 1885856 - Missing registry v1 protocol usage metric on telemetry 1885864 - Stalld service crashed under the worker node 1885930 - [release 4.7] Collect ServiceAccount statistics 1885940 - kuryr/demo image ping not working 1886007 - upgrade test with service type load balancer will never work 1886022 - Move range allocations to CRD's 1886028 - [BM][IPI] Failed to delete node after scale down 1886111 - UpdatingopenshiftStateMetricsFailed: DeploymentRollout of openshift-monitoring/openshift-state-metrics: got 1 unavailable replicas 1886134 - Need to set GODEBUG=x509ignoreCN=0 in initrd 1886154 - System roles are not present while trying to create new role binding through web console 1886166 - 1885517 Clone - Not needed for 4.7 - upgrade from 4.5->4.6 causes broadcast storm 1886168 - Remove Terminal Option for Windows Nodes 1886200 - greenwave / CVP is failing on bundle validations, cannot stage push 1886229 - Multipath support for RHCOS sysroot 1886294 - Unable to schedule a pod due to Insufficient ephemeral-storage 1886327 - Attempt to add a worker using bad roodDeviceHint: bmh and machine become Provisioned, no error in status 1886353 - [e2e][automation] kubevirt-gating job fails for a missing virtctl URL 1886397 - Move object-enum to console-shared 1886423 - New Affinities don't contain ID until saving 1886435 - Azure UPI uses deprecated command 'group deployment' 1886449 - p&f: add configuration to protect oauth server traffic 1886452 - layout options doesn't gets selected style on click i.e grey background 1886462 - IO doesn't recognize namespaces - 2 resources with the same name in 2 namespaces -> only 1 gets collected 1886488 - move e2e test off of nfs image from docker.io/gmontero/nfs-server:latest 1886524 - Change default terminal command for Windows Pods 1886553 - i/o timeout experienced from build02 when targeting CI test cluster during test execution 1886600 - panic: assignment to entry in nil map 1886620 - Application behind service load balancer with PDB is not disrupted 1886627 - Kube-apiserver pods restarting/reinitializing periodically 1886635 - CVE-2020-8563 kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider 1886636 - Panic in machine-config-operator 1886749 - Removing network policy from namespace causes inability to access pods through loadbalancer. 1886751 - Gather MachineConfigPools 1886766 - PVC dropdown has 'Persistent Volume' Label 1886834 - ovn-cert is mandatory in both master and node daemonsets 1886848 - [OSP] machine instance-state annotation discrepancy with providerStatus.instanceState 1886861 - ordered-values.yaml not honored if values.schema.json provided 1886871 - Neutron ports created for hostNetworking pods 1886890 - Overwrite jenkins-agent-base imagestream 1886900 - Cluster-version operator fills logs with "Manifest: ..." spew 1886922 - [sig-network] pods should successfully create sandboxes by getting pod 1886973 - Local storage operator doesn't include correctly populate LocalVolumeDiscoveryResult in console 1886977 - [v2v]Incorrect VM Provider type displayed in UI while importing VMs through VMIO 1887010 - Imagepruner met error "Job has reached the specified backoff limit" which causes image registry degraded 1887026 - FC volume attach fails with “no fc disk found” error on OCP 4.6 PowerVM cluster 1887040 - [upgrade] ovs pod crash for rhel worker when upgarde from 4.5 to 4.6 1887046 - Event for LSO need update to avoid confusion 1887088 - cluster-node-tuning-operator refers to missing cluster-node-tuned image 1887375 - User should be able to specify volumeMode when creating pvc from web-console 1887380 - Unsupported access mode should not be available to select when creating pvc by aws-ebs-csi-driver(gp2-csi) from web-console 1887392 - openshift-apiserver: delegated authn/z should have ttl > metrics/healthz/readyz/openapi interval 1887428 - oauth-apiserver service should be monitored by prometheus 1887441 - ingress misconfiguration may break authentication but ingress operator keeps reporting "degraded: False" 1887454 - [sig-storage] In-tree Volumes [Driver: azure-disk] [Testpattern: Dynamic PV (ext4)] volumes should store data 1887456 - It is impossible to attach the default NIC to a bridge with the latest version of OVN Kubernetes 1887465 - Deleted project is still referenced 1887472 - unable to edit application group for KSVC via gestures (shift+Drag) 1887488 - OCP 4.6: Topology Manager OpenShift E2E test fails: gu workload attached to SRIOV networks should let resource-aligned PODs have working SRIOV network interface 1887509 - Openshift-tests conformance TopologyManager tests run when Machine Config Operator is not installed on cluster 1887525 - Failures to set master HardwareDetails cannot easily be debugged 1887545 - 4.5 to 4.6 upgrade fails when external network is configured on a bond device: ovs-configuration service fails and node becomes unreachable 1887585 - ovn-masters stuck in crashloop after scale test 1887651 - [Internal Mode] Object gateway (RGW) in unknown state after OCP upgrade. 1887737 - Test TestImageRegistryRemovedWithImages is failing on e2e-vsphere-operator 1887740 - cannot install descheduler operator after uninstalling it 1887745 - API server is throwing 5xx error code for 42.11% of requests for LIST events 1887750 - oc explain localvolumediscovery returns empty description 1887751 - oc explain localvolumediscoveryresult returns empty description 1887778 - Add ContainerRuntimeConfig gatherer 1887783 - PVC upload cannot continue after approve the certificate 1887797 - [CNV][V2V] Default network type is bridge for interface bound to POD network in VMWare migration wizard 1887799 - User workload monitoring prometheus-config-reloader OOM 1887850 - [sig-auth][Feature:SCC][Early] should not have pod creation failures during install test is flaky 1887863 - Installer panics on invalid flavor 1887864 - Clean up dependencies to avoid invalid scan flagging 1887934 - TestForwardedHeaderPolicyAppend, TestForwardedHeaderPolicyReplace, and TestForwardedHeaderPolicyIfNone consistently fail because of case-sensitive comparison 1887936 - Kube-scheduler should be able to parse v1beta1 KubeSchedulerConfig 1888015 - workaround kubelet graceful termination of static pods bug 1888028 - prevent extra cycle in aggregated apiservers 1888036 - Operator details shows old CRD versions 1888041 - non-terminating pods are going from running to pending 1888072 - Setting Supermicro node to PXE boot via Redfish doesn't take affect 1888073 - Operator controller continuously busy looping 1888118 - Memory requests not specified for image registry operator 1888150 - Install Operand Form on OperatorHub is displaying unformatted text 1888172 - PR 209 didn't update the sample archive, but machineset and pdbs are now namespaced 1888227 - Failed to deploy some of container image on the recent OCP 4.6 nightly build 1888292 - Fix CVE-2015-7501 affecting agent-maven-3.5 1888311 - p&f: make SAR traffic from oauth and openshift apiserver exempt 1888363 - namespaces crash in dev 1888378 - [IPI on Azure] errors destroying cluster when Azure resource group was never created 1888381 - instance:node_network_receive_bytes_excluding_lo:rate1m value twice expected 1888464 - installer missing permission definitions for TagResources and UntagResources when installing in existing VPC 1888494 - imagepruner pod is error when image registry storage is not configured 1888565 - [OSP] machine-config-daemon-firstboot.service failed with "error reading osImageURL from rpm-ostree" 1888595 - cluster-policy-controller logs shows error which reads initial monitor sync has error 1888601 - The poddisruptionbudgets is using the operator service account, instead of gather 1888657 - oc doesn't know its name 1888663 - sdn starts after kube-apiserver, delay readyz until oauth-apiserver is reachable 1888671 - Document the Cloud Provider's ignore-volume-az setting 1888738 - quay.io/openshift/origin-must-gather:latest is not a multi-arch, manifest-list image 1888763 - at least one of these parameters (Vendor, DeviceID or PfNames) has to be defined in nicSelector in CR %s", cr.GetName() 1888827 - ovnkube-master may segfault when trying to add IPs to a nil address set 1888861 - need to pass dual-stack service CIDRs to kube-apiserver in dual-stack cluster 1888866 - AggregatedAPIDown permanently firing after removing APIService 1888870 - JS error when using autocomplete in YAML editor 1888874 - hover message are not shown for some properties 1888900 - align plugins versions 1888985 - Cypress: Fix 'Ensures buttons have discernible text' accesibility violation 1889213 - The error message of uploading failure is not clear enough 1889267 - Increase the time out for creating template and upload image in the terraform 1889348 - Project link should be removed from Application Details page, since it is inaccurate (Application Stages) 1889374 - Kiali feature won't work on fresh 4.6 cluster 1889388 - ListBundles returns incorrect replaces/skips when bundles have been added via semver-skippatch mode 1889420 - OCP failed to add vsphere disk when pod moved to new node during cluster upgrade 1889515 - Accessibility - The symbols e.g checkmark in the Node > overview page has no text description, label, or other accessible information 1889529 - [Init-CR annotation] Inline alert shows operand instance was needed still appearing after creating an Operand instance 1889540 - [4.5 upgrade][alert]CloudCredentialOperatorDown 1889577 - Resources are not shown on project workloads page 1889620 - [Azure] - Machineset not scaling when publicIP:true in disconnected Azure enviroment 1889630 - Scheduling disabled popovers are missing for Node status in Node Overview and Details pages 1889692 - Selected Capacity is showing wrong size 1889694 - usbguard fails to install as RHCOS extension due to missing libprotobuf.so.15 1889698 - When the user clicked cancel at the Create Storage Class confirmation dialog all the data from the Local volume set goes off 1889710 - Prometheus metrics on disk take more space compared to OCP 4.5 1889721 - opm index add semver-skippatch mode does not respect prerelease versions 1889724 - When LocalVolumeDiscovery CR is created form the LSO page User doesn't see the Disk tab 1889767 - [vsphere] Remove certificate from upi-installer image 1889779 - error when destroying a vSphere installation that failed early 1889787 - OCP is flooding the oVirt engine with auth errors 1889838 - race in Operator update after fix from bz1888073 1889852 - support new AWS regions ap-east-1, af-south-1, eu-south-1 1889863 - Router prints incorrect log message for namespace label selector 1889891 - Backport timecache LRU fix 1889912 - Drains can cause high CPU usage 1889921 - Reported Degraded=False Available=False pair does not make sense 1889928 - [e2e][automation] Add more tests for golden os 1889943 - EgressNetworkPolicy does not work when setting Allow rule to a dnsName 1890038 - Infrastructure status.platform not migrated to status.platformStatus causes warnings 1890074 - MCO extension kernel-headers is invalid 1890104 - with Serverless 1.10 version of trigger/subscription/channel/IMC is V1 as latest 1890130 - multitenant mode consistently fails CI 1890141 - move off docker.io images for build/image-eco/templates/jenkins e2e 1890145 - The mismatched of font size for Status Ready and Health Check secondary text 1890180 - FieldDependency x-descriptor doesn't support non-sibling fields 1890182 - DaemonSet with existing owner garbage collected 1890228 - AWS: destroy stuck on route53 hosted zone not found 1890235 - e2e: update Protractor's checkErrors logging 1890250 - workers may fail to join the cluster during an update from 4.5 1890256 - Replacing a master node on a baremetal IPI deployment gets stuck when deleting the machine of the unhealthy member 1890270 - External IP doesn't work if the IP address is not assigned to a node 1890361 - s390x: Generate new ostree rpm with fix for rootfs immutability 1890456 - [vsphere] mapi_instance_create_failed doesn't work on vsphere 1890467 - unable to edit an application without a service 1890472 - [Kuryr] Bulk port creation exception not completely formatted 1890494 - Error assigning Egress IP on GCP 1890530 - cluster-policy-controller doesn't gracefully terminate 1890630 - [Kuryr] Available port count not correctly calculated for alerts 1890671 - [SA] verify-image-signature using service account does not work 1890677 - 'oc image info' claims 'does not exist' for application/vnd.oci.image.manifest.v1+json manifest 1890808 - New etcd alerts need to be added to the monitoring stack 1890951 - Mirror of multiarch images together with cluster logging case problems. It doesn't sync the "overall" sha it syncs only the sub arch sha. 1890984 - Rename operator-webhook-config to sriov-operator-webhook-config 1890995 - wew-app should provide more insight into why image deployment failed 1891023 - ovn-kubernetes rbac proxy never starts waiting for an incorrect API call 1891047 - Helm chart fails to install using developer console because of TLS certificate error 1891068 - [sig-instrumentation] Prometheus when installed on the cluster shouldn't report any alerts in firing state apart from Watchdog and AlertmanagerReceiversNotConfigured [Early] failing due to TargetDown alert from kube-scheduler 1891080 - [LSO] When Localvolumeset and SC is already created before OCS install Creation of LVD and LVS is skipped when user click created storage cluster from UI 1891108 - p&f: Increase the concurrency share of workload-low priority level 1891143 - CVO deadlocked while shutting down, shortly after fresh cluster install (metrics goroutine) 1891189 - [LSO] max device limit is accepting negative values. PVC is not getting created and no error is shown 1891314 - Display incompatible helm charts for installation (kubeVersion of cluster doesn't meet requirements of chart) 1891362 - Wrong metrics count for openshift_build_result_total 1891368 - fync should be fsync for etcdHighFsyncDurations alert's annotations.message 1891374 - fync should be fsync for etcdHighFsyncDurations critical alert's annotations.message 1891376 - Extra text in Cluster Utilization charts 1891419 - Wrong detail head on network policy detail page. 1891459 - Snapshot tests should report stderr of failed commands 1891498 - Other machine config pools do not show during update 1891543 - OpenShift 4.6/OSP install fails when node flavor has less than 25GB, even with dedicated storage 1891551 - Clusterautoscaler doesn't scale up as expected 1891552 - Handle missing labels as empty. 1891555 - The windows oc.exe binary does not have version metadata 1891559 - kuryr-cni cannot start new thread 1891614 - [mlx] testpmd fails inside OpenShift pod using DevX version 19.11 1891625 - [Release 4.7] Mutable LoadBalancer Scope 1891702 - installer get pending when additionalTrustBundle is added into install-config.yaml 1891716 - OVN cluster upgrade from 4.6.1 to 4.7 fails 1891740 - OperatorStatusChanged is noisy 1891758 - the authentication operator may spam DeploymentUpdated event endlessly 1891759 - Dockerfile builds cannot change /etc/pki/ca-trust 1891816 - [UPI] [OSP] control-plane.yml provisioning playbook fails on OSP 16.1 1891825 - Error message not very informative in case of mode mismatch 1891898 - The ClusterServiceVersion can define Webhooks that cannot be created. 1891951 - UI should show warning while creating pools with compression on 1891952 - [Release 4.7] Apps Domain Enhancement 1891993 - 4.5 to 4.6 upgrade doesn't remove deployments created by marketplace 1891995 - OperatorHub displaying old content 1891999 - Storage efficiency card showing wrong compression ratio 1892004 - OCP 4.6 opm on Ubuntu 18.04.4 - error /lib/x86_64-linux-gnu/libc.so.6: version GLIBC_2.28' not found (required by ./opm) 1892167 - [SR-IOV] SriovNetworkNodePolicies apply ignoring the spec.nodeSelector. 1892198 - TypeError in 'Performance Profile' tab displayed for 'Performance Addon Operator' 1892288 - assisted install workflow creates excessive control-plane disruption 1892338 - HAProxyReloadFail alert only briefly fires in the event of a broken HAProxy config 1892358 - [e2e][automation] update feature gate for kubevirt-gating job 1892376 - Deleted netnamespace could not be re-created 1892390 - TestOverwrite/OverwriteBundle/DefaultBehavior in operator-registry is flaky 1892393 - TestListPackages is flaky 1892448 - MCDPivotError alert/metric missing 1892457 - NTO-shipped stalld needs to use FIFO for boosting. 1892467 - linuxptp-daemon crash 1892521 - [AWS] Startup bootstrap machine failed due to ignition file is missing in disconnected UPI env 1892653 - User is unable to create KafkaSource with v1beta 1892724 - VFS added to the list of devices of the nodeptpdevice CRD 1892799 - Mounting additionalTrustBundle in the operator 1893117 - Maintenance mode on vSphere blocks installation. 1893351 - TLS secrets are not able to edit on console. 1893362 - The ovs-xxxxx_openshift-sdn container does not terminate gracefully, slowing down reboots 1893386 - false-positive ReadyIngressNodes_NoReadyIngressNodes: Auth operator makes risky "worker" assumption when guessing about ingress availability 1893546 - Deploy using virtual media fails on node cleaning step 1893601 - overview filesystem utilization of OCP is showing the wrong values 1893645 - oc describe route SIGSEGV 1893648 - Ironic image building process is not compatible with UEFI secure boot 1893724 - OperatorHub generates incorrect RBAC 1893739 - Force deletion doesn't work for snapshots if snapshotclass is already deleted 1893776 - No useful metrics for image pull time available, making debugging issues there impossible 1893798 - Lots of error messages starting with "get namespace to enqueue Alertmanager instances failed" in the logs of prometheus-operator 1893832 - ErrorCount field is missing in baremetalhosts.metal3.io CRD 1893889 - disabled dropdown items in the pf dropdown component are skipped over and unannounced by JAWS 1893926 - Some "Dynamic PV (block volmode)" pattern storage e2e tests are wrongly skipped 1893944 - Wrong product name for Multicloud Object Gateway 1893953 - (release-4.7) Gather default StatefulSet configs 1893956 - Installation always fails at "failed to initialize the cluster: Cluster operator image-registry is still updating" 1893963 - [Testday] Workloads-> Virtualization is not loading for Firefox browser 1893972 - Should skip e2e test cases as early as possible 1894013 - [v2v][Testday] VMware to CNV VM import]VMware URL: It is not clear that only the FQDN/IP address is required without 'https://' 1894020 - User with edit users cannot deploy images from their own namespace from the developer perspective 1894025 - OCP 4.5 to 4.6 upgrade for "aws-ebs-csi-driver-operator" fails when "defaultNodeSelector" is set 1894041 - [v2v][[Testday]VM import from VMware/RHV] VM import wizard: The target storage class name is not displayed if default storage class is used. 1894065 - tag new packages to enable TLS support 1894110 - Console shows wrong value for maxUnavailable and maxSurge when set to 0 1894144 - CI runs of baremetal IPI are failing due to newer libvirt libraries 1894146 - ironic-api used by metal3 is over provisioned and consumes a lot of RAM 1894194 - KuryrPorts leftovers from 4.6 GA need to be deleted 1894210 - Failed to encrypt OSDs on OCS4.6 installation (via UI) 1894216 - Improve OpenShift Web Console availability 1894275 - Fix CRO owners file to reflect node owner 1894278 - "database is locked" error when adding bundle to index image 1894330 - upgrade channels needs to be updated for 4.7 1894342 - oauth-apiserver logs many "[SHOULD NOT HAPPEN] failed to update managedFields for ... OAuthClient ... no corresponding type for oauth.openshift.io/v1, Kind=OAuthClient" 1894374 - Dont prevent the user from uploading a file with incorrect extension 1894432 - [oVirt] sometimes installer timeout on tmp_import_vm 1894477 - bash syntax error in nodeip-configuration.service 1894503 - add automated test for Polarion CNV-5045 1894519 - [OSP] External mode cluster creation disabled for Openstack and oVirt platform 1894539 - [on-prem] Unable to deploy additional machinesets on separate subnets 1894645 - Cinder volume provisioning crashes on nil cloud provider 1894677 - image-pruner job is panicking: klog stack 1894810 - Remove TechPreview Badge from Eventing in Serverless version 1.11.0 1894860 - 'backend' CI job passing despite failing tests 1894910 - Update the node to use the real-time kernel fails 1894992 - All nightly jobs for e2e-metal-ipi failing due to ipa image missing tenacity package 1895065 - Schema / Samples / Snippets Tabs are all selected at the same time 1895099 - vsphere-upi and vsphere-upi-serial jobs time out waiting for bootstrap to complete in CI 1895141 - panic in service-ca injector 1895147 - Remove memory limits on openshift-dns 1895169 - VM Template does not properly manage Mount Windows guest tools check box during VM creation 1895268 - The bundleAPIs should NOT be empty 1895309 - [OCP v47] The RHEL node scaleup fails due to "No package matching 'cri-o-1.19.*' found available" on OCP 4.7 cluster 1895329 - The infra index filled with warnings "WARNING: kubernetes.io/cinder built-in volume provider is now deprecated. The Cinder volume provider is deprecated and will be removed in a future release" 1895360 - Machine Config Daemon removes a file although its defined in the dropin 1895367 - Missing image in metadata DB index.db in disconnected Operator Hub installation. OCP 4.6.1 1895372 - Web console going blank after selecting any operator to install from OperatorHub 1895385 - Revert KUBELET_LOG_LEVEL back to level 3 1895423 - unable to edit an application with a custom builder image 1895430 - unable to edit custom template application 1895509 - Backup taken on one master cannot be restored on other masters 1895537 - [sig-imageregistry][Feature:ImageExtract] Image extract should extract content from an image 1895838 - oc explain description contains '/' 1895908 - "virtio" option is not available when modifying a CD-ROM to disk type 1895909 - e2e-metal-ipi-ovn-dualstack is failing 1895919 - NTO fails to load kernel modules 1895959 - configuring webhook token authentication should prevent cluster upgrades 1895979 - Unable to get coreos-installer with --copy-network to work 1896101 - [cnv][automation] Added negative tests for migration from VMWare and RHV 1896160 - CI: Some cluster operators are not ready: marketplace (missing: Degraded) 1896188 - [sig-cli] oc debug deployment configs from a build: local-busybox-1-build not completed 1896218 - Occasional GCP install failures: Error setting IAM policy for project ...: googleapi: Error 400: Service account ... does not exist., badRequest 1896229 - Current Rate of Bytes Received and Current Rate of Bytes Transmitted data can not be loaded 1896244 - Found a panic in storage e2e test 1896296 - Git links should avoid .git as part of the URL and should not link git:// urls in general 1896302 - [e2e][automation] Fix 4.6 test failures 1896365 - [Migration]The SDN migration cannot revert under some conditions 1896384 - [ovirt IPI]: local coredns resolution not working 1896446 - Git clone from private repository fails after upgrade OCP 4.5 to 4.6 1896529 - Incorrect instructions in the Serverless operator and application quick starts 1896645 - documentationBaseURL needs to be updated for 4.7 1896697 - [Descheduler] policy.yaml param in cluster configmap is empty 1896704 - Machine API components should honour cluster wide proxy settings 1896732 - "Attach to Virtual Machine OS" button should not be visible on old clusters 1896866 - File /etc/NetworkManager/system-connections/default_connection.nmconnection is incompatible with SR-IOV operator 1896898 - ovs-configuration.service fails when multiple IPv6 default routes are provided via RAs over the same interface and deployment bootstrap fails 1896918 - start creating new-style Secrets for AWS 1896923 - DNS pod /metrics exposed on anonymous http port 1896977 - route SimpleAllocationPlugin: host name validation errors: spec.host: Invalid value: ... must be no more than 63 characters 1897003 - VNC console cannot be connected after visit it in new window 1897008 - Cypress: reenable check for 'aria-hidden-focus' rule & checkA11y test for modals 1897026 - [Migration] With updating optional network operator configuration, migration stucks on MCO 1897039 - router pod keeps printing log: template "msg"="router reloaded" "output"="[WARNING] 316/065823 (15) : parsing [/var/lib/haproxy/conf/haproxy.config:52]: option 'http-use-htx' is deprecated and ignored 1897050 - [IBM Power] LocalVolumeSet provisions boot partition as PV. 1897073 - [OCP 4.5] wrong netid assigned to Openshift projects/namespaces 1897138 - oVirt provider uses depricated cluster-api project 1897142 - When scaling replicas to zero, Octavia loadbalancer pool members are not updated accordingly 1897252 - Firing alerts are not showing up in console UI after cluster is up for some time 1897354 - Operator installation showing success, but Provided APIs are missing 1897361 - The MCO GCP-OP tests fail consistently on containerruntime tests with "connection refused" 1897412 - [sriov]disableDrain did not be updated in CRD of manifest 1897423 - Max unavailable and Max surge value are not shown on Deployment Config Details page 1897516 - Baremetal IPI deployment with IPv6 control plane fails when the nodes obtain both SLAAC and DHCPv6 addresses as they set their hostname to 'localhost' 1897520 - After restarting nodes the image-registry co is in degraded true state. 1897584 - Add casc plugins 1897603 - Cinder volume attachment detection failure in Kubelet 1897604 - Machine API deployment fails: Kube-Controller-Manager can't reach API: "Unauthorized" 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1897641 - Baremetal IPI with IPv6 control plane: nodes respond with duplicate packets to ICMP6 echo requests 1897676 - [CI] [Azure] [UPI] CI failing since 4.6 changes in ignition 1897830 - [GSS] Unable to deploy OCS 4.5.2 on OCP 4.6.1, cannotCreate OCS Cluster Service1897891 - [RFE][v2v][UI][CNV VM import] Providing error message or/and block migration when vddk-init-image is missing 1897897 - ptp lose sync openshift 4.6 1898036 - no network after reboot (IPI) 1898045 - AWS EBS CSI Driver can not get updated cloud credential secret automatically 1898097 - mDNS floods the baremetal network 1898118 - Lack of logs on some image stream tests make hard to find root cause of a problem 1898134 - Descheduler logs show absolute values instead of percentage when LowNodeUtilization strategy is applied 1898159 - kcm operator shall pass --allocate-node-cidrs=false to kcm for ovn-kube and openshift-sdn cluster 1898174 - [OVN] EgressIP does not guard against node IP assignment 1898194 - GCP: can't install on custom machine types 1898238 - Installer validations allow same floating IP for API and Ingress 1898268 - [OVN]:make checkbroken on 4.6 1898289 - E2E test: Use KUBEADM_PASSWORD_FILE by default 1898320 - Incorrect Apostrophe Translation of "it's" in Scheduling Disabled Popover 1898357 - Within the operatorhub details view, long unbroken text strings do not wrap cause breaking display. 1898407 - [Deployment timing regression] Deployment takes longer with 4.7 1898417 - GCP: the dns targets in Google Cloud DNS is not updated after recreating loadbalancer service 1898487 - [oVirt] Node is not removed when VM has been removed from oVirt engine 1898500 - Failure to upgrade operator when a Service is included in a Bundle 1898517 - Ironic auto-discovery may result in rogue nodes registered in ironic 1898532 - Display names defined in specDescriptors not respected 1898580 - When adding more than one node selector to the sriovnetworknodepolicy, the cni and the device plugin pods are constantly rebooted 1898613 - Whereabouts should exclude IPv6 ranges 1898655 - [oVirt] Node deleted in oVirt should cause the Machine to go into a Failed phase 1898679 - Operand creation form - Required "type: object" properties (Accordion component) are missing red asterisk 1898680 - CVE-2020-7774 nodejs-y18n: prototype pollution vulnerability 1898745 - installation failing with CVO reporting openshift-samples not rolled out, samples not setting versions in its ClusterOperator 1898839 - Wrong YAML in operator metadata 1898851 - Multiple Pods access the same volume on the same node e2e test cases are missed from aws ebs csi driver e2e test job 1898873 - Remove TechPreview Badge from Monitoring 1898954 - Backup script does not take /etc/kubernetes/static-pod-resources on a reliable way 1899111 - [RFE] Update jenkins-maven-agen to maven36 1899128 - VMI details screen -> show the warning that it is preferable to have a VM only if the VM actually does not exist 1899175 - bump the RHCOS boot images for 4.7 1899198 - Use new packages for ipa ramdisks 1899200 - In Installed Operators page I cannot search for an Operator by it's name 1899220 - Support AWS IMDSv2 1899350 - configure-ovs.sh doesn't configure bonding options 1899433 - When Creating OCS from ocs wizard Step Discover Disks shows Error "An error occurred Not Found" 1899459 - Failed to start monitoring pods once the operator removed from override list of CVO 1899515 - Passthrough credentials are not immediately re-distributed on update 1899575 - update discovery burst to reflect lots of CRDs on openshift clusters 1899582 - update discovery burst to reflect lots of CRDs on openshift clusters 1899588 - Operator objects are re-created after all other associated resources have been deleted 1899600 - Increased etcd fsync latency as of OCP 4.6 1899603 - workers-rhel7 CI jobs failing: Failed to remove rollback: error running rpm-ostree cleanup 1899627 - Project dashboard Active status using small icon 1899725 - Pods table does not wrap well with quick start sidebar open 1899746 - [ovn] error while waiting on flows for pod: OVS sandbox port is no longer active (probably due to a subsequent CNI ADD) 1899760 - etcd_request_duration_seconds_bucket metric has excessive cardinality 1899835 - catalog-operator repeatedly crashes with "runtime error: index out of range [0] with length 0" 1899839 - thanosRuler.resources.requests does not take effect in user-workload-monitoring-config confimap 1899853 - additionalSecurityGroupIDs not working for master nodes 1899922 - NP changes sometimes influence new pods. 1899949 - [Platform] Remove restriction on disk type selection for LocalVolumeSet 1900008 - Fix internationalized sentence fragments in ImageSearch.tsx 1900010 - Fix internationalized sentence fragments in BuildImageSelector.tsx 1900020 - Remove &apos; from internationalized keys 1900022 - Search Page - Top labels field is not applied to selected Pipeline resources 1900030 - disruption_tests: [sig-imageregistry] Image registry remain available failing consistently 1900126 - Creating a VM results in suggestion to create a default storage class when one already exists 1900138 - [OCP on RHV] Remove insecure mode from the installer 1900196 - stalld is not restarted after crash 1900239 - Skip "subPath should be able to unmount" NFS test 1900322 - metal3 pod's toleration for key: node-role.kubernetes.io/master currently matches on exact value matches but should match on Exists 1900377 - [e2e][automation] create new css selector for active users 1900496 - (release-4.7) Collect spec config for clusteroperator resources 1900672 - (s390x) Upgrade from old LUKS to new not working with DASD disks 1900699 - Impossible to add new Node on OCP 4.6 using large ECKD disks - fdasd issue 1900759 - include qemu-guest-agent by default 1900790 - Track all resource counts via telemetry 1900835 - Multus errors when cachefile is not found 1900935 -oc adm release mirrorpanic panic: runtime error 1900989 - accessing the route cannot wake up the idled resources 1901040 - When scaling down the status of the node is stuck on deleting 1901057 - authentication operator health check failed when installing a cluster behind proxy 1901107 - pod donut shows incorrect information 1901111 - Installer dependencies are broken 1901200 - linuxptp-daemon crash when enable debug log level 1901301 - CBO should handle platform=BM without provisioning CR 1901355 - [Azure][4.7] Invalid vm size from customized compute nodes does not fail properly 1901363 - High Podready Latency due to timed out waiting for annotations 1901373 - redundant bracket on snapshot restore button 1901376 - [on-prem] Upgrade from 4.6 to 4.7 failed with "timed out waiting for the condition during waitForControllerConfigToBeCompleted: controllerconfig is not completed: ControllerConfig has not completed: completed(false) running(false) failing(true" 1901395 - "Edit virtual machine template" action link should be removed 1901472 - [OSP] Bootstrap and master nodes use different keepalived unicast setting 1901517 - RHCOS 4.6.1 uses a single NetworkManager connection for multiple NICs when using default DHCP 1901531 - Console returns a blank page while trying to create an operator Custom CR with Invalid Schema 1901594 - Kubernetes resource CRUD operations.Kubernetes resource CRUD operations Pod "before all" hook for "creates the resource instance" 1901604 - CNO blocks editing Kuryr options 1901675 - [sig-network] multicast when using one of the plugins 'redhat/openshift-ovs-multitenant, redhat/openshift-ovs-networkpolicy' should allow multicast traffic in namespaces where it is enabled 1901909 - The device plugin pods / cni pod are restarted every 5 minutes 1901982 - [sig-builds][Feature:Builds] build can reference a cluster service with a build being created from new-build should be able to run a build that references a cluster service 1902019 - when podTopologySpreadConstraint strategy is enabled for descheduler it throws error 1902059 - Wire a real signer for service accout issuer 1902091 -cluster-image-registry-operatorpod leaves connections open when fails connecting S3 storage 1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service 1902157 - The DaemonSet machine-api-termination-handler couldn't allocate Pod 1902253 - MHC status doesnt set RemediationsAllowed = 0 1902299 - Failed to mirror operator catalog - error: destination registry required 1902545 - Cinder csi driver node pod should add nodeSelector for Linux 1902546 - Cinder csi driver node pod doesn't run on master node 1902547 - Cinder csi driver controller pod doesn't run on master node 1902552 - Cinder csi driver does not use the downstream images 1902595 - Project workloads list view doesn't show alert icon and hover message 1902600 - Container csi-snapshotter in Cinder csi driver needs to use ImagePullPolicy=IfNotPresent 1902601 - Cinder csi driver pods run as BestEffort qosClass 1902653 - [BM][IPI] Master deployment failed: No valid host was found. Reason: No conductor service registered which supports driver redfish for conductor group 1902702 - [sig-auth][Feature:LDAP][Serial] ldap group sync can sync groups from ldap: oc cp over non-existing directory/file fails 1902746 - [BM][IP] Master deployment failed - Base.1.0.GeneralError: database is locked 1902824 - failed to generate semver informed package manifest: unable to determine default channel 1902894 - hybrid-overlay-node crashing trying to get node object during initialization 1902969 - Cannot load vmi detail page 1902981 - It should default to current namespace when create vm from template 1902996 - [AWS] UPI on USGov, bootstrap machine can not fetch ignition file via s3:// URI 1903033 - duplicated lines of imageContentSources is seen when mirror release image to local registry 1903034 - OLM continuously printing debug logs 1903062 - [Cinder csi driver] Deployment mounted volume have no write access 1903078 - Deleting VolumeSnapshotClass makes VolumeSnapshot not Ready 1903107 - Enable vsphere-problem-detector e2e tests 1903164 - OpenShift YAML editor jumps to top every few seconds 1903165 - Improve Canary Status Condition handling for e2e tests 1903172 - Column Management: Fix sticky footer on scroll 1903186 - [Descheduler] cluster logs should report some info when PodTopologySpreadConstraints strategy is enabled 1903188 - [Descheduler] cluster log reports failed to validate server configuration" err="unsupported log format: 1903192 - Role name missing on create role binding form 1903196 - Popover positioning is misaligned for Overview Dashboard status items 1903206 - Ingress controller incorrectly routes traffic to non-ready pods/backends. 1903226 - MutatingWebhookConfiguration pod-identity-webhook does not exclude critical control-plane components 1903248 - Backport Upstream Static Pod UID patch 1903277 - Deprovisioning Not Deleting Security Groups [VpcLimitExceeded on e2e-aws tests] 1903290 - Kubelet repeatedly log the same log line from exited containers 1903346 - PV backed by FC lun is not being unmounted properly and this leads to IO errors / xfs corruption. 1903382 - Panic when task-graph is canceled with a TaskNode with no tasks 1903400 - Migrate a VM which is not running goes to pending state 1903402 - Nic/Disk on VMI overview should link to VMI's nic/disk page 1903414 - NodePort is not working when configuring an egress IP address 1903424 - mapi_machine_phase_transition_seconds_sum doesn't work 1903464 - "Evaluating rule failed" for "record: cluster:kube_persistentvolumeclaim_resource_requests_storage_bytes:provisioner:sum" and "record: cluster:kubelet_volume_stats_used_bytes:provisioner:sum" 1903639 - Hostsubnet gatherer produces wrong output 1903651 - Network Policies are not working as expected with OVN-Kubernetes when traffic hairpins back to the same source through a service 1903660 - Cannot install with Assisted Installer on top of IPv6 since network provider is not started 1903674 - [sig-apps] ReplicationController should serve a basic image on each replica with a private image 1903717 - Handle different Pod selectors for metal3 Deployment 1903733 - Scale up followed by scale down can delete all running workers 1903917 - Failed to load "Developer Catalog" page 1903999 - Httplog response code is always zero 1904026 - The quota controllers should resync on new resources and make progress 1904064 - Automated cleaning is disabled by default 1904124 - DHCP to static lease script doesn't work correctly if starting with infinite leases 1904125 - Boostrap VM .ign image gets added into 'default' pool instead of <cluster-name>-<id>-bootstrap 1904131 - kuryr tempest plugin test test_ipblock_network_policy_sg_rules fails 1904133 - KubeletConfig flooded with failure conditions 1904161 - AlertmanagerReceiversNotConfigured fires unconditionally on alertmanager restart 1904243 - RHCOS 4.6.1 missing ISCSI initiatorname.iscsi ! 1904244 - MissingKey errors for two plugins using i18next.t 1904262 - clusterresourceoverride-operator has version: 1.0.0 every build 1904296 - VPA-operator has version: 1.0.0 every build 1904297 - The index image generated by "opm index prune" leaves unrelated images 1904305 - Should have scroll-down bar for the field which the values list has too many results under dashboards 1904385 - [oVirt] registry cannot mount volume on 4.6.4 -> 4.6.6 upgrade 1904497 - vsphere-problem-detector: Run on vSphere cloud only 1904501 - [Descheduler] descheduler does not evict any pod when PodTopologySpreadConstraint strategy is set 1904502 - vsphere-problem-detector: allow longer timeouts for some operations 1904503 - vsphere-problem-detector: emit alerts 1904538 - [sig-arch][Early] Managed cluster should start all core operators: monitoring: container has runAsNonRoot and image has non-numeric user (nobody) 1904578 - metric scraping for vsphere problem detector is not configured 1904582 - All application traffic broken due to unexpected load balancer change on 4.6.4 -> 4.6.6 upgrade 1904663 - IPI pointer customization MachineConfig always generated 1904679 - [Feature:ImageInfo] Image info should display information about images 1904683 -[sig-builds][Feature:Builds] s2i build with a root user imagetests use docker.io image 1904684 - [sig-cli] oc debug ensure it works with image streams 1904713 - Helm charts with kubeVersion restriction are filtered incorrectly 1904776 - Snapshot modal alert is not pluralized 1904824 - Set vSphere hostname from guestinfo before NM starts 1904941 - Insights status is always showing a loading icon 1904973 - KeyError: 'nodeName' on NP deletion 1904985 - Prometheus and thanos sidecar targets are down 1904993 - Many ampersand special characters are found in strings 1905066 - QE - Monitoring test cases - smoke test suite automation 1905074 - QE -Gherkin linter to maintain standards 1905100 - Too many haproxy processes in default-router pod causing high load average 1905104 - Snapshot modal disk items missing keys 1905115 - CI: dev-scripts fail on 02_configure_host: Failed to start network ostestbm 1905119 - Race in AWS EBS determining whether custom CA bundle is used 1905128 - [e2e][automation] e2e tests succeed without actually execute 1905133 - operator conditions special-resource-operator 1905141 - vsphere-problem-detector: report metrics through telemetry 1905146 - Backend Tests: TestHelmRepoGetter_SkipDisabled failures 1905194 - Detecting broken connections to the Kube API takes up to 15 minutes 1905221 - CVO transitions from "Initializing" to "Updating" despite not attempting many manifests 1905232 - [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them failing due to inconsistent images between CI and OCP 1905253 - Inaccurate text at bottom of Events page 1905298 - openshift-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory 1905299 - OLM fails to update operator 1905307 - Provisioning CR is missing from must-gather 1905319 - cluster-samples-operator containers are not requesting required memory resource 1905320 - csi-snapshot-webhook is not requesting required memory resource 1905323 - dns-operator is not requesting required memory resource 1905324 - ingress-operator is not requesting required memory resource 1905327 - openshift-kube-scheduler initContainer wait-for-host-port is not requesting required resources: cpu, memory 1905328 - Changing the bound token service account issuer invalids previously issued bound tokens 1905329 - openshift-oauth-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory 1905330 - openshift-monitoring init-textfile is not requesting required resources: cpu, memory 1905338 - QE -Cypress Automation for Add Flow - Database, Yaml, OperatorBacked, PageDetails 1905347 - QE - Design Gherkin Scenarios 1905348 - QE - Design Gherkin Scenarios 1905362 - [sriov] Error message 'Fail to update DaemonSet' always shown in sriov operator pod 1905368 - [sriov] net-attach-def generated from sriovnetwork cannot be restored once it was deleted 1905370 - A-Z/Z-A sorting dropdown on Developer Catalog page is not aligned with filter text input 1905380 - Default to Red Hat/KubeVirt provider if common template does not have provider annotation 1905393 - CMO uses rbac.authorization.k8s.io/v1beta1 instead of rbac.authorization.k8s.io/v1 1905404 - The example of "Remove the entrypoint on the mysql:latest image" foroc image appenddoes not work 1905416 - Hyperlink not working from Operator Description 1905430 - usbguard extension fails to install because of missing correct protobuf dependency version 1905492 - The stalld service has a higher scheduler priority than ksoftirq and rcu{b, c} threads 1905502 - Test flake - unable to get https transport for ephemeral-registry 1905542 - [GSS] The "External" mode option is not available when the OCP cluster is deployed using Redhat Cluster Assisted Installer 4.6. 1905599 - Errant change to lastupdatetime in copied CSV status can trigger runaway csv syncs 1905610 - Fix typo in export script 1905621 - Protractor login test fails against a 4.7 (nightly) Power cluster 1905640 - Subscription manual approval test is flaky 1905647 - Report physical core valid-for-subscription min/max/cumulative use to telemetry 1905696 - ClusterMoreUpdatesModal component did not get internationalized 1905748 - with sharded ingresscontrollers, all shards reload when any endpoint changes 1905761 - NetworkPolicy with Egress policyType is resulting in SDN errors and improper communication within Project 1905778 - inconsistent ingresscontroller between fresh installed cluster and upgraded cluster 1905792 - [OVN]Cannot create egressfirewalll with dnsName 1905889 - Should create SA for each namespace that the operator scoped 1905920 - Quickstart exit and restart 1905941 - Page goes to error after create catalogsource 1905977 - QE ghaekin design scenaio-pipeline metrics ODC-3711 1906032 - Canary Controller: Canary daemonset rolls out slowly in large clusters 1906100 - Disconnected cluster upgrades are failing from the cli, when signature retrieval is being blackholed instead of quickly rejected 1906105 - CBO annotates an existing Metal3 deployment resource to indicate that it is managing it 1906118 - OCS feature detection constantly polls storageclusters and storageclasses 1906120 - 'Create Role Binding' form not setting user or group value when created from a user or group resource 1906121 - [oc] After new-project creation, the kubeconfig file does not set the project 1906134 - OLM should not create OperatorConditions for copied CSVs 1906143 - CBO supports log levels 1906186 - i18n: Translators are not able to translatethiswithout context for alert manager config 1906228 - tuned and openshift-tuned sometimes do not terminate gracefully, slowing reboots 1906274 - StorageClass installed by Cinder csi driver operator should enable the allowVolumeExpansion to support volume resize. 1906276 -oc image appendcan't work with multi-arch image with --filter-by-os='.*' 1906318 - use proper term for Authorized SSH Keys 1906335 - The lastTransitionTime, message, reason field of operatorcondition should be optional 1906356 - Unify Clone PVC boot source flow with URL/Container boot source 1906397 - IPA has incorrect kernel command line arguments 1906441 - HorizontalNav and NavBar have invalid keys 1906448 - Deploy using virtualmedia with provisioning network disabled fails - 'Failed to connect to the agent' in ironic-conductor log 1906459 - openstack: Quota Validation fails if unlimited quotas are given to a project 1906496 - [BUG] Thanos having possible memory leak consuming huge amounts of node's memory and killing them 1906508 - TestHeaderNameCaseAdjust outputs nil error message on some failures 1906511 - Root reprovisioning tests flaking often in CI 1906517 - Validation is not robust enough and may prevent to generate install-confing. 1906518 - Update snapshot API CRDs to v1 1906519 - Update LSO CRDs to use v1 1906570 - Number of disruptions caused by reboots on a cluster cannot be measured 1906588 - [ci][sig-builds] nodes is forbidden: User "e2e-test-jenkins-pipeline-xfghs-user" cannot list resource "nodes" in API group "" at the cluster scope 1906650 - Cannot collect network policy, EgressFirewall, egressip logs with gather_network_logs 1906655 - [SDN]Cannot colloect ovsdb-server.log and ovs-vswitchd.log with gather_network_logs 1906679 - quick start panel styles are not loaded 1906683 - Kn resources are not showing in Topology if triggers has KSVC and IMC as subscriber 1906684 - Event Source creation fails if user selects no app group and switch to yaml and then to form 1906685 - SinkBinding is shown in topology view if underlying resource along with actual source created 1906689 - user can pin to nav configmaps and secrets multiple times 1906691 - Add doc which describes disabling helm chart repository 1906713 - Quick starts not accesible for a developer user 1906718 - helm chart "provided by Redhat" is misspelled 1906732 - Machine API proxy support should be tested 1906745 - Update Helm endpoints to use Helm 3.4.x 1906760 - performance issues with topology constantly re-rendering 1906766 - localizedAutoscaled&Autoscalingpod texts overlap with the pod ring 1906768 - Virtualization nav item is incorrectly placed in the Admin Workloads section 1906769 - topology fails to load with non-kubeadmin user 1906770 - shortcuts on mobiles view occupies a lot of space 1906798 - Dev catalog customization doesn't update console-config ConfigMap 1906806 - Allow installing extra packages in ironic container images 1906808 - [test-disabled] ServiceAccounts should support OIDC discovery of service account issuer 1906835 - Topology view shows add page before then showing full project workloads 1906840 - ClusterOperator should not have status "Updating" if operator version is the same as the release version 1906844 - EndpointSlice and EndpointSliceProxying feature gates should be disabled for openshift-sdn kube-proxy 1906860 - Bump kube dependencies to v1.20 for Net Edge components 1906864 - Quick Starts Tour: Need to adjust vertical spacing 1906866 - Translations of Sample-Utils 1906871 - White screen when sort by name in monitoring alerts page 1906872 - Pipeline Tech Preview Badge Alignment 1906875 - Provide an option to force backup even when API is not available. 1906877 - Placeholder' value in search filter do not match column heading in Vulnerabilities 1906879 - Add missing i18n keys 1906880 - oidcdiscoveryendpoint controller invalidates all TokenRequest API tokens during install 1906896 - No Alerts causes odd empty Table (Need no content message) 1906898 - Missing User RoleBindings in the Project Access Web UI 1906899 - Quick Start - Highlight Bounding Box Issue 1906916 - Teach CVO about flowcontrol.apiserver.k8s.io/v1beta1 1906933 - Cluster Autoscaler should have improved mechanisms for group identifiers 1906935 - Delete resources when Provisioning CR is deleted 1906968 - Must-gather should support collecting kubernetes-nmstate resources 1906986 - Ensure failed pod adds are retried even if the pod object doesn't change 1907199 - Need to upgrade machine-api-operator module version under cluster-api-provider-kubevirt 1907202 - configs.imageregistry.operator.openshift.io cluster does not update its status fields after URL change 1907211 - beta promotion of p&f switched storage version to v1beta1, making downgrades impossible. 1907269 - Tooltips data are different when checking stack or not checking stack for the same time 1907280 - Install tour of OCS not available. 1907282 - Topology page breaks with white screen 1907286 - The default mhc machine-api-termination-handler couldn't watch spot instance 1907287 - [csi-snapshot-webhook] should support both v1beta1 and v1 version when creating volumesnapshot/volumesnapshotcontent 1907293 - Increase timeouts in e2e tests 1907295 - Gherkin script for improve management for helm 1907299 - Advanced Subscription Badge for KMS and Arbiter not present 1907303 - Align VM template list items by baseline 1907304 - Use PF styles for selected template card in VM Wizard 1907305 - Drop 'ISO' from CDROM boot source message 1907307 - Support and provider labels should be passed on between templates and sources 1907310 - Pin action should be renamed to favorite 1907312 - VM Template source popover is missing info about added date 1907313 - ClusterOperator objects cannot be overriden with cvo-overrides 1907328 - iproute-tc package is missing in ovn-kube image 1907329 - CLUSTER_PROFILE env. variable is not used by the CVO 1907333 - Node stuck in degraded state, mcp reports "Failed to remove rollback: error running rpm-ostree cleanup -r: error: Timeout was reached" 1907373 - Rebase to kube 1.20.0 1907375 - Bump to latest available 1.20.x k8s - workloads team 1907378 - Gather netnamespaces networking info 1907380 - kube-rbac-proxy exposes tokens, has excessive verbosity 1907381 - OLM fails to deploy an operator if its deployment template contains a description annotation that doesn't match the CSV one 1907390 - prometheus-adapter: panic after k8s 1.20 bump 1907399 - build log icon link on topology nodes cause app to reload 1907407 - Buildah version not accessible 1907421 - [4.6.1]oc-image-mirror command failed on "error: unable to copy layer" 1907453 - Dev Perspective -> running vm details -> resources -> no data 1907454 - Install PodConnectivityCheck CRD with CNO 1907459 - "The Boot source is also maintained by Red Hat." is always shown for all boot sources 1907475 - Unable to estimate the error rate of ingress across the connected fleet 1907480 -Active alertssection throwing forbidden error for users. 1907518 - Kamelets/Eventsource should be shown to user if they have create access 1907543 - Korean timestamps are shown when users' language preferences are set to German-en-en-US 1907610 - Update kubernetes deps to 1.20 1907612 - Update kubernetes deps to 1.20 1907621 - openshift/installer: bump cluster-api-provider-kubevirt version 1907628 - Installer does not set primary subnet consistently 1907632 - Operator Registry should update its kubernetes dependencies to 1.20 1907639 - pass dual-stack node IPs to kubelet in dual-stack clusters 1907644 - fix up handling of non-critical annotations on daemonsets/deployments 1907660 - Pod list does not render cell height correctly when pod names are too long (dynamic table rerendering issue?) 1907670 - CVE-2020-27846 crewjam/saml: authentication bypass in saml authentication 1907671 - Ingress VIP assigned to two infra nodes simultaneously - keepalived process running in pods seems to fail 1907767 - [e2e][automation]update test suite for kubevirt plugin 1907770 - Recent RHCOS 47.83 builds (from rhcos-47.83.202012072210-0 on) don't allow master and worker nodes to boot 1907792 - Theoverridesof the OperatorCondition cannot block the operator upgrade 1907793 - Surface support info in VM template details 1907812 - 4.7 to 4.6 downgrade stuck in clusteroperator storage 1907822 - [OCP on OSP] openshift-install panic when checking quota with install-config have no flavor set 1907863 - Quickstarts status not updating when starting the tour 1907872 - dual stack with an ipv6 network fails on bootstrap phase 1907874 - QE - Design Gherkin Scenarios for epic ODC-5057 1907875 - No response when try to expand pvc with an invalid size 1907876 - Refactoring record package to make gatherer configurable 1907877 - QE - Automation- pipelines builder scripts 1907883 - Fix Pipleine creation without namespace issue 1907888 - Fix pipeline list page loader 1907890 - Misleading and incomplete alert message shown in pipeline-parameters and pipeline-resources form 1907892 - Unable to edit application deployed using "From Devfile" option 1907893 - navSortUtils.spec.ts unit test failure 1907896 - When a workload is added, Topology does not place the new items well 1907908 - VM Wizard always uses VirtIO for the VM rootdisk regardless what is defined in common-template 1907924 - Enable madvdontneed in OpenShift Images 1907929 - Enable madvdontneed in OpenShift System Components Part 2 1907936 - NTO is not reporting nto_profile_set_total metrics correctly after reboot 1907947 - The kubeconfig saved in tenantcluster shouldn't include anything that is not related to the current context 1907948 - OCM-O bump to k8s 1.20 1907952 - bump to k8s 1.20 1907972 - Update OCM link to open Insights tab 1907989 - DataVolumes was intorduced in common templates - VM creation fails in the UI 1907998 - Gather kube_pod_resource_request/limit metrics as exposed in upstream KEP 1916 1908001 - [CVE-2020-10749] Update github.com/containernetworking/plugins to v.0.8.6 in egress-router-cni 1908014 - e2e-aws-ansible and e2e-aws-helm are broken in ocp-release-operator-sdk 1908035 - dynamic-demo-plugin build does not generate dist directory 1908135 - quick search modal is not centered over topology 1908145 - kube-scheduler-recovery-controller container crash loop when router pod is co-scheduled 1908159 - [AWS C2S] MCO fails to sync cloud config 1908171 - GCP: Installation fails when installing cluster with n1-custom-4-16384custom type (n1-custom-4-16384) 1908180 - Add source for template is stucking in preparing pvc 1908217 - CI: Server-Side Apply should work for oauth.openshift.io/v1: has no tokens 1908231 - [Migration] The pods ovnkube-node are in CrashLoopBackOff after SDN to OVN 1908277 - QE - Automation- pipelines actions scripts 1908280 - Documentation describingignore-volume-azis incorrect 1908296 - Fix pipeline builder form yaml switcher validation issue 1908303 - [CVE-2020-28367 CVE-2020-28366] Remove CGO flag from rhel Dockerfile in Egress-Router-CNI 1908323 - Create button missing for PLR in the search page 1908342 - The new pv_collector_total_pv_count is not reported via telemetry 1908344 - [vsphere-problem-detector] CheckNodeProviderID and CheckNodeDiskUUID have the same name 1908347 - CVO overwrites ValidatingWebhookConfiguration for snapshots 1908349 - Volume snapshot tests are failing after 1.20 rebase 1908353 - QE - Automation- pipelines runs scripts 1908361 - bump to k8s 1.20 1908367 - QE - Automation- pipelines triggers scripts 1908370 - QE - Automation- pipelines secrets scripts 1908375 - QE - Automation- pipelines workspaces scripts 1908381 - Go Dependency Fixes for Devfile Lib 1908389 - Loadbalancer Sync failing on Azure 1908400 - Tests-e2e, increase timeouts, re-add TestArchiveUploadedAndResultsReceived 1908407 - Backport Upstream 95269 to fix potential crash in kubelet 1908410 - Exclude Yarn from VSCode search 1908425 - Create Role Binding form subject type and name are undefined when All Project is selected 1908431 - When the marketplace-operator pod get's restarted, the custom catalogsources are gone, as well as the pods 1908434 - Remove &apos from metal3-plugin internationalized strings 1908437 - Operator backed with no icon has no badge associated with the CSV tag 1908459 - bump to k8s 1.20 1908461 - Add bugzilla component to OWNERS file 1908462 - RHCOS 4.6 ostree removed dhclient 1908466 - CAPO AZ Screening/Validating 1908467 - Zoom in and zoom out in topology package should be sentence case 1908468 - [Azure][4.7] Installer can't properly parse instance type with non integer memory size 1908469 - nbdb failed to come up while bringing up OVNKubernetes cluster 1908471 - OLM should bump k8s dependencies to 1.20 1908484 - oc adm release extract --cloud=aws --credentials-requests dumps all manifests 1908493 - 4.7-e2e-metal-ipi-ovn-dualstack intermittent test failures, worker hostname is overwritten by NM 1908545 - VM clone dialog does not open 1908557 - [e2e][automation]Miss css id on bootsource and reviewcreate step on wizard 1908562 - Pod readiness is not being observed in real world cases 1908565 - [4.6] Cannot filter the platform/arch of the index image 1908573 - Align the style of flavor 1908583 - bootstrap does not run on additional networks if configured for master in install-config 1908596 - Race condition on operator installation 1908598 - Persistent Dashboard shows events for all provisioners 1908641 - Go back to Catalog Page link on Virtual Machine page vanishes on empty state 1908648 - Skip TestKernelType test on OKD, adjust TestExtensions 1908650 - The title of customize wizard is inconsistent 1908654 - cluster-api-provider: volumes and disks names shouldn't change by machine-api-operator 1908675 - Reenable [sig-storage] CSI mock volume CSI FSGroupPolicy [LinuxOnly] should modify fsGroup if fsGroupPolicy=default [Suite:openshift/conformance/parallel] [Suite:k8s] 1908687 - Option to save user settings separate when using local bridge (affects console developers only) 1908697 - Showkubectl diff command in the oc diff help page 1908715 - Pressing the arrow up key when on topmost quick-search list item it should loop back to bottom 1908716 - UI breaks on click of sidebar of ksvc (if revisions not up) in topology on 4.7 builds 1908717 - "missing unit character in duration" error in some network dashboards 1908746 - [Safari] Drop Shadow doesn't works as expected on hover on workload 1908747 - stale S3 CredentialsRequest in CCO manifest 1908758 - AWS: NLB timeout value is rejected by AWS cloud provider after 1.20 rebase 1908830 - RHCOS 4.6 - Missing Initiatorname 1908868 - Update empty state message for EventSources and Channels tab 1908880 - 4.7 aws-serial CI: NoExecuteTaintManager Single Pod [Serial] eventually evict pod with finite tolerations from tainted nodes 1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference 1908888 - Dualstack does not work with multiple gateways 1908889 - Bump CNO to k8s 1.20 1908891 - TestDNSForwarding DNS operator e2e test is failing frequently 1908914 - CNO: upgrade nodes before masters 1908918 - Pipeline builder yaml view sidebar is not responsive 1908960 - QE - Design Gherkin Scenarios 1908971 - Gherkin Script for pipeline debt 4.7 1908983 - i18n: Add Horizontal Pod Autoscaler action menu is not translated 1908997 - Unsupported access mode should not be available when creating pvc by cinder-csi-driver/gcp-pd-csi-driver from web-console 1908998 - [cinder-csi-driver] doesn't detect the credentials change 1909004 - "No datapoints found" for RHEL node's filesystem graph 1909005 - i18n: workloads list view heading is not translated 1909012 - csi snapshot webhook does not block any invalid update for volumesnapshot and volumesnapshotcontent objects 1909027 - Disks option of Sectected capacity chart shows HDD disk even on selection of SDD disk type 1909043 - OCP + OCS 4.7 Internal - Storage cluster creation throws warning when zone=0 in VMware 1909067 - Web terminal should keep latest output when connection closes 1909070 - PLR and TR Logs component is not streaming as fast as tkn 1909092 - Error Message should not confuse user on Channel form 1909096 - OCP 4.7+OCS 4.7 - The Requested Cluster Capacity field needs to include the selected capacity in calculation in Review and Create Page 1909108 - Machine API components should use 1.20 dependencies 1909116 - Catalog Sort Items dropdown is not aligned on Firefox 1909198 - Move Sink action option is not working 1909207 - Accessibility Issue on monitoring page 1909236 - Remove pinned icon overlap on resource name 1909249 - Intermittent packet drop from pod to pod 1909276 - Accessibility Issue on create project modal 1909289 - oc debug of an init container no longer works 1909290 - Logging may be broken due to mix of k8s.io/klog v1 and v2 1909358 - registry.redhat.io/redhat/community-operator-index:latest only have hyperfoil-bundle 1909453 - Boot disk RAID can corrupt ESP if UEFI firmware writes to it 1909455 - Boot disk RAID will not boot if the primary disk enumerates but fails I/O 1909464 - Build operator-registry with golang-1.15 1909502 - NO_PROXY is not matched between bootstrap and global cluster setting which lead to desired master machineconfig is not found 1909521 - Add kubevirt cluster type for e2e-test workflow 1909527 - [IPI Baremetal] After upgrade from 4.6 to 4.7 metal3 pod does not get created 1909587 - [OCP4] all of the OCP master nodes with soft-anti-affinity run on the same OSP node 1909610 - Fix available capacity when no storage class selected 1909678 - scale up / down buttons available on pod details side panel 1909723 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder & base images to be consistent with ART 1909730 - unbound variable error if EXTRA_PKGS_LIST is not defined 1909739 - Arbiter request data changes 1909744 - cluster-api-provider-openstack: Bump gophercloud 1909790 - PipelineBuilder yaml view cannot be used for editing a pipeline 1909791 - Update standalone kube-proxy config for EndpointSlice 1909792 - Empty states for some details page subcomponents are not i18ned 1909815 - Perspective switcher is only half-i18ned 1909821 - OCS 4.7 LSO installation blocked because of Error "Invalid value: "integer": spec.flexibleScaling in body 1909836 - operator-install-global Cypress test was failing in OLM as it depends on an operator that isn't installed in CI 1909864 - promote-release-openshift-machine-os-content-e2e-aws-4.5 is perm failing 1909911 - [OVN]EgressFirewall caused a segfault 1909943 - Upgrade from 4.6 to 4.7 stuck due to write /sys/devices/xxxx/block/sda/queue/scheduler: invalid argument 1909958 - Support Quick Start Highlights Properly 1909978 - ignore-volume-az = yes not working on standard storageClass 1909981 - Improve statement in template select step 1909992 - Fail to pull the bundle image when using the private index image 1910024 - Reload issue in latest(4.7) UI code on 4.6 cluster locally in dev 1910036 - QE - Design Gherkin Scenarios ODC-4504 1910049 - UPI: ansible-galaxy is not supported 1910127 - [UPI on oVirt]: Improve UPI Documentation 1910140 - fix the api dashboard with changes in upstream kube 1.20 1910160 - If two OperatorConditions include the same deployments they will keep updating the deployment's containers with the OPERATOR_CONDITION_NAME Environment Variable 1910165 - DHCP to static lease script doesn't handle multiple addresses 1910305 - [Descheduler] - The minKubeVersion should be 1.20.0 1910409 - Notification drawer is not localized for i18n 1910459 - Could not provision gcp volume if delete secret gcp-pd-cloud-credentials 1910492 - KMS details are auto-populated on the screen in next attempt at Storage cluster creation 1910501 - Installed Operators->Operand required: Clicking on cancel in Storage cluster page takes back to the Install Operator page 1910533 - [OVN] It takes about 5 minutes for EgressIP failover to work 1910581 - library-go: proxy ENV is not injected into csi-driver-controller which lead to storage operator never get ready 1910666 - Creating a Source Secret from type SSH-Key should use monospace font for better usability 1910738 - OCP 4.7 Installation fails on VMWare due to 1 worker that is degraded 1910739 - Redfish-virtualmedia (idrac) deploy fails on "The Virtual Media image server is already connected" 1910753 - Support Directory Path to Devfile 1910805 - Missing translation for Pipeline status and breadcrumb text 1910829 - Cannot delete a PVC if the dv's phase is WaitForFirstConsumer 1910840 - Show Nonexistent command info in theoc rollback -hhelp page 1910859 - breadcrumbs doesn't use last namespace 1910866 - Unify templates string 1910870 - Unify template dropdown action 1911016 - Prometheus unable to mount NFS volumes after upgrading to 4.6 1911129 - Monitoring charts renders nothing when switching from a Deployment to "All workloads" 1911176 - [MSTR-998] Wrong text shown when hovering on lines of charts in API Performance dashboard 1911212 - [MSTR-998] API Performance Dashboard "Period" drop-down has a choice "$__auto_interval_period" which can bring "1:154: parse error: missing unit character in duration" 1911213 - Wrong and misleading warning for VMs that were created manually (not from template) 1911257 - [aws-c2s] failed to create cluster, kube-cloud-config was not created 1911269 - waiting for the build message present when build exists 1911280 - Builder images are not detected for Dotnet, Httpd, NGINX 1911307 - Pod Scale-up requires extra privileges in OpenShift web-console 1911381 - "Select Persistent Volume Claim project" shows in customize wizard when select a source available template 1911382 - "source volumeMode (Block) and target volumeMode (Filesystem) do not match" shows in VM Error 1911387 - Hit error - "Cannot read property 'value' of undefined" while creating VM from template 1911408 - [e2e][automation] Add auto-clone cli tests and new flow of VM creation 1911418 - [v2v] The target storage class name is not displayed if default storage class is used 1911434 - git ops empty state page displays icon with watermark 1911443 - SSH Cretifiaction field should be validated 1911465 - IOPS display wrong unit 1911474 - Devfile Application Group Does Not Delete Cleanly (errors) 1911487 - Pruning Deployments should use ReplicaSets instead of ReplicationController 1911574 - Expose volume mode on Upload Data form 1911617 - [CNV][UI] Failure to add source to VM template when no default storage class is defined 1911632 - rpm-ostree command fail due to wrong options when updating ocp-4.6 to 4.7 on worker nodes with rt-kernel 1911656 - using 'operator-sdk run bundle' to install operator successfully, but the command output said 'Failed to run bundle'' 1911664 - [Negative Test] After deleting metal3 pod, scaling worker stuck on provisioning state 1911782 - Descheduler should not evict pod used local storage by the PVC 1911796 - uploading flow being displayed before submitting the form 1912066 - The ansible type operator's manager container is not stable when managing the CR 1912077 - helm operator's default rbac forbidden 1912115 - [automation] Analyze job keep failing because of 'JavaScript heap out of memory' 1912237 - Rebase CSI sidecars for 4.7 1912381 - [e2e][automation] Miss css ID on Create Network Attachment Definition page 1912409 - Fix flow schema deployment 1912434 - Update guided tour modal title 1912522 - DNS Operator e2e test: TestCoreDNSImageUpgrade is fundamentally broken 1912523 - Standalone pod status not updating in topology graph 1912536 - Console Plugin CR for console-demo-plugin has wrong apiVersion 1912558 - TaskRun list and detail screen doesn't show Pending status 1912563 - p&f: carry 97206: clean up executing request on panic 1912565 - OLM macOS local build broken by moby/term dependency 1912567 - [OCP on RHV] Node becomes to 'NotReady' status when shutdown vm from RHV UI only on the second deletion 1912577 - 4.1/4.2->4.3->...-> 4.7 upgrade is stuck during 4.6->4.7 with co/openshift-apiserver Degraded, co/network not Available and several other components pods CrashLoopBackOff 1912590 - publicImageRepository not being populated 1912640 - Go operator's controller pods is forbidden 1912701 - Handle dual-stack configuration for NIC IP 1912703 - multiple queries can't be plotted in the same graph under some conditons 1912730 - Operator backed: In-context should support visual connector if SBO is not installed 1912828 - Align High Performance VMs with High Performance in RHV-UI 1912849 - VM from wizard - default flavor does not match the actual flavor set by common templates 1912852 - VM from wizard - available VM templates - "storage" field is "0 B" 1912888 - recycler template should be moved to KCM operator 1912907 - Helm chart repository index can contain unresolvable relative URL's 1912916 - Set external traffic policy to cluster for IBM platform 1912922 - Explicitly specifying the operator generated default certificate for an ingress controller breaks the ingress controller 1912938 - Update confirmation modal for quick starts 1912942 - cluster-storage-operator: proxy ENV is not injected into vsphere-problem-detector deployment 1912944 - cluster-storage-operator: proxy ENV is not injected into Manila CSI driver operator deployment 1912945 - aws-ebs-csi-driver-operator: proxy ENV is not injected into the CSI driver 1912946 - gcp-pd-csi-driver-operator: proxy ENV is not injected into the CSI driver 1912947 - openstack-cinder-csi-driver-operator: proxy ENV is not injected into the CSI driver 1912948 - csi-driver-manila-operator: proxy ENV is not injected into the CSI driver 1912949 - ovirt-csi-driver-operator: proxy ENV is not injected into the CSI driver 1912977 - rebase upstream static-provisioner 1913006 - Remove etcd v2 specific alerts with etcd_http* metrics 1913011 - [OVN] Pod's external traffic not use egressrouter macvlan ip as a source ip 1913037 - update static-provisioner base image 1913047 - baremetal clusteroperator progressing status toggles between true and false when cluster is in a steady state 1913085 - Regression OLM uses scoped client for CRD installation 1913096 - backport: cadvisor machine metrics are missing in k8s 1.19 1913132 - The installation of Openshift Virtualization reports success early before it 's succeeded eventually 1913154 - Upgrading to 4.6.10 nightly failed with RHEL worker nodes: Failed to find /dev/disk/by-label/root 1913196 - Guided Tour doesn't handle resizing of browser 1913209 - Support modal should be shown for community supported templates 1913226 - [Migration] The SDN migration rollback failed if customize vxlanPort 1913249 - update info alert this template is not aditable 1913285 - VM list empty state should link to virtualization quick starts 1913289 - Rebase AWS EBS CSI driver for 4.7 1913292 - OCS 4.7 Installation failed over vmware when arbiter was enabled, as flexibleScaling is also getting enabled 1913297 - Remove restriction of taints for arbiter node 1913306 - unnecessary scroll bar is present on quick starts panel 1913325 - 1.20 rebase for openshift-apiserver 1913331 - Import from git: Fails to detect Java builder 1913332 - Pipeline visualization breaks the UI when multiple taskspecs are used 1913343 - (release-4.7) Added changelog file for insights-operator 1913356 - (release-4.7) Implemented gathering specific logs from openshift apiserver operator 1913371 - Missing i18n key "Administrator" in namespace "console-app" and language "en." 1913386 - users can see metrics of namespaces for which they don't have rights when monitoring own services with prometheus user workloads 1913420 - Time duration setting of resources is not being displayed 1913536 - 4.6.9 -> 4.7 upgrade hangs. RHEL 7.9 worker stuck on "error enabling unit: Failed to execute operation: File exists\\n\" 1913554 - Recording rule for ingress error fraction SLI is incorrect, uses irate instead of increase 1913560 - Normal user cannot load template on the new wizard 1913563 - "Virtual Machine" is not on the same line in create button when logged with normal user 1913567 - Tooltip data should be same for line chart or stacked chart, display data value same as the table 1913568 - Normal user cannot create template 1913582 - [Migration]SDN to OVN migration stucks on MCO for rhel worker 1913585 - Topology descriptive text fixes 1913608 - Table data contains data value None after change time range in graph and change back 1913651 - Improved Red Hat image and crashlooping OpenShift pod collection 1913660 - Change location and text of Pipeline edit flow alert 1913685 - OS field not disabled when creating a VM from a template 1913716 - Include additional use of existing libraries 1913725 - Refactor Insights Operator Plugin states 1913736 - Regression: fails to deploy computes when using root volumes 1913747 - Update operator to kubernetes 1.20.1 to pickup upstream fixes 1913751 - add third-party network plugin test suite to openshift-tests 1913783 - QE-To fix the merging pr issue, commenting the afterEach() block 1913807 - Template support badge should not be shown for community supported templates 1913821 - Need definitive steps about uninstalling descheduler operator 1913851 - Cluster Tasks are not sorted in pipeline builder 1913864 - BuildConfig YAML template references ruby ImageStreamTag that no longer exists 1913951 - Update the Devfile Sample Repo to an Official Repo Host 1913960 - Cluster Autoscaler should use 1.20 dependencies 1913969 - Field dependency descriptor can sometimes cause an exception 1914060 - Disk created from 'Import via Registry' cannot be used as boot disk 1914066 - [sriov] sriov dp pod crash when delete ovs HW offload policy 1914090 - Grafana - The resulting dataset is too large to graph (OCS RBD volumes being counted as disks) 1914119 - vsphere problem detector operator has no permission to update storages.operator.openshift.io instances 1914125 - Still using /dev/vde as default device path when create localvolume 1914183 - Empty NAD page is missing link to quickstarts 1914196 - target port infrom dockerfileflow does nothing 1914204 - Creating VM from dev perspective may fail with template not found error 1914209 - Associate image secret name to pipeline serviceaccount imagePullSecrets 1914212 - [e2e][automation] Add test to validate bootable disk souce 1914250 - ovnkube-node fails on master nodes when both DHCPv6 and SLAAC addresses are configured on nodes 1914284 - Upgrade to OCP 4.6.9 results in cluster-wide DNS and connectivity issues due to bad NetworkPolicy flows 1914287 - Bring back selfLink 1914301 - User VM Template source should show the same provider as template itself 1914303 - linuxptp-daemon is not forwarding ptp4l stderr output to openshift logs 1914309 - /terminal page when WTO not installed shows nonsensical error 1914334 - order of getting started samples is arbitrary 1914343 - [sig-imageregistry][Feature:ImageTriggers] Annotation trigger reconciles after the image is overwritten [Suite:openshift/conformance/parallel] timeout on s390x 1914349 - Increase and decrease buttons in max and min pods in HPA page has distorted UI 1914405 - Quick search modal should be opened when coming back from a selection 1914407 - Its not clear that node-ca is running as non-root 1914427 - Count of pods on the dashboard is incorrect 1914439 - Typo in SRIOV port create command example 1914451 - cluster-storage-operator pod running as root 1914452 - oc image append, oc image extract outputs wrong suggestion to use --keep-manifest-list=true 1914642 - Customize Wizard Storage tab does not pass validation 1914723 - SamplesTBRInaccessibleOnBoot Alert has a misspelling 1914793 - device names should not be translated 1914894 - Warn about using non-groupified api version 1914926 - webdriver-manager pulls incorrect version of ChomeDriver due to a bug 1914932 - Put correct resource name in relatedObjects 1914938 - PVC disk is not shown on customization wizard general tab 1914941 - VM Template rootdisk is not deleted after fetching default disk bus 1914975 - Collect logs from openshift-sdn namespace 1915003 - No estimate of average node readiness during lifetime of a cluster 1915027 - fix MCS blocking iptables rules 1915041 - s3:ListMultipartUploadParts is relied on implicitly 1915079 - Canary controller should not periodically rotate the canary route endpoint for performance reasons 1915080 - Large number of tcp connections with shiftstack ocp cluster in about 24 hours 1915085 - Pods created and rapidly terminated get stuck 1915114 - [aws-c2s] worker machines are not create during install 1915133 - Missing default pinned nav items in dev perspective 1915176 - Update snapshot API CRDs to v1 in web-console when creating volumesnapshot related resource 1915187 - Remove the "Tech preview" tag in web-console for volumesnapshot 1915188 - Remove HostSubnet anonymization 1915200 - [OCP 4.7+ OCS 4.6]Arbiter related Note should not show up during UI deployment 1915217 - OKD payloads expect to be signed with production keys 1915220 - Remove dropdown workaround for user settings 1915235 - Failed to upgrade to 4.7 from 4.6 due to the machine-config failure 1915262 - When deploying with assisted install the CBO operator is installed and enabled without metal3 pod 1915277 - [e2e][automation]fix cdi upload form test 1915295 - [BM][IP][Dualstack] Installation failed - operators report dial tcp 172.30.0.1:443: i/o timeout 1915304 - Updating scheduling component builder & base images to be consistent with ART 1915312 - Prevent schedule Linux openshift-network-diagnostics pod on Windows node 1915318 - [Metal] bareMetal IPI - cannot interact with toolbox container after first execution only in parallel from different connection 1915348 - [RFE] linuxptp operator needs to expose the uds_address_socket to be used by an application pod 1915357 - Dev Catalog doesn't load anything if virtualization operator is installed 1915379 - New template wizard should require provider and make support input a dropdown type 1915408 - Failure in operator-registry kind e2e test 1915416 - [Descheduler] descheduler evicts pod which does not have any ownerRef or descheduler evict annotation 1915460 - Cluster name size might affect installations 1915500 - [aws c2s] kube-controller-manager crash loops trying to fetch the AWS instance 1915540 - Silent 4.7 RHCOS install failure on ppc64le 1915579 - [Metal] redhat-support-tool became unavailable after tcpdump usage (BareMetal IPI) 1915582 - p&f: carry upstream pr 97860 1915594 - [e2e][automation] Improve test for disk validation 1915617 - Bump bootimage for various fixes 1915624 - "Please fill in the following field: Template provider" blocks customize wizard 1915627 - Translate Guided Tour text. 1915643 - OCP4.6 to 4.7 upgrade failed due to manila csi driver operator sync error 1915647 - Intermittent White screen when the connector dragged to revision 1915649 - "Template support" pop up is not a warning; checkbox text should be rephrased 1915654 - [e2e][automation] Add a verification for Afinity modal should hint "Matching node found" 1915661 - Can't run the 'oc adm prune' command in a pod 1915672 - Kuryr doesn't work with selfLink disabled. 1915674 - Golden image PVC creation - storage size should be taken from the template 1915685 - Message for not supported template is not clear enough 1915760 - Need to increase timeout to wait rhel worker get ready 1915793 - quick starts panel syncs incorrectly across browser windows 1915798 - oauth connection errors for openshift console pods on an OVNKube OCP 4.7 cluster 1915818 - vsphere-problem-detector: use "_totals" in metrics 1915828 - Latest Dell firmware (04.40.00.00) fails to install IPI on BM using idrac-virtualmedia protocol 1915859 - vsphere-problem-detector: does not report ESXi host version nor VM HW version 1915871 - operator-sdk version in new downstream image should be v1.2.0-ocp not v4.7.0 1915879 - Pipeline Dashboard tab Rename to Pipeline Metrics 1915885 - Kuryr doesn't support workers running on multiple subnets 1915898 - TaskRun log output shows "undefined" in streaming 1915907 - test/cmd/builds.sh uses docker.io 1915912 - sig-storage-csi-snapshotter image not available 1915926 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder & base images to be consistent with ART 1915929 - A11y Violation: svg-img-alt for time axis of Utilization Card on Cluster Dashboard 1915939 - Resizing the browser window removes Web Terminal Icon 1915945 - [sig-scheduling] SchedulerPreemption [Serial] validates basic preemption works [Conformance] 1915959 - Baremetal cluster operator is included in a ROKS installation of 4.7 1915962 - ROKS: manifest with machine health check fails to apply in 4.7 1915972 - Global configuration breadcrumbs do not work as expected 1915981 - Install ethtool and conntrack in container for debugging 1915995 - "Edit RoleBinding Subject" action under RoleBinding list page kebab actions causes unhandled exception 1915998 - Installer bootstrap node setting of additional subnets inconsistent with additional security groups 1916021 - OLM enters infinite loop if Pending CSV replaces itself 1916056 - Need Visual Web Terminal metric enabled for OCP monitoring telemetry 1916081 - non-existant should be non-existent in CloudCredentialOperatorTargetNamespaceMissing alert's annotations 1916099 - VM creation - customization wizard - user should be allowed to delete and re-create root disk 1916126 - [e2e][automation] Help fix tests for vm guest-agent and next-run-configuration 1916145 - Explicitly set minimum versions of python libraries 1916164 - Update csi-driver-nfs builder & base images to be consistent with ART 1916221 - csi-snapshot-controller-operator: bump dependencies for 4.7 1916271 - Known issues should mention failure to apply soft-anti-affinity to masters beyond the third 1916363 - [OVN] ovs-configuration.service reports as failed within all nodes using version 4.7.0-fc.2 1916379 - error metrics from vsphere-problem-detector should be gauge 1916382 - Can't create ext4 filesystems with Ignition 1916384 - 4.5.15 and later cluster-version operator does not sync ClusterVersion status before exiting, leaving 'verified: false' even for verified updates 1916401 - Deleting an ingress controller with a bad DNS Record hangs 1916417 - [Kuryr] Must-gather does not have all Custom Resources information 1916419 - [sig-devex][Feature:ImageEcosystem][Slow] openshift images should be SCL enabled returning s2i usage when running the image 1916454 - teach CCO about upgradeability from 4.6 to 4.7 1916486 - [OCP RHV] [Docs] Update RHV CSI provisioning section in OCP documenation 1916502 - Boot disk mirroring fails with mdadm error 1916524 - Two rootdisk shows on storage step 1916580 - Default yaml is broken for VM and VM template 1916621 - oc adm node-logs examples are wrong 1916642 - [zh_CN] Redundant period in Secrets - Create drop down menu - Key value secret. 1916692 - Possibly fails to destroy LB and thus cluster 1916711 - Update Kube dependencies in MCO to 1.20.0 1916747 - remove links to quick starts if virtualization operator isn't updated to 2.6 1916764 - editing a workload with no application applied, will auto fill the app 1916834 - Pipeline Metrics - Text Updates 1916843 - collect logs from openshift-sdn-controller pod 1916853 - cluster will not gracefully recover if openshift-etcd namespace is removed 1916882 - OCS 4.7 LSO : wizard (Discover disks and create storageclass) does not show zone when topology.kubernetes.io/zone are added manually 1916888 - OCS wizard Donor chart does not get updated whenDevice Typeis edited 1916938 - Using 4.6 install-config.yaml file with lbFloatingIP results in validation error "Forbidden: cannot specify lbFloatingIP and apiFloatingIP together" 1916949 - ROKS: manifests in openshift-oauth-apiserver ns fails to create with non-existent namespace 1917101 - [UPI on oVirt] - 'RHCOS image' topic isn't located in the right place in UPI document 1917114 - Upgrade from 4.5.9 to 4.7 fails as authentication operator is Degraded due to '"ProxyConfigController" controller failed to sync "key"' error 1917117 - Common templates - disks screen: invalid disk name 1917124 - Custom template - clone existing PVC - the name of the target VM's data volume is hard-coded; only one VM can be created 1917146 - [oVirt] Consume 23-10 ovirt sdk- csi operator 1917147 - [oVirt] csi operator panics if ovirt-engine suddenly becomes unavailable. 1917148 - [oVirt] Consume 23-10 ovirt sdk 1917239 - Monitoring time options overlaps monitoring tab navigation when Quickstart panel is opened 1917272 - Should update the default minSize to 1Gi when create localvolumeset on web console 1917303 - [automation][e2e] make kubevirt-plugin gating job mandatory 1917315 - localvolumeset-local-provisoner-xxx pods are not killed after upgrading from 4.6 to 4.7 1917327 - annotations.message maybe wrong for NTOPodsNotReady alert 1917367 - Refactor periodic.go 1917371 - Add docs on how to use the built-in profiler 1917372 - Application metrics are shown on Metrics dashboard but not in linked Prometheus UI in OCP management console 1917395 - pv-pool backing store name restriction should be at 43 characters from the ocs ui 1917484 - [BM][IPI] Failed to scale down machineset 1917522 - Deprecate --filter-by-os in oc adm catalog mirror 1917537 - controllers continuously busy reconciling operator 1917551 - use min_over_time for vsphere prometheus alerts 1917585 - OLM Operator install page missing i18n 1917587 - Manila CSI operator becomes degraded if user doesn't have permissions to list share types 1917605 - Deleting an exgw causes pods to no longer route to other exgws 1917614 - [aws c2s] ingress operator uses unavailable resourcegrouptaggings API 1917656 - Add to Project/application for eventSources from topology shows 404 1917658 - Show TP badge for sources powered by camel connectors in create flow 1917660 - Editing parallelism of job get error info 1917678 - Could not provision pv when no symlink and target found on rhel worker 1917679 - Hide double CTA in admin pipelineruns tab 1917683 -NodeTextFileCollectorScrapeErroralert in OCP 4.6 cluster. 1917759 - Console operator panics after setting plugin that does not exists to the console-operator config 1917765 - ansible-operator version in downstream image should be v1.3.0 not v4.7.0 1917770 - helm-operator version in downstream image should be v1.3.0 not v4.7.0 1917799 - Gather s list of names and versions of installed OLM operators 1917803 - [sig-storage] Pod Disks should be able to delete a non-existent PD without error 1917814 - Show Broker create option in eventing under admin perspective 1917838 - MachineSet scaling from 0 is not available or evaluated incorrectly for the new or changed instance types 1917872 - [oVirt] rebase on latest SDK 2021-01-12 1917911 - network-tools needs ovnkube-trace binary from ovn-kubernetes image 1917938 - upgrade version of dnsmasq package 1917942 - Canary controller causes panic in ingress-operator 1918019 - Undesired scrollbars in markdown area of QuickStart 1918068 - Flaky olm integration tests 1918085 - reversed name of job and namespace in cvo log 1918112 - Flavor is not editable if a customize VM is created from cli 1918129 - Update IO sample archive with missing resources & remove IP anonymization from clusteroperator resources 1918132 - i18n: Volume Snapshot Contents menu is not translated 1918133 - [e2e][automation] Fix ocp 4.7 existing tests - part2 1918140 - Deployment openstack-cinder-csi-driver-controller and openstack-manila-csi-controllerplugin doesn't be installed on OSP 1918153 - When&character is set as an environment variable in a build config it is getting converted as\u00261918185 - Capitalization on PLR details page 1918287 - [ovirt] ovirt csi driver is flooding RHV with API calls and spam the event UI with new connections 1918318 - Kamelet connector's are not shown in eventing section under Admin perspective 1918351 - Gather SAP configuration (SCC & ClusterRoleBinding) 1918375 - [calico] rbac-proxy container in kube-proxy fails to create tokenreviews 1918395 - [ovirt] increase livenessProbe period 1918415 - MCD nil pointer on dropins 1918438 - [ja_JP, zh_CN] Serverless i18n misses 1918440 - Kernel Arguments get reapplied even when no new kargs has been added in MachineConfig 1918471 - CustomNoUpgrade Feature gates are not working correctly 1918558 - Supermicro nodes boot to PXE upon reboot after successful deployment to disk 1918622 - Updating ose-jenkins-agent-maven builder & base images to be consistent with ART 1918623 - Updating ose-jenkins-agent-nodejs-12 builder & base images to be consistent with ART 1918625 - Updating ose-jenkins-agent-nodejs-10 builder & base images to be consistent with ART 1918635 - Updating openshift-jenkins-2 builder & base images to be consistent with ART #1197 1918639 - Event listener with triggerRef crashes the console 1918648 - Subscription page doesn't show InstallPlan correctly 1918716 - Manilacsi becomes degraded even though it is not available with the underlying Openstack 1918748 - helmchartrepo is not http(s)_proxy-aware 1918757 - Consistant fallures of features/project-creation.feature Cypress test in CI 1918803 - Need dedicated details page w/ global config breadcrumbs for 'KnativeServing' plugin 1918826 - Insights popover icons are not horizontally aligned 1918879 - need better debug for bad pull secrets 1918958 - The default NMstate instance from the operator is incorrect 1919097 - Close bracket ")" missing at the end of the sentence in the UI 1919231 - quick search modal cut off on smaller screens 1919259 - Make "Add x" singular in Pipeline Builder 1919260 - VM Template list actions should not wrap 1919271 - NM prepender script doesn't support systemd-resolved 1919341 - Updating ose-jenkins-agent-maven builder & base images to be consistent with ART 1919360 - Need managed-cluster-info metric enabled for OCP monitoring telemetry 1919379 - dotnet logo out of date 1919387 - Console login fails with no error when it can't write to localStorage 1919396 - A11y Violation: svg-img-alt on Pod Status ring 1919407 - OpenStack IPI has three-node control plane limitation, but InstallConfigs aren't verified 1919750 - Search InstallPlans got Minified React error 1919778 - Upgrade is stuck in insights operator Degraded with "Source clusterconfig could not be retrieved" until insights operator pod is manually deleted 1919823 - OCP 4.7 Internationalization Chinese tranlate issue 1919851 - Visualization does not render when Pipeline & Task share same name 1919862 - The tip information foroc new-project --skip-config-writeis wrong 1919876 - VM created via customize wizard cannot inherit template's PVC attributes 1919877 - Click on KSVC breaks with white screen 1919879 - The toolbox container name is changed from 'toolbox-root' to 'toolbox-' in a chroot environment 1919945 - user entered name value overridden by default value when selecting a git repository 1919968 - [release-4.7] Undiagnosed panic detected in pod runtime.go:76: invalid memory address or nil pointer dereference 1919970 - NTO does not update when the tuned profile is updated. 1919999 - Bump Cluster Resource Operator Golang Versions 1920027 - machine-config-operator consistently failing during 4.6 to 4.7 upgrades and clusters do not install successfully with proxy configuration 1920200 - user-settings network error results in infinite loop of requests 1920205 - operator-registry e2e tests not working properly 1920214 - Bump golang to 1.15 in cluster-resource-override-admission 1920248 - re-running the pipelinerun with pipelinespec crashes the UI 1920320 - VM template field is "Not available" if it's created from common template 1920367 - When creating localvolumeset instance from the web console, the title for setting volumeMode isDisk Mode1920368 - Fix containers creation issue resulting in runc running on Guaranteed Pod CPUs 1920390 - Monitoring > Metrics graph shifts to the left when clicking the "Stacked" option and when toggling data series lines on / off 1920426 - Egress Router CNI OWNERS file should have ovn-k team members 1920427 - Need to updateoc loginhelp page since we don't support prompt interactively for the username 1920430 - [V2V] [UI] Browser window becomes empty when running import wizard for the first time 1920438 - openshift-tuned panics on turning debugging on/off. 1920445 - e2e-gcp-ovn-upgrade job is actually using openshift-sdn 1920481 - kuryr-cni pods using unreasonable amount of CPU 1920509 - wait for port 6443 to be open in the kube-scheduler container; use ss instead of lsof 1920524 - Topology graph crashes adding Open Data Hub operator 1920526 - catalog operator causing CPU spikes and bad etcd performance 1920551 - Boot Order is not editable for Templates in "openshift" namespace 1920555 - bump cluster-resource-override-admission api dependencies 1920571 - fcp multipath will not recover failed paths automatically 1920619 - Remove default scheduler profile value 1920655 - Console should not show the Create Autoscaler link in cluster settings when the CRD is not present 1920674 - MissingKey errors in bindings namespace 1920684 - Text in language preferences modal is misleading 1920695 - CI is broken because of bad image registry reference in the Makefile 1920756 - update generic-admission-server library to get the system:masters authorization optimization 1920769 - [Upgrade] OCP upgrade from 4.6.13 to 4.7.0-fc.4 for "network-check-target" failed when "defaultNodeSelector" is set 1920771 - i18n: Delete persistent volume claim drop down is not translated 1920806 - [OVN]Nodes lost network connection after reboot on the vSphere UPI 1920912 - Unable to power off BMH from console 1920981 - When OCS was deployed with arbiter mode enable add capacity is increasing the count by "2" 1920984 - [e2e][automation] some menu items names are out dated 1921013 - Gather PersistentVolume definition (if any) used in image registry config 1921023 - Do not enable Flexible Scaling to true for Internal mode clusters(revert to 4.6 behavior) 1921087 - 'start next quick start' link doesn't work and is unintuitive 1921088 - test-cmd is failing on volumes.sh pretty consistently 1921248 - Clarify the kubelet configuration cr description 1921253 - Text filter default placeholder text not internationalized 1921258 - User Preferences: Active perspective and project change in the current window when selected in a different window 1921275 - Panic in authentication-operator in (*deploymentController).updateOperatorDeploymentInfo 1921277 - Fix Warning and Info log statements to handle arguments 1921281 - oc get -o yaml --export returns "error: unknown flag: --export" 1921458 - [SDK] Gracefully handle therun bundle-upgradeif the lower version operator doesn't exist 1921556 - [OCS with Vault]: OCS pods didn't comeup after deploying with Vault details from UI 1921572 - For external source (i.e GitHub Source) form view as well shows yaml 1921580 - [e2e][automation]Test VM detail view actions dropdown does not pass 1921610 - Pipeline metrics font size inconsistency 1921644 - [e2e][automation] tests errors with wrong cloudInit new line syntax 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1921655 - [OSP] Incorrect error handling during cloudinfo generation 1921713 - [e2e][automation] fix failing VM migration tests 1921762 - Serving and Eventing breadcrumbs should direct users back to tabbed page view 1921774 - delete application modal errors when a resource cannot be found 1921806 - Explore page APIResourceLinks aren't i18ned 1921823 - CheckBoxControls not internationalized 1921836 - AccessTableRows don't internationalize "User" or "Group" 1921857 - Test flake when hitting router in e2e tests due to one router not being up to date 1921880 - Dynamic plugins are not initialized on console load in production mode 1921911 - Installer PR #4589 is causing leak of IAM role policy bindings 1921921 - "Global Configuration" breadcrumb does not use sentence case 1921949 - Console bug - source code URL broken for gitlab self-hosted repositories 1921954 - Subscription-related constraints in ResolutionFailed events are misleading 1922015 - buttons in modal header are invisible on Safari 1922021 - Nodes terminal page 'Expand' 'Collapse' button not translated 1922050 - [e2e][automation] Improve vm clone tests 1922066 - Cannot create VM from custom template which has extra disk 1922098 - Namespace selection dialog is not closed after select a namespace 1922099 - Updated Readme documentation for QE code review and setup 1922146 - Egress Router CNI doesn't have logging support. 1922267 - Collect specific ADFS error 1922292 - Bump RHCOS boot images for 4.7 1922454 - CRI-O doesn't enable pprof by default 1922473 - reconcile LSO images for 4.8 1922573 - oc returns an error while using -o jsonpath when there is no resource found in the namespace 1922782 - Source registry missing docker:// in yaml 1922907 - Interop UI Tests - step implementation for updating feature files 1922911 - Page crash when click the "Stacked" checkbox after clicking the data series toggle buttons 1922991 - "verify /run filesystem contents do not have unexpected content using a simple Docker Strategy Build" test fails on OKD 1923003 - WebConsole Insights widget showing "Issues pending" when the cluster doesn't report anything 1923098 - [vsphere-problem-detector-operator] Need permission to access replicasets.apps resources 1923102 - [vsphere-problem-detector-operator] pod's version is not correct 1923245 - [Assisted-4.7] [Staging][Minimal-ISO] nodes fails to boot 1923674 - k8s 1.20 vendor dependencies 1923721 - PipelineRun running status icon is not rotating 1923753 - Increase initialDelaySeconds for ovs-daemons container in the ovs-node daemonset for upgrade scenarios 1923774 - Docker builds failing for openshift/cluster-resource-override-admission-operator 1923802 - ci/prow/e2e-aws-olm build failing for openshift/cluster-resource-override-admission-operator 1923874 - Unable to specify values with % in kubeletconfig 1923888 - Fixes error metadata gathering 1923892 - Update arch.md after refactor. 1923894 - "installed" operator status in operatorhub page does not reflect the real status of operator 1923895 - Changelog generation. 1923911 - [e2e][automation] Improve tests for vm details page and list filter 1923945 - PVC Name and Namespace resets when user changes os/flavor/workload 1923951 - EventSources showsundefined` in project 1923973 - Dynamic plugin demo README does not contain info how to enable the ConsolePlugins 1924046 - Localhost: Refreshing on a Project removes it from nav item urls 1924078 - Topology quick search View all results footer should be sticky. 1924081 - NTO should ship the latest Tuned daemon release 2.15 1924084 - backend tests incorrectly hard-code artifacts dir 1924128 - [sig-builds][Feature:Builds] verify /run filesystem contents do not have unexpected content using a simple Docker Strategy Build 1924135 - Under sufficient load, CRI-O may segfault 1924143 - Code Editor Decorator url is broken for Bitbucket repos 1924188 - Language selector dropdown doesn't always pre-select the language 1924365 - Add extra disk for VM which use boot source PXE 1924383 - Degraded network operator during upgrade to 4.7.z 1924387 - [ja_JP][zh_CN] Incorrect warning message for deleting namespace on Delete Pod dialog box. 1924480 - non cluster admin can not take VM snapshot: An error occurred, cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on 1924583 - Deprectaed templates are listed in the Templates screen 1924870 - pick upstream pr#96901: plumb context with request deadline 1924955 - Images from Private external registry not working in deploy Image 1924961 - k8sutil.TrimDNS1123Label creates invalid values 1924985 - Build egress-router-cni for both RHEL 7 and 8 1925020 - Console demo plugin deployment image shoult not point to dockerhub 1925024 - Remove extra validations on kafka source form view net section 1925039 - [e2e] Fix Test - ID(CNV-5327) Change Custom Flavor while VM is running 1925072 - NTO needs to ship the current latest stalld v1.7.0 1925163 - Missing info about dev catalog in boot source template column 1925200 - Monitoring Alert icon is missing on the workload in Topology view 1925262 - apiserver getting 2 SIGTERM signals which was immediately making it exit code 1 1925319 - bash syntax error in configure-ovs.sh script 1925408 - Remove StatefulSet gatherer and replace it with gathering corresponding config map data 1925516 - Pipeline Metrics Tooltips are overlapping data 1925562 - Add new ArgoCD link from GitOps application environments page 1925596 - Gitops details page image and commit id text overflows past card boundary 1926556 - 'excessive etcd leader changes' test case failing in serial job because prometheus data is wiped by machine set test 1926588 - The tarball of operator-sdk is not ready for ocp4.7 1927456 - 4.7 still points to 4.6 catalog images 1927500 - API server exits non-zero on 2 SIGTERM signals 1929278 - Monitoring workloads using too high a priorityclass 1929645 - Remove openshift:kubevirt-machine-controllers decleration from machine-api 1929920 - Cluster monitoring documentation link is broken - 404 not found

    1. References:

    https://access.redhat.com/security/cve/CVE-2018-10103 https://access.redhat.com/security/cve/CVE-2018-10105 https://access.redhat.com/security/cve/CVE-2018-14461 https://access.redhat.com/security/cve/CVE-2018-14462 https://access.redhat.com/security/cve/CVE-2018-14463 https://access.redhat.com/security/cve/CVE-2018-14464 https://access.redhat.com/security/cve/CVE-2018-14465 https://access.redhat.com/security/cve/CVE-2018-14466 https://access.redhat.com/security/cve/CVE-2018-14467 https://access.redhat.com/security/cve/CVE-2018-14468 https://access.redhat.com/security/cve/CVE-2018-14469 https://access.redhat.com/security/cve/CVE-2018-14470 https://access.redhat.com/security/cve/CVE-2018-14553 https://access.redhat.com/security/cve/CVE-2018-14879 https://access.redhat.com/security/cve/CVE-2018-14880 https://access.redhat.com/security/cve/CVE-2018-14881 https://access.redhat.com/security/cve/CVE-2018-14882 https://access.redhat.com/security/cve/CVE-2018-16227 https://access.redhat.com/security/cve/CVE-2018-16228 https://access.redhat.com/security/cve/CVE-2018-16229 https://access.redhat.com/security/cve/CVE-2018-16230 https://access.redhat.com/security/cve/CVE-2018-16300 https://access.redhat.com/security/cve/CVE-2018-16451 https://access.redhat.com/security/cve/CVE-2018-16452 https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2019-3884 https://access.redhat.com/security/cve/CVE-2019-5018 https://access.redhat.com/security/cve/CVE-2019-6977 https://access.redhat.com/security/cve/CVE-2019-6978 https://access.redhat.com/security/cve/CVE-2019-8625 https://access.redhat.com/security/cve/CVE-2019-8710 https://access.redhat.com/security/cve/CVE-2019-8720 https://access.redhat.com/security/cve/CVE-2019-8743 https://access.redhat.com/security/cve/CVE-2019-8764 https://access.redhat.com/security/cve/CVE-2019-8766 https://access.redhat.com/security/cve/CVE-2019-8769 https://access.redhat.com/security/cve/CVE-2019-8771 https://access.redhat.com/security/cve/CVE-2019-8782 https://access.redhat.com/security/cve/CVE-2019-8783 https://access.redhat.com/security/cve/CVE-2019-8808 https://access.redhat.com/security/cve/CVE-2019-8811 https://access.redhat.com/security/cve/CVE-2019-8812 https://access.redhat.com/security/cve/CVE-2019-8813 https://access.redhat.com/security/cve/CVE-2019-8814 https://access.redhat.com/security/cve/CVE-2019-8815 https://access.redhat.com/security/cve/CVE-2019-8816 https://access.redhat.com/security/cve/CVE-2019-8819 https://access.redhat.com/security/cve/CVE-2019-8820 https://access.redhat.com/security/cve/CVE-2019-8823 https://access.redhat.com/security/cve/CVE-2019-8835 https://access.redhat.com/security/cve/CVE-2019-8844 https://access.redhat.com/security/cve/CVE-2019-8846 https://access.redhat.com/security/cve/CVE-2019-9455 https://access.redhat.com/security/cve/CVE-2019-9458 https://access.redhat.com/security/cve/CVE-2019-11068 https://access.redhat.com/security/cve/CVE-2019-12614 https://access.redhat.com/security/cve/CVE-2019-13050 https://access.redhat.com/security/cve/CVE-2019-13225 https://access.redhat.com/security/cve/CVE-2019-13627 https://access.redhat.com/security/cve/CVE-2019-14889 https://access.redhat.com/security/cve/CVE-2019-15165 https://access.redhat.com/security/cve/CVE-2019-15166 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-15917 https://access.redhat.com/security/cve/CVE-2019-15925 https://access.redhat.com/security/cve/CVE-2019-16167 https://access.redhat.com/security/cve/CVE-2019-16168 https://access.redhat.com/security/cve/CVE-2019-16231 https://access.redhat.com/security/cve/CVE-2019-16233 https://access.redhat.com/security/cve/CVE-2019-16935 https://access.redhat.com/security/cve/CVE-2019-17450 https://access.redhat.com/security/cve/CVE-2019-17546 https://access.redhat.com/security/cve/CVE-2019-18197 https://access.redhat.com/security/cve/CVE-2019-18808 https://access.redhat.com/security/cve/CVE-2019-18809 https://access.redhat.com/security/cve/CVE-2019-19046 https://access.redhat.com/security/cve/CVE-2019-19056 https://access.redhat.com/security/cve/CVE-2019-19062 https://access.redhat.com/security/cve/CVE-2019-19063 https://access.redhat.com/security/cve/CVE-2019-19068 https://access.redhat.com/security/cve/CVE-2019-19072 https://access.redhat.com/security/cve/CVE-2019-19221 https://access.redhat.com/security/cve/CVE-2019-19319 https://access.redhat.com/security/cve/CVE-2019-19332 https://access.redhat.com/security/cve/CVE-2019-19447 https://access.redhat.com/security/cve/CVE-2019-19524 https://access.redhat.com/security/cve/CVE-2019-19533 https://access.redhat.com/security/cve/CVE-2019-19537 https://access.redhat.com/security/cve/CVE-2019-19543 https://access.redhat.com/security/cve/CVE-2019-19602 https://access.redhat.com/security/cve/CVE-2019-19767 https://access.redhat.com/security/cve/CVE-2019-19770 https://access.redhat.com/security/cve/CVE-2019-19906 https://access.redhat.com/security/cve/CVE-2019-19956 https://access.redhat.com/security/cve/CVE-2019-20054 https://access.redhat.com/security/cve/CVE-2019-20218 https://access.redhat.com/security/cve/CVE-2019-20386 https://access.redhat.com/security/cve/CVE-2019-20387 https://access.redhat.com/security/cve/CVE-2019-20388 https://access.redhat.com/security/cve/CVE-2019-20454 https://access.redhat.com/security/cve/CVE-2019-20636 https://access.redhat.com/security/cve/CVE-2019-20807 https://access.redhat.com/security/cve/CVE-2019-20812 https://access.redhat.com/security/cve/CVE-2019-20907 https://access.redhat.com/security/cve/CVE-2019-20916 https://access.redhat.com/security/cve/CVE-2020-0305 https://access.redhat.com/security/cve/CVE-2020-0444 https://access.redhat.com/security/cve/CVE-2020-1716 https://access.redhat.com/security/cve/CVE-2020-1730 https://access.redhat.com/security/cve/CVE-2020-1751 https://access.redhat.com/security/cve/CVE-2020-1752 https://access.redhat.com/security/cve/CVE-2020-1971 https://access.redhat.com/security/cve/CVE-2020-2574 https://access.redhat.com/security/cve/CVE-2020-2752 https://access.redhat.com/security/cve/CVE-2020-2922 https://access.redhat.com/security/cve/CVE-2020-3862 https://access.redhat.com/security/cve/CVE-2020-3864 https://access.redhat.com/security/cve/CVE-2020-3865 https://access.redhat.com/security/cve/CVE-2020-3867 https://access.redhat.com/security/cve/CVE-2020-3868 https://access.redhat.com/security/cve/CVE-2020-3885 https://access.redhat.com/security/cve/CVE-2020-3894 https://access.redhat.com/security/cve/CVE-2020-3895 https://access.redhat.com/security/cve/CVE-2020-3897 https://access.redhat.com/security/cve/CVE-2020-3898 https://access.redhat.com/security/cve/CVE-2020-3899 https://access.redhat.com/security/cve/CVE-2020-3900 https://access.redhat.com/security/cve/CVE-2020-3901 https://access.redhat.com/security/cve/CVE-2020-3902 https://access.redhat.com/security/cve/CVE-2020-6405 https://access.redhat.com/security/cve/CVE-2020-7595 https://access.redhat.com/security/cve/CVE-2020-7774 https://access.redhat.com/security/cve/CVE-2020-8177 https://access.redhat.com/security/cve/CVE-2020-8492 https://access.redhat.com/security/cve/CVE-2020-8563 https://access.redhat.com/security/cve/CVE-2020-8566 https://access.redhat.com/security/cve/CVE-2020-8619 https://access.redhat.com/security/cve/CVE-2020-8622 https://access.redhat.com/security/cve/CVE-2020-8623 https://access.redhat.com/security/cve/CVE-2020-8624 https://access.redhat.com/security/cve/CVE-2020-8647 https://access.redhat.com/security/cve/CVE-2020-8648 https://access.redhat.com/security/cve/CVE-2020-8649 https://access.redhat.com/security/cve/CVE-2020-9327 https://access.redhat.com/security/cve/CVE-2020-9802 https://access.redhat.com/security/cve/CVE-2020-9803 https://access.redhat.com/security/cve/CVE-2020-9805 https://access.redhat.com/security/cve/CVE-2020-9806 https://access.redhat.com/security/cve/CVE-2020-9807 https://access.redhat.com/security/cve/CVE-2020-9843 https://access.redhat.com/security/cve/CVE-2020-9850 https://access.redhat.com/security/cve/CVE-2020-9862 https://access.redhat.com/security/cve/CVE-2020-9893 https://access.redhat.com/security/cve/CVE-2020-9894 https://access.redhat.com/security/cve/CVE-2020-9895 https://access.redhat.com/security/cve/CVE-2020-9915 https://access.redhat.com/security/cve/CVE-2020-9925 https://access.redhat.com/security/cve/CVE-2020-10018 https://access.redhat.com/security/cve/CVE-2020-10029 https://access.redhat.com/security/cve/CVE-2020-10732 https://access.redhat.com/security/cve/CVE-2020-10749 https://access.redhat.com/security/cve/CVE-2020-10751 https://access.redhat.com/security/cve/CVE-2020-10763 https://access.redhat.com/security/cve/CVE-2020-10773 https://access.redhat.com/security/cve/CVE-2020-10774 https://access.redhat.com/security/cve/CVE-2020-10942 https://access.redhat.com/security/cve/CVE-2020-11565 https://access.redhat.com/security/cve/CVE-2020-11668 https://access.redhat.com/security/cve/CVE-2020-11793 https://access.redhat.com/security/cve/CVE-2020-12465 https://access.redhat.com/security/cve/CVE-2020-12655 https://access.redhat.com/security/cve/CVE-2020-12659 https://access.redhat.com/security/cve/CVE-2020-12770 https://access.redhat.com/security/cve/CVE-2020-12826 https://access.redhat.com/security/cve/CVE-2020-13249 https://access.redhat.com/security/cve/CVE-2020-13630 https://access.redhat.com/security/cve/CVE-2020-13631 https://access.redhat.com/security/cve/CVE-2020-13632 https://access.redhat.com/security/cve/CVE-2020-14019 https://access.redhat.com/security/cve/CVE-2020-14040 https://access.redhat.com/security/cve/CVE-2020-14381 https://access.redhat.com/security/cve/CVE-2020-14382 https://access.redhat.com/security/cve/CVE-2020-14391 https://access.redhat.com/security/cve/CVE-2020-14422 https://access.redhat.com/security/cve/CVE-2020-15157 https://access.redhat.com/security/cve/CVE-2020-15503 https://access.redhat.com/security/cve/CVE-2020-15862 https://access.redhat.com/security/cve/CVE-2020-15999 https://access.redhat.com/security/cve/CVE-2020-16166 https://access.redhat.com/security/cve/CVE-2020-24490 https://access.redhat.com/security/cve/CVE-2020-24659 https://access.redhat.com/security/cve/CVE-2020-25211 https://access.redhat.com/security/cve/CVE-2020-25641 https://access.redhat.com/security/cve/CVE-2020-25658 https://access.redhat.com/security/cve/CVE-2020-25661 https://access.redhat.com/security/cve/CVE-2020-25662 https://access.redhat.com/security/cve/CVE-2020-25681 https://access.redhat.com/security/cve/CVE-2020-25682 https://access.redhat.com/security/cve/CVE-2020-25683 https://access.redhat.com/security/cve/CVE-2020-25684 https://access.redhat.com/security/cve/CVE-2020-25685 https://access.redhat.com/security/cve/CVE-2020-25686 https://access.redhat.com/security/cve/CVE-2020-25687 https://access.redhat.com/security/cve/CVE-2020-25694 https://access.redhat.com/security/cve/CVE-2020-25696 https://access.redhat.com/security/cve/CVE-2020-26160 https://access.redhat.com/security/cve/CVE-2020-27813 https://access.redhat.com/security/cve/CVE-2020-27846 https://access.redhat.com/security/cve/CVE-2020-28362 https://access.redhat.com/security/cve/CVE-2020-29652 https://access.redhat.com/security/cve/CVE-2021-2007 https://access.redhat.com/security/cve/CVE-2021-3121 https://access.redhat.com/security/updates/classification/#moderate

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBYDZ+bNzjgjWX9erEAQghXg//awGwjQxJ5LEZWBTdgyuCa8mHEi2rop5T lmebolBMNRSbo9gI8LMSHlvIBBFiV4CuFvfxE0AVLNentfzOTH11TxNWe1KQYt4H EmcGHPeHWTxKDkvAHtVcWXy9WN3y5d4lHSaq6AR1nHRPcj/k1upyx22kotpnYxN8 4d49PjFTO3YbmdYpNLVJ9nY8izqUpTfM7YSyj6ANZSlaYc5Z215o6TPo6e3wobf4 mWu+VfDS0v+/AbGhQhO2sQ7r2ysJ85MB7c62cxck4a51KiA0NKd4xr0TAA4KHnNL ISHFzi5QYXu+meE+9wYRo1ZjJ5fbPj41+1TJbR6O4CbP0xQiFpcUSipNju3rGSGy Ae5G/QGT8J7HzOjlKVvY3SFu/odENR6c+xUIr7IB/FBlu7DdPF2XxMZDQD4DKHEk 4aiDbuiEL3Yf78Ic1RqPPmrj9plIwprVFQz+k3JaQXKD+1dBxO6tk+nVu2/5xNbM uR03hrthYYIpdXLSWU4lzq8j3kQ9wZ4j/m2o6/K6eHNl9PyqAG5jfQv9bVf8E3oG krzc/JLvOfHNEQ/oJs/v/DFDmnAxshCCtGWlpLJ5J0pcD3EePsrPNs1QtQurVrMv RjfBCWKOij53+BinrMKHdsHxfur7GCFCIQCVaLIv6GUjX2NWI0voIVA8JkrFNNp6 McvuEaxco7U= =sw8i -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution:

    For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1790277 - CVE-2019-20372 nginx: HTTP request smuggling in configurations with URL redirect used as error_page 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1850004 - CVE-2020-11023 jquery: Passing HTML containing elements to manipulation methods could result in untrusted code execution 1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection 1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape

    This advisory provides the following updates among others:

    • Enhances profile parsing time.
    • Fixes excessive resource consumption from the Operator.
    • Fixes default content image.
    • Fixes outdated remediation handling. Bugs fixed (https://bugzilla.redhat.com/):

    1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1918990 - ComplianceSuite scans use quay content image for initContainer 1919135 - [OCP v46] The autoApplyRemediation pauses the machineConfigPool if there is outdated complianceRemediation object present 1919846 - After remediation applied, the compliancecheckresults still reports Failed status for some rules 1920999 - Compliance operator is not displayed when disconnected mode is selected in the OpenShift Web-Console. Bugs fixed (https://bugzilla.redhat.com/):

    1914774 - CVE-2021-20178 ansible: user data leak in snmp_facts module 1915808 - CVE-2021-20180 ansible module: bitbucket_pipeline_variable exposes secured values 1916813 - CVE-2021-20191 ansible: multiple modules expose secured values 1925002 - CVE-2021-20228 ansible: basic.py no_log with fallback option 1939349 - CVE-2021-3447 ansible: multiple modules expose secured values

    1. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools. Bugs fixed (https://bugzilla.redhat.com/):

    1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1732329 - Virtual Machine is missing documentation of its properties in yaml editor 1783192 - Guest kernel panic when start RHEL6.10 guest with q35 machine type and virtio disk in cnv 1791753 - [RFE] [SSP] Template validator should check validations in template's parent template 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1848954 - KMP missing CA extensions in cabundle of mutatingwebhookconfiguration 1848956 - KMP requires downtime for CA stabilization during certificate rotation 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1853911 - VM with dot in network name fails to start with unclear message 1854098 - NodeNetworkState on workers doesn't have "status" key due to nmstate-handler pod failure to run "nmstatectl show" 1856347 - SR-IOV : Missing network name for sriov during vm setup 1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS 1859235 - Common Templates - after upgrade there are 2 common templates per each os-workload-flavor combination 1860714 - No API information from oc explain 1860992 - CNV upgrade - users are not removed from privileged SecurityContextConstraints 1864577 - [v2v][RHV to CNV non migratable source VM fails to import to Ceph-rbd / File system due to overhead required for Filesystem 1866593 - CDI is not handling vm disk clone 1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs 1868817 - Container-native Virtualization 2.6.0 Images 1873771 - Improve the VMCreationFailed error message caused by VM low memory 1874812 - SR-IOV: Guest Agent expose link-local ipv6 address for sometime and then remove it 1878499 - DV import doesn't recover from scratch space PVC deletion 1879108 - Inconsistent naming of "oc virt" command in help text 1881874 - openshift-cnv namespace is getting stuck if the user tries to delete it while CNV is running 1883232 - Webscale: kubevirt/CNV datavolume importer pod inability to disable sidecar injection if namespace has sidecar injection enabled but VM Template does NOT 1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability 1885153 - [v2v][RHV to CNv VM import] Wrong Network mapping do not show a relevant error message 1885418 - [openshift-cnv] issues with memory overhead calculation when limits are used 1887398 - [openshift-cnv][CNV] nodes need to exist and be labeled first, before the NodeNetworkConfigurationPolicy is applied 1889295 - [v2v][VMware to CNV VM import API] diskMappings: volumeMode Block is not passed on to PVC request. Description:

    Red Hat OpenShift Do (odo) is a simple CLI tool for developers to create, build, and deploy applications on OpenShift. The odo tool is completely client-based and requires no server within the OpenShift cluster for deployment. It detects changes to local code and deploys it to the cluster automatically, giving instant feedback to validate changes in real-time. It supports multiple programming languages and frameworks. Solution:

    Download and install a new CLI binary by following the instructions linked from the References section. Bugs fixed (https://bugzilla.redhat.com/):

    1832983 - Release of 1.1.3 odo-init-image

    5

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "30"
          },
          {
            "_id": null,
            "model": "libxml2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "xmlsoft",
            "version": "2.9.10"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "32"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "12.04"
          },
          {
            "_id": null,
            "model": "clustered data ontap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "19.10"
          },
          {
            "_id": null,
            "model": "active iq unified manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "clustered data ontap antivirus connector",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "real user experience insight",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "13.3.1.0"
          },
          {
            "_id": null,
            "model": "steelstore cloud integrated storage",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "18.04"
          },
          {
            "_id": null,
            "model": "ontap select deploy administration utility",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "manageability software development kit",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "16.04"
          },
          {
            "_id": null,
            "model": "sinema remote connect server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "14.04"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-19956"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "160624"
          },
          {
            "db": "PACKETSTORM",
            "id": "161546"
          },
          {
            "db": "PACKETSTORM",
            "id": "161727"
          },
          {
            "db": "PACKETSTORM",
            "id": "161429"
          },
          {
            "db": "PACKETSTORM",
            "id": "162142"
          },
          {
            "db": "PACKETSTORM",
            "id": "162130"
          },
          {
            "db": "PACKETSTORM",
            "id": "161742"
          },
          {
            "db": "PACKETSTORM",
            "id": "161916"
          }
        ],
        "trust": 0.8
      },
      "cve": "CVE-2019-19956",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-19956",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-19956",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-19956",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2019-19956",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201912-1088",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-19956",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2019-19956"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-1088"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19956"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19956"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc-\u003eoldNs. In addition to persistent storage, Red Hat\nOpenShift Container Storage provisions a multicloud data management service\nwith an S3 compatible API. \n\nThese updated images include numerous security fixes, bug fixes, and\nenhancements. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1806266 - Require an extension to the cephfs subvolume commands, that can return metadata regarding a subvolume\n1813506 - Dockerfile not  compatible with docker and buildah\n1817438 - OSDs not distributed uniformly across OCS nodes on a 9-node AWS IPI setup\n1817850 - [BAREMETAL] rook-ceph-operator does not reconcile when osd deployment is deleted when performed node replacement\n1827157 - OSD hitting default CPU limit on AWS i3en.2xlarge instances limiting performance\n1829055 - [RFE] add insecureEdgeTerminationPolicy: Redirect to noobaa mgmt route (http to https)\n1833153 - add a variable for sleep time of rook operator between checks of downed OSD+Node. \n1836299 - NooBaa Operator deploys with HPA that fires maxreplicas alerts by default\n1842254 - [NooBaa] Compression stats do not add up when compression id disabled\n1845976 - OCS 4.5 Independent mode: must-gather commands fails to collect ceph command outputs from external cluster\n1849771 - [RFE] Account created by OBC should have same permissions as bucket owner\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1854500 - [tracker-rhcs bug 1838931] mgr/volumes: add command to return metadata of a subvolume snapshot\n1854501 - [Tracker-rhcs bug 1848494 ]pybind/mgr/volumes: Add the ability to keep snapshots of subvolumes independent of the source subvolume\n1854503 - [tracker-rhcs-bug 1848503] cephfs: Provide alternatives to increase the total cephfs subvolume snapshot counts to greater than the current 400 across a Cephfs volume\n1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS\n1858195 - [GSS] registry pod stuck in ContainerCreating due to pvc from cephfs storage class fail to mount\n1859183 - PV expansion is failing in retry loop in pre-existing PV after upgrade to OCS 4.5 (i.e. if the PV spec does not contain expansion params)\n1859229 - Rook should delete extra MON PVCs in case first reconcile takes too long and rook skips \"b\" and \"c\" (spawned from Bug 1840084#c14)\n1859478 - OCS 4.6 : Upon deployment, CSI Pods in CLBO with error - flag provided but not defined: -metadatastorage\n1860022 - OCS 4.6 Deployment: LBP CSV and pod should not be deployed since ob/obc CRDs are owned from OCS 4.5 onwards\n1860034 - OCS 4.6 Deployment in ocs-ci : Toolbox pod in ContainerCreationError due to key admin-secret not found\n1860670 - OCS 4.5 Uninstall External: Openshift-storage namespace in Terminating state as CephObjectStoreUser had finalizers remaining\n1860848 - Add validation for rgw-pool-prefix in the ceph-external-cluster-details-exporter script\n1861780 - [Tracker BZ1866386][IBM s390x] Mount Failed for CEPH  while running couple of OCS test cases. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update\nAdvisory ID:       RHSA-2020:5633-01\nProduct:           Red Hat OpenShift Enterprise\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2020:5633\nIssue date:        2021-02-24\nCVE Names:         CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 \n                   CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 \n                   CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 \n                   CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 \n                   CVE-2018-14553 CVE-2018-14879 CVE-2018-14880 \n                   CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 \n                   CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 \n                   CVE-2018-16300 CVE-2018-16451 CVE-2018-16452 \n                   CVE-2018-20843 CVE-2019-3884 CVE-2019-5018 \n                   CVE-2019-6977 CVE-2019-6978 CVE-2019-8625 \n                   CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 \n                   CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 \n                   CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 \n                   CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 \n                   CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 \n                   CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 \n                   CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 \n                   CVE-2019-8846 CVE-2019-9455 CVE-2019-9458 \n                   CVE-2019-11068 CVE-2019-12614 CVE-2019-13050 \n                   CVE-2019-13225 CVE-2019-13627 CVE-2019-14889 \n                   CVE-2019-15165 CVE-2019-15166 CVE-2019-15903 \n                   CVE-2019-15917 CVE-2019-15925 CVE-2019-16167 \n                   CVE-2019-16168 CVE-2019-16231 CVE-2019-16233 \n                   CVE-2019-16935 CVE-2019-17450 CVE-2019-17546 \n                   CVE-2019-18197 CVE-2019-18808 CVE-2019-18809 \n                   CVE-2019-19046 CVE-2019-19056 CVE-2019-19062 \n                   CVE-2019-19063 CVE-2019-19068 CVE-2019-19072 \n                   CVE-2019-19221 CVE-2019-19319 CVE-2019-19332 \n                   CVE-2019-19447 CVE-2019-19524 CVE-2019-19533 \n                   CVE-2019-19537 CVE-2019-19543 CVE-2019-19602 \n                   CVE-2019-19767 CVE-2019-19770 CVE-2019-19906 \n                   CVE-2019-19956 CVE-2019-20054 CVE-2019-20218 \n                   CVE-2019-20386 CVE-2019-20387 CVE-2019-20388 \n                   CVE-2019-20454 CVE-2019-20636 CVE-2019-20807 \n                   CVE-2019-20812 CVE-2019-20907 CVE-2019-20916 \n                   CVE-2020-0305 CVE-2020-0444 CVE-2020-1716 \n                   CVE-2020-1730 CVE-2020-1751 CVE-2020-1752 \n                   CVE-2020-1971 CVE-2020-2574 CVE-2020-2752 \n                   CVE-2020-2922 CVE-2020-3862 CVE-2020-3864 \n                   CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 \n                   CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 \n                   CVE-2020-3897 CVE-2020-3898 CVE-2020-3899 \n                   CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 \n                   CVE-2020-6405 CVE-2020-7595 CVE-2020-7774 \n                   CVE-2020-8177 CVE-2020-8492 CVE-2020-8563 \n                   CVE-2020-8566 CVE-2020-8619 CVE-2020-8622 \n                   CVE-2020-8623 CVE-2020-8624 CVE-2020-8647 \n                   CVE-2020-8648 CVE-2020-8649 CVE-2020-9327 \n                   CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 \n                   CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 \n                   CVE-2020-9850 CVE-2020-9862 CVE-2020-9893 \n                   CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 \n                   CVE-2020-9925 CVE-2020-10018 CVE-2020-10029 \n                   CVE-2020-10732 CVE-2020-10749 CVE-2020-10751 \n                   CVE-2020-10763 CVE-2020-10773 CVE-2020-10774 \n                   CVE-2020-10942 CVE-2020-11565 CVE-2020-11668 \n                   CVE-2020-11793 CVE-2020-12465 CVE-2020-12655 \n                   CVE-2020-12659 CVE-2020-12770 CVE-2020-12826 \n                   CVE-2020-13249 CVE-2020-13630 CVE-2020-13631 \n                   CVE-2020-13632 CVE-2020-14019 CVE-2020-14040 \n                   CVE-2020-14381 CVE-2020-14382 CVE-2020-14391 \n                   CVE-2020-14422 CVE-2020-15157 CVE-2020-15503 \n                   CVE-2020-15862 CVE-2020-15999 CVE-2020-16166 \n                   CVE-2020-24490 CVE-2020-24659 CVE-2020-25211 \n                   CVE-2020-25641 CVE-2020-25658 CVE-2020-25661 \n                   CVE-2020-25662 CVE-2020-25681 CVE-2020-25682 \n                   CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 \n                   CVE-2020-25686 CVE-2020-25687 CVE-2020-25694 \n                   CVE-2020-25696 CVE-2020-26160 CVE-2020-27813 \n                   CVE-2020-27846 CVE-2020-28362 CVE-2020-29652 \n                   CVE-2021-2007 CVE-2021-3121 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.7.0 is now available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.7.0. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2020:5634\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.0-x86_64\n\nThe image digest is\nsha256:d74b1cfa81f8c9cc23336aee72d8ae9c9905e62c4874b071317a078c316f8a70\n\n(For s390x architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.0-s390x\n\nThe image digest is\nsha256:a68ca03d87496ddfea0ac26b82af77231583a58a7836b95de85efe5e390ad45d\n\n(For ppc64le architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.0-ppc64le\n\nThe image digest is\nsha256:bc7b04e038c8ff3a33b827f4ee19aa79b26e14c359a7dcc1ced9f3b58e5f1ac6\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor. \n\nSecurity Fix(es):\n\n* crewjam/saml: authentication bypass in saml authentication\n(CVE-2020-27846)\n\n* golang: crypto/ssh: crafted authentication request can lead to nil\npointer dereference (CVE-2020-29652)\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index\nvalidation (CVE-2021-3121)\n\n* nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)\n\n* kubernetes: Secret leaks in kube-controller-manager when using vSphere\nProvider (CVE-2020-8563)\n\n* containernetworking/plugins: IPv6 router advertisements allow for MitM\nattacks on IPv4 clusters (CVE-2020-10749)\n\n* heketi: gluster-block volume password details available in logs\n(CVE-2020-10763)\n\n* golang.org/x/text: possibility to trigger an infinite loop in\nencoding/unicode could lead to crash (CVE-2020-14040)\n\n* jwt-go: access restriction bypass vulnerability (CVE-2020-26160)\n\n* golang-github-gorilla-websocket: integer overflow leads to denial of\nservice (CVE-2020-27813)\n\n* golang: math/big: panic during recursive division of very large numbers\n(CVE-2020-28362)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nFor OpenShift Container Platform 4.7, see the following documentation,\nwhich\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -cli.html. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1620608 - Restoring deployment config with history leads to weird state\n1752220 - [OVN] Network Policy fails to work when project label gets overwritten\n1756096 - Local storage operator should implement must-gather spec\n1756173 - /etc/udev/rules.d/66-azure-storage.rules missing from initramfs\n1768255 - installer reports 100% complete but failing components\n1770017 - Init containers restart when the exited container is removed from node. \n1775057 - [MSTR-485] Cluster is abnormal after etcd backup/restore when the backup is conducted during etcd encryption is migrating\n1775444 - RFE: k8s cpu manager does not restrict /usr/bin/pod cpuset\n1777038 - Cluster scaled beyond host subnet limits does not fire alert or cleanly report why it cannot scale\n1777224 - InfraID in metadata.json and .openshift_install_state.json is not consistent when repeating `create` commands\n1784298 - \"Displaying with reduced resolution due to large dataset.\" would show under some conditions\n1785399 - Under condition of heavy pod creation, creation fails with \u0027error reserving pod name ...: name is reserved\"\n1797766 - Resource Requirements\" specDescriptor fields - CPU and Memory injects empty string YAML editor\n1801089 - [OVN] Installation failed and monitoring pod not created due to some network error. \n1805025 - [OSP] Machine status doesn\u0027t become \"Failed\" when creating a machine with invalid image\n1805639 - Machine status should be \"Failed\" when creating a machine with invalid machine configuration\n1806000 - CRI-O failing with: error reserving ctr name\n1806915 - openshift-service-ca: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be\n1806917 - openshift-service-ca-operator: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be\n1810438 - Installation logs are not gathered from OCP nodes\n1812085 - kubernetes-networking-namespace-pods dashboard doesn\u0027t exist\n1812412 - Monitoring Dashboard: on restricted cluster, query timed out in expression evaluation\n1813012 - EtcdDiscoveryDomain no longer needed\n1813949 - openshift-install doesn\u0027t use env variables for OS_* for some of API endpoints\n1816812 - OpenShift test suites are not resilient to rate limited registries (like docker.io) and cannot control their dependencies for offline use\n1819053 - loading OpenAPI spec for \"v1beta1.metrics.k8s.io\" failed with: OpenAPI spec does not exist\n1819457 - Package Server is in \u0027Cannot update\u0027 status despite properly working\n1820141 - [RFE] deploy qemu-quest-agent on the nodes\n1822744 - OCS Installation CI test flaking\n1824038 - Integration Tests: StaleElementReferenceError in OLM single-installmode scenario\n1825892 - StorageClasses and PVs are not cleaned completely after running the csi verification tool\n1826301 - Wrong NodeStatus reports in file-integrity scan when configuration error in aide.conf file\n1829723 - User workload monitoring alerts fire out of the box\n1832968 - oc adm catalog mirror does not mirror the index image itself\n1833012 - Lower OVNKubernetes HTTP E/W performance compared with OpenShiftSDN\n1833220 - CVE-2020-10749 containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters\n1834995 - olmFull suite always fails once th suite is run on the same cluster\n1836017 - vSphere UPI: Both Internal and External load balancers for kube-apiserver should use /readyz\n1837953 - Replacing masters doesn\u0027t work for ovn-kubernetes 4.4\n1838352 - OperatorExited, Pending marketplace-operator-... pod for several weeks\n1838751 - [oVirt][Tracker] Re-enable skipped network tests\n1839239 - csi-snapshot-controller flickers Degraded=True on etcd hiccups\n1840759 - [aws-ebs-csi-driver] The volume created by aws ebs csi driver can not be deleted when the cluster is destroyed\n1841039 - authentication-operator: Add e2e test for password grants to Keycloak being set as OIDC IdP\n1841119 - Get rid of config patches and pass flags directly to kcm\n1841175 - When an Install Plan gets deleted, OLM does not create a new one\n1841381 - Issue with memoryMB validation\n1841885 - oc adm catalog mirror command attempts to pull from registry.redhat.io when using --from-dir option\n1844727 - Etcd container leaves grep and lsof zombie processes\n1845387 - CVE-2020-10763 heketi: gluster-block volume password details available in logs\n1847074 - Filter bar layout issues at some screen widths on search page\n1848358 - CRDs with preserveUnknownFields:true don\u0027t reflect in status that they are non-structural\n1849543 - [4.5]kubeletconfig\u0027s description will show multiple lines for finalizers when upgrade from 4.4.8-\u003e4.5\n1851103 - Use of NetworkManager-wait-online.service in rhcos-growpart.service\n1851203 - [GSS] [RFE] Need a simpler representation of capactiy breakdown in total usage and per project breakdown in OCS 4 dashboard\n1851351 - OCP 4.4.9: EtcdMemberIPMigratorDegraded: rpc error: code = Canceled desc = grpc: the client connection is closing\n1851693 - The `oc apply` should return errors instead of hanging there when failing to create the CRD\n1852289 - Upgrade testsuite fails on ppc64le environment - Unsupported LoadBalancer service\n1853115 - the restriction of --cloud option should be shown in help text. \n1853116 - `--to` option does not work with `--credentials-requests` flag. \n1853352 - [v2v][UI] Storage Class fields Should  Not be empty  in VM  disks view\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1854567 - \"Installed Operators\" list showing \"duplicated\" entries during installation\n1855325 - [Feature:Prometheus][Conformance] Prometheus when installed on the cluster [Top Level] [Feature:Prometheus][Conformance] Prometheus when installed on the cluster should report telemetry if a cloud.openshift.com token is present\n1855351 - Inconsistent Installer reactions to Ctrl-C during user input process\n1855408 - OVN cluster unstable after running minimal scale test\n1856351 - Build page should show metrics for when the build ran, not the last 30 minutes\n1856354 - New APIServices missing from OpenAPI definitions\n1857446 - ARO/Azure: excessive pod memory allocation causes node lockup\n1857877 - Operator upgrades can delete existing CSV before completion\n1858578 - [v2v] [ui] VM import RHV to CNV Target VM Name longer than 63 chars should not be allowed\n1859174 - [IPI][OSP] Having errors from 4.3 to 4.6 about Security group rule already created\n1860136 - default ingress does not propagate annotations to route object on update\n1860322 - [OCPv4.5.2] after unexpected shutdown one of RHV Hypervisors, OCP worker nodes machine are marked as \"Failed\"\n1860518 - unable to stop a crio pod\n1861383 - Route with `haproxy.router.openshift.io/timeout: 365d` kills the ingress controller\n1862430 - LSO: PV creation lock should not be acquired in a loop\n1862489 - LSO autoprovisioning should exclude top level disks that are part of LVM volume group. \n1862608 - Virtual media does not work on hosts using BIOS, only UEFI\n1862918 - [v2v] User should only select SRIOV network when importin vm with SRIOV network\n1865743 - Some pods are stuck in ContainerCreating and some sdn pods are in CrashLoopBackOff\n1865839 - rpm-ostree fails with \"System transaction in progress\" when moving to kernel-rt\n1866043 - Configurable table column headers can be illegible\n1866087 - Examining agones helm chart resources results in \"Oh no!\"\n1866261 - Need to indicate the intentional behavior for Ansible in the `create api` help info\n1866298 - [RHOCS Usability Study][Installation] Labeling the namespace should be a part of the installation flow or be clearer as a requirement\n1866320 - [RHOCS Usability Study][Dashboard] Users were confused by Available Capacity and the Total Capacity\n1866334 - [RHOCS Usability Study][Installation] On the Operator installation page, there\u2019s no indication on which labels offer tooltip/help\n1866340 - [RHOCS Usability Study][Dashboard] It was not clear why \u201cNo persistent storage alerts\u201d was prominently displayed\n1866343 - [RHOCS Usability Study][Dashboard] User wanted to know the time frame for Data Consumption, e.g I/O Operations\n1866445 - kola --basic-qemu-scenarios scenario fail on ppc64le \u0026 s390x\n1866482 - Few errors are seen when oc adm must-gather is run\n1866605 - No metadata.generation set for build and buildconfig objects\n1866873 - MCDDrainError \"Drain failed on  , updates may be blocked\" missing rendered node name\n1866901 - Deployment strategy for BMO allows multiple pods to run at the same time\n1866925 - openshift-install destroy cluster should fail quickly when provided with invalid credentials on Azure. \n1867165 - Cannot assign static address to baremetal install bootstrap vm\n1867380 - When using webhooks in OCP 4.5 fails to rollout latest deploymentconfig\n1867400 - [OCs 4.5]UI should not allow creation of second storagecluster of different mode in a single OCS\n1867477 - HPA monitoring cpu utilization fails for deployments which have init containers\n1867518 - [oc] oc should not print so many goroutines when ANY command fails\n1867608 - ds/machine-config-daemon takes 100+ minutes to rollout on  250 node cluster\n1867965 - OpenShift Console Deployment Edit overwrites deployment yaml\n1868004 - opm index add appears to produce image with wrong registry server binary\n1868065 - oc -o jsonpath prints possible warning / bug \"Unable to decode server response into a Table\"\n1868104 - Baremetal actuator should not delete Machine objects\n1868125 - opm index add is not creating an index with valid images when --permissive flag is added, the index is empty instead\n1868384 - CLI does not save login credentials as expected when using the same username in multiple clusters\n1868527 - OpenShift Storage using VMWare vSAN receives error \"Failed to add disk \u0027scsi0:2\u0027\" when mounted pod is created on separate node\n1868645 - After a disaster recovery pods a stuck in \"NodeAffinity\" state and not running\n1868748 - ClusterProvisioningIP in baremetal platform has wrong JSON annotation\n1868765 - [vsphere][ci] could not reserve an IP address: no available addresses\n1868770 - catalogSource named \"redhat-operators\" deleted in a disconnected cluster\n1868976 - Prometheus error opening query log file on EBS backed PVC\n1869293 - The configmap name looks confusing in aide-ds pod logs\n1869606 - crio\u0027s failing to delete a network namespace\n1870337 - [sig-storage] Managed cluster should have no crashlooping recycler pods over four minutes\n1870342 - [sig-scheduling] SchedulerPredicates [Serial] validates resource limits of pods that are allowed to run  [Conformance]\n1870373 - Ingress Operator reports available when DNS fails to provision\n1870467 - D/DC Part of Helm / Operator Backed should not have HPA\n1870728 - openshift-install creates expired ignition files from stale .openshift_install_state.json\n1870800 - [4.6] Managed Column not appearing on Pods Details page\n1871170 - e2e tests are needed to validate the functionality of the etcdctl container\n1872001 - EtcdDiscoveryDomain no longer needed\n1872095 - content are expanded to the whole line when only one column in table on Resource Details page\n1872124 - Could not choose device type as \"disk\" or \"part\" when create localvolumeset from web console\n1872128 - Can\u0027t run container with hostPort on ipv6 cluster\n1872166 - \u0027Silences\u0027 link redirects to unexpected \u0027Alerts\u0027 view after creating a silence in the Developer perspective\n1872251 - [aws-ebs-csi-driver] Verify job in CI doesn\u0027t check for vendor dir sanity\n1872786 - Rules in kube-apiserver.rules are taking too long and consuming too much memory for Prometheus to evaluate them\n1872821 - [DOC] Typo in Ansible Operator Tutorial\n1872907 - Fail to create CR from generated Helm Base Operator\n1872923 - Click \"Cancel\" button on the \"initialization-resource\" creation form page should send users to the \"Operator details\" page instead of \"Install Operator\" page (previous page)\n1873007 - [downstream] failed to read config when running the operator-sdk in the home path\n1873030 - Subscriptions without any candidate operators should cause resolution to fail\n1873043 - Bump to latest available 1.19.x k8s\n1873114 - Nodes goes into NotReady state (VMware)\n1873288 - Changing Cluster-Wide Pull Secret Does Not Trigger Updates In Kubelet Filesystem\n1873305 - Failed to power on /inspect node when using Redfish protocol\n1873326 - Accessibility - The symbols e.g checkmark in the overview page has no text description, label, or other accessible information\n1873480 - Accessibility - No text description, alt text, label, or other accessible information associated with the help icon: \u201c?\u201d button/icon in Developer Console -\u003eNavigation\n1873556 - [Openstack] HTTP_PROXY setting for NetworkManager-resolv-prepender not working\n1873593 - MCO fails to cope with ContainerRuntimeConfig thas has a name \u003e 63 characters\n1874057 - Pod stuck in CreateContainerError - error msg=\"container_linux.go:348: starting container process caused \\\"chdir to cwd (\\\\\\\"/mount-point\\\\\\\") set in config.json failed: permission denied\\\"\"\n1874074 - [CNV] Windows 2019 Default Template Not Defaulting to Proper NIC/Storage Driver\n1874192 - [RFE] \"Create Backing Store\" page doesn\u0027t allow to select already defined k8s secret as target bucket credentials when Google Cloud Storage is selected as a provider\n1874240 - [vsphere] unable to deprovision - Runtime error list attached objects\n1874248 - Include validation for vcenter host in the install-config\n1874340 - vmware: NodeClockNotSynchronising alert is triggered in openshift cluster after upgrading form 4.4.16 to 4.5.6\n1874583 - apiserver tries and fails to log an event when shutting down\n1874584 - add retry for etcd errors in kube-apiserver\n1874638 - Missing logging for nbctl daemon\n1874736 - [downstream] no version info for the helm-operator\n1874901 - add utm_source parameter to Red Hat Marketplace URLs for attribution\n1874968 - Accessibility: The project selection drop down is a keyboard trap\n1875247 - Dependency resolution error \"found more than one head for channel\" is unhelpful for users\n1875516 - disabled scheduling is easy to miss in node page of OCP console\n1875598 - machine status is Running for a master node which has been terminated from the console\n1875806 - When creating a service of type \"LoadBalancer\" (Kuryr,OVN) communication through this loadbalancer failes after 2-5 minutes. \n1876166 - need to be able to disable kube-apiserver connectivity checks\n1876469 - Invalid doc link on yaml template schema description\n1876701 - podCount specDescriptor change doesn\u0027t take effect on operand details page\n1876815 - Installer uses the environment variable OS_CLOUD for manifest generation despite explicit prompt\n1876935 - AWS volume snapshot is not deleted after the cluster is destroyed\n1877071 - vSphere IPI - Nameserver limits were exceeded, some nameservers have been omitted\n1877105 - add redfish to enabled_bios_interfaces\n1877116 - e2e aws calico tests fail with `rpc error: code = ResourceExhausted`\n1877273 - [OVN] EgressIP cannot fail over to available nodes after one egressIP node shutdown\n1877648 - [sriov]VF from allocatable and capacity of node is incorrect when the policy is only \u0027rootDevices\u0027\n1877681 - Manually created PV can not be used\n1877693 - dnsrecords specify recordTTL as 30 but the value is null in AWS Route 53\n1877740 - RHCOS unable to get ip address during first boot\n1877812 - [ROKS] IBM cloud failed to terminate OSDs when upgraded between internal builds of OCS 4.5\n1877919 - panic in multus-admission-controller\n1877924 - Cannot set BIOS config using Redfish with Dell iDracs\n1878022 - Met imagestreamimport error when import the whole image repository\n1878086 - OCP 4.6+OCS 4.6(multiple SC) Internal Mode- UI should populate the default \"Filesystem Name\" instead of providing a textbox, \u0026 the name should be validated\n1878301 - [4.6] [UI] Unschedulable used to always be displayed when Node is Ready status\n1878701 - After deleting and recreating a VM with same name, the VM events contain the events from the old VM\n1878766 - CPU consumption on nodes is higher than the CPU count of the node. \n1878772 - On the nodes there are up to 547 zombie processes caused by thanos and Prometheus. \n1878823 - \"oc adm release mirror\" generating incomplete imageContentSources when using \"--to\" and \"--to-release-image\"\n1878845 - 4.5 to 4.6.rc.4 upgrade failure: authentication operator health check connection refused for multitenant mode\n1878900 - Installer complains about not enough vcpu for the baremetal flavor where generic bm flavor is being used\n1878953 - RBAC error shows when normal user access pvc upload page\n1878956 - `oc api-resources` does not include API version\n1878972 - oc adm release mirror removes the architecture information\n1879013 - [RFE]Improve CD-ROM interface selection\n1879056 - UI should allow to change or unset the evictionStrategy\n1879057 - [CSI Certificate Test] Test failed for CSI certification tests for CSIdriver openshift-storage.rbd.csi.ceph.com with RWX enabled\n1879094 - RHCOS dhcp kernel parameters not working as expected\n1879099 - Extra reboot during 4.5 -\u003e 4.6 upgrade\n1879244 - Error adding container to network \"ipvlan-host-local\": \"master\" field is required\n1879248 - OLM Cert Dir for Webhooks does not align SDK/Kubebuilder\n1879282 - Update OLM references to point to the OLM\u0027s new doc site\n1879283 - panic after nil pointer dereference in pkg/daemon/update.go\n1879365 - Overlapping, divergent openshift-cluster-storage-operator manifests\n1879419 - [RFE]Improve boot source description for \u0027Container\u0027 and \u2018URL\u2019\n1879430 - openshift-object-counts quota is not dynamically updating as the resource is deleted. \n1879565 - IPv6 installation fails on node-valid-hostname\n1879777 - Overlapping, divergent openshift-machine-api namespace manifests\n1879878 - Messages flooded in thanos-querier pod- oauth-proxy container: Authorization header does not start with \u0027Basic\u0027, skipping basic authentication in Log message in thanos-querier pod the oauth-proxy\n1879930 - Annotations shouldn\u0027t be removed during object reconciliation\n1879976 - No other channel visible from console\n1880068 - image pruner is not aware of image policy annotation, StatefulSets, etc. \n1880148 - dns daemonset rolls out slowly in large clusters\n1880161 - Actuator Update calls should have fixed retry time\n1880259 - additional network + OVN network installation failed\n1880389 - Pipeline Runs with skipped Tasks incorrectly show Tasks as \"Failed\"\n1880410 - Convert Pipeline Visualization node to SVG\n1880417 - [vmware] Fail to boot with Secure Boot enabled, kernel lockdown denies iopl access to afterburn\n1880443 - broken machine pool management on OpenStack\n1880450 - Host failed to install because its installation stage joined took longer than expected 20m0s. \n1880473 - IBM Cloudpak operators installation stuck \"UpgradePending\" with InstallPlan status updates failing due to size limitation\n1880680 - [4.3] [Tigera plugin] - openshift-kube-proxy fails - Failed to execute iptables-restore: exit status 4 (iptables-restore v1.8.4 (nf_tables)\n1880785 - CredentialsRequest missing description in `oc explain`\n1880787 - No description for Provisioning CRD for `oc explain`\n1880902 - need dnsPlocy set in crd ingresscontrollers\n1880913 - [DeScheduler] - change loglevel from Info to Error when priority class given in the descheduler params is not present in the cluster\n1881027 - Cluster installation fails at with error :  the container name \\\"assisted-installer\\\" is already in use\n1881046 - [OSP] openstack-cinder-csi-driver-operator doesn\u0027t contain required manifests and assets\n1881155 - operator install authentication: Authentication require functional ingress which requires at least one schedulable and ready node\n1881268 - Image uploading failed but wizard claim the source is available\n1881322 - kube-scheduler not scheduling pods for certificates not renewed automatically after nodes restoration\n1881347 - [v2v][ui]VM Import Wizard does not call Import provider cleanup\n1881881 - unable to specify target port manually resulting in application not reachable\n1881898 - misalignment of sub-title in quick start headers\n1882022 - [vsphere][ipi] directory path is incomplete, terraform can\u0027t find the cluster\n1882057 - Not able to select access modes for snapshot and clone\n1882140 - No description for spec.kubeletConfig\n1882176 - Master recovery instructions don\u0027t handle IP change well\n1882191 - Installation fails against external resources which lack DNS Subject Alternative Name\n1882209 - [ BateMetal IPI ] local coredns resolution not working\n1882210 - [release 4.7] insights-operator: Fix bug in reflector not recovering from \"Too large resource version\"\n1882268 - [e2e][automation]Add Integration Test for Snapshots\n1882361 - Retrieve and expose the latest report for the cluster\n1882485 - dns-node-resolver corrupts /etc/hosts if internal registry is not in use\n1882556 - git:// protocol in origin tests is not currently proxied\n1882569 - CNO: Replacing masters doesn\u0027t work for ovn-kubernetes 4.4\n1882608 - Spot instance not getting created on AzureGovCloud\n1882630 - Fstype is changed after deleting pv provisioned by localvolumeset instance\n1882649 - IPI installer labels all images it uploads into glance as qcow2\n1882653 - The Approval should display the Manual after the APPROVAL changed to Manual from the Automatic\n1882658 - [RFE] Volume Snapshot is not listed under inventory in Project Details page\n1882660 - Operators in a namespace should be installed together when approve one\n1882667 - [ovn] br-ex Link not found when scale up RHEL worker\n1882723 - [vsphere]Suggested mimimum value for providerspec not working\n1882730 - z systems not reporting correct core count in recording rule\n1882750 - [sig-api-machinery][Feature:APIServer][Late] kubelet terminates kube-apiserver gracefully\n1882781 - nameserver= option to dracut creates extra NM connection profile\n1882785 - Multi-Arch CI Jobs destroy libvirt network but occasionally leave it defined\n1882844 - [IPI on vsphere] Executing \u0027openshift-installer destroy cluster\u0027 leaves installer tag categories in vsphere\n1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability\n1883388 - Bare Metal Hosts Details page doesn\u0027t show Mainitenance and Power On/Off status\n1883422 - operator-sdk cleanup fail after installing operator with \"run bundle\" without installmode and og with ownnamespace\n1883425 - Gather top installplans and their count\n1883502 - Logging is broken due to mix of k8s.io/klog v1 and v2\n1883523 - [sig-cli] oc adm must-gather runs successfully for audit logs [Suite:openshift/conformance/parallel]\n1883538 - must gather report \"cannot file manila/aws ebs/ovirt csi related namespaces and objects\" error\n1883560 - operator-registry image needs clean up in /tmp\n1883563 - Creating duplicate namespace from create namespace modal breaks the UI\n1883614 - [OCP 4.6] [UI] UI should not describe power cycle as \"graceful\"\n1883642 - [sig-imageregistry][Feature:ImageTriggers][Serial] ImageStream admission TestImageStreamAdmitSpecUpdate\n1883660 - e2e-metal-ipi CI job consistently failing on 4.4\n1883765 - [user workload monitoring] improve latency of Thanos sidecar  when streaming read requests\n1883766 - [e2e][automation] Adjust tests for UI changes\n1883768 - [user workload monitoring] The Prometheus operator should discard invalid TLS configurations\n1883773 - opm alpha bundle build fails on win10 home\n1883790 - revert \"force cert rotation every couple days for development\" in 4.7\n1883803 - node pull secret feature is not working as expected\n1883836 - Jenkins imagestream ubi8 and nodejs12 update\n1883847 - The UI does not show checkbox for enable encryption at rest for OCS\n1883853 - go list -m all does not work\n1883905 - race condition in opm index add --overwrite-latest\n1883946 - Understand why trident CSI pods are getting deleted by OCP\n1884035 - Pods are illegally transitioning back to pending\n1884041 - e2e should provide error info when minimum number of pods aren\u0027t ready in kube-system namespace\n1884131 - oauth-proxy repository should run tests\n1884165 - Repos should be disabled in -firstboot.service before OS extensions are applied\n1884221 - IO becomes unhealthy due to a file change\n1884258 - Node network alerts should work on ratio rather than absolute values\n1884270 - Git clone does not support SCP-style ssh locations\n1884334 - CVO marks an upgrade as failed when an operator takes more than 20 minutes to rollout\n1884435 - vsphere - loopback is randomly not being added to resolver\n1884565 - oauth-proxy crashes on invalid usage\n1884584 - Kuryr controller continuously restarting due to unable to clean up Network Policy\n1884613 - Create Instance of Prometheus from operator returns blank page for non cluster-admin users\n1884628 - ovs-configuration service fails when the external network is configured on a tagged vlan on top of a bond device on a baremetal IPI deployment\n1884629 - Visusally impaired user using screen reader not able to select Admin/Developer console options in drop down menu. \n1884632 - Adding BYOK disk encryption through DES\n1884654 - Utilization of a VMI is not populated\n1884655 - KeyError on self._existing_vifs[port_id]\n1884664 - Operator install page shows \"installing...\" instead of going to install status page\n1884672 - Failed to inspect hardware. Reason: unable to start inspection: \u0027idrac\u0027\n1884691 - Installer blocks cloud-credential-operator manual mode on GCP and Azure\n1884724 - Quick Start: Serverless quickstart doesn\u0027t match Operator install steps\n1884739 - Node process segfaulted\n1884824 - Update baremetal-operator libraries to k8s 1.19\n1885002 - network kube-rbac-proxy scripts crashloop rather than non-crash looping\n1885138 - Wrong detection of pending state in VM details\n1885151 - [Cloud Team - Cluster API Provider Azure] Logging is broken due to mix of k8s.io/klog v1 and v2\n1885165 - NoRunningOvnMaster alert falsely triggered\n1885170 - Nil pointer when verifying images\n1885173 - [e2e][automation] Add test for next run configuration feature\n1885179 - oc image append fails on push (uploading a new layer)\n1885213 - Vertical Pod Autoscaler (VPA) not working with DeploymentConfig\n1885218 - [e2e][automation] Add virtctl to gating script\n1885223 - Sync with upstream (fix panicking cluster-capacity binary)\n1885235 - Prometheus: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885241 - kube-rbac-proxy: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885243 - prometheus-adapter: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885244 - prometheus-operator: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885246 - cluster-monitoring-operator: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885249 - openshift-state-metrics: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885308 - Supermicro nodes failed to boot via disk during installation when using IPMI and UEFI\n1885315 - unit tests fail on slow disks\n1885319 - Remove redundant use of group and kind of DataVolumeTemplate\n1885343 - Console doesn\u0027t load in iOS Safari when using self-signed certificates\n1885344 - 4.7 upgrade - dummy bug for 1880591\n1885358 - add p\u0026f configuration to protect openshift traffic\n1885365 - MCO does not respect the install section of systemd files when enabling\n1885376 - failed to initialize the cluster: Cluster operator marketplace is still updating\n1885398 - CSV with only Webhook conversion can\u0027t be installed\n1885403 - Some OLM events hide the underlying errors\n1885414 - Need to disable HTX when not using HTTP/2 in order to preserve HTTP header name case\n1885425 - opm index add cannot batch add multiple bundles that use skips\n1885543 - node tuning operator builds and installs an unsigned RPM\n1885644 - Panic output due to timeouts in openshift-apiserver\n1885676 - [OCP 4.7]UI should fallback to minimal deployment only after total CPU \u003c 30 || totalMemory \u003c 72 GiB for initial deployment\n1885702 - Cypress:  Fix \u0027aria-hidden-focus\u0027 accesibility violations\n1885706 - Cypress:  Fix \u0027link-name\u0027 accesibility violation\n1885761 - DNS fails to resolve in some pods\n1885856 - Missing registry v1 protocol usage metric on telemetry\n1885864 - Stalld service crashed under the worker node\n1885930 - [release 4.7] Collect ServiceAccount statistics\n1885940 - kuryr/demo image ping not working\n1886007 - upgrade test with service type load balancer will never work\n1886022 - Move range allocations to CRD\u0027s\n1886028 - [BM][IPI] Failed to delete node after scale down\n1886111 - UpdatingopenshiftStateMetricsFailed: DeploymentRollout of openshift-monitoring/openshift-state-metrics: got 1 unavailable replicas\n1886134 - Need to set GODEBUG=x509ignoreCN=0 in initrd\n1886154 - System roles are not present while trying to create new role binding through web console\n1886166 - 1885517 Clone - Not needed for 4.7 - upgrade from 4.5-\u003e4.6 causes broadcast storm\n1886168 - Remove Terminal Option for Windows Nodes\n1886200 - greenwave / CVP is failing on bundle validations, cannot stage push\n1886229 - Multipath support for RHCOS sysroot\n1886294 - Unable to schedule a pod due to Insufficient ephemeral-storage\n1886327 - Attempt to add a worker using bad roodDeviceHint: bmh and machine become Provisioned, no error in status\n1886353 - [e2e][automation] kubevirt-gating job fails for a missing virtctl URL\n1886397 - Move object-enum to console-shared\n1886423 - New Affinities don\u0027t contain ID until saving\n1886435 - Azure UPI uses deprecated command \u0027group deployment\u0027\n1886449 - p\u0026f: add configuration to protect oauth server traffic\n1886452 - layout options doesn\u0027t gets selected style on click i.e grey background\n1886462 - IO doesn\u0027t recognize namespaces - 2 resources with the same name in 2 namespaces -\u003e only 1 gets collected\n1886488 - move e2e test off of nfs image from docker.io/gmontero/nfs-server:latest\n1886524 - Change default terminal command for Windows Pods\n1886553 - i/o timeout experienced from build02 when targeting CI test cluster during test execution\n1886600 - panic: assignment to entry in nil map\n1886620 - Application behind service load balancer with PDB is not disrupted\n1886627 - Kube-apiserver pods restarting/reinitializing periodically\n1886635 - CVE-2020-8563 kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider\n1886636 - Panic in machine-config-operator\n1886749 - Removing network policy from namespace causes inability to access pods through loadbalancer. \n1886751 - Gather MachineConfigPools\n1886766 - PVC dropdown has \u0027Persistent Volume\u0027 Label\n1886834 - ovn-cert is mandatory in both master and node daemonsets\n1886848 - [OSP] machine instance-state annotation discrepancy with providerStatus.instanceState\n1886861 - ordered-values.yaml not honored if values.schema.json provided\n1886871 - Neutron ports created for hostNetworking pods\n1886890 - Overwrite jenkins-agent-base imagestream\n1886900 - Cluster-version operator fills logs with \"Manifest: ...\" spew\n1886922 - [sig-network] pods should successfully create sandboxes by getting pod\n1886973 - Local storage operator doesn\u0027t include correctly populate LocalVolumeDiscoveryResult in console\n1886977 - [v2v]Incorrect VM Provider type displayed in UI while importing VMs through VMIO\n1887010 - Imagepruner met error \"Job has reached the specified backoff limit\" which causes image registry degraded\n1887026 - FC volume attach fails with \u201cno fc disk found\u201d error on OCP 4.6 PowerVM cluster\n1887040 - [upgrade] ovs pod crash for rhel worker when upgarde from 4.5 to 4.6\n1887046 - Event for LSO need update to avoid confusion\n1887088 - cluster-node-tuning-operator refers to missing cluster-node-tuned image\n1887375 - User should be able to specify volumeMode when creating pvc from web-console\n1887380 - Unsupported access mode should not be available to select when creating pvc by aws-ebs-csi-driver(gp2-csi) from web-console\n1887392 - openshift-apiserver: delegated authn/z should have ttl \u003e metrics/healthz/readyz/openapi interval\n1887428 - oauth-apiserver service should be monitored by prometheus\n1887441 - ingress misconfiguration may break authentication but ingress operator keeps reporting \"degraded: False\"\n1887454 - [sig-storage] In-tree Volumes [Driver: azure-disk] [Testpattern: Dynamic PV (ext4)] volumes should store data\n1887456 - It is impossible to attach the default NIC to a bridge with the latest version of OVN Kubernetes\n1887465 - Deleted project is still referenced\n1887472 - unable to edit application group for KSVC via gestures (shift+Drag)\n1887488 - OCP 4.6:  Topology Manager OpenShift E2E test fails:  gu workload attached to SRIOV networks should let resource-aligned PODs have working SRIOV network interface\n1887509 - Openshift-tests conformance TopologyManager tests run when Machine Config Operator is not installed on cluster\n1887525 - Failures to set master HardwareDetails cannot easily be debugged\n1887545 - 4.5 to 4.6 upgrade fails when external network is configured on a bond device: ovs-configuration service fails and node becomes unreachable\n1887585 - ovn-masters stuck in crashloop after scale test\n1887651 - [Internal Mode] Object gateway (RGW) in unknown state after OCP upgrade. \n1887737 - Test TestImageRegistryRemovedWithImages is failing on e2e-vsphere-operator\n1887740 - cannot install descheduler operator after uninstalling it\n1887745 - API server is throwing 5xx error code for 42.11% of requests for LIST events\n1887750 - `oc explain localvolumediscovery` returns empty description\n1887751 - `oc explain localvolumediscoveryresult` returns empty description\n1887778 - Add ContainerRuntimeConfig gatherer\n1887783 - PVC upload cannot continue after approve the certificate\n1887797 - [CNV][V2V] Default network type is bridge for interface bound to POD network in VMWare migration wizard\n1887799 - User workload monitoring prometheus-config-reloader OOM\n1887850 - [sig-auth][Feature:SCC][Early] should not have pod creation failures during install test is flaky\n1887863 - Installer panics on invalid flavor\n1887864 - Clean up dependencies to avoid invalid scan flagging\n1887934 - TestForwardedHeaderPolicyAppend, TestForwardedHeaderPolicyReplace, and TestForwardedHeaderPolicyIfNone consistently fail because of case-sensitive comparison\n1887936 - Kube-scheduler should be able to parse v1beta1 KubeSchedulerConfig\n1888015 - workaround kubelet graceful termination of static pods bug\n1888028 - prevent extra cycle in aggregated apiservers\n1888036 - Operator details shows old CRD versions\n1888041 - non-terminating pods are going from running to pending\n1888072 - Setting Supermicro node to PXE boot via Redfish doesn\u0027t take affect\n1888073 - Operator controller continuously busy looping\n1888118 - Memory requests not specified for image registry operator\n1888150 - Install Operand Form on OperatorHub is displaying unformatted text\n1888172 - PR 209 didn\u0027t update the sample archive, but machineset and pdbs are now namespaced\n1888227 - Failed to deploy some of container image on the recent OCP 4.6 nightly build\n1888292 - Fix CVE-2015-7501 affecting agent-maven-3.5\n1888311 - p\u0026f: make SAR traffic from oauth and openshift apiserver exempt\n1888363 - namespaces crash in dev\n1888378 - [IPI on Azure] errors destroying cluster when Azure resource group was never created\n1888381 - instance:node_network_receive_bytes_excluding_lo:rate1m value twice expected\n1888464 - installer missing permission definitions for TagResources and UntagResources when installing in existing VPC\n1888494 - imagepruner pod is error when image registry storage is not configured\n1888565 - [OSP] machine-config-daemon-firstboot.service failed with \"error reading osImageURL from rpm-ostree\"\n1888595 - cluster-policy-controller logs shows error which reads initial monitor sync has error\n1888601 - The poddisruptionbudgets is using the operator service account, instead of gather\n1888657 - oc doesn\u0027t know its name\n1888663 - sdn starts after kube-apiserver, delay readyz until oauth-apiserver is reachable\n1888671 - Document the Cloud Provider\u0027s ignore-volume-az setting\n1888738 - quay.io/openshift/origin-must-gather:latest is not a multi-arch, manifest-list image\n1888763 - at least one of these parameters (Vendor, DeviceID or PfNames) has to be defined in nicSelector in CR %s\", cr.GetName()\n1888827 - ovnkube-master may segfault when trying to add IPs to a nil address set\n1888861 - need to pass dual-stack service CIDRs to kube-apiserver in dual-stack cluster\n1888866 - AggregatedAPIDown permanently firing after removing APIService\n1888870 - JS error when using autocomplete in YAML editor\n1888874 - hover message are not shown for some properties\n1888900 - align plugins versions\n1888985 - Cypress:  Fix \u0027Ensures buttons have discernible text\u0027 accesibility violation\n1889213 - The error message of uploading failure is not clear enough\n1889267 - Increase the time out for creating template and upload image in the terraform\n1889348 - Project link should be removed from Application Details page, since it is inaccurate (Application Stages)\n1889374 - Kiali feature won\u0027t work on fresh 4.6 cluster\n1889388 - ListBundles returns incorrect replaces/skips when bundles have been added via semver-skippatch mode\n1889420 - OCP failed to add vsphere disk when pod moved to new node during cluster upgrade\n1889515 - Accessibility - The symbols e.g checkmark in the Node \u003e overview page has no text description, label, or other accessible information\n1889529 - [Init-CR annotation] Inline alert shows operand instance was needed still appearing after creating an Operand instance\n1889540 - [4.5 upgrade][alert]CloudCredentialOperatorDown\n1889577 - Resources are not shown on project workloads page\n1889620 - [Azure] - Machineset not scaling when publicIP:true in disconnected Azure enviroment\n1889630 - Scheduling disabled popovers are missing for Node status in Node Overview and Details pages\n1889692 - Selected Capacity is showing wrong size\n1889694 - usbguard fails to install as RHCOS extension due to missing libprotobuf.so.15\n1889698 - When the user clicked cancel at the Create Storage Class confirmation dialog all the data from the Local volume set goes off\n1889710 - Prometheus metrics on disk take more space compared to OCP 4.5\n1889721 - opm index add semver-skippatch mode does not respect prerelease versions\n1889724 - When LocalVolumeDiscovery CR is created form the LSO page User doesn\u0027t see the Disk tab\n1889767 - [vsphere] Remove certificate from upi-installer image\n1889779 - error when destroying a vSphere installation that failed early\n1889787 - OCP is flooding the oVirt engine with auth errors\n1889838 - race in Operator update after fix from bz1888073\n1889852 - support new AWS regions ap-east-1, af-south-1, eu-south-1\n1889863 - Router prints incorrect log message for namespace label selector\n1889891 - Backport timecache LRU fix\n1889912 - Drains can cause high CPU usage\n1889921 - Reported Degraded=False Available=False pair does not make sense\n1889928 - [e2e][automation] Add more tests for golden os\n1889943 - EgressNetworkPolicy does not work when setting Allow rule to a dnsName\n1890038 - Infrastructure status.platform not migrated to status.platformStatus causes warnings\n1890074 - MCO extension kernel-headers is invalid\n1890104 - with Serverless 1.10 version of trigger/subscription/channel/IMC is V1 as latest\n1890130 - multitenant mode consistently fails CI\n1890141 - move off docker.io images for build/image-eco/templates/jenkins e2e\n1890145 - The mismatched of font size for Status Ready and Health Check secondary text\n1890180 - FieldDependency x-descriptor doesn\u0027t support non-sibling fields\n1890182 - DaemonSet with existing owner garbage collected\n1890228 - AWS: destroy stuck on route53 hosted zone not found\n1890235 - e2e: update Protractor\u0027s checkErrors logging\n1890250 - workers may fail to join the cluster during an update from 4.5\n1890256 - Replacing a master node on a baremetal IPI deployment gets stuck when deleting the machine of the unhealthy member\n1890270 - External IP doesn\u0027t work if the IP address is not assigned to a node\n1890361 - s390x: Generate new ostree rpm with fix for rootfs immutability\n1890456 - [vsphere] mapi_instance_create_failed doesn\u0027t work on vsphere\n1890467 - unable to edit an application without a service\n1890472 - [Kuryr] Bulk port creation exception not completely formatted\n1890494 - Error assigning Egress IP on GCP\n1890530 - cluster-policy-controller doesn\u0027t gracefully terminate\n1890630 - [Kuryr] Available port count not correctly calculated for alerts\n1890671 - [SA] verify-image-signature using service account does not work\n1890677 - \u0027oc image info\u0027 claims \u0027does not exist\u0027 for application/vnd.oci.image.manifest.v1+json manifest\n1890808 - New etcd alerts need to be added to the monitoring stack\n1890951 - Mirror of multiarch images together with cluster logging case problems. It doesn\u0027t sync the \"overall\" sha it syncs only the sub arch sha. \n1890984 - Rename operator-webhook-config to sriov-operator-webhook-config\n1890995 - wew-app should provide more insight into why image deployment failed\n1891023 - ovn-kubernetes rbac proxy never starts waiting for an incorrect API call\n1891047 - Helm chart fails to install using developer console because of TLS certificate error\n1891068 - [sig-instrumentation] Prometheus when installed on the cluster shouldn\u0027t report any alerts in firing state apart from Watchdog and AlertmanagerReceiversNotConfigured [Early] failing due to TargetDown alert from kube-scheduler\n1891080 - [LSO] When Localvolumeset and SC is already created before OCS install Creation of LVD and LVS is skipped when user click created storage cluster from UI\n1891108 - p\u0026f: Increase the concurrency share of workload-low priority level\n1891143 - CVO deadlocked while shutting down, shortly after fresh cluster install (metrics goroutine)\n1891189 - [LSO] max device limit is accepting negative values. PVC is not getting created and no error is shown\n1891314 - Display incompatible helm charts for installation (kubeVersion of cluster doesn\u0027t meet requirements of chart)\n1891362 - Wrong metrics count for openshift_build_result_total\n1891368 - fync should be fsync for etcdHighFsyncDurations alert\u0027s annotations.message\n1891374 - fync should be fsync for etcdHighFsyncDurations critical alert\u0027s annotations.message\n1891376 - Extra text in Cluster Utilization charts\n1891419 - Wrong detail head on network policy detail page. \n1891459 - Snapshot tests should report stderr of failed commands\n1891498 - Other machine config pools do not show during update\n1891543 - OpenShift 4.6/OSP install fails when node flavor has less than 25GB, even with dedicated storage\n1891551 - Clusterautoscaler doesn\u0027t scale up as expected\n1891552 - Handle missing labels as empty. \n1891555 - The windows oc.exe binary does not have version metadata\n1891559 - kuryr-cni cannot start new thread\n1891614 - [mlx] testpmd fails inside OpenShift pod using DevX version 19.11\n1891625 - [Release 4.7] Mutable LoadBalancer Scope\n1891702 - installer get pending when additionalTrustBundle is added into  install-config.yaml\n1891716 - OVN cluster upgrade from 4.6.1 to 4.7 fails\n1891740 - OperatorStatusChanged is noisy\n1891758 - the authentication operator may spam DeploymentUpdated event endlessly\n1891759 - Dockerfile builds cannot change /etc/pki/ca-trust\n1891816 - [UPI] [OSP] control-plane.yml provisioning playbook fails on OSP 16.1\n1891825 - Error message not very informative in case of mode mismatch\n1891898 - The ClusterServiceVersion can define Webhooks that cannot be created. \n1891951 - UI should show warning while creating pools with compression on\n1891952 - [Release 4.7] Apps Domain Enhancement\n1891993 - 4.5 to 4.6 upgrade doesn\u0027t remove deployments created by marketplace\n1891995 - OperatorHub displaying old content\n1891999 - Storage efficiency card showing wrong compression ratio\n1892004 - OCP 4.6 opm on Ubuntu 18.04.4 - error /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.28\u0027 not found (required by ./opm)\n1892167 - [SR-IOV] SriovNetworkNodePolicies apply ignoring the spec.nodeSelector. \n1892198 - TypeError in \u0027Performance Profile\u0027 tab displayed for \u0027Performance Addon Operator\u0027\n1892288 - assisted install workflow creates excessive control-plane disruption\n1892338 - HAProxyReloadFail alert only briefly fires in the event of a broken HAProxy config\n1892358 - [e2e][automation] update feature gate for kubevirt-gating job\n1892376 - Deleted netnamespace could not be re-created\n1892390 - TestOverwrite/OverwriteBundle/DefaultBehavior in operator-registry is flaky\n1892393 - TestListPackages is flaky\n1892448 - MCDPivotError alert/metric missing\n1892457 - NTO-shipped stalld needs to use FIFO for boosting. \n1892467 - linuxptp-daemon crash\n1892521 - [AWS] Startup bootstrap machine failed due to ignition file is missing in disconnected UPI env\n1892653 - User is unable to create KafkaSource with v1beta\n1892724 - VFS added to the list of devices of the nodeptpdevice CRD\n1892799 - Mounting additionalTrustBundle in the operator\n1893117 - Maintenance mode on vSphere blocks installation. \n1893351 - TLS secrets are not able to edit on console. \n1893362 - The ovs-xxxxx_openshift-sdn container does not terminate gracefully, slowing down reboots\n1893386 - false-positive ReadyIngressNodes_NoReadyIngressNodes: Auth operator makes risky \"worker\" assumption when guessing about ingress availability\n1893546 - Deploy using virtual media fails on node cleaning step\n1893601 - overview filesystem utilization of OCP is showing the wrong values\n1893645 - oc describe route SIGSEGV\n1893648 - Ironic image building process is not compatible with UEFI secure boot\n1893724 - OperatorHub generates incorrect RBAC\n1893739 - Force deletion doesn\u0027t work for snapshots if snapshotclass is already deleted\n1893776 - No useful metrics for image pull time available, making debugging issues there impossible\n1893798 - Lots of error messages starting with \"get namespace to enqueue Alertmanager instances failed\" in the logs of prometheus-operator\n1893832 - ErrorCount field is missing in baremetalhosts.metal3.io CRD\n1893889 - disabled dropdown items in the pf dropdown component are skipped over and unannounced by JAWS\n1893926 - Some \"Dynamic PV (block volmode)\" pattern storage e2e tests are wrongly skipped\n1893944 - Wrong product name for Multicloud Object Gateway\n1893953 - (release-4.7) Gather default StatefulSet configs\n1893956 - Installation always fails at \"failed to initialize the cluster: Cluster operator image-registry is still updating\"\n1893963 - [Testday] Workloads-\u003e Virtualization is not loading for Firefox browser\n1893972 - Should skip e2e test cases as early as possible\n1894013 - [v2v][Testday] VMware to CNV VM import]VMware URL: It is not clear that only the FQDN/IP address is required without \u0027https://\u0027\n1894020 - User with edit users cannot deploy images from their own namespace from the developer perspective\n1894025 - OCP 4.5 to 4.6 upgrade for \"aws-ebs-csi-driver-operator\" fails when \"defaultNodeSelector\" is set\n1894041 - [v2v][[Testday]VM import from VMware/RHV] VM import wizard: The target storage class name is not displayed if default storage class is used. \n1894065 - tag new packages to enable TLS support\n1894110 - Console shows wrong value for maxUnavailable and maxSurge when set to 0\n1894144 - CI runs of baremetal IPI are failing due to newer libvirt libraries\n1894146 - ironic-api used by metal3 is over provisioned and consumes a lot of RAM\n1894194 - KuryrPorts leftovers from 4.6 GA need to be deleted\n1894210 - Failed to encrypt OSDs on OCS4.6 installation (via UI)\n1894216 - Improve OpenShift Web Console availability\n1894275 - Fix CRO owners file to reflect node owner\n1894278 - \"database is locked\" error when adding bundle to index image\n1894330 - upgrade channels needs to be updated for 4.7\n1894342 - oauth-apiserver logs many \"[SHOULD NOT HAPPEN] failed to update managedFields for ... OAuthClient ... no corresponding type for oauth.openshift.io/v1, Kind=OAuthClient\"\n1894374 - Dont prevent the user from uploading a file with incorrect extension\n1894432 - [oVirt] sometimes installer timeout on tmp_import_vm\n1894477 - bash syntax error in nodeip-configuration.service\n1894503 - add automated test for Polarion CNV-5045\n1894519 - [OSP] External mode cluster creation disabled for Openstack and oVirt platform\n1894539 - [on-prem] Unable to deploy additional machinesets on separate subnets\n1894645 - Cinder volume provisioning crashes on nil cloud provider\n1894677 - image-pruner job is panicking: klog stack\n1894810 - Remove TechPreview Badge from Eventing in Serverless version 1.11.0\n1894860 - \u0027backend\u0027 CI job passing despite failing tests\n1894910 - Update the node to use the real-time kernel fails\n1894992 - All nightly jobs for e2e-metal-ipi failing due to ipa image missing tenacity package\n1895065 - Schema / Samples / Snippets Tabs are all selected at the same time\n1895099 - vsphere-upi and vsphere-upi-serial jobs time out waiting for bootstrap to complete in CI\n1895141 - panic in service-ca injector\n1895147 - Remove memory limits on openshift-dns\n1895169 - VM Template does not properly manage Mount Windows guest tools check box during VM creation\n1895268 - The bundleAPIs should NOT be empty\n1895309 - [OCP v47] The RHEL node scaleup fails due to \"No package matching \u0027cri-o-1.19.*\u0027 found available\" on OCP 4.7 cluster\n1895329 - The infra index filled with warnings \"WARNING: kubernetes.io/cinder built-in volume provider is now deprecated. The Cinder volume provider is deprecated and will be removed in a future release\"\n1895360 - Machine Config Daemon removes a file although its defined in the dropin\n1895367 - Missing image in metadata DB index.db in disconnected Operator Hub installation. OCP 4.6.1\n1895372 - Web console going blank after selecting any operator to install from OperatorHub\n1895385 - Revert KUBELET_LOG_LEVEL back to level 3\n1895423 - unable to edit an application with a custom builder image\n1895430 - unable to edit custom template application\n1895509 - Backup taken on one master cannot be restored on other masters\n1895537 - [sig-imageregistry][Feature:ImageExtract] Image extract should extract content from an image\n1895838 - oc explain description contains \u0027/\u0027\n1895908 - \"virtio\" option is not available when modifying a CD-ROM to disk type\n1895909 - e2e-metal-ipi-ovn-dualstack is failing\n1895919 - NTO fails to load kernel modules\n1895959 - configuring webhook token authentication should prevent cluster upgrades\n1895979 - Unable to get coreos-installer with --copy-network to work\n1896101 - [cnv][automation] Added negative tests for migration from VMWare and RHV\n1896160 - CI: Some cluster operators are not ready: marketplace (missing: Degraded)\n1896188 - [sig-cli] oc debug deployment configs from a build: local-busybox-1-build not completed\n1896218 - Occasional GCP install failures: Error setting IAM policy for project ...: googleapi: Error 400: Service account ... does not exist., badRequest\n1896229 - Current Rate of Bytes Received and Current Rate of Bytes Transmitted data can not be loaded\n1896244 - Found a panic in storage e2e test\n1896296 - Git links should avoid .git as part of the URL and should not link git:// urls in general\n1896302 - [e2e][automation] Fix 4.6 test failures\n1896365 - [Migration]The SDN migration cannot revert under some conditions\n1896384 - [ovirt IPI]: local coredns resolution not working\n1896446 - Git clone from private repository fails after upgrade OCP 4.5 to 4.6\n1896529 - Incorrect instructions in the Serverless operator and application quick starts\n1896645 - documentationBaseURL needs to be updated for 4.7\n1896697 - [Descheduler] policy.yaml param in cluster configmap is empty\n1896704 - Machine API components should honour cluster wide proxy settings\n1896732 - \"Attach to Virtual Machine OS\" button should not be visible on old clusters\n1896866 - File /etc/NetworkManager/system-connections/default_connection.nmconnection  is incompatible with SR-IOV operator\n1896898 - ovs-configuration.service fails when multiple IPv6 default routes are provided via RAs over the same interface and deployment bootstrap fails\n1896918 - start creating new-style Secrets for AWS\n1896923 - DNS pod /metrics exposed on anonymous http port\n1896977 - route SimpleAllocationPlugin: host name validation errors: spec.host: Invalid value: ... must be no more than 63 characters\n1897003 - VNC console cannot be connected after visit it in new window\n1897008 - Cypress: reenable check for \u0027aria-hidden-focus\u0027 rule \u0026 checkA11y test for modals\n1897026 - [Migration] With updating optional network operator configuration, migration stucks on MCO\n1897039 - router pod keeps printing log: template \"msg\"=\"router reloaded\"  \"output\"=\"[WARNING] 316/065823 (15) : parsing [/var/lib/haproxy/conf/haproxy.config:52]: option \u0027http-use-htx\u0027 is deprecated and ignored\n1897050 - [IBM Power] LocalVolumeSet provisions boot partition as PV. \n1897073 - [OCP 4.5] wrong netid assigned to Openshift projects/namespaces\n1897138 - oVirt provider uses depricated cluster-api project\n1897142 - When scaling replicas to zero, Octavia loadbalancer pool members are not updated accordingly\n1897252 - Firing alerts are not showing up in console UI after cluster is up for some time\n1897354 - Operator installation showing success, but Provided APIs are missing\n1897361 - The MCO GCP-OP tests fail consistently on containerruntime tests with \"connection refused\"\n1897412 - [sriov]disableDrain did not be updated in CRD of manifest\n1897423 - Max unavailable and Max surge value are not shown on Deployment Config Details page\n1897516 - Baremetal IPI deployment with IPv6 control plane fails when the nodes obtain both SLAAC and DHCPv6 addresses as they set their hostname to \u0027localhost\u0027\n1897520 - After restarting nodes the image-registry co is in degraded true state. \n1897584 - Add casc plugins\n1897603 - Cinder volume attachment detection failure in Kubelet\n1897604 - Machine API deployment fails: Kube-Controller-Manager can\u0027t reach API: \"Unauthorized\"\n1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers\n1897641 - Baremetal IPI with IPv6 control plane: nodes respond with duplicate packets to ICMP6 echo requests\n1897676 - [CI] [Azure] [UPI] CI failing since 4.6 changes in ignition\n1897830 - [GSS] Unable to deploy OCS 4.5.2 on OCP 4.6.1, cannot `Create OCS Cluster Service`\n1897891 - [RFE][v2v][UI][CNV VM import] Providing error message or/and block migration when vddk-init-image is missing\n1897897 - ptp lose sync openshift 4.6\n1898036 - no network after reboot (IPI)\n1898045 - AWS EBS CSI Driver can not get updated cloud credential secret automatically\n1898097 - mDNS floods the baremetal network\n1898118 - Lack of logs on some image stream tests make hard to find root cause of a problem\n1898134 - Descheduler logs show absolute values instead of percentage when LowNodeUtilization strategy is applied\n1898159 - kcm operator shall pass --allocate-node-cidrs=false to kcm for ovn-kube and openshift-sdn cluster\n1898174 - [OVN] EgressIP does not guard against node IP assignment\n1898194 - GCP: can\u0027t install on custom machine types\n1898238 - Installer validations allow same floating IP for API and Ingress\n1898268 - [OVN]: `make check` broken on 4.6\n1898289 - E2E test: Use KUBEADM_PASSWORD_FILE by default\n1898320 - Incorrect Apostrophe  Translation of  \"it\u0027s\" in Scheduling Disabled Popover\n1898357 - Within the operatorhub details view, long unbroken text strings do not wrap cause breaking display. \n1898407 - [Deployment timing regression] Deployment takes longer with 4.7\n1898417 - GCP: the dns targets in Google Cloud DNS is not updated after recreating loadbalancer service\n1898487 - [oVirt] Node is not removed when VM has been removed from oVirt engine\n1898500 - Failure to upgrade operator when a Service is included in a Bundle\n1898517 - Ironic auto-discovery may result in rogue nodes registered in ironic\n1898532 - Display names defined in specDescriptors not respected\n1898580 - When adding more than one node selector to the sriovnetworknodepolicy, the cni and the device plugin pods are constantly rebooted\n1898613 - Whereabouts should exclude IPv6 ranges\n1898655 - [oVirt] Node deleted in oVirt should cause the Machine to go into a Failed phase\n1898679 - Operand creation form - Required \"type: object\" properties (Accordion component) are missing red asterisk\n1898680 - CVE-2020-7774 nodejs-y18n: prototype pollution vulnerability\n1898745 - installation failing with CVO reporting openshift-samples not rolled out, samples not setting versions in its ClusterOperator\n1898839 - Wrong YAML in operator metadata\n1898851 - Multiple Pods access the same volume on the same node e2e test cases are missed from aws ebs csi driver e2e test job\n1898873 - Remove TechPreview Badge from Monitoring\n1898954 - Backup script does not take /etc/kubernetes/static-pod-resources on a reliable way\n1899111 - [RFE] Update jenkins-maven-agen to maven36\n1899128 - VMI details screen -\u003e show the warning that it is preferable to have a VM only if the VM actually does not exist\n1899175 - bump the RHCOS boot images for 4.7\n1899198 - Use new packages for ipa ramdisks\n1899200 - In Installed Operators page I cannot search for an Operator by it\u0027s name\n1899220 - Support AWS IMDSv2\n1899350 - configure-ovs.sh doesn\u0027t configure bonding options\n1899433 - When Creating OCS from ocs wizard Step Discover Disks shows Error \"An error occurred Not Found\"\n1899459 - Failed to start monitoring pods once the operator removed from override list of CVO\n1899515 - Passthrough credentials are not immediately re-distributed on update\n1899575 - update discovery burst to reflect lots of CRDs on openshift clusters\n1899582 - update discovery burst to reflect lots of CRDs on openshift clusters\n1899588 - Operator objects are re-created after all other associated resources have been deleted\n1899600 - Increased etcd fsync latency as of OCP 4.6\n1899603 - workers-rhel7 CI jobs failing: Failed to remove rollback: error running rpm-ostree cleanup\n1899627 - Project dashboard Active status using small icon\n1899725 - Pods table does not wrap well with quick start sidebar open\n1899746 - [ovn] error while waiting on flows for pod: OVS sandbox port is no longer active (probably due to a subsequent CNI ADD)\n1899760 - etcd_request_duration_seconds_bucket metric has excessive cardinality\n1899835 - catalog-operator repeatedly crashes with \"runtime error: index out of range [0] with length 0\"\n1899839 - thanosRuler.resources.requests does not take effect in user-workload-monitoring-config confimap\n1899853 - additionalSecurityGroupIDs not working for master nodes\n1899922 - NP changes sometimes influence new pods. \n1899949 - [Platform] Remove restriction on disk type selection for LocalVolumeSet\n1900008 - Fix internationalized sentence fragments in ImageSearch.tsx\n1900010 - Fix internationalized sentence fragments in BuildImageSelector.tsx\n1900020 - Remove \u0026apos; from internationalized keys\n1900022 - Search Page - Top labels field is not applied to selected Pipeline resources\n1900030 - disruption_tests: [sig-imageregistry] Image registry remain available failing consistently\n1900126 - Creating a VM results in suggestion to create a default storage class when one already exists\n1900138 - [OCP on RHV] Remove insecure mode from the installer\n1900196 - stalld is not restarted after crash\n1900239 - Skip \"subPath should be able to unmount\" NFS test\n1900322 - metal3 pod\u0027s toleration for key: node-role.kubernetes.io/master currently matches on exact value matches but should match on Exists\n1900377 - [e2e][automation] create new css selector for active users\n1900496 - (release-4.7) Collect spec config for clusteroperator resources\n1900672 - (s390x) Upgrade from old LUKS to new not working with DASD disks\n1900699 - Impossible to add new Node on OCP 4.6 using large ECKD disks - fdasd issue\n1900759 - include qemu-guest-agent by default\n1900790 - Track all resource counts via telemetry\n1900835 - Multus errors when cachefile is not found\n1900935 - `oc adm release mirror` panic panic: runtime error\n1900989 - accessing the route cannot wake up the idled resources\n1901040 - When scaling down the status of the node is stuck on deleting\n1901057 - authentication operator health check failed when installing a cluster behind proxy\n1901107 - pod donut shows incorrect information\n1901111 - Installer dependencies are broken\n1901200 - linuxptp-daemon crash when enable debug log level\n1901301 - CBO should handle platform=BM without provisioning CR\n1901355 - [Azure][4.7] Invalid vm size from customized compute nodes does not fail properly\n1901363 - High Podready Latency due to timed out waiting for annotations\n1901373 - redundant bracket on snapshot restore button\n1901376 - [on-prem] Upgrade from 4.6 to 4.7 failed with \"timed out waiting for the condition during waitForControllerConfigToBeCompleted: controllerconfig is not completed: ControllerConfig has not completed: completed(false) running(false) failing(true\"\n1901395 - \"Edit virtual machine template\" action link should be removed\n1901472 - [OSP] Bootstrap and master nodes use different keepalived unicast setting\n1901517 - RHCOS 4.6.1 uses a single NetworkManager connection for multiple NICs when using default DHCP\n1901531 - Console returns a blank page while trying to create an operator Custom CR with Invalid Schema\n1901594 - Kubernetes resource CRUD operations.Kubernetes resource CRUD operations Pod \"before all\" hook for \"creates the resource instance\"\n1901604 - CNO blocks editing Kuryr options\n1901675 - [sig-network] multicast when using one of the plugins \u0027redhat/openshift-ovs-multitenant, redhat/openshift-ovs-networkpolicy\u0027 should allow multicast traffic in namespaces where it is enabled\n1901909 - The device plugin pods / cni pod are restarted every 5 minutes\n1901982 - [sig-builds][Feature:Builds] build can reference a cluster service  with a build being created from new-build should be able to run a build that references a cluster service\n1902019 - when podTopologySpreadConstraint strategy is enabled for descheduler it throws error\n1902059 - Wire a real signer for service accout issuer\n1902091 - `cluster-image-registry-operator` pod leaves connections open when fails connecting S3 storage\n1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service\n1902157 - The DaemonSet machine-api-termination-handler couldn\u0027t allocate Pod\n1902253 - MHC status doesnt set RemediationsAllowed = 0\n1902299 - Failed to mirror operator catalog - error: destination registry required\n1902545 - Cinder csi driver node pod should add nodeSelector for Linux\n1902546 - Cinder csi driver node pod doesn\u0027t run on master node\n1902547 - Cinder csi driver controller pod doesn\u0027t run on master node\n1902552 - Cinder csi driver does not use the downstream images\n1902595 - Project workloads list view doesn\u0027t show alert icon and hover message\n1902600 - Container csi-snapshotter in Cinder csi driver needs to use ImagePullPolicy=IfNotPresent\n1902601 - Cinder csi driver pods run as BestEffort qosClass\n1902653 - [BM][IPI] Master deployment failed: No valid host was found. Reason: No conductor service registered which supports driver redfish for conductor group\n1902702 - [sig-auth][Feature:LDAP][Serial] ldap group sync can sync groups from ldap: oc cp over non-existing directory/file fails\n1902746 - [BM][IP] Master deployment failed - Base.1.0.GeneralError: database is locked\n1902824 - failed to generate semver informed package manifest: unable to determine default channel\n1902894 - hybrid-overlay-node crashing trying to get node object during initialization\n1902969 - Cannot load vmi detail page\n1902981 - It should default to current namespace when create vm from template\n1902996 - [AWS] UPI on USGov, bootstrap machine can not fetch ignition file  via s3:// URI\n1903033 - duplicated lines of imageContentSources is seen when mirror release image to local registry\n1903034 - OLM continuously printing debug logs\n1903062 - [Cinder csi driver] Deployment mounted volume have no write access\n1903078 - Deleting VolumeSnapshotClass makes VolumeSnapshot not Ready\n1903107 - Enable vsphere-problem-detector e2e tests\n1903164 - OpenShift YAML editor jumps to top every few seconds\n1903165 - Improve Canary Status Condition handling for e2e tests\n1903172 - Column Management: Fix sticky footer on scroll\n1903186 - [Descheduler] cluster logs should report some info when PodTopologySpreadConstraints strategy is enabled\n1903188 - [Descheduler] cluster log reports failed to validate server configuration\" err=\"unsupported log format:\n1903192 - Role name missing on create role binding form\n1903196 - Popover positioning is misaligned for Overview Dashboard status items\n1903206 - Ingress controller incorrectly routes traffic to non-ready pods/backends. \n1903226 - MutatingWebhookConfiguration pod-identity-webhook does not exclude critical control-plane components\n1903248 - Backport Upstream Static Pod UID patch\n1903277 - Deprovisioning Not Deleting Security Groups [VpcLimitExceeded on e2e-aws tests]\n1903290 - Kubelet repeatedly log the same log line from exited containers\n1903346 - PV backed by FC lun is not being unmounted properly and this leads to IO errors / xfs corruption. \n1903382 - Panic when task-graph is canceled with a TaskNode with no tasks\n1903400 - Migrate a VM which is not running goes to pending state\n1903402 - Nic/Disk on VMI overview should link to VMI\u0027s nic/disk page\n1903414 - NodePort is not working when configuring an egress IP address\n1903424 - mapi_machine_phase_transition_seconds_sum doesn\u0027t work\n1903464 - \"Evaluating rule failed\" for \"record: cluster:kube_persistentvolumeclaim_resource_requests_storage_bytes:provisioner:sum\" and \"record: cluster:kubelet_volume_stats_used_bytes:provisioner:sum\"\n1903639 - Hostsubnet gatherer produces wrong output\n1903651 - Network Policies are not working as expected with OVN-Kubernetes when traffic hairpins back to the same source through a service\n1903660 - Cannot install with Assisted Installer on top of IPv6 since network provider is not started\n1903674 - [sig-apps] ReplicationController should serve a basic image on each replica with a private image\n1903717 - Handle different Pod selectors for metal3 Deployment\n1903733 - Scale up followed by scale down can delete all running workers\n1903917 - Failed to load \"Developer Catalog\" page\n1903999 - Httplog response code is always zero\n1904026 - The quota controllers should resync on new resources and make progress\n1904064 - Automated cleaning is disabled by default\n1904124 - DHCP to static lease script doesn\u0027t work correctly if starting with infinite leases\n1904125 - Boostrap VM .ign image gets added into \u0027default\u0027 pool instead of \u003ccluster-name\u003e-\u003cid\u003e-bootstrap\n1904131 - kuryr tempest plugin test test_ipblock_network_policy_sg_rules fails\n1904133 - KubeletConfig flooded with failure conditions\n1904161 - AlertmanagerReceiversNotConfigured fires unconditionally on alertmanager restart\n1904243 - RHCOS 4.6.1 missing ISCSI initiatorname.iscsi !\n1904244 - MissingKey errors for two plugins using i18next.t\n1904262 - clusterresourceoverride-operator has version: 1.0.0 every build\n1904296 - VPA-operator has version: 1.0.0 every build\n1904297 - The index image generated by \"opm index prune\" leaves unrelated images\n1904305 - Should have scroll-down bar for the field which the values list has too many results under dashboards\n1904385 - [oVirt] registry cannot mount volume on 4.6.4 -\u003e 4.6.6 upgrade\n1904497 - vsphere-problem-detector: Run on vSphere cloud only\n1904501 - [Descheduler] descheduler does not evict any pod when PodTopologySpreadConstraint strategy is set\n1904502 - vsphere-problem-detector: allow longer timeouts for some operations\n1904503 - vsphere-problem-detector: emit alerts\n1904538 - [sig-arch][Early] Managed cluster should start all core operators: monitoring: container has runAsNonRoot and image has non-numeric user (nobody)\n1904578 - metric scraping for vsphere problem detector is not configured\n1904582 - All application traffic broken due to unexpected load balancer change on 4.6.4 -\u003e 4.6.6 upgrade\n1904663 - IPI pointer customization MachineConfig always generated\n1904679 - [Feature:ImageInfo] Image info should display information about images\n1904683 - `[sig-builds][Feature:Builds] s2i build with a root user image` tests use docker.io image\n1904684 - [sig-cli] oc debug ensure it works with image streams\n1904713 - Helm charts with kubeVersion restriction are filtered incorrectly\n1904776 - Snapshot modal alert is not pluralized\n1904824 - Set vSphere hostname from guestinfo before NM starts\n1904941 - Insights status is always showing a loading icon\n1904973 - KeyError: \u0027nodeName\u0027 on NP deletion\n1904985 - Prometheus and thanos sidecar targets are down\n1904993 - Many ampersand special characters are found in strings\n1905066 - QE - Monitoring test cases - smoke test suite automation\n1905074 - QE -Gherkin linter to maintain standards\n1905100 - Too many haproxy processes in default-router pod causing high load average\n1905104 - Snapshot modal disk items missing keys\n1905115 - CI: dev-scripts fail on 02_configure_host: Failed to start network ostestbm\n1905119 - Race in AWS EBS determining whether custom CA bundle is used\n1905128 - [e2e][automation] e2e tests succeed without actually execute\n1905133 - operator conditions special-resource-operator\n1905141 - vsphere-problem-detector: report metrics through telemetry\n1905146 - Backend Tests: TestHelmRepoGetter_SkipDisabled failures\n1905194 - Detecting broken connections to the Kube API takes up to 15 minutes\n1905221 - CVO transitions from \"Initializing\" to \"Updating\" despite not attempting many manifests\n1905232 - [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them failing due to inconsistent images between CI and OCP\n1905253 - Inaccurate text at bottom of Events page\n1905298 - openshift-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory\n1905299 - OLM fails to update operator\n1905307 - Provisioning CR is missing from must-gather\n1905319 - cluster-samples-operator containers are not requesting required memory resource\n1905320 - csi-snapshot-webhook is not requesting required memory resource\n1905323 - dns-operator is not requesting required memory resource\n1905324 - ingress-operator is not requesting required memory resource\n1905327 - openshift-kube-scheduler initContainer wait-for-host-port is not requesting required resources: cpu, memory\n1905328 - Changing the bound token service account issuer invalids previously issued bound tokens\n1905329 - openshift-oauth-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory\n1905330 - openshift-monitoring init-textfile is not requesting required resources: cpu, memory\n1905338 - QE -Cypress Automation for Add Flow - Database, Yaml, OperatorBacked, PageDetails\n1905347 - QE - Design Gherkin Scenarios\n1905348 - QE - Design Gherkin Scenarios\n1905362 - [sriov] Error message \u0027Fail to update DaemonSet\u0027 always shown in sriov operator pod\n1905368 - [sriov] net-attach-def generated from sriovnetwork cannot be restored once it was deleted\n1905370 - A-Z/Z-A sorting dropdown on Developer Catalog page is not aligned with filter text input\n1905380 - Default to Red Hat/KubeVirt provider if common template does not have provider annotation\n1905393 - CMO uses rbac.authorization.k8s.io/v1beta1 instead of rbac.authorization.k8s.io/v1\n1905404 - The example of \"Remove the entrypoint on the mysql:latest image\" for `oc image append` does not work\n1905416 - Hyperlink not working from Operator Description\n1905430 - usbguard extension fails to install because of missing correct protobuf dependency version\n1905492 - The stalld service has a higher scheduler priority than ksoftirq and rcu{b, c} threads\n1905502 - Test flake - unable to get https transport for ephemeral-registry\n1905542 - [GSS] The \"External\" mode option is not available when the OCP cluster is deployed using Redhat Cluster Assisted Installer 4.6. \n1905599 - Errant change to lastupdatetime in copied CSV status can trigger runaway csv syncs\n1905610 - Fix typo in export script\n1905621 - Protractor login test fails against a 4.7 (nightly) Power cluster\n1905640 - Subscription manual approval test is flaky\n1905647 - Report physical core valid-for-subscription min/max/cumulative use to telemetry\n1905696 - ClusterMoreUpdatesModal component did not get internationalized\n1905748 - with sharded ingresscontrollers, all shards reload when any endpoint changes\n1905761 - NetworkPolicy with Egress policyType is resulting in SDN errors and improper communication within Project\n1905778 - inconsistent ingresscontroller between fresh installed cluster and upgraded cluster\n1905792 - [OVN]Cannot create egressfirewalll with dnsName\n1905889 - Should create SA for each namespace that the operator scoped\n1905920 - Quickstart exit and restart\n1905941 - Page goes to error after create catalogsource\n1905977 - QE ghaekin design scenaio-pipeline metrics ODC-3711\n1906032 - Canary Controller: Canary daemonset rolls out slowly in large clusters\n1906100 - Disconnected cluster upgrades are failing from the cli, when signature retrieval is being blackholed instead of quickly rejected\n1906105 - CBO annotates an existing Metal3 deployment resource to indicate that it is managing it\n1906118 - OCS feature detection constantly polls storageclusters and storageclasses\n1906120 - \u0027Create Role Binding\u0027 form not setting user or group value when created from a user or group resource\n1906121 - [oc] After new-project creation, the kubeconfig file does not set the project\n1906134 - OLM should not create OperatorConditions for copied CSVs\n1906143 - CBO supports log levels\n1906186 - i18n: Translators are not able to translate `this` without context for alert manager config\n1906228 - tuned and openshift-tuned sometimes do not terminate gracefully, slowing reboots\n1906274 - StorageClass installed by Cinder csi driver operator should enable the allowVolumeExpansion to support volume resize. \n1906276 - `oc image append` can\u0027t work with multi-arch image with  --filter-by-os=\u0027.*\u0027\n1906318 - use proper term for Authorized SSH Keys\n1906335 - The lastTransitionTime, message, reason field of operatorcondition should be optional\n1906356 - Unify Clone PVC boot source flow with URL/Container boot source\n1906397 - IPA has incorrect kernel command line arguments\n1906441 - HorizontalNav and NavBar have invalid keys\n1906448 - Deploy using virtualmedia with provisioning network disabled fails - \u0027Failed to connect to the agent\u0027 in ironic-conductor log\n1906459 - openstack: Quota Validation fails if unlimited quotas are given to a project\n1906496 - [BUG] Thanos having possible memory leak consuming huge amounts of node\u0027s memory and killing them\n1906508 - TestHeaderNameCaseAdjust outputs nil error message on some failures\n1906511 - Root reprovisioning tests flaking often in CI\n1906517 - Validation is not robust enough and may prevent to generate install-confing. \n1906518 - Update snapshot API CRDs to v1\n1906519 - Update LSO CRDs to use v1\n1906570 - Number of disruptions caused by reboots on a cluster cannot be measured\n1906588 - [ci][sig-builds] nodes is forbidden: User \"e2e-test-jenkins-pipeline-xfghs-user\" cannot list resource \"nodes\" in API group \"\" at the cluster scope\n1906650 - Cannot collect network policy, EgressFirewall, egressip logs with gather_network_logs\n1906655 - [SDN]Cannot colloect ovsdb-server.log and ovs-vswitchd.log with gather_network_logs\n1906679 - quick start panel styles are not loaded\n1906683 - Kn resources are not showing in Topology if triggers has KSVC and IMC as subscriber\n1906684 - Event Source creation fails if user selects no app group and switch to yaml and then to form\n1906685 - SinkBinding is shown in topology view if underlying resource along with actual source created\n1906689 - user can pin to nav configmaps and secrets multiple times\n1906691 - Add doc which describes disabling helm chart repository\n1906713 - Quick starts not accesible for a developer user\n1906718 - helm chart \"provided by Redhat\" is misspelled\n1906732 - Machine API proxy support should be tested\n1906745 - Update Helm endpoints to use Helm 3.4.x\n1906760 - performance issues with topology constantly re-rendering\n1906766 - localized `Autoscaled` \u0026 `Autoscaling` pod texts overlap with the pod ring\n1906768 - Virtualization nav item is incorrectly placed in the Admin Workloads section\n1906769 - topology fails to load with non-kubeadmin user\n1906770 - shortcuts on mobiles view occupies a lot of space\n1906798 - Dev catalog customization doesn\u0027t update console-config ConfigMap\n1906806 - Allow installing extra packages in ironic container images\n1906808 - [test-disabled] ServiceAccounts should support OIDC discovery of service account issuer\n1906835 - Topology view shows add page before then showing full project workloads\n1906840 - ClusterOperator should not have status \"Updating\" if operator version is the same as the release version\n1906844 - EndpointSlice and EndpointSliceProxying feature gates should be disabled for openshift-sdn kube-proxy\n1906860 - Bump kube dependencies to v1.20 for Net Edge components\n1906864 - Quick Starts Tour: Need to adjust vertical spacing\n1906866 - Translations of Sample-Utils\n1906871 - White screen when sort by name in monitoring alerts page\n1906872 - Pipeline Tech Preview Badge Alignment\n1906875 - Provide an option to force backup even when API is not available. \n1906877 - Placeholder\u0027 value in search filter do not match column heading in Vulnerabilities\n1906879 - Add missing i18n keys\n1906880 - oidcdiscoveryendpoint controller invalidates all TokenRequest API tokens during install\n1906896 - No Alerts causes odd empty Table (Need no content message)\n1906898 - Missing User RoleBindings in the Project Access Web UI\n1906899 - Quick Start - Highlight Bounding Box Issue\n1906916 - Teach CVO about flowcontrol.apiserver.k8s.io/v1beta1\n1906933 - Cluster Autoscaler should have improved mechanisms for group identifiers\n1906935 - Delete resources when Provisioning CR is deleted\n1906968 - Must-gather should support collecting kubernetes-nmstate resources\n1906986 - Ensure failed pod adds are retried even if the pod object doesn\u0027t change\n1907199 - Need to upgrade machine-api-operator module version under cluster-api-provider-kubevirt\n1907202 - configs.imageregistry.operator.openshift.io cluster does not update its status fields after URL change\n1907211 - beta promotion of p\u0026f switched storage version to v1beta1, making downgrades impossible. \n1907269 - Tooltips data are different when checking stack or not checking stack for the same time\n1907280 - Install tour of OCS not available. \n1907282 - Topology page breaks with white screen\n1907286 - The default mhc machine-api-termination-handler couldn\u0027t watch spot instance\n1907287 - [csi-snapshot-webhook] should support both v1beta1 and v1 version when creating volumesnapshot/volumesnapshotcontent\n1907293 - Increase timeouts in e2e tests\n1907295 - Gherkin script for improve management for helm\n1907299 - Advanced Subscription Badge for KMS and Arbiter not present\n1907303 - Align VM template list items by baseline\n1907304 - Use PF styles for selected template card in VM Wizard\n1907305 - Drop \u0027ISO\u0027 from CDROM boot source message\n1907307 - Support and provider labels should be passed on between templates and sources\n1907310 - Pin action should be renamed to favorite\n1907312 - VM Template source popover is missing info about added date\n1907313 - ClusterOperator objects cannot be overriden with cvo-overrides\n1907328 - iproute-tc package is missing in ovn-kube image\n1907329 - CLUSTER_PROFILE env. variable is not used by the CVO\n1907333 - Node stuck in degraded state, mcp reports \"Failed to remove rollback: error running rpm-ostree cleanup -r: error: Timeout was reached\"\n1907373 - Rebase to kube 1.20.0\n1907375 - Bump to latest available 1.20.x k8s - workloads team\n1907378 - Gather netnamespaces networking info\n1907380 - kube-rbac-proxy exposes tokens, has excessive verbosity\n1907381 - OLM fails to deploy an operator if its deployment template contains a description annotation that doesn\u0027t match the CSV one\n1907390 - prometheus-adapter: panic after k8s 1.20 bump\n1907399 - build log icon link on topology nodes cause app to reload\n1907407 - Buildah version not accessible\n1907421 - [4.6.1]oc-image-mirror command failed on \"error: unable to copy layer\"\n1907453 - Dev Perspective -\u003e running vm details -\u003e resources -\u003e no data\n1907454 - Install PodConnectivityCheck CRD with CNO\n1907459 - \"The Boot source is also maintained by Red Hat.\" is always shown for all boot sources\n1907475 - Unable to estimate the error rate of ingress across the connected fleet\n1907480 - `Active alerts` section throwing forbidden error for users. \n1907518 - Kamelets/Eventsource should be shown to user if they have create access\n1907543 - Korean timestamps are shown when users\u0027 language preferences are set to German-en-en-US\n1907610 - Update kubernetes deps to 1.20\n1907612 - Update kubernetes deps to 1.20\n1907621 - openshift/installer: bump cluster-api-provider-kubevirt version\n1907628 - Installer does not set primary subnet consistently\n1907632 - Operator Registry should update its kubernetes dependencies to 1.20\n1907639 - pass dual-stack node IPs to kubelet in dual-stack clusters\n1907644 - fix up handling of non-critical annotations on daemonsets/deployments\n1907660 - Pod list does not render cell height correctly when pod names are too long (dynamic table rerendering issue?)\n1907670 - CVE-2020-27846 crewjam/saml: authentication bypass in saml authentication\n1907671 - Ingress VIP assigned to two infra nodes simultaneously - keepalived process running in pods seems to fail\n1907767 - [e2e][automation]update test suite for kubevirt plugin\n1907770 - Recent RHCOS 47.83 builds (from rhcos-47.83.202012072210-0 on) don\u0027t allow master and worker nodes to boot\n1907792 - The `overrides` of the OperatorCondition cannot block the operator upgrade\n1907793 - Surface support info in VM template details\n1907812 - 4.7 to 4.6 downgrade stuck in clusteroperator storage\n1907822 - [OCP on OSP] openshift-install panic when checking quota with install-config have no flavor set\n1907863 - Quickstarts status not updating when starting the tour\n1907872 - dual stack with an ipv6 network fails on bootstrap phase\n1907874 - QE - Design Gherkin Scenarios for epic ODC-5057\n1907875 - No response when try to expand pvc with an invalid size\n1907876 - Refactoring record package to make gatherer configurable\n1907877 - QE - Automation- pipelines builder scripts\n1907883 - Fix Pipleine creation without namespace issue\n1907888 - Fix pipeline list page loader\n1907890 - Misleading and incomplete alert message shown in pipeline-parameters and pipeline-resources form\n1907892 - Unable to edit application deployed using \"From Devfile\" option\n1907893 - navSortUtils.spec.ts unit test failure\n1907896 - When a workload is added, Topology does not place the new items well\n1907908 - VM Wizard always uses VirtIO for the VM rootdisk regardless what is defined in common-template\n1907924 - Enable madvdontneed in OpenShift Images\n1907929 - Enable madvdontneed in OpenShift System Components Part 2\n1907936 - NTO is not reporting nto_profile_set_total metrics correctly after reboot\n1907947 - The kubeconfig saved in tenantcluster shouldn\u0027t include anything that is not related to the current context\n1907948 - OCM-O bump to k8s 1.20\n1907952 - bump to k8s 1.20\n1907972 - Update OCM link to open Insights tab\n1907989 - DataVolumes was intorduced in common templates - VM creation fails in the UI\n1907998 - Gather kube_pod_resource_request/limit metrics as exposed in upstream KEP 1916\n1908001 - [CVE-2020-10749] Update github.com/containernetworking/plugins to v.0.8.6 in egress-router-cni\n1908014 - e2e-aws-ansible and e2e-aws-helm are broken in ocp-release-operator-sdk\n1908035 - dynamic-demo-plugin build does not generate dist directory\n1908135 - quick search modal is not centered over topology\n1908145 - kube-scheduler-recovery-controller container crash loop when router pod is co-scheduled\n1908159 - [AWS C2S] MCO fails to sync cloud config\n1908171 - GCP: Installation fails when installing cluster with n1-custom-4-16384custom type (n1-custom-4-16384)\n1908180 - Add source for template is stucking in preparing pvc\n1908217 - CI: Server-Side Apply should work for oauth.openshift.io/v1: has no tokens\n1908231 - [Migration] The pods ovnkube-node are in  CrashLoopBackOff after SDN to OVN\n1908277 - QE - Automation- pipelines actions scripts\n1908280 - Documentation describing `ignore-volume-az` is incorrect\n1908296 - Fix pipeline builder form yaml switcher validation issue\n1908303 - [CVE-2020-28367 CVE-2020-28366] Remove CGO flag from rhel Dockerfile in Egress-Router-CNI\n1908323 - Create button missing for PLR in the search page\n1908342 - The new pv_collector_total_pv_count is not reported via telemetry\n1908344 - [vsphere-problem-detector] CheckNodeProviderID and CheckNodeDiskUUID have the same name\n1908347 - CVO overwrites ValidatingWebhookConfiguration for snapshots\n1908349 - Volume snapshot tests are failing after 1.20 rebase\n1908353 - QE - Automation- pipelines runs scripts\n1908361 - bump to k8s 1.20\n1908367 - QE - Automation- pipelines triggers scripts\n1908370 - QE - Automation- pipelines secrets scripts\n1908375 - QE - Automation- pipelines workspaces scripts\n1908381 - Go Dependency Fixes for Devfile Lib\n1908389 - Loadbalancer Sync failing on Azure\n1908400 - Tests-e2e, increase timeouts, re-add TestArchiveUploadedAndResultsReceived\n1908407 - Backport Upstream 95269 to fix potential crash in kubelet\n1908410 - Exclude Yarn from VSCode search\n1908425 - Create Role Binding form subject type and name are undefined when All Project is selected\n1908431 - When the marketplace-operator pod get\u0027s restarted, the custom catalogsources are gone, as well as the pods\n1908434 - Remove \u0026apos from metal3-plugin internationalized strings\n1908437 - Operator backed with no icon has no badge associated with the CSV tag\n1908459 - bump to k8s 1.20\n1908461 - Add bugzilla component to OWNERS file\n1908462 - RHCOS 4.6 ostree removed dhclient\n1908466 - CAPO AZ Screening/Validating\n1908467 - Zoom in and zoom out in topology package should be sentence case\n1908468 - [Azure][4.7] Installer can\u0027t properly parse instance type with non integer memory size\n1908469 - nbdb failed to come up while bringing up OVNKubernetes cluster\n1908471 - OLM should bump k8s dependencies to 1.20\n1908484 - oc adm release extract --cloud=aws --credentials-requests dumps all manifests\n1908493 - 4.7-e2e-metal-ipi-ovn-dualstack intermittent test failures, worker hostname is overwritten by NM\n1908545 - VM clone dialog does not open\n1908557 - [e2e][automation]Miss css id on bootsource and reviewcreate step on wizard\n1908562 - Pod readiness is not being observed in real world cases\n1908565 - [4.6] Cannot filter the platform/arch of the index image\n1908573 - Align the style of flavor\n1908583 - bootstrap does not run on additional networks if configured for master in install-config\n1908596 - Race condition on operator installation\n1908598 - Persistent Dashboard shows events for all provisioners\n1908641 - Go back to Catalog Page link on Virtual Machine page vanishes on empty state\n1908648 - Skip TestKernelType test on OKD, adjust TestExtensions\n1908650 - The title of customize wizard is inconsistent\n1908654 - cluster-api-provider: volumes and disks names shouldn\u0027t change by machine-api-operator\n1908675 - Reenable [sig-storage] CSI mock volume CSI FSGroupPolicy [LinuxOnly] should modify fsGroup if fsGroupPolicy=default [Suite:openshift/conformance/parallel] [Suite:k8s]\n1908687 - Option to save user settings separate when using local bridge (affects console developers only)\n1908697 - Show `kubectl diff ` command in the oc diff help page\n1908715 - Pressing the arrow up key when on topmost quick-search list item it should loop back to bottom\n1908716 - UI breaks on click of sidebar of ksvc (if revisions not up) in topology on 4.7 builds\n1908717 - \"missing unit character in duration\" error in some network dashboards\n1908746 - [Safari] Drop Shadow doesn\u0027t works as expected on hover on workload\n1908747 - stale S3 CredentialsRequest in CCO manifest\n1908758 - AWS: NLB timeout value is rejected by AWS cloud provider after 1.20 rebase\n1908830 - RHCOS 4.6 - Missing Initiatorname\n1908868 - Update empty state message for EventSources and Channels tab\n1908880 - 4.7 aws-serial CI: NoExecuteTaintManager Single Pod [Serial] eventually evict pod with finite tolerations from tainted nodes\n1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference\n1908888 - Dualstack does not work with multiple gateways\n1908889 - Bump CNO to k8s 1.20\n1908891 - TestDNSForwarding DNS operator e2e test is failing frequently\n1908914 - CNO: upgrade nodes before masters\n1908918 - Pipeline builder yaml view sidebar is not responsive\n1908960 - QE - Design Gherkin Scenarios\n1908971 - Gherkin Script for pipeline debt 4.7\n1908983 - i18n: Add Horizontal Pod Autoscaler action menu is not translated\n1908997 - Unsupported access mode should not be available when creating pvc by cinder-csi-driver/gcp-pd-csi-driver from web-console\n1908998 - [cinder-csi-driver] doesn\u0027t detect the credentials change\n1909004 - \"No datapoints found\" for RHEL node\u0027s filesystem graph\n1909005 - i18n: workloads list view heading is not translated\n1909012 - csi snapshot webhook does not block any invalid update for volumesnapshot and volumesnapshotcontent objects\n1909027 - Disks option of Sectected capacity chart shows HDD disk even on selection of SDD disk type\n1909043 - OCP + OCS 4.7 Internal - Storage cluster creation throws warning when zone=0 in VMware\n1909067 - Web terminal should keep latest output when connection closes\n1909070 - PLR and TR Logs component is not streaming as fast as tkn\n1909092 - Error Message should not confuse user on Channel form\n1909096 - OCP 4.7+OCS 4.7 - The Requested Cluster Capacity field needs to include the selected capacity in calculation in Review and Create Page\n1909108 - Machine API components should use 1.20 dependencies\n1909116 - Catalog Sort Items dropdown is not aligned on Firefox\n1909198 - Move Sink action option is not working\n1909207 - Accessibility Issue on monitoring page\n1909236 - Remove pinned icon overlap on resource name\n1909249 - Intermittent packet drop from pod to pod\n1909276 - Accessibility Issue on create project modal\n1909289 - oc debug of an init container no longer works\n1909290 - Logging may be broken due to mix of k8s.io/klog v1 and v2\n1909358 - registry.redhat.io/redhat/community-operator-index:latest only have hyperfoil-bundle\n1909453 - Boot disk RAID can corrupt ESP if UEFI firmware writes to it\n1909455 - Boot disk RAID will not boot if the primary disk enumerates but fails I/O\n1909464 - Build operator-registry with golang-1.15\n1909502 - NO_PROXY is not matched between bootstrap and global cluster setting which lead to desired master machineconfig is not found\n1909521 - Add kubevirt cluster type for e2e-test workflow\n1909527 - [IPI Baremetal] After upgrade from 4.6 to 4.7 metal3 pod does not get created\n1909587 - [OCP4] all of the OCP master nodes with soft-anti-affinity run on the same OSP node\n1909610 - Fix available capacity when no storage class selected\n1909678 - scale up / down buttons available on pod details side panel\n1909723 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder \u0026 base images to be consistent with ART\n1909730 - unbound variable error if EXTRA_PKGS_LIST is not defined\n1909739 - Arbiter request data changes\n1909744 - cluster-api-provider-openstack: Bump gophercloud\n1909790 - PipelineBuilder yaml view cannot be used for editing a pipeline\n1909791 - Update standalone kube-proxy config for EndpointSlice\n1909792 - Empty states for some details page subcomponents are not i18ned\n1909815 - Perspective switcher is only half-i18ned\n1909821 - OCS 4.7 LSO installation blocked because of Error \"Invalid value: \"integer\": spec.flexibleScaling in body\n1909836 - operator-install-global Cypress test was failing in OLM as it depends on an operator that isn\u0027t installed in CI\n1909864 - promote-release-openshift-machine-os-content-e2e-aws-4.5 is perm failing\n1909911 - [OVN]EgressFirewall caused a segfault\n1909943 - Upgrade from 4.6 to 4.7 stuck due to write /sys/devices/xxxx/block/sda/queue/scheduler: invalid argument\n1909958 - Support Quick Start Highlights Properly\n1909978 - ignore-volume-az = yes not working on standard storageClass\n1909981 - Improve statement in template select step\n1909992 - Fail to pull the bundle image when using the private index image\n1910024 - Reload issue in latest(4.7) UI code on 4.6 cluster locally in dev\n1910036 - QE - Design Gherkin Scenarios ODC-4504\n1910049 - UPI: ansible-galaxy is not supported\n1910127 - [UPI on oVirt]:  Improve UPI Documentation\n1910140 - fix the api dashboard with changes in upstream kube 1.20\n1910160 - If two OperatorConditions include the same deployments they will keep updating the deployment\u0027s containers with the OPERATOR_CONDITION_NAME Environment Variable\n1910165 - DHCP to static lease script doesn\u0027t handle multiple addresses\n1910305 - [Descheduler] - The minKubeVersion should be 1.20.0\n1910409 - Notification drawer is not localized for i18n\n1910459 - Could not provision gcp volume if delete secret gcp-pd-cloud-credentials\n1910492 - KMS details are auto-populated on the screen in next attempt at Storage cluster creation\n1910501 - Installed Operators-\u003eOperand required: Clicking on cancel in Storage cluster page takes back to the Install Operator page\n1910533 - [OVN] It takes about 5 minutes for EgressIP failover to work\n1910581 - library-go: proxy ENV is not injected into csi-driver-controller which lead to storage operator never get ready\n1910666 - Creating a Source Secret from type SSH-Key should use monospace font for better usability\n1910738 - OCP 4.7 Installation fails on VMWare due to 1 worker that is degraded\n1910739 - Redfish-virtualmedia (idrac) deploy fails on \"The Virtual Media image server is already connected\"\n1910753 - Support Directory Path to Devfile\n1910805 - Missing translation for Pipeline status and breadcrumb text\n1910829 - Cannot delete a PVC if the dv\u0027s phase is WaitForFirstConsumer\n1910840 - Show Nonexistent  command info in the `oc rollback -h` help page\n1910859 - breadcrumbs doesn\u0027t use last namespace\n1910866 - Unify templates string\n1910870 - Unify template dropdown action\n1911016 - Prometheus unable to mount NFS volumes after upgrading to 4.6\n1911129 - Monitoring charts renders nothing when switching from a Deployment to \"All workloads\"\n1911176 - [MSTR-998] Wrong text shown when hovering on lines of charts in API Performance dashboard\n1911212 - [MSTR-998] API Performance Dashboard \"Period\" drop-down has a choice \"$__auto_interval_period\" which can bring \"1:154: parse error: missing unit character in duration\"\n1911213 - Wrong and misleading warning for VMs that were created manually (not from template)\n1911257 - [aws-c2s] failed to create cluster, kube-cloud-config was not created\n1911269 - waiting for the build message present when build exists\n1911280 - Builder images are not detected for Dotnet, Httpd, NGINX\n1911307 - Pod Scale-up requires extra privileges in OpenShift web-console\n1911381 - \"Select Persistent Volume Claim project\" shows in customize wizard when select a source available template\n1911382 - \"source volumeMode (Block) and target volumeMode (Filesystem) do not match\" shows in VM Error\n1911387 - Hit error - \"Cannot read property \u0027value\u0027 of undefined\" while creating VM from template\n1911408 - [e2e][automation] Add auto-clone cli tests and new flow of VM creation\n1911418 - [v2v] The target storage class name is not displayed if default storage class is used\n1911434 - git ops empty state page displays icon with watermark\n1911443 - SSH Cretifiaction field should be validated\n1911465 - IOPS display wrong unit\n1911474 - Devfile Application Group Does Not Delete Cleanly (errors)\n1911487 - Pruning Deployments should use ReplicaSets instead of ReplicationController\n1911574 - Expose volume mode  on Upload Data form\n1911617 - [CNV][UI] Failure to add source to VM template when no default storage class is defined\n1911632 - rpm-ostree command fail due to wrong options when updating ocp-4.6 to 4.7 on worker nodes with rt-kernel\n1911656 - using \u0027operator-sdk run bundle\u0027 to install operator successfully, but the command output said \u0027Failed to run bundle\u0027\u0027\n1911664 - [Negative Test] After deleting metal3 pod, scaling worker stuck on provisioning state\n1911782 - Descheduler should not evict pod used local storage by the PVC\n1911796 - uploading flow being displayed before submitting the form\n1912066 - The ansible type operator\u0027s manager container is not stable when managing the CR\n1912077 - helm operator\u0027s default rbac forbidden\n1912115 - [automation] Analyze job keep failing because of \u0027JavaScript heap out of memory\u0027\n1912237 - Rebase CSI sidecars for 4.7\n1912381 - [e2e][automation] Miss css ID on Create Network Attachment Definition page\n1912409 - Fix flow schema deployment\n1912434 - Update guided tour modal title\n1912522 - DNS Operator e2e test: TestCoreDNSImageUpgrade is fundamentally broken\n1912523 - Standalone pod status not updating in topology graph\n1912536 - Console Plugin CR for console-demo-plugin has wrong apiVersion\n1912558 - TaskRun list and detail screen doesn\u0027t show Pending status\n1912563 - p\u0026f: carry 97206: clean up executing request on panic\n1912565 - OLM macOS local build broken by moby/term dependency\n1912567 - [OCP on RHV] Node becomes to \u0027NotReady\u0027 status when shutdown vm from RHV UI only on the second deletion\n1912577 - 4.1/4.2-\u003e4.3-\u003e...-\u003e 4.7 upgrade is stuck during 4.6-\u003e4.7 with co/openshift-apiserver Degraded, co/network not Available and several other components pods CrashLoopBackOff\n1912590 - publicImageRepository not being populated\n1912640 - Go operator\u0027s controller pods is forbidden\n1912701 - Handle dual-stack configuration for NIC IP\n1912703 - multiple queries can\u0027t be plotted in the same graph under some conditons\n1912730 - Operator backed: In-context should support visual connector if SBO is not installed\n1912828 - Align High Performance VMs with High Performance in RHV-UI\n1912849 - VM from wizard - default flavor does not match the actual flavor set by common templates\n1912852 - VM from wizard - available VM templates - \"storage\" field is \"0 B\"\n1912888 - recycler template should be moved to KCM operator\n1912907 - Helm chart repository index can contain unresolvable relative URL\u0027s\n1912916 - Set external traffic policy to cluster for IBM platform\n1912922 - Explicitly specifying the operator generated default certificate for an ingress controller breaks the ingress controller\n1912938 - Update confirmation modal for quick starts\n1912942 - cluster-storage-operator: proxy ENV is not injected into vsphere-problem-detector deployment\n1912944 - cluster-storage-operator: proxy ENV is not injected into Manila CSI driver operator deployment\n1912945 - aws-ebs-csi-driver-operator: proxy ENV is not injected into the CSI driver\n1912946 - gcp-pd-csi-driver-operator: proxy ENV is not injected into the CSI driver\n1912947 - openstack-cinder-csi-driver-operator: proxy ENV is not injected into the CSI driver\n1912948 - csi-driver-manila-operator: proxy ENV is not injected into the CSI driver\n1912949 - ovirt-csi-driver-operator: proxy ENV is not injected into the CSI driver\n1912977 - rebase upstream static-provisioner\n1913006 - Remove etcd v2 specific alerts with etcd_http* metrics\n1913011 - [OVN] Pod\u0027s external traffic not use egressrouter macvlan ip as a source ip\n1913037 - update static-provisioner base image\n1913047 - baremetal clusteroperator progressing status toggles between true and false when cluster is in a steady state\n1913085 - Regression OLM uses scoped client for CRD installation\n1913096 - backport: cadvisor machine metrics are missing in k8s 1.19\n1913132 - The installation of Openshift Virtualization reports success early before it \u0027s succeeded eventually\n1913154 - Upgrading to 4.6.10 nightly failed with RHEL worker nodes: Failed to find /dev/disk/by-label/root\n1913196 - Guided Tour doesn\u0027t handle resizing of browser\n1913209 - Support modal should be shown for community supported templates\n1913226 - [Migration] The SDN migration rollback failed if customize vxlanPort\n1913249 - update info alert this template is not aditable\n1913285 - VM list empty state should link to virtualization quick starts\n1913289 - Rebase AWS EBS CSI driver for 4.7\n1913292 - OCS 4.7 Installation failed over vmware when arbiter was enabled, as flexibleScaling is also getting enabled\n1913297 - Remove restriction of taints for arbiter node\n1913306 - unnecessary scroll bar is present on quick starts panel\n1913325 - 1.20 rebase for openshift-apiserver\n1913331 - Import from git: Fails to detect Java builder\n1913332 - Pipeline visualization breaks the UI when multiple taskspecs are used\n1913343 - (release-4.7) Added changelog file for insights-operator\n1913356 - (release-4.7) Implemented gathering specific logs from openshift apiserver operator\n1913371 - Missing i18n key \"Administrator\" in namespace \"console-app\" and language \"en.\"\n1913386 - users can see metrics of namespaces for which they don\u0027t have rights when monitoring own services with prometheus user workloads\n1913420 - Time duration setting of resources is not being displayed\n1913536 - 4.6.9 -\u003e 4.7 upgrade hangs.  RHEL 7.9 worker stuck on \"error enabling unit: Failed to execute operation: File exists\\\\n\\\"\n1913554 - Recording rule for ingress error fraction SLI is incorrect, uses irate instead of increase\n1913560 - Normal user cannot load template on the new wizard\n1913563 - \"Virtual Machine\" is not on the same line in create button when logged with normal user\n1913567 - Tooltip data should be same for line chart or stacked chart, display data value same as the table\n1913568 - Normal user cannot create template\n1913582 - [Migration]SDN to OVN migration stucks on MCO for rhel worker\n1913585 - Topology descriptive text fixes\n1913608 - Table data contains data value None after change time range in graph and change back\n1913651 - Improved Red Hat image and crashlooping OpenShift pod collection\n1913660 - Change location and text of Pipeline edit flow alert\n1913685 - OS field not disabled when creating a VM from a template\n1913716 - Include additional use of existing libraries\n1913725 - Refactor Insights Operator Plugin states\n1913736 - Regression: fails to deploy computes when using root volumes\n1913747 - Update operator to kubernetes 1.20.1 to pickup upstream fixes\n1913751 - add third-party network plugin test suite to openshift-tests\n1913783 - QE-To fix the merging pr issue, commenting the afterEach() block\n1913807 - Template support badge should not be shown for community supported templates\n1913821 - Need definitive steps about uninstalling descheduler operator\n1913851 - Cluster Tasks are not sorted in pipeline builder\n1913864 - BuildConfig YAML template references ruby ImageStreamTag that no longer exists\n1913951 - Update the Devfile Sample Repo to an Official Repo Host\n1913960 - Cluster Autoscaler should use 1.20 dependencies\n1913969 - Field dependency descriptor can sometimes cause an exception\n1914060 - Disk created from \u0027Import via Registry\u0027 cannot be used as boot disk\n1914066 - [sriov] sriov dp pod crash when delete ovs HW offload policy\n1914090 - Grafana - The resulting dataset is too large to graph (OCS RBD volumes being counted as disks)\n1914119 - vsphere problem detector operator has no permission to update storages.operator.openshift.io instances\n1914125 - Still using /dev/vde as default device path when create localvolume\n1914183 - Empty NAD page is missing link to quickstarts\n1914196 - target port in `from dockerfile` flow does nothing\n1914204 - Creating VM from dev perspective may fail with template not found error\n1914209 - Associate image secret name to pipeline serviceaccount imagePullSecrets\n1914212 - [e2e][automation] Add test to validate bootable disk souce\n1914250 - ovnkube-node fails on master nodes when both DHCPv6 and SLAAC addresses are configured on nodes\n1914284 - Upgrade to OCP 4.6.9 results in cluster-wide DNS and connectivity issues due to bad NetworkPolicy flows\n1914287 - Bring back selfLink\n1914301 - User VM Template source should show the same provider as template itself\n1914303 - linuxptp-daemon is not forwarding ptp4l stderr output to openshift logs\n1914309 - /terminal page when WTO not installed shows nonsensical error\n1914334 - order of getting started samples is arbitrary\n1914343 - [sig-imageregistry][Feature:ImageTriggers] Annotation trigger reconciles after the image is overwritten [Suite:openshift/conformance/parallel]  timeout on s390x\n1914349 - Increase and decrease buttons in max and min pods in HPA page has distorted UI\n1914405 - Quick search modal should be opened when coming back from a selection\n1914407 - Its not clear that node-ca is running as non-root\n1914427 - Count of pods on the dashboard is incorrect\n1914439 - Typo in SRIOV port create command example\n1914451 - cluster-storage-operator pod running as root\n1914452 - oc image append, oc image extract outputs wrong suggestion to use --keep-manifest-list=true\n1914642 - Customize Wizard Storage tab does not pass validation\n1914723 - SamplesTBRInaccessibleOnBoot Alert has a misspelling\n1914793 - device names should not be translated\n1914894 - Warn about using non-groupified api version\n1914926 - webdriver-manager pulls incorrect version of ChomeDriver due to a bug\n1914932 - Put correct resource name in relatedObjects\n1914938 - PVC disk is not shown on customization wizard general tab\n1914941 - VM Template rootdisk is not deleted after fetching default disk bus\n1914975 - Collect logs from openshift-sdn namespace\n1915003 - No estimate of average node readiness during lifetime of a cluster\n1915027 - fix MCS blocking iptables rules\n1915041 - s3:ListMultipartUploadParts is relied on implicitly\n1915079 - Canary controller should not periodically rotate the canary route endpoint for performance reasons\n1915080 - Large number of tcp connections with shiftstack ocp cluster in about 24 hours\n1915085 - Pods created and rapidly terminated get stuck\n1915114 - [aws-c2s] worker machines are not create during install\n1915133 - Missing default pinned nav items in dev perspective\n1915176 - Update snapshot API CRDs to v1 in web-console when creating volumesnapshot related resource\n1915187 - Remove the \"Tech preview\" tag in web-console for volumesnapshot\n1915188 - Remove HostSubnet anonymization\n1915200 - [OCP 4.7+ OCS 4.6]Arbiter related Note should not show up during UI deployment\n1915217 - OKD payloads expect to be signed with production keys\n1915220 - Remove dropdown workaround for user settings\n1915235 - Failed to upgrade to 4.7 from 4.6 due to the machine-config failure\n1915262 - When deploying with assisted install the CBO operator is installed and enabled without metal3 pod\n1915277 - [e2e][automation]fix cdi upload form test\n1915295 - [BM][IP][Dualstack] Installation failed - operators report dial tcp 172.30.0.1:443: i/o timeout\n1915304 - Updating scheduling component builder \u0026 base images to be consistent with ART\n1915312 - Prevent schedule Linux openshift-network-diagnostics pod on Windows node\n1915318 - [Metal] bareMetal IPI - cannot interact with toolbox container after first execution only in parallel from different connection\n1915348 - [RFE] linuxptp operator needs to expose the uds_address_socket to be used by an application pod\n1915357 - Dev Catalog doesn\u0027t load anything if virtualization operator is installed\n1915379 - New template wizard should require provider and make support input a dropdown type\n1915408 - Failure in operator-registry kind e2e test\n1915416 - [Descheduler] descheduler evicts pod which does not have any ownerRef or descheduler evict annotation\n1915460 - Cluster name size might affect installations\n1915500 - [aws c2s] kube-controller-manager crash loops trying to fetch the AWS instance\n1915540 - Silent 4.7 RHCOS install failure on ppc64le\n1915579 - [Metal] redhat-support-tool became unavailable after tcpdump usage (BareMetal IPI)\n1915582 - p\u0026f: carry upstream pr 97860\n1915594 - [e2e][automation] Improve test for disk validation\n1915617 - Bump bootimage for various fixes\n1915624 - \"Please fill in the following field: Template provider\" blocks customize wizard\n1915627 - Translate Guided Tour text. \n1915643 - OCP4.6 to 4.7 upgrade failed due to manila csi driver operator sync error\n1915647 - Intermittent White screen when the connector dragged to revision\n1915649 - \"Template support\" pop up is not a warning; checkbox text should be rephrased\n1915654 - [e2e][automation] Add a verification for Afinity modal should hint \"Matching node found\"\n1915661 - Can\u0027t run the \u0027oc adm prune\u0027 command in a pod\n1915672 - Kuryr doesn\u0027t work with selfLink disabled. \n1915674 - Golden image PVC creation - storage size should be taken from the template\n1915685 - Message for not supported template is not clear enough\n1915760 - Need to increase timeout to wait rhel worker get ready\n1915793 - quick starts panel syncs incorrectly across browser windows\n1915798 - oauth connection errors for openshift console pods on an OVNKube OCP 4.7 cluster\n1915818 - vsphere-problem-detector: use \"_totals\" in metrics\n1915828 - Latest Dell firmware (04.40.00.00) fails to install IPI on BM using idrac-virtualmedia protocol\n1915859 - vsphere-problem-detector: does not report ESXi host version nor VM HW version\n1915871 - operator-sdk version in new downstream image should be v1.2.0-ocp not v4.7.0\n1915879 - Pipeline Dashboard tab Rename to Pipeline Metrics\n1915885 - Kuryr doesn\u0027t support workers running on multiple subnets\n1915898 - TaskRun log output shows \"undefined\" in streaming\n1915907 - test/cmd/builds.sh uses docker.io\n1915912 - sig-storage-csi-snapshotter image not available\n1915926 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder \u0026 base images to be consistent with ART\n1915929 - A11y Violation: svg-img-alt for time axis of Utilization Card on Cluster Dashboard\n1915939 - Resizing the browser window removes Web Terminal Icon\n1915945 - [sig-scheduling] SchedulerPreemption [Serial] validates basic preemption works [Conformance]\n1915959 - Baremetal cluster operator is included in a ROKS installation of 4.7\n1915962 - ROKS: manifest with machine health check fails to apply in 4.7\n1915972 - Global configuration breadcrumbs do not work as expected\n1915981 - Install ethtool and conntrack in container for debugging\n1915995 - \"Edit RoleBinding Subject\" action under RoleBinding list page kebab actions causes unhandled exception\n1915998 - Installer bootstrap node setting of additional subnets inconsistent with additional security groups\n1916021 - OLM enters infinite loop if Pending CSV replaces itself\n1916056 - Need Visual Web Terminal metric enabled for OCP monitoring telemetry\n1916081 - non-existant should be non-existent in CloudCredentialOperatorTargetNamespaceMissing alert\u0027s annotations\n1916099 - VM creation - customization wizard - user should be allowed to delete and re-create root disk\n1916126 - [e2e][automation] Help fix tests for vm guest-agent and next-run-configuration\n1916145 - Explicitly set minimum versions of python libraries\n1916164 - Update csi-driver-nfs builder \u0026 base images to be consistent with ART\n1916221 - csi-snapshot-controller-operator: bump dependencies for 4.7\n1916271 - Known issues should mention failure to apply soft-anti-affinity to masters beyond the third\n1916363 - [OVN] ovs-configuration.service reports as failed within all nodes using version 4.7.0-fc.2\n1916379 - error metrics from vsphere-problem-detector should be gauge\n1916382 - Can\u0027t create ext4 filesystems with Ignition\n1916384 - 4.5.15 and later cluster-version operator does not sync ClusterVersion status before exiting, leaving \u0027verified: false\u0027 even for verified updates\n1916401 - Deleting an ingress controller with a bad DNS Record hangs\n1916417 - [Kuryr] Must-gather does not have all Custom Resources information\n1916419 - [sig-devex][Feature:ImageEcosystem][Slow] openshift images should be SCL enabled returning s2i usage when running the image\n1916454 - teach CCO about upgradeability from 4.6 to 4.7\n1916486 - [OCP RHV] [Docs] Update RHV CSI provisioning section in OCP documenation\n1916502 - Boot disk mirroring fails with mdadm error\n1916524 - Two rootdisk shows on storage step\n1916580 - Default yaml is broken for VM and VM template\n1916621 - oc adm node-logs examples are wrong\n1916642 - [zh_CN] Redundant period in Secrets - Create drop down menu - Key value secret. \n1916692 - Possibly fails to destroy LB and thus cluster\n1916711 - Update Kube dependencies in MCO to 1.20.0\n1916747 - remove links to quick starts if virtualization operator isn\u0027t updated to 2.6\n1916764 - editing a workload with no application applied, will auto fill the app\n1916834 - Pipeline Metrics - Text Updates\n1916843 - collect logs from openshift-sdn-controller pod\n1916853 - cluster will not gracefully recover if openshift-etcd namespace is removed\n1916882 - OCS 4.7 LSO : wizard (Discover disks and create storageclass) does not show zone when topology.kubernetes.io/zone are added manually\n1916888 - OCS wizard Donor chart does not get updated when `Device Type` is edited\n1916938 - Using 4.6 install-config.yaml file with lbFloatingIP results in validation error \"Forbidden: cannot specify lbFloatingIP and apiFloatingIP together\"\n1916949 - ROKS: manifests in openshift-oauth-apiserver ns fails to create with non-existent namespace\n1917101 - [UPI on oVirt] - \u0027RHCOS image\u0027 topic isn\u0027t located in the right place in UPI document\n1917114 - Upgrade from 4.5.9 to 4.7 fails as authentication operator is Degraded due to \u0027\"ProxyConfigController\" controller failed to sync \"key\"\u0027 error\n1917117 - Common templates - disks screen: invalid disk name\n1917124 - Custom template - clone existing PVC - the name of the target VM\u0027s data volume is hard-coded; only one VM can be created\n1917146 - [oVirt] Consume 23-10 ovirt sdk- csi operator\n1917147 - [oVirt] csi operator panics if ovirt-engine suddenly becomes unavailable. \n1917148 - [oVirt] Consume 23-10 ovirt sdk\n1917239 - Monitoring time options overlaps monitoring tab navigation when Quickstart panel is opened\n1917272 - Should update the default minSize to 1Gi when create localvolumeset on web console\n1917303 - [automation][e2e] make kubevirt-plugin gating job mandatory\n1917315 - localvolumeset-local-provisoner-xxx pods are not killed after upgrading from 4.6 to 4.7\n1917327 - annotations.message maybe wrong for NTOPodsNotReady alert\n1917367 - Refactor periodic.go\n1917371 - Add docs on how to use the built-in profiler\n1917372 - Application metrics are shown on Metrics dashboard but not in linked Prometheus UI in OCP management console\n1917395 - pv-pool backing store name restriction should be at 43 characters from the ocs ui\n1917484 - [BM][IPI] Failed to scale down machineset\n1917522 - Deprecate --filter-by-os in oc adm catalog mirror\n1917537 - controllers continuously busy reconciling operator\n1917551 - use min_over_time for vsphere prometheus alerts\n1917585 - OLM Operator install page missing i18n\n1917587 - Manila CSI operator becomes degraded if user doesn\u0027t have permissions to list share types\n1917605 - Deleting an exgw causes pods to no longer route to other exgws\n1917614 - [aws c2s] ingress operator uses unavailable resourcegrouptaggings API\n1917656 - Add to Project/application for eventSources from topology shows 404\n1917658 - Show TP badge for sources powered by camel connectors in create flow\n1917660 - Editing parallelism of job get error info\n1917678 - Could not provision pv when no symlink and target found on rhel worker\n1917679 - Hide double CTA in admin pipelineruns tab\n1917683 - `NodeTextFileCollectorScrapeError` alert in OCP 4.6 cluster. \n1917759 - Console operator panics after setting plugin that does not exists to the console-operator config\n1917765 - ansible-operator version in downstream image should be v1.3.0 not v4.7.0\n1917770 - helm-operator version in downstream image should be v1.3.0 not v4.7.0\n1917799 - Gather s list of names and versions of installed OLM operators\n1917803 - [sig-storage] Pod Disks should be able to delete a non-existent PD without error\n1917814 - Show Broker create option in eventing under admin perspective\n1917838 - MachineSet scaling from 0 is not available or evaluated incorrectly for the new or changed instance types\n1917872 - [oVirt] rebase on latest SDK 2021-01-12\n1917911 - network-tools needs ovnkube-trace binary from ovn-kubernetes image\n1917938 - upgrade version of dnsmasq package\n1917942 - Canary controller causes panic in ingress-operator\n1918019 - Undesired scrollbars in markdown area of QuickStart\n1918068 - Flaky olm integration tests\n1918085 - reversed name of job and namespace in cvo log\n1918112 - Flavor is not editable if a customize VM is created from cli\n1918129 - Update IO sample archive with missing resources \u0026 remove IP anonymization from clusteroperator resources\n1918132 - i18n: Volume Snapshot Contents menu is not translated\n1918133 - [e2e][automation] Fix ocp 4.7 existing tests - part2\n1918140 - Deployment openstack-cinder-csi-driver-controller and openstack-manila-csi-controllerplugin doesn\u0027t be installed on OSP\n1918153 - When `\u0026` character is set as an environment variable in a build config it is getting converted as `\\u0026`\n1918185 - Capitalization on PLR details page\n1918287 - [ovirt] ovirt csi driver is flooding RHV with API calls and spam the event UI with new connections\n1918318 - Kamelet connector\u0027s are not shown in eventing section under Admin perspective\n1918351 - Gather SAP configuration (SCC \u0026 ClusterRoleBinding)\n1918375 - [calico] rbac-proxy container in kube-proxy fails to create tokenreviews\n1918395 - [ovirt] increase livenessProbe period\n1918415 - MCD nil pointer on dropins\n1918438 - [ja_JP, zh_CN] Serverless i18n misses\n1918440 - Kernel Arguments get reapplied even when no new kargs has been added in MachineConfig\n1918471 - CustomNoUpgrade Feature gates are not working correctly\n1918558 - Supermicro nodes boot to PXE upon reboot after successful deployment to disk\n1918622 - Updating ose-jenkins-agent-maven builder \u0026 base images to be consistent with ART\n1918623 - Updating ose-jenkins-agent-nodejs-12 builder \u0026 base images to be consistent with ART\n1918625 - Updating ose-jenkins-agent-nodejs-10 builder \u0026 base images to be consistent with ART\n1918635 - Updating openshift-jenkins-2 builder \u0026 base images to be consistent with ART #1197\n1918639 - Event listener with triggerRef crashes the console\n1918648 - Subscription page doesn\u0027t show InstallPlan correctly\n1918716 - Manilacsi becomes degraded even though it is not available with the underlying Openstack\n1918748 - helmchartrepo is not http(s)_proxy-aware\n1918757 - Consistant fallures of features/project-creation.feature Cypress test in CI\n1918803 - Need dedicated details page w/ global config breadcrumbs for \u0027KnativeServing\u0027 plugin\n1918826 - Insights popover icons are not horizontally aligned\n1918879 - need better debug for bad pull secrets\n1918958 - The default NMstate instance from the operator is incorrect\n1919097 - Close bracket \")\" missing at the end of the sentence in the UI\n1919231 - quick search modal cut off on smaller screens\n1919259 - Make \"Add x\" singular in Pipeline Builder\n1919260 - VM Template list actions should not wrap\n1919271 - NM prepender script doesn\u0027t support systemd-resolved\n1919341 - Updating ose-jenkins-agent-maven builder \u0026 base images to be consistent with ART\n1919360 - Need managed-cluster-info metric enabled for OCP monitoring telemetry\n1919379 - dotnet logo out of date\n1919387 - Console login fails with no error when it can\u0027t write to localStorage\n1919396 - A11y Violation: svg-img-alt on Pod Status ring\n1919407 - OpenStack IPI has three-node control plane limitation, but InstallConfigs aren\u0027t verified\n1919750 - Search InstallPlans got Minified React error\n1919778 - Upgrade is stuck in insights operator Degraded with \"Source clusterconfig could not be retrieved\" until insights operator pod is manually deleted\n1919823 - OCP 4.7 Internationalization Chinese tranlate issue\n1919851 - Visualization does not render when Pipeline \u0026 Task share same name\n1919862 - The tip information for `oc new-project  --skip-config-write` is wrong\n1919876 - VM created via customize wizard cannot inherit template\u0027s PVC attributes\n1919877 - Click on KSVC breaks with white screen\n1919879 - The toolbox container name is changed from \u0027toolbox-root\u0027  to \u0027toolbox-\u0027 in a chroot environment\n1919945 - user entered name value overridden by default value when selecting a git repository\n1919968 - [release-4.7] Undiagnosed panic detected in pod runtime.go:76: invalid memory address or nil pointer dereference\n1919970 - NTO does not update when the tuned profile is updated. \n1919999 - Bump Cluster Resource Operator Golang Versions\n1920027 - machine-config-operator consistently failing during 4.6 to 4.7 upgrades and clusters do not install successfully with proxy configuration\n1920200 - user-settings network error results in infinite loop of requests\n1920205 - operator-registry e2e tests not working properly\n1920214 - Bump golang to 1.15 in cluster-resource-override-admission\n1920248 - re-running the pipelinerun with pipelinespec crashes the UI\n1920320 - VM template field is \"Not available\" if it\u0027s created from common template\n1920367 - When creating localvolumeset instance from the web console, the title for setting volumeMode is `Disk Mode`\n1920368 - Fix containers creation issue resulting in runc running on Guaranteed Pod CPUs\n1920390 - Monitoring \u003e Metrics graph shifts to the left when clicking the \"Stacked\" option and when toggling data series lines on / off\n1920426 - Egress Router CNI OWNERS file should have ovn-k team members\n1920427 - Need to update `oc login` help page since we don\u0027t support prompt interactively for the username\n1920430 - [V2V] [UI] Browser window becomes empty when running import wizard for the first time\n1920438 - openshift-tuned panics on turning debugging on/off. \n1920445 - e2e-gcp-ovn-upgrade job is actually using openshift-sdn\n1920481 - kuryr-cni pods using unreasonable amount of CPU\n1920509 - wait for port 6443 to be open in the kube-scheduler container; use ss instead of lsof\n1920524 - Topology graph crashes adding Open Data Hub operator\n1920526 - catalog operator causing CPU spikes and bad etcd performance\n1920551 - Boot Order is not editable for Templates in \"openshift\" namespace\n1920555 - bump cluster-resource-override-admission api dependencies\n1920571 - fcp multipath will not recover failed paths automatically\n1920619 - Remove default scheduler profile value\n1920655 - Console should not show the Create Autoscaler link in cluster settings when the CRD is not present\n1920674 - MissingKey errors in bindings namespace\n1920684 - Text in language preferences modal is misleading\n1920695 - CI is broken because of bad image registry reference in the Makefile\n1920756 - update generic-admission-server library to get the system:masters authorization optimization\n1920769 - [Upgrade] OCP upgrade from 4.6.13 to 4.7.0-fc.4 for \"network-check-target\" failed when \"defaultNodeSelector\" is set\n1920771 - i18n: Delete persistent volume claim drop down is not translated\n1920806 - [OVN]Nodes lost network connection after reboot on the vSphere UPI\n1920912 - Unable to power off BMH from console\n1920981 - When OCS was deployed with arbiter mode enable add capacity is increasing the count by \"2\"\n1920984 - [e2e][automation] some menu items names are out dated\n1921013 - Gather PersistentVolume definition (if any) used in image registry config\n1921023 - Do not enable Flexible Scaling to true for Internal mode clusters(revert to 4.6 behavior)\n1921087 - \u0027start next quick start\u0027 link doesn\u0027t work and is unintuitive\n1921088 - test-cmd is failing on volumes.sh pretty consistently\n1921248 - Clarify the kubelet configuration cr description\n1921253 - Text filter default placeholder text not internationalized\n1921258 - User Preferences: Active perspective and project change in the current window when selected in a different window\n1921275 - Panic in authentication-operator in (*deploymentController).updateOperatorDeploymentInfo\n1921277 - Fix Warning and Info log statements to handle arguments\n1921281 - oc get -o yaml --export returns \"error: unknown flag: --export\"\n1921458 - [SDK] Gracefully handle the `run bundle-upgrade` if the lower version operator doesn\u0027t exist\n1921556 - [OCS with Vault]: OCS pods didn\u0027t comeup after deploying with Vault details from UI\n1921572 - For external source (i.e GitHub Source) form view as well shows yaml\n1921580 - [e2e][automation]Test VM detail view actions dropdown does not pass\n1921610 - Pipeline metrics font size inconsistency\n1921644 - [e2e][automation] tests errors with wrong cloudInit new line syntax\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1921655 - [OSP] Incorrect error handling during cloudinfo generation\n1921713 - [e2e][automation]  fix failing VM migration tests\n1921762 - Serving and Eventing breadcrumbs should direct users back to tabbed page view\n1921774 - delete application modal errors when a resource cannot be found\n1921806 - Explore page APIResourceLinks aren\u0027t i18ned\n1921823 - CheckBoxControls not internationalized\n1921836 - AccessTableRows don\u0027t internationalize \"User\" or \"Group\"\n1921857 - Test flake when hitting router in e2e tests due to one router not being up to date\n1921880 - Dynamic plugins are not initialized on console load in production mode\n1921911 - Installer PR #4589 is causing leak of IAM role policy bindings\n1921921 - \"Global Configuration\" breadcrumb does not use sentence case\n1921949 - Console bug - source code URL broken for gitlab self-hosted repositories\n1921954 - Subscription-related constraints in ResolutionFailed events are misleading\n1922015 - buttons in modal header are invisible on Safari\n1922021 - Nodes terminal page \u0027Expand\u0027 \u0027Collapse\u0027 button not translated\n1922050 - [e2e][automation] Improve vm clone tests\n1922066 - Cannot create VM from custom template which has extra disk\n1922098 - Namespace selection dialog is not closed after select a namespace\n1922099 - Updated Readme documentation for QE code review and setup\n1922146 - Egress Router CNI doesn\u0027t have logging support. \n1922267 - Collect specific ADFS error\n1922292 - Bump RHCOS boot images for 4.7\n1922454 - CRI-O doesn\u0027t enable pprof by default\n1922473 - reconcile LSO images for 4.8\n1922573 - oc returns an error while using -o jsonpath when there is no resource found in the namespace\n1922782 - Source registry missing docker:// in yaml\n1922907 - Interop UI Tests - step implementation for updating feature files\n1922911 - Page crash when click the \"Stacked\" checkbox after clicking the data series toggle buttons\n1922991 - \"verify /run filesystem contents do not have unexpected content using a simple Docker Strategy Build\" test fails on OKD\n1923003 - WebConsole Insights widget showing \"Issues pending\" when the cluster doesn\u0027t report anything\n1923098 - [vsphere-problem-detector-operator] Need permission to access replicasets.apps resources\n1923102 - [vsphere-problem-detector-operator] pod\u0027s version is not correct\n1923245 - [Assisted-4.7] [Staging][Minimal-ISO] nodes fails to boot\n1923674 - k8s 1.20 vendor dependencies\n1923721 - PipelineRun running status icon is not rotating\n1923753 - Increase initialDelaySeconds for ovs-daemons container in the ovs-node daemonset for upgrade scenarios\n1923774 - Docker builds failing for openshift/cluster-resource-override-admission-operator\n1923802 - ci/prow/e2e-aws-olm build failing for openshift/cluster-resource-override-admission-operator\n1923874 - Unable to specify values with % in kubeletconfig\n1923888 - Fixes error metadata gathering\n1923892 - Update arch.md after refactor. \n1923894 - \"installed\" operator status in operatorhub page does not reflect the real status of operator\n1923895 - Changelog generation. \n1923911 - [e2e][automation] Improve tests for vm details page and list filter\n1923945 - PVC Name and Namespace resets when user changes os/flavor/workload\n1923951 - EventSources shows `undefined` in project\n1923973 - Dynamic plugin demo README does not contain info how to enable the ConsolePlugins\n1924046 - Localhost: Refreshing on a Project removes it from nav item urls\n1924078 - Topology quick search View all results footer should be sticky. \n1924081 - NTO should ship the latest Tuned daemon release 2.15\n1924084 - backend tests incorrectly hard-code artifacts dir\n1924128 - [sig-builds][Feature:Builds] verify /run filesystem contents  do not have unexpected content using a simple Docker Strategy Build\n1924135 - Under sufficient load, CRI-O may segfault\n1924143 - Code Editor Decorator url is broken for Bitbucket repos\n1924188 - Language selector dropdown doesn\u0027t always pre-select the language\n1924365 - Add extra disk for VM which use boot source PXE\n1924383 - Degraded network operator during upgrade to 4.7.z\n1924387 - [ja_JP][zh_CN] Incorrect warning message for deleting namespace on Delete Pod dialog box. \n1924480 - non cluster admin can not take VM snapshot: An error occurred, cannot set blockOwnerDeletion if an ownerReference refers to a resource you can\u0027t set finalizers on\n1924583 - Deprectaed templates are listed in the Templates screen\n1924870 - pick upstream pr#96901: plumb context with request deadline\n1924955 - Images from Private external registry not working in deploy Image\n1924961 - k8sutil.TrimDNS1123Label creates invalid values\n1924985 - Build egress-router-cni for both RHEL 7 and 8\n1925020 - Console demo plugin deployment image shoult not point to dockerhub\n1925024 - Remove extra validations on kafka source form view net section\n1925039 - [e2e] Fix Test - ID(CNV-5327) Change Custom Flavor while VM is running\n1925072 - NTO needs to ship the current latest stalld v1.7.0\n1925163 - Missing info about dev catalog in boot source template column\n1925200 - Monitoring Alert icon is missing on the workload in Topology view\n1925262 - apiserver getting 2 SIGTERM signals which was immediately making it exit code 1\n1925319 - bash syntax error in configure-ovs.sh script\n1925408 - Remove StatefulSet gatherer and replace it with gathering corresponding config map data\n1925516 - Pipeline Metrics Tooltips are overlapping data\n1925562 - Add new ArgoCD link from GitOps application environments page\n1925596 - Gitops details page image and commit id text overflows past card boundary\n1926556 - \u0027excessive etcd leader changes\u0027 test case failing in serial job because prometheus data is wiped by machine set test\n1926588 - The tarball of operator-sdk is not ready for ocp4.7\n1927456 - 4.7 still points to 4.6 catalog images\n1927500 - API server exits non-zero on 2 SIGTERM signals\n1929278 - Monitoring workloads using too high a priorityclass\n1929645 - Remove openshift:kubevirt-machine-controllers decleration from machine-api\n1929920 - Cluster monitoring documentation link is broken - 404 not found\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-10103\nhttps://access.redhat.com/security/cve/CVE-2018-10105\nhttps://access.redhat.com/security/cve/CVE-2018-14461\nhttps://access.redhat.com/security/cve/CVE-2018-14462\nhttps://access.redhat.com/security/cve/CVE-2018-14463\nhttps://access.redhat.com/security/cve/CVE-2018-14464\nhttps://access.redhat.com/security/cve/CVE-2018-14465\nhttps://access.redhat.com/security/cve/CVE-2018-14466\nhttps://access.redhat.com/security/cve/CVE-2018-14467\nhttps://access.redhat.com/security/cve/CVE-2018-14468\nhttps://access.redhat.com/security/cve/CVE-2018-14469\nhttps://access.redhat.com/security/cve/CVE-2018-14470\nhttps://access.redhat.com/security/cve/CVE-2018-14553\nhttps://access.redhat.com/security/cve/CVE-2018-14879\nhttps://access.redhat.com/security/cve/CVE-2018-14880\nhttps://access.redhat.com/security/cve/CVE-2018-14881\nhttps://access.redhat.com/security/cve/CVE-2018-14882\nhttps://access.redhat.com/security/cve/CVE-2018-16227\nhttps://access.redhat.com/security/cve/CVE-2018-16228\nhttps://access.redhat.com/security/cve/CVE-2018-16229\nhttps://access.redhat.com/security/cve/CVE-2018-16230\nhttps://access.redhat.com/security/cve/CVE-2018-16300\nhttps://access.redhat.com/security/cve/CVE-2018-16451\nhttps://access.redhat.com/security/cve/CVE-2018-16452\nhttps://access.redhat.com/security/cve/CVE-2018-20843\nhttps://access.redhat.com/security/cve/CVE-2019-3884\nhttps://access.redhat.com/security/cve/CVE-2019-5018\nhttps://access.redhat.com/security/cve/CVE-2019-6977\nhttps://access.redhat.com/security/cve/CVE-2019-6978\nhttps://access.redhat.com/security/cve/CVE-2019-8625\nhttps://access.redhat.com/security/cve/CVE-2019-8710\nhttps://access.redhat.com/security/cve/CVE-2019-8720\nhttps://access.redhat.com/security/cve/CVE-2019-8743\nhttps://access.redhat.com/security/cve/CVE-2019-8764\nhttps://access.redhat.com/security/cve/CVE-2019-8766\nhttps://access.redhat.com/security/cve/CVE-2019-8769\nhttps://access.redhat.com/security/cve/CVE-2019-8771\nhttps://access.redhat.com/security/cve/CVE-2019-8782\nhttps://access.redhat.com/security/cve/CVE-2019-8783\nhttps://access.redhat.com/security/cve/CVE-2019-8808\nhttps://access.redhat.com/security/cve/CVE-2019-8811\nhttps://access.redhat.com/security/cve/CVE-2019-8812\nhttps://access.redhat.com/security/cve/CVE-2019-8813\nhttps://access.redhat.com/security/cve/CVE-2019-8814\nhttps://access.redhat.com/security/cve/CVE-2019-8815\nhttps://access.redhat.com/security/cve/CVE-2019-8816\nhttps://access.redhat.com/security/cve/CVE-2019-8819\nhttps://access.redhat.com/security/cve/CVE-2019-8820\nhttps://access.redhat.com/security/cve/CVE-2019-8823\nhttps://access.redhat.com/security/cve/CVE-2019-8835\nhttps://access.redhat.com/security/cve/CVE-2019-8844\nhttps://access.redhat.com/security/cve/CVE-2019-8846\nhttps://access.redhat.com/security/cve/CVE-2019-9455\nhttps://access.redhat.com/security/cve/CVE-2019-9458\nhttps://access.redhat.com/security/cve/CVE-2019-11068\nhttps://access.redhat.com/security/cve/CVE-2019-12614\nhttps://access.redhat.com/security/cve/CVE-2019-13050\nhttps://access.redhat.com/security/cve/CVE-2019-13225\nhttps://access.redhat.com/security/cve/CVE-2019-13627\nhttps://access.redhat.com/security/cve/CVE-2019-14889\nhttps://access.redhat.com/security/cve/CVE-2019-15165\nhttps://access.redhat.com/security/cve/CVE-2019-15166\nhttps://access.redhat.com/security/cve/CVE-2019-15903\nhttps://access.redhat.com/security/cve/CVE-2019-15917\nhttps://access.redhat.com/security/cve/CVE-2019-15925\nhttps://access.redhat.com/security/cve/CVE-2019-16167\nhttps://access.redhat.com/security/cve/CVE-2019-16168\nhttps://access.redhat.com/security/cve/CVE-2019-16231\nhttps://access.redhat.com/security/cve/CVE-2019-16233\nhttps://access.redhat.com/security/cve/CVE-2019-16935\nhttps://access.redhat.com/security/cve/CVE-2019-17450\nhttps://access.redhat.com/security/cve/CVE-2019-17546\nhttps://access.redhat.com/security/cve/CVE-2019-18197\nhttps://access.redhat.com/security/cve/CVE-2019-18808\nhttps://access.redhat.com/security/cve/CVE-2019-18809\nhttps://access.redhat.com/security/cve/CVE-2019-19046\nhttps://access.redhat.com/security/cve/CVE-2019-19056\nhttps://access.redhat.com/security/cve/CVE-2019-19062\nhttps://access.redhat.com/security/cve/CVE-2019-19063\nhttps://access.redhat.com/security/cve/CVE-2019-19068\nhttps://access.redhat.com/security/cve/CVE-2019-19072\nhttps://access.redhat.com/security/cve/CVE-2019-19221\nhttps://access.redhat.com/security/cve/CVE-2019-19319\nhttps://access.redhat.com/security/cve/CVE-2019-19332\nhttps://access.redhat.com/security/cve/CVE-2019-19447\nhttps://access.redhat.com/security/cve/CVE-2019-19524\nhttps://access.redhat.com/security/cve/CVE-2019-19533\nhttps://access.redhat.com/security/cve/CVE-2019-19537\nhttps://access.redhat.com/security/cve/CVE-2019-19543\nhttps://access.redhat.com/security/cve/CVE-2019-19602\nhttps://access.redhat.com/security/cve/CVE-2019-19767\nhttps://access.redhat.com/security/cve/CVE-2019-19770\nhttps://access.redhat.com/security/cve/CVE-2019-19906\nhttps://access.redhat.com/security/cve/CVE-2019-19956\nhttps://access.redhat.com/security/cve/CVE-2019-20054\nhttps://access.redhat.com/security/cve/CVE-2019-20218\nhttps://access.redhat.com/security/cve/CVE-2019-20386\nhttps://access.redhat.com/security/cve/CVE-2019-20387\nhttps://access.redhat.com/security/cve/CVE-2019-20388\nhttps://access.redhat.com/security/cve/CVE-2019-20454\nhttps://access.redhat.com/security/cve/CVE-2019-20636\nhttps://access.redhat.com/security/cve/CVE-2019-20807\nhttps://access.redhat.com/security/cve/CVE-2019-20812\nhttps://access.redhat.com/security/cve/CVE-2019-20907\nhttps://access.redhat.com/security/cve/CVE-2019-20916\nhttps://access.redhat.com/security/cve/CVE-2020-0305\nhttps://access.redhat.com/security/cve/CVE-2020-0444\nhttps://access.redhat.com/security/cve/CVE-2020-1716\nhttps://access.redhat.com/security/cve/CVE-2020-1730\nhttps://access.redhat.com/security/cve/CVE-2020-1751\nhttps://access.redhat.com/security/cve/CVE-2020-1752\nhttps://access.redhat.com/security/cve/CVE-2020-1971\nhttps://access.redhat.com/security/cve/CVE-2020-2574\nhttps://access.redhat.com/security/cve/CVE-2020-2752\nhttps://access.redhat.com/security/cve/CVE-2020-2922\nhttps://access.redhat.com/security/cve/CVE-2020-3862\nhttps://access.redhat.com/security/cve/CVE-2020-3864\nhttps://access.redhat.com/security/cve/CVE-2020-3865\nhttps://access.redhat.com/security/cve/CVE-2020-3867\nhttps://access.redhat.com/security/cve/CVE-2020-3868\nhttps://access.redhat.com/security/cve/CVE-2020-3885\nhttps://access.redhat.com/security/cve/CVE-2020-3894\nhttps://access.redhat.com/security/cve/CVE-2020-3895\nhttps://access.redhat.com/security/cve/CVE-2020-3897\nhttps://access.redhat.com/security/cve/CVE-2020-3898\nhttps://access.redhat.com/security/cve/CVE-2020-3899\nhttps://access.redhat.com/security/cve/CVE-2020-3900\nhttps://access.redhat.com/security/cve/CVE-2020-3901\nhttps://access.redhat.com/security/cve/CVE-2020-3902\nhttps://access.redhat.com/security/cve/CVE-2020-6405\nhttps://access.redhat.com/security/cve/CVE-2020-7595\nhttps://access.redhat.com/security/cve/CVE-2020-7774\nhttps://access.redhat.com/security/cve/CVE-2020-8177\nhttps://access.redhat.com/security/cve/CVE-2020-8492\nhttps://access.redhat.com/security/cve/CVE-2020-8563\nhttps://access.redhat.com/security/cve/CVE-2020-8566\nhttps://access.redhat.com/security/cve/CVE-2020-8619\nhttps://access.redhat.com/security/cve/CVE-2020-8622\nhttps://access.redhat.com/security/cve/CVE-2020-8623\nhttps://access.redhat.com/security/cve/CVE-2020-8624\nhttps://access.redhat.com/security/cve/CVE-2020-8647\nhttps://access.redhat.com/security/cve/CVE-2020-8648\nhttps://access.redhat.com/security/cve/CVE-2020-8649\nhttps://access.redhat.com/security/cve/CVE-2020-9327\nhttps://access.redhat.com/security/cve/CVE-2020-9802\nhttps://access.redhat.com/security/cve/CVE-2020-9803\nhttps://access.redhat.com/security/cve/CVE-2020-9805\nhttps://access.redhat.com/security/cve/CVE-2020-9806\nhttps://access.redhat.com/security/cve/CVE-2020-9807\nhttps://access.redhat.com/security/cve/CVE-2020-9843\nhttps://access.redhat.com/security/cve/CVE-2020-9850\nhttps://access.redhat.com/security/cve/CVE-2020-9862\nhttps://access.redhat.com/security/cve/CVE-2020-9893\nhttps://access.redhat.com/security/cve/CVE-2020-9894\nhttps://access.redhat.com/security/cve/CVE-2020-9895\nhttps://access.redhat.com/security/cve/CVE-2020-9915\nhttps://access.redhat.com/security/cve/CVE-2020-9925\nhttps://access.redhat.com/security/cve/CVE-2020-10018\nhttps://access.redhat.com/security/cve/CVE-2020-10029\nhttps://access.redhat.com/security/cve/CVE-2020-10732\nhttps://access.redhat.com/security/cve/CVE-2020-10749\nhttps://access.redhat.com/security/cve/CVE-2020-10751\nhttps://access.redhat.com/security/cve/CVE-2020-10763\nhttps://access.redhat.com/security/cve/CVE-2020-10773\nhttps://access.redhat.com/security/cve/CVE-2020-10774\nhttps://access.redhat.com/security/cve/CVE-2020-10942\nhttps://access.redhat.com/security/cve/CVE-2020-11565\nhttps://access.redhat.com/security/cve/CVE-2020-11668\nhttps://access.redhat.com/security/cve/CVE-2020-11793\nhttps://access.redhat.com/security/cve/CVE-2020-12465\nhttps://access.redhat.com/security/cve/CVE-2020-12655\nhttps://access.redhat.com/security/cve/CVE-2020-12659\nhttps://access.redhat.com/security/cve/CVE-2020-12770\nhttps://access.redhat.com/security/cve/CVE-2020-12826\nhttps://access.redhat.com/security/cve/CVE-2020-13249\nhttps://access.redhat.com/security/cve/CVE-2020-13630\nhttps://access.redhat.com/security/cve/CVE-2020-13631\nhttps://access.redhat.com/security/cve/CVE-2020-13632\nhttps://access.redhat.com/security/cve/CVE-2020-14019\nhttps://access.redhat.com/security/cve/CVE-2020-14040\nhttps://access.redhat.com/security/cve/CVE-2020-14381\nhttps://access.redhat.com/security/cve/CVE-2020-14382\nhttps://access.redhat.com/security/cve/CVE-2020-14391\nhttps://access.redhat.com/security/cve/CVE-2020-14422\nhttps://access.redhat.com/security/cve/CVE-2020-15157\nhttps://access.redhat.com/security/cve/CVE-2020-15503\nhttps://access.redhat.com/security/cve/CVE-2020-15862\nhttps://access.redhat.com/security/cve/CVE-2020-15999\nhttps://access.redhat.com/security/cve/CVE-2020-16166\nhttps://access.redhat.com/security/cve/CVE-2020-24490\nhttps://access.redhat.com/security/cve/CVE-2020-24659\nhttps://access.redhat.com/security/cve/CVE-2020-25211\nhttps://access.redhat.com/security/cve/CVE-2020-25641\nhttps://access.redhat.com/security/cve/CVE-2020-25658\nhttps://access.redhat.com/security/cve/CVE-2020-25661\nhttps://access.redhat.com/security/cve/CVE-2020-25662\nhttps://access.redhat.com/security/cve/CVE-2020-25681\nhttps://access.redhat.com/security/cve/CVE-2020-25682\nhttps://access.redhat.com/security/cve/CVE-2020-25683\nhttps://access.redhat.com/security/cve/CVE-2020-25684\nhttps://access.redhat.com/security/cve/CVE-2020-25685\nhttps://access.redhat.com/security/cve/CVE-2020-25686\nhttps://access.redhat.com/security/cve/CVE-2020-25687\nhttps://access.redhat.com/security/cve/CVE-2020-25694\nhttps://access.redhat.com/security/cve/CVE-2020-25696\nhttps://access.redhat.com/security/cve/CVE-2020-26160\nhttps://access.redhat.com/security/cve/CVE-2020-27813\nhttps://access.redhat.com/security/cve/CVE-2020-27846\nhttps://access.redhat.com/security/cve/CVE-2020-28362\nhttps://access.redhat.com/security/cve/CVE-2020-29652\nhttps://access.redhat.com/security/cve/CVE-2021-2007\nhttps://access.redhat.com/security/cve/CVE-2021-3121\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYDZ+bNzjgjWX9erEAQghXg//awGwjQxJ5LEZWBTdgyuCa8mHEi2rop5T\nlmebolBMNRSbo9gI8LMSHlvIBBFiV4CuFvfxE0AVLNentfzOTH11TxNWe1KQYt4H\nEmcGHPeHWTxKDkvAHtVcWXy9WN3y5d4lHSaq6AR1nHRPcj/k1upyx22kotpnYxN8\n4d49PjFTO3YbmdYpNLVJ9nY8izqUpTfM7YSyj6ANZSlaYc5Z215o6TPo6e3wobf4\nmWu+VfDS0v+/AbGhQhO2sQ7r2ysJ85MB7c62cxck4a51KiA0NKd4xr0TAA4KHnNL\nISHFzi5QYXu+meE+9wYRo1ZjJ5fbPj41+1TJbR6O4CbP0xQiFpcUSipNju3rGSGy\nAe5G/QGT8J7HzOjlKVvY3SFu/odENR6c+xUIr7IB/FBlu7DdPF2XxMZDQD4DKHEk\n4aiDbuiEL3Yf78Ic1RqPPmrj9plIwprVFQz+k3JaQXKD+1dBxO6tk+nVu2/5xNbM\nuR03hrthYYIpdXLSWU4lzq8j3kQ9wZ4j/m2o6/K6eHNl9PyqAG5jfQv9bVf8E3oG\nkrzc/JLvOfHNEQ/oJs/v/DFDmnAxshCCtGWlpLJ5J0pcD3EePsrPNs1QtQurVrMv\nRjfBCWKOij53+BinrMKHdsHxfur7GCFCIQCVaLIv6GUjX2NWI0voIVA8JkrFNNp6\nMcvuEaxco7U=\n=sw8i\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Solution:\n\nFor information on upgrading Ansible Tower, reference the Ansible Tower\nUpgrade and Migration Guide:\nhttps://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/\nindex.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1790277 - CVE-2019-20372 nginx: HTTP request smuggling in configurations with URL redirect used as error_page\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n1850004 - CVE-2020-11023 jquery: Passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution\n1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection\n1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape\n\n5. \n\nThis advisory provides the following updates among others:\n\n* Enhances profile parsing time. \n* Fixes excessive resource consumption from the Operator. \n* Fixes default content image. \n* Fixes outdated remediation handling. Bugs fixed (https://bugzilla.redhat.com/):\n\n1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers\n1918990 - ComplianceSuite scans use quay content image for initContainer\n1919135 - [OCP v46] The autoApplyRemediation pauses the machineConfigPool if there is outdated complianceRemediation object present\n1919846 - After remediation applied, the compliancecheckresults still reports Failed status for some rules\n1920999 - Compliance operator is not displayed when disconnected mode is selected in the OpenShift Web-Console. Bugs fixed (https://bugzilla.redhat.com/):\n\n1914774 - CVE-2021-20178 ansible: user data leak in snmp_facts module\n1915808 - CVE-2021-20180 ansible module: bitbucket_pipeline_variable exposes secured values\n1916813 - CVE-2021-20191 ansible: multiple modules expose secured values\n1925002 - CVE-2021-20228 ansible: basic.py no_log with fallback option\n1939349 - CVE-2021-3447 ansible: multiple modules expose secured values\n\n5. It includes built-in features to\nhelp in building a more successful API program, including access control,\nrate limits, payment gateway integration, and developer experience tools. Bugs fixed (https://bugzilla.redhat.com/):\n\n1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1732329 - Virtual Machine is missing documentation of its properties in yaml editor\n1783192 - Guest kernel panic when start RHEL6.10 guest with q35 machine type and virtio disk in cnv\n1791753 - [RFE] [SSP] Template validator should check validations in template\u0027s parent template\n1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic\n1848954 - KMP missing CA extensions  in cabundle of mutatingwebhookconfiguration\n1848956 - KMP  requires downtime for CA stabilization during certificate rotation\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1853911 - VM with dot in network name fails to start with unclear message\n1854098 - NodeNetworkState on workers doesn\u0027t have \"status\" key due to nmstate-handler pod failure to run \"nmstatectl show\"\n1856347 - SR-IOV : Missing network name for sriov during vm setup\n1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS\n1859235 - Common Templates - after upgrade there are 2  common templates per each os-workload-flavor combination\n1860714 - No API information from `oc explain`\n1860992 - CNV upgrade - users are not removed from privileged  SecurityContextConstraints\n1864577 - [v2v][RHV to CNV non migratable source VM fails to import to Ceph-rbd / File system due to overhead required for Filesystem\n1866593 - CDI is not handling vm disk clone\n1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs\n1868817 - Container-native Virtualization 2.6.0 Images\n1873771 - Improve the VMCreationFailed error message caused by VM low memory\n1874812 - SR-IOV: Guest Agent  expose link-local ipv6 address  for sometime and then remove it\n1878499 - DV import doesn\u0027t recover from scratch space PVC deletion\n1879108 - Inconsistent naming of \"oc virt\" command in help text\n1881874 - openshift-cnv namespace is getting stuck if the user tries to delete it while CNV is running\n1883232 - Webscale: kubevirt/CNV datavolume importer pod inability to disable sidecar injection if namespace has sidecar injection enabled but VM Template does NOT\n1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability\n1885153 - [v2v][RHV to CNv VM import] Wrong Network mapping do not show a relevant error message\n1885418 - [openshift-cnv] issues with memory overhead calculation when limits are used\n1887398 - [openshift-cnv][CNV] nodes need to exist and be labeled first, *before* the NodeNetworkConfigurationPolicy is applied\n1889295 - [v2v][VMware to CNV VM import API] diskMappings: volumeMode Block is not passed on to PVC request. Description:\n\nRed Hat OpenShift Do (odo) is a simple CLI tool for developers to create,\nbuild, and deploy applications on OpenShift. The odo tool is completely\nclient-based and requires no server within the OpenShift cluster for\ndeployment. It detects changes to local code and deploys it to the cluster\nautomatically, giving instant feedback to validate changes in real-time. It\nsupports multiple programming languages and frameworks. Solution:\n\nDownload and install a new CLI binary by following the instructions linked\nfrom the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1832983 - Release of 1.1.3 odo-init-image\n\n5",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-19956"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-19956"
          },
          {
            "db": "PACKETSTORM",
            "id": "160624"
          },
          {
            "db": "PACKETSTORM",
            "id": "161546"
          },
          {
            "db": "PACKETSTORM",
            "id": "161727"
          },
          {
            "db": "PACKETSTORM",
            "id": "161429"
          },
          {
            "db": "PACKETSTORM",
            "id": "162142"
          },
          {
            "db": "PACKETSTORM",
            "id": "162130"
          },
          {
            "db": "PACKETSTORM",
            "id": "161742"
          },
          {
            "db": "PACKETSTORM",
            "id": "161916"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-19956",
            "trust": 2.5
          },
          {
            "db": "SIEMENS",
            "id": "SSA-292794",
            "trust": 1.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-103-08",
            "trust": 1.7
          },
          {
            "db": "PACKETSTORM",
            "id": "161727",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "161429",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "162142",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "162130",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "161916",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0584",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.3732",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.1207",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.3535",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2604",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.1744",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.4513",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.1242",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.1727",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4058",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1826",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2162",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.3364",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0234",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.3631",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2475",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0864",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0471",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0845",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0025",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.3868",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0986",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.3550",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0691",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.4100",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.3102",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0319",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.1193",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0171",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0099",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "160889",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "159851",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "160961",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "159553",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "159661",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "159349",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "161536",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "156276",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "158168",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "160125",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "162694",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021041514",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021052216",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022072097",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021111735",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-1088",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-19956",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "160624",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "161546",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "161742",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2019-19956"
          },
          {
            "db": "PACKETSTORM",
            "id": "160624"
          },
          {
            "db": "PACKETSTORM",
            "id": "161546"
          },
          {
            "db": "PACKETSTORM",
            "id": "161727"
          },
          {
            "db": "PACKETSTORM",
            "id": "161429"
          },
          {
            "db": "PACKETSTORM",
            "id": "162142"
          },
          {
            "db": "PACKETSTORM",
            "id": "162130"
          },
          {
            "db": "PACKETSTORM",
            "id": "161742"
          },
          {
            "db": "PACKETSTORM",
            "id": "161916"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-1088"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19956"
          }
        ]
      },
      "id": "VAR-201912-1044",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.6003805
      },
      "last_update_date": "2026-04-10T21:48:40.454000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "libxml2 Security vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=106417"
          },
          {
            "title": "Red Hat: Moderate: libxml2 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204479 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: libxml2 security and bug fix update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203996 - Security Advisory"
          },
          {
            "title": "Ubuntu Security Notice: libxml2 vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4274-1"
          },
          {
            "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP3 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202646 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP3 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202644 - Security Advisory"
          },
          {
            "title": "Amazon Linux AMI: ALAS-2020-1438",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2020-1438"
          },
          {
            "title": "Amazon Linux 2: ALAS2-2020-1534",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2020-1534"
          },
          {
            "title": "Siemens Security Advisories: Siemens Security Advisory",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=0d160980ab72db34060d62c89304b6f2"
          },
          {
            "title": "Red Hat: Moderate: Release of OpenShift Serverless 1.11.0",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20205149 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: security update - Red Hat Ansible Tower 3.6 runner release (CVE-2019-18874)",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204255 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: security update - Red Hat Ansible Tower 3.7 runner release (CVE-2019-18874)",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204254 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: Release of OpenShift Serverless 1.12.0",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210146 - Security Advisory"
          },
          {
            "title": "Red Hat: Low: OpenShift Container Platform 4.3.40 security and bug fix update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204264 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: OpenShift Container Platform 4.6 compliance-operator security and bug fix update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210190 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: Red Hat Quay v3.3.3 bug fix and security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210050 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: OpenShift Container Platform 4.6 compliance-operator security and bug fix update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210436 - Security Advisory"
          },
          {
            "title": "IBM: Security Bulletin:  IBM Security Guardium is affected by multiple vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3201548b0e11fd3ecd83fd36fc045a8e"
          },
          {
            "title": "Red Hat: Moderate: Red Hat OpenShift Container Storage 4.6.0 security, bug fix, enhancement update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20205605 - Security Advisory"
          },
          {
            "title": "Siemens Security Advisories: Siemens Security Advisory",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2019-19956"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-1088"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-772",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-401",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-19956"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.4,
            "url": "https://usn.ubuntu.com/4274-1/"
          },
          {
            "trust": 2.3,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08"
          },
          {
            "trust": 1.7,
            "url": "https://gitlab.gnome.org/gnome/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549"
          },
          {
            "trust": 1.7,
            "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html"
          },
          {
            "trust": 1.7,
            "url": "https://security.netapp.com/advisory/ntap-20200114-0002/"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00005.html"
          },
          {
            "trust": 1.7,
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "trust": 1.7,
            "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html"
          },
          {
            "trust": 1.7,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf"
          },
          {
            "trust": 1.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-19956"
          },
          {
            "trust": 1.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5r55zr52rmbx24tqtwhciwkjvrv6yawi/"
          },
          {
            "trust": 1.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jdpf3aavkuakdyfmfksiqsvvs3eefpqh/"
          },
          {
            "trust": 1.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19956"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2019-20907"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2019-20388"
          },
          {
            "trust": 0.8,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2020-7595"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2019-15903"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2018-20843"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
          },
          {
            "trust": 0.7,
            "url": "https://access.redhat.com/security/cve/cve-2020-8177"
          },
          {
            "trust": 0.7,
            "url": "https://access.redhat.com/security/cve/cve-2020-1971"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.6,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.6,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5r55zr52rmbx24tqtwhciwkjvrv6yawi/"
          },
          {
            "trust": 0.6,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jdpf3aavkuakdyfmfksiqsvvs3eefpqh/"
          },
          {
            "trust": 0.6,
            "url": "https://www.debian.org/lts/security/2019/dla-2048"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/161536/red-hat-security-advisory-2020-5635-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/6455281"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.3535/"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021052216"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2162/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.1727"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.1207"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-libxml2-vulnerabilities-cve-2019-19956-cve-2019-20388-cve-2020-7595/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/161429/red-hat-security-advisory-2021-0436-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/161727/red-hat-security-advisory-2021-0778-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-4/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0171/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-bladecenter-advanced-management-module-amm-is-affected-by-vulnerabilities-in-libxml2/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/159553/red-hat-security-advisory-2020-4255-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.4100/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/6520474"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0845"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0025/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0691"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/162694/red-hat-security-advisory-2021-2021-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0099/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4058"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/160889/red-hat-security-advisory-2021-0050-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/162130/red-hat-security-advisory-2021-1129-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/160125/red-hat-security-advisory-2020-5149-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/160961/red-hat-security-advisory-2021-0146-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.3868/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.1744"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022072097"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/158168/red-hat-security-advisory-2020-2646-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021111735"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2475/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0319/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0471/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.4513/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-network-security-is-affected-by-multiple-vulnerabilities-2/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0234/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0584"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-6/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.1193"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/libxml2-memory-leak-via-xmlparsebalancedchunkmemoryrecover-31236"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-flex-system-chassis-management-module-cmm-is-affected-by-vulnerabilities-in-libxml2/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0864"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.3732"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0986"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-bootable-media-creator-bomc-is-affected-by-vulnerabilities-in-libxml2/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/159349/red-hat-security-advisory-2020-3996-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-6/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2604"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/159851/red-hat-security-advisory-2020-4479-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/156276/ubuntu-security-notice-usn-4274-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.1242"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021041514"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/159661/red-hat-security-advisory-2020-4264-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1826/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.3102/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.3550"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/161916/red-hat-security-advisory-2021-0949-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/162142/red-hat-security-advisory-2021-1079-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-rackswitch-firmware-products-are-affected-by-vulnerabilities-in-libxml2/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-5/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.3631/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.3364/"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2020-14422"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20388"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2020-6829"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2020-12403"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2020-12400"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20907"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-13050"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-9925"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-9802"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-20218"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-9895"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-8625"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-15165"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-14382"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-8812"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-3899"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-8819"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11068"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-3867"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-8720"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-9893"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-19221"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-8808"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-3902"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-18197"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-1751"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-3900"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-9805"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-8820"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-9807"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-8769"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-8710"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-8813"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-9850"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-8811"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-16168"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-9803"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-9862"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-9327"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-3885"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-15503"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-16935"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-20916"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-5018"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-10018"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-8835"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-8764"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-8844"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-3865"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-1730"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-3864"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-19906"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-20387"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-14391"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-3862"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-3901"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-8823"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-1752"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-3895"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-8492"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-11793"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-20454"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-9894"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-8816"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-9843"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-13627"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-6405"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-8771"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-3897"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-9806"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-8814"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-14889"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-8743"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-9915"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-8815"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-13632"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-10029"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-8783"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-20807"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-13630"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-14040"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-11068"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-13631"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-8766"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-8846"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-3868"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-3894"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-8782"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17006"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-12749"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-12401"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12402"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1971"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-17006"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-11719"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12401"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-17023"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17023"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12749"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-14866"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12400"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11756"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-11756"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-12243"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-11727"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12243"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11719"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11727"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12403"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-17498"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17498"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-12402"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2018-16300"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14466"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2018-10105"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-15166"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2018-16230"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14467"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10103"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14469"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2018-16229"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14465"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2018-14882"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2018-16227"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2018-14461"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14881"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2018-14464"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14463"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16228"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14879"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2018-14469"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10105"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2018-14880"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14461"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2018-14468"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2018-14466"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14882"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16227"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14464"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16452"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16230"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14468"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2018-14467"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2018-14462"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14880"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2018-14881"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16300"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14462"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16229"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2018-16451"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2018-10103"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2018-16228"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2018-14463"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16451"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2018-14879"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14470"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2018-14470"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2018-14465"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2018-16452"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2020-24659"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2020-15999"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2020-28362"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5188"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5094"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-5188"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-5094"
          },
          {
            "trust": 0.2,
            "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-16845"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-1551"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-15586"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-14019"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-8624"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-25684"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-26160"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-8623"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-25683"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-25211"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-29652"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-17450"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-20386"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-25682"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-17546"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-8622"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-25685"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-3121"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-25686"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-25687"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-25681"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-8619"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-27813"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12723"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-20228"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-12723"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-20191"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-20180"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-20178"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-3156"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-25705"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-29661"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-14351"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-9283"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/401.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2020:4479"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-18609"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_container_s"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2020:5605"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25660"
          },
          {
            "trust": 0.1,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885700]"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-7720"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-8237"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19770"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-11668"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25662"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-24490"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-2007"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19072"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-8649"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-12655"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-9458"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-13225"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-13249"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27846"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19068"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20636"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-15925"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-18808"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-18809"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14553"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20054"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-12826"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-8566"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-15862"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19602"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-10773"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25661"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-10749"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25641"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-6977"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-8647"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-15917"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-16166"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-10774"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-7774"
          },
          {
            "trust": 0.1,
            "url": "https://\u0027"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-0305"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-12659"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-1716"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20812"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2020:5633"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-15157"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-6978"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25658"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-0444"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-16233"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25694"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-14553"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-2752"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19543"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-2574"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-10751"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-3884"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-10763"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-10942"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19062"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19046"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-12465"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19447"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25696"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-16231"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14381"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19056"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19524"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-8648"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-12770"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19767"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19533"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19537"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-2922"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-16167"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-9455"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-11565"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19332"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-12614"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19063"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19319"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-8563"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-10732"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-3898"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2020:5634"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11023"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20372"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-10878"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20253"
          },
          {
            "trust": 0.1,
            "url": "https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-11023"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:0778"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11022"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-10543"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-5766"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10878"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5766"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20372"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-11022"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10543"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-35678"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18197"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8743"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19906"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8710"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5018"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20807"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14889"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1551"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20387"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13627"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20916"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19221"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15165"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16935"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8720"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16168"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20218"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8625"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20386"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:0436"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:1079"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-8625"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2017-12652"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17546"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14973"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12652"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3447"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5313"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15999"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-14973"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-5313"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14422"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:1129"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25645"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25656"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19126"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-28374"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14351"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.10/html-single/installing_3scale/index"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20265"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-0427"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19532"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-7053"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14040"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19126"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0427"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19532"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20206"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-12321"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-14559"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:0799"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#low"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:0949"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8177"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.4/cli_reference/openshift_developer_cli/installing-odo.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7595"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6829"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2019-19956"
          },
          {
            "db": "PACKETSTORM",
            "id": "160624"
          },
          {
            "db": "PACKETSTORM",
            "id": "161546"
          },
          {
            "db": "PACKETSTORM",
            "id": "161727"
          },
          {
            "db": "PACKETSTORM",
            "id": "161429"
          },
          {
            "db": "PACKETSTORM",
            "id": "162142"
          },
          {
            "db": "PACKETSTORM",
            "id": "162130"
          },
          {
            "db": "PACKETSTORM",
            "id": "161742"
          },
          {
            "db": "PACKETSTORM",
            "id": "161916"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-1088"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19956"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2019-19956",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "160624",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "161546",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "161727",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "161429",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "162142",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "162130",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "161742",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "161916",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-1088",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2019-19956",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2019-12-24T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-19956",
            "ident": null
          },
          {
            "date": "2020-12-18T19:14:41",
            "db": "PACKETSTORM",
            "id": "160624",
            "ident": null
          },
          {
            "date": "2021-02-25T15:29:25",
            "db": "PACKETSTORM",
            "id": "161546",
            "ident": null
          },
          {
            "date": "2021-03-09T16:25:11",
            "db": "PACKETSTORM",
            "id": "161727",
            "ident": null
          },
          {
            "date": "2021-02-16T15:44:48",
            "db": "PACKETSTORM",
            "id": "161429",
            "ident": null
          },
          {
            "date": "2021-04-09T15:06:13",
            "db": "PACKETSTORM",
            "id": "162142",
            "ident": null
          },
          {
            "date": "2021-04-08T14:00:00",
            "db": "PACKETSTORM",
            "id": "162130",
            "ident": null
          },
          {
            "date": "2021-03-10T16:02:43",
            "db": "PACKETSTORM",
            "id": "161742",
            "ident": null
          },
          {
            "date": "2021-03-22T15:36:55",
            "db": "PACKETSTORM",
            "id": "161916",
            "ident": null
          },
          {
            "date": "2019-12-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201912-1088",
            "ident": null
          },
          {
            "date": "2019-12-24T16:15:11.450000",
            "db": "NVD",
            "id": "CVE-2019-19956",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2023-11-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-19956",
            "ident": null
          },
          {
            "date": "2023-06-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201912-1088",
            "ident": null
          },
          {
            "date": "2025-12-03T19:15:50.247000",
            "db": "NVD",
            "id": "CVE-2019-19956",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "160624"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-1088"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "_id": null,
        "data": "libxml2 Security hole",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-1088"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "_id": null,
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201912-1088"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202109-1804

    Vulnerability from variot - Updated: 2026-04-10 21:46

    A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). The server is fast, reliable and extensible through a simple API.

    Apache HTTP Server has a denial of service vulnerability in versions 2.4.30 to 2.4.48, which is caused by the network system or product not properly validating the input data. An out-of-bounds read in mod_proxy_uwsgi of httpd allows a remote unauthenticated malicious user to crash the service through a crafted request. The highest threat from this vulnerability is to system availability.

    For the oldstable distribution (buster), these problems have been fixed in version 2.4.38-3+deb10u6.

    For the stable distribution (bullseye), these problems have been fixed in version 2.4.51-1~deb11u1.

    We recommend that you upgrade your apache2 packages.

    For the detailed security status of apache2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache2

    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmFgr44ACgkQEMKTtsN8 TjbophAAiZ+fhF2r8BUbQkL8BhpfqjA+hVsp9WEMTn8Gq6kiW0wLvK3jWPM301Ou D4gHqKmFPmYNC1KBOyk/lJdxyD7iTUweUyLi3WXzxhIDMx0kxkRw1oXlyCHzIqSJ M277bgk32h2cDCbsXjrN/8agKPcKgfwDqiyf/igfEq6V8OB2zVvJPKVFq45n54+q 4FPXSyx1g2u5ewSeXbU2uHDej6Qborui4osDdbwx8CT6aETi0cIXJ8RbXF3PUCHG 5DzZagnRq6GumPsl01jcPu7b9Ck8MlkxMSG3FRsSIJVkwpsQ2C34ywIJkFlzUZZh jhdVUrfbyfLpSdcPcipAAjl9I6gDqa9SFdMRK7ixCpQ6iTiVeDZdJ8pA4jnSweNQ THik07di9R0juX0p7peQiIyBKrEf7Y3WSvLOn0SBKXvZnzc/72rH2nP5FclsgCsV TWxptziGridC43KB8/tDJAAOXVF2lzylzF70V/UGTNo1jk9w3/p6btU1iuzKspyY Y4aPZla3DImI8mezrgFrGYNg7bZYLKuJyGDADKih2sUQpzmDZ6MJxKAE3NLRWyQa 7cCJdoNR9yVqytEw1Y/ZRXAXWfMb3Y1ts2EqR8hzLQgMYb0JC58cLMG3T0RgyPoO A4CTIoYpK1WnsykAE8M4XFrnOW3lrtse6T8N/dTVMuodElAEhc0= =/At6 -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update Advisory ID: RHSA-2022:7143-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2022:7143 Issue date: 2022-10-26 CVE Names: CVE-2021-33193 CVE-2021-36160 CVE-2021-39275 CVE-2021-41524 CVE-2021-44224 CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-23990 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 ==================================================================== 1. Summary:

    An update is now available for Red Hat JBoss Core Services.

    Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat JBoss Core Services on RHEL 7 Server - noarch, x86_64 Red Hat JBoss Core Services on RHEL 8 - noarch, x86_64

    1. Description:

    Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.

    This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

    Security Fix(es):

    • expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)

    • expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236)

    • expat: Integer overflow in storeRawNames() (CVE-2022-25315)

    • httpd: Request splitting via HTTP/2 method injection and mod_proxy (CVE-2021-33193)

    • httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path (CVE-2021-36160)

    • httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275)

    • httpd: NULL pointer dereference via crafted request during HTTP/2 request processing (CVE-2021-41524)

    • httpd: possible NULL dereference or SSRF in forward proxy configurations (CVE-2021-44224)

    • expat: Large number of prefixed XML attributes on a single tag can crash libexpat (CVE-2021-45960)

    • expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143)

    • expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822)

    • expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823)

    • expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824)

    • expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825)

    • expat: Integer overflow in nextScaffoldPart in xmlparse.c (CVE-2022-22826)

    • expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827)

    • expat: Integer overflow in function XML_GetBuffer (CVE-2022-23852)

    • expat: stack exhaustion in doctype parsing (CVE-2022-25313)

    • expat: integer overflow in copyString() (CVE-2022-25314)

    • expat: integer overflow in the doProlog function (CVE-2022-23990)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    Applications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1966728 - CVE-2021-33193 httpd: Request splitting via HTTP/2 method injection and mod_proxy 2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input 2005124 - CVE-2021-36160 httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path 2010934 - CVE-2021-41524 httpd: NULL pointer dereference via crafted request during HTTP/2 request processing 2034672 - CVE-2021-44224 httpd: possible NULL dereference or SSRF in forward proxy configurations 2044451 - CVE-2021-45960 expat: Large number of prefixed XML attributes on a single tag can crash libexpat 2044455 - CVE-2021-46143 expat: Integer overflow in doProlog in xmlparse.c 2044457 - CVE-2022-22822 expat: Integer overflow in addBinding in xmlparse.c 2044464 - CVE-2022-22823 expat: Integer overflow in build_model in xmlparse.c 2044467 - CVE-2022-22824 expat: Integer overflow in defineAttribute in xmlparse.c 2044479 - CVE-2022-22825 expat: Integer overflow in lookup in xmlparse.c 2044484 - CVE-2022-22826 expat: Integer overflow in nextScaffoldPart in xmlparse.c 2044488 - CVE-2022-22827 expat: Integer overflow in storeAtts in xmlparse.c 2044613 - CVE-2022-23852 expat: Integer overflow in function XML_GetBuffer 2048356 - CVE-2022-23990 expat: integer overflow in the doProlog function 2056350 - CVE-2022-25313 expat: stack exhaustion in doctype parsing 2056354 - CVE-2022-25314 expat: integer overflow in copyString() 2056363 - CVE-2022-25315 expat: Integer overflow in storeRawNames() 2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution 2056370 - CVE-2022-25236 expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution

    1. Package List:

    Red Hat JBoss Core Services on RHEL 7 Server:

    Source: jbcs-httpd24-apr-1.7.0-6.el7jbcs.src.rpm jbcs-httpd24-apr-util-1.6.1-98.el7jbcs.src.rpm jbcs-httpd24-brotli-1.0.9-2.el7jbcs.src.rpm jbcs-httpd24-curl-7.83.1-6.el7jbcs.src.rpm jbcs-httpd24-httpd-2.4.51-28.el7jbcs.src.rpm jbcs-httpd24-jansson-2.14-1.el7jbcs.src.rpm jbcs-httpd24-mod_http2-1.15.19-17.el7jbcs.src.rpm jbcs-httpd24-mod_jk-1.2.48-41.redhat_1.el7jbcs.src.rpm jbcs-httpd24-mod_md-2.4.0-15.el7jbcs.src.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-9.el7jbcs.src.rpm jbcs-httpd24-mod_security-2.9.3-19.el7jbcs.src.rpm jbcs-httpd24-nghttp2-1.43.0-10.el7jbcs.src.rpm jbcs-httpd24-openssl-1.1.1k-12.el7jbcs.src.rpm jbcs-httpd24-openssl-chil-1.0.0-16.el7jbcs.src.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-31.el7jbcs.src.rpm

    noarch: jbcs-httpd24-httpd-manual-2.4.51-28.el7jbcs.noarch.rpm

    x86_64: jbcs-httpd24-apr-1.7.0-6.el7jbcs.x86_64.rpm jbcs-httpd24-apr-debuginfo-1.7.0-6.el7jbcs.x86_64.rpm jbcs-httpd24-apr-devel-1.7.0-6.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-devel-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-brotli-1.0.9-2.el7jbcs.x86_64.rpm jbcs-httpd24-brotli-debuginfo-1.0.9-2.el7jbcs.x86_64.rpm jbcs-httpd24-brotli-devel-1.0.9-2.el7jbcs.x86_64.rpm jbcs-httpd24-curl-7.83.1-6.el7jbcs.x86_64.rpm jbcs-httpd24-curl-debuginfo-7.83.1-6.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-jansson-2.14-1.el7jbcs.x86_64.rpm jbcs-httpd24-jansson-debuginfo-2.14-1.el7jbcs.x86_64.rpm jbcs-httpd24-jansson-devel-2.14-1.el7jbcs.x86_64.rpm jbcs-httpd24-libcurl-7.83.1-6.el7jbcs.x86_64.rpm jbcs-httpd24-libcurl-devel-7.83.1-6.el7jbcs.x86_64.rpm jbcs-httpd24-mod_http2-1.15.19-17.el7jbcs.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.19-17.el7jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.48-41.redhat_1.el7jbcs.x86_64.rpm jbcs-httpd24-mod_jk-debuginfo-1.2.48-41.redhat_1.el7jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-mod_md-2.4.0-15.el7jbcs.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.4.0-15.el7jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-9.el7jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-9.el7jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-mod_security-2.9.3-19.el7jbcs.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.3-19.el7jbcs.x86_64.rpm jbcs-httpd24-mod_session-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-nghttp2-1.43.0-10.el7jbcs.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.43.0-10.el7jbcs.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.43.0-10.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-1.1.1k-12.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-1.0.0-16.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-16.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1k-12.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1k-12.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1k-12.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1k-12.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-31.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-31.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1k-12.el7jbcs.x86_64.rpm

    Red Hat JBoss Core Services on RHEL 8:

    Source: jbcs-httpd24-apr-1.7.0-6.el8jbcs.src.rpm jbcs-httpd24-apr-util-1.6.1-98.el8jbcs.src.rpm jbcs-httpd24-brotli-1.0.9-2.el8jbcs.src.rpm jbcs-httpd24-curl-7.83.1-6.el8jbcs.src.rpm jbcs-httpd24-httpd-2.4.51-28.el8jbcs.src.rpm jbcs-httpd24-jansson-2.14-1.el8jbcs.src.rpm jbcs-httpd24-mod_http2-1.15.19-17.el8jbcs.src.rpm jbcs-httpd24-mod_jk-1.2.48-41.redhat_1.el8jbcs.src.rpm jbcs-httpd24-mod_md-2.4.0-15.el8jbcs.src.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-9.el8jbcs.src.rpm jbcs-httpd24-mod_security-2.9.3-19.el8jbcs.src.rpm jbcs-httpd24-nghttp2-1.43.0-10.el8jbcs.src.rpm jbcs-httpd24-openssl-1.1.1k-12.el8jbcs.src.rpm jbcs-httpd24-openssl-chil-1.0.0-16.el8jbcs.src.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-31.el8jbcs.src.rpm

    noarch: jbcs-httpd24-httpd-manual-2.4.51-28.el8jbcs.noarch.rpm

    x86_64: jbcs-httpd24-apr-1.7.0-6.el8jbcs.x86_64.rpm jbcs-httpd24-apr-debuginfo-1.7.0-6.el8jbcs.x86_64.rpm jbcs-httpd24-apr-devel-1.7.0-6.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-devel-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-brotli-1.0.9-2.el8jbcs.x86_64.rpm jbcs-httpd24-brotli-debuginfo-1.0.9-2.el8jbcs.x86_64.rpm jbcs-httpd24-brotli-devel-1.0.9-2.el8jbcs.x86_64.rpm jbcs-httpd24-curl-7.83.1-6.el8jbcs.x86_64.rpm jbcs-httpd24-curl-debuginfo-7.83.1-6.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-jansson-2.14-1.el8jbcs.x86_64.rpm jbcs-httpd24-jansson-debuginfo-2.14-1.el8jbcs.x86_64.rpm jbcs-httpd24-jansson-devel-2.14-1.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-7.83.1-6.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-debuginfo-7.83.1-6.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-devel-7.83.1-6.el8jbcs.x86_64.rpm jbcs-httpd24-mod_http2-1.15.19-17.el8jbcs.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.19-17.el8jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.48-41.redhat_1.el8jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-debuginfo-1.2.48-41.redhat_1.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_md-2.4.0-15.el8jbcs.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.4.0-15.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-9.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-9.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_security-2.9.3-19.el8jbcs.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.3-19.el8jbcs.x86_64.rpm jbcs-httpd24-mod_session-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_session-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-1.43.0-10.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.43.0-10.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.43.0-10.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-1.0.0-16.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-16.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-libs-debuginfo-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-31.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-31.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1k-12.el8jbcs.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2021-33193 https://access.redhat.com/security/cve/CVE-2021-36160 https://access.redhat.com/security/cve/CVE-2021-39275 https://access.redhat.com/security/cve/CVE-2021-41524 https://access.redhat.com/security/cve/CVE-2021-44224 https://access.redhat.com/security/cve/CVE-2021-45960 https://access.redhat.com/security/cve/CVE-2021-46143 https://access.redhat.com/security/cve/CVE-2022-22822 https://access.redhat.com/security/cve/CVE-2022-22823 https://access.redhat.com/security/cve/CVE-2022-22824 https://access.redhat.com/security/cve/CVE-2022-22825 https://access.redhat.com/security/cve/CVE-2022-22826 https://access.redhat.com/security/cve/CVE-2022-22827 https://access.redhat.com/security/cve/CVE-2022-23852 https://access.redhat.com/security/cve/CVE-2022-23990 https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25313 https://access.redhat.com/security/cve/CVE-2022-25314 https://access.redhat.com/security/cve/CVE-2022-25315 https://access.redhat.com/security/updates/classification/#important

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBY1nOZtzjgjWX9erEAQjuIxAApYL8vG/A+EEcbUqbTvVWogX49KtpAbJR V1Gv6llWWogAKT9HEE9AGansLscDYD8cyh6TNShY7lDkX7iYchzJLCs6IYDhBzls j7jSdQEgpEVUCPLdKA17rFMO5FvZSlp0pgvFjSH3r+Q1+IVhsxKSXagTbFaTqGgP JVqYMrbot+wzwkC1oHda0/Wh4UwqraveivOT/56FOXw6T0uxF0G51RuT+GSusUFe p7hwNNbE/xWONnQu29QNqMdB9IYFTEjpDV1Tn2i2wPMl1IhQVFhQUqgpjfL29KLc M+bOg6nE2NP4a6+YcYQevKwWTmq+VMLwwwCaNKsqFtK9KrDc/cy3nEDvBwQNx6gM +OjpDGXbUBvKe6qkXIXMbBuJA1hDug+wdlGlDsC6n1MR6EKFPLs3oDdmsVMyAeXv uA9lgkdwIeMpJ96JyDwQ5pCQ94NdLUPy84PlNPH3TJYshpp1di9tFe9MQ9j5lOds RMsc1OJLl06aavpMuyFLoV71+xFksTCeNZVEBlSr31kaf1wxr0hG3oCMjlFw/QcY FmY8nMirBSnrhGcOzg9zx4gfdvdf84mLmoRIAX/r1O5/RtiV13RQRp8/vo0h+4ou Btep5k5CnSag4tBSWvSzX5oaEcrCvaCU9CI/2vhmocTl5O1nsJVvWIHrbu7ygorx m+Yms1hf0io=Dgle -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-20


                                           https://security.gentoo.org/
    

    Severity: High Title: Apache HTTPD: Multiple Vulnerabilities Date: August 14, 2022 Bugs: #813429, #816399, #816864, #829722, #835131, #850622 ID: 202208-20


    Synopsis

    Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution.

    Affected packages

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
    

    1 app-admin/apache-tools < 2.4.54 >= 2.4.54 2 www-servers/apache < 2.4.54 >= 2.4.54

    Description

    Multiple vulnerabilities have been discovered in Apache HTTPD. Please review the CVE identifiers referenced below for details.

    Impact

    Please review the referenced CVE identifiers for details.

    Workaround

    There is no known workaround at this time.

    Resolution

    All Apache HTTPD users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.54"

    All Apache HTTPD tools users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/apache-tools-2.4.54"

    References

    [ 1 ] CVE-2021-33193 https://nvd.nist.gov/vuln/detail/CVE-2021-33193 [ 2 ] CVE-2021-34798 https://nvd.nist.gov/vuln/detail/CVE-2021-34798 [ 3 ] CVE-2021-36160 https://nvd.nist.gov/vuln/detail/CVE-2021-36160 [ 4 ] CVE-2021-39275 https://nvd.nist.gov/vuln/detail/CVE-2021-39275 [ 5 ] CVE-2021-40438 https://nvd.nist.gov/vuln/detail/CVE-2021-40438 [ 6 ] CVE-2021-41524 https://nvd.nist.gov/vuln/detail/CVE-2021-41524 [ 7 ] CVE-2021-41773 https://nvd.nist.gov/vuln/detail/CVE-2021-41773 [ 8 ] CVE-2021-42013 https://nvd.nist.gov/vuln/detail/CVE-2021-42013 [ 9 ] CVE-2021-44224 https://nvd.nist.gov/vuln/detail/CVE-2021-44224 [ 10 ] CVE-2021-44790 https://nvd.nist.gov/vuln/detail/CVE-2021-44790 [ 11 ] CVE-2022-22719 https://nvd.nist.gov/vuln/detail/CVE-2022-22719 [ 12 ] CVE-2022-22720 https://nvd.nist.gov/vuln/detail/CVE-2022-22720 [ 13 ] CVE-2022-22721 https://nvd.nist.gov/vuln/detail/CVE-2022-22721 [ 14 ] CVE-2022-23943 https://nvd.nist.gov/vuln/detail/CVE-2022-23943 [ 15 ] CVE-2022-26377 https://nvd.nist.gov/vuln/detail/CVE-2022-26377 [ 16 ] CVE-2022-28614 https://nvd.nist.gov/vuln/detail/CVE-2022-28614 [ 17 ] CVE-2022-28615 https://nvd.nist.gov/vuln/detail/CVE-2022-28615 [ 18 ] CVE-2022-29404 https://nvd.nist.gov/vuln/detail/CVE-2022-29404 [ 19 ] CVE-2022-30522 https://nvd.nist.gov/vuln/detail/CVE-2022-30522 [ 20 ] CVE-2022-30556 https://nvd.nist.gov/vuln/detail/CVE-2022-30556 [ 21 ] CVE-2022-31813 https://nvd.nist.gov/vuln/detail/CVE-2022-31813

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    https://security.gentoo.org/glsa/202208-20

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-5090-3 September 28, 2021

    apache2 regression

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 21.04
    • Ubuntu 20.04 LTS
    • Ubuntu 18.04 LTS

    Summary:

    USN-5090-1 introduced a regression in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem.

    Original advisory details:

    James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote attacker could possibly use this issue to perform request splitting or cache poisoning attacks. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2021-34798) Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. If the server was configured with third-party modules, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-39275) It was discovered that the Apache mod_proxy module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to forward requests to arbitrary origin servers. (CVE-2021-40438)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 21.04: apache2 2.4.46-4ubuntu1.3 apache2-bin 2.4.46-4ubuntu1.3

    Ubuntu 20.04 LTS: apache2 2.4.41-4ubuntu3.6 apache2-bin 2.4.41-4ubuntu3.6

    Ubuntu 18.04 LTS: apache2 2.4.29-1ubuntu4.18 apache2-bin 2.4.29-1ubuntu4.18

    In general, a standard system update will make all the necessary changes

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "instantis enterprisetrack",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "17.1"
          },
          {
            "_id": null,
            "model": "storagegrid",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "instantis enterprisetrack",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "17.3"
          },
          {
            "_id": null,
            "model": "instantis enterprisetrack",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "17.2"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "35"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.2.1.3.0"
          },
          {
            "_id": null,
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.58"
          },
          {
            "_id": null,
            "model": "clustered data ontap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.4.49"
          },
          {
            "_id": null,
            "model": "communications cloud native core network function cloud native environment",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "1.10.0"
          },
          {
            "_id": null,
            "model": "zfs storage appliance kit",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.8"
          },
          {
            "_id": null,
            "model": "enterprise manager base platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "13.5.0.0"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.2.1.4.0"
          },
          {
            "_id": null,
            "model": "brocade fabric operating system",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "broadcom",
            "version": null
          },
          {
            "_id": null,
            "model": "cloud backup",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.4.30"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "34"
          },
          {
            "_id": null,
            "model": "enterprise manager base platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "13.4.0.0"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "apache",
            "version": "2.4.30,\u003c=2.4.48"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-03205"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-36160"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Ubuntu",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "164305"
          },
          {
            "db": "PACKETSTORM",
            "id": "164329"
          },
          {
            "db": "PACKETSTORM",
            "id": "164318"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2021-36160",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2021-36160",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2022-03205",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-397448",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-36160",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-36160",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-03205",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202109-1113",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-397448",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-36160",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-03205"
          },
          {
            "db": "VULHUB",
            "id": "VHN-397448"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-36160"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1113"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-36160"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). The server is fast, reliable and extensible through a simple API. \n\r\n\r\nApache HTTP Server has a denial of service vulnerability in versions 2.4.30 to 2.4.48, which is caused by the network system or product not properly validating the input data. An out-of-bounds read in mod_proxy_uwsgi of httpd allows a remote unauthenticated malicious user to crash the service through a crafted request. The highest threat from this vulnerability is to system availability. \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 2.4.38-3+deb10u6. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.4.51-1~deb11u1. \n\nWe recommend that you upgrade your apache2 packages. \n\nFor the detailed security status of apache2 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/apache2\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmFgr44ACgkQEMKTtsN8\nTjbophAAiZ+fhF2r8BUbQkL8BhpfqjA+hVsp9WEMTn8Gq6kiW0wLvK3jWPM301Ou\nD4gHqKmFPmYNC1KBOyk/lJdxyD7iTUweUyLi3WXzxhIDMx0kxkRw1oXlyCHzIqSJ\nM277bgk32h2cDCbsXjrN/8agKPcKgfwDqiyf/igfEq6V8OB2zVvJPKVFq45n54+q\n4FPXSyx1g2u5ewSeXbU2uHDej6Qborui4osDdbwx8CT6aETi0cIXJ8RbXF3PUCHG\n5DzZagnRq6GumPsl01jcPu7b9Ck8MlkxMSG3FRsSIJVkwpsQ2C34ywIJkFlzUZZh\njhdVUrfbyfLpSdcPcipAAjl9I6gDqa9SFdMRK7ixCpQ6iTiVeDZdJ8pA4jnSweNQ\nTHik07di9R0juX0p7peQiIyBKrEf7Y3WSvLOn0SBKXvZnzc/72rH2nP5FclsgCsV\nTWxptziGridC43KB8/tDJAAOXVF2lzylzF70V/UGTNo1jk9w3/p6btU1iuzKspyY\nY4aPZla3DImI8mezrgFrGYNg7bZYLKuJyGDADKih2sUQpzmDZ6MJxKAE3NLRWyQa\n7cCJdoNR9yVqytEw1Y/ZRXAXWfMb3Y1ts2EqR8hzLQgMYb0JC58cLMG3T0RgyPoO\nA4CTIoYpK1WnsykAE8M4XFrnOW3lrtse6T8N/dTVMuodElAEhc0=\n=/At6\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update\nAdvisory ID:       RHSA-2022:7143-01\nProduct:           Red Hat JBoss Core Services\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:7143\nIssue date:        2022-10-26\nCVE Names:         CVE-2021-33193 CVE-2021-36160 CVE-2021-39275\n                   CVE-2021-41524 CVE-2021-44224 CVE-2021-45960\n                   CVE-2021-46143 CVE-2022-22822 CVE-2022-22823\n                   CVE-2022-22824 CVE-2022-22825 CVE-2022-22826\n                   CVE-2022-22827 CVE-2022-23852 CVE-2022-23990\n                   CVE-2022-25235 CVE-2022-25236 CVE-2022-25313\n                   CVE-2022-25314 CVE-2022-25315\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat JBoss Core Services. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss Core Services on RHEL 7 Server - noarch, x86_64\nRed Hat JBoss Core Services on RHEL 8 - noarch, x86_64\n\n3. Description:\n\nRed Hat JBoss Core Services is a set of supplementary software for Red Hat\nJBoss middleware products. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51\nserves as a replacement for Red Hat JBoss Core Services Apache HTTP Server\n2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are\ndocumented in the Release Notes document linked to in the References. \n\nSecurity Fix(es):\n\n* expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code\nexecution (CVE-2022-25235)\n\n* expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute\nvalues can lead to arbitrary code execution (CVE-2022-25236)\n\n* expat: Integer overflow in storeRawNames() (CVE-2022-25315)\n\n* httpd: Request splitting via HTTP/2 method injection and mod_proxy\n(CVE-2021-33193)\n\n* httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path\n(CVE-2021-36160)\n\n* httpd: Out-of-bounds write in ap_escape_quotes() via malicious input\n(CVE-2021-39275)\n\n* httpd: NULL pointer dereference via crafted request during HTTP/2 request\nprocessing (CVE-2021-41524)\n\n* httpd: possible NULL dereference or SSRF in forward proxy configurations\n(CVE-2021-44224)\n\n* expat: Large number of prefixed XML attributes on a single tag can crash\nlibexpat (CVE-2021-45960)\n\n* expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143)\n\n* expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822)\n\n* expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823)\n\n* expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824)\n\n* expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825)\n\n* expat: Integer overflow in nextScaffoldPart in xmlparse.c\n(CVE-2022-22826)\n\n* expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827)\n\n* expat: Integer overflow in function XML_GetBuffer (CVE-2022-23852)\n\n* expat: stack exhaustion in doctype parsing (CVE-2022-25313)\n\n* expat: integer overflow in copyString() (CVE-2022-25314)\n\n* expat: integer overflow in the doProlog function (CVE-2022-23990)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for\nthis update to take effect. After installing the updated packages, the\nhttpd daemon will be restarted automatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1966728 - CVE-2021-33193 httpd: Request splitting via HTTP/2 method injection and mod_proxy\n2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input\n2005124 - CVE-2021-36160 httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path\n2010934 - CVE-2021-41524 httpd: NULL pointer dereference via crafted request during HTTP/2 request processing\n2034672 - CVE-2021-44224 httpd: possible NULL dereference or SSRF in forward proxy configurations\n2044451 - CVE-2021-45960 expat: Large number of prefixed XML attributes on a single tag can crash libexpat\n2044455 - CVE-2021-46143 expat: Integer overflow in doProlog in xmlparse.c\n2044457 - CVE-2022-22822 expat: Integer overflow in addBinding in xmlparse.c\n2044464 - CVE-2022-22823 expat: Integer overflow in build_model in xmlparse.c\n2044467 - CVE-2022-22824 expat: Integer overflow in defineAttribute in xmlparse.c\n2044479 - CVE-2022-22825 expat: Integer overflow in lookup in xmlparse.c\n2044484 - CVE-2022-22826 expat: Integer overflow in nextScaffoldPart in xmlparse.c\n2044488 - CVE-2022-22827 expat: Integer overflow in storeAtts in xmlparse.c\n2044613 - CVE-2022-23852 expat: Integer overflow in function XML_GetBuffer\n2048356 - CVE-2022-23990 expat: integer overflow in the doProlog function\n2056350 - CVE-2022-25313 expat: stack exhaustion in doctype parsing\n2056354 - CVE-2022-25314 expat: integer overflow in copyString()\n2056363 - CVE-2022-25315 expat: Integer overflow in storeRawNames()\n2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution\n2056370 - CVE-2022-25236 expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution\n\n6. Package List:\n\nRed Hat JBoss Core Services on RHEL 7 Server:\n\nSource:\njbcs-httpd24-apr-1.7.0-6.el7jbcs.src.rpm\njbcs-httpd24-apr-util-1.6.1-98.el7jbcs.src.rpm\njbcs-httpd24-brotli-1.0.9-2.el7jbcs.src.rpm\njbcs-httpd24-curl-7.83.1-6.el7jbcs.src.rpm\njbcs-httpd24-httpd-2.4.51-28.el7jbcs.src.rpm\njbcs-httpd24-jansson-2.14-1.el7jbcs.src.rpm\njbcs-httpd24-mod_http2-1.15.19-17.el7jbcs.src.rpm\njbcs-httpd24-mod_jk-1.2.48-41.redhat_1.el7jbcs.src.rpm\njbcs-httpd24-mod_md-2.4.0-15.el7jbcs.src.rpm\njbcs-httpd24-mod_proxy_cluster-1.3.17-9.el7jbcs.src.rpm\njbcs-httpd24-mod_security-2.9.3-19.el7jbcs.src.rpm\njbcs-httpd24-nghttp2-1.43.0-10.el7jbcs.src.rpm\njbcs-httpd24-openssl-1.1.1k-12.el7jbcs.src.rpm\njbcs-httpd24-openssl-chil-1.0.0-16.el7jbcs.src.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-31.el7jbcs.src.rpm\n\nnoarch:\njbcs-httpd24-httpd-manual-2.4.51-28.el7jbcs.noarch.rpm\n\nx86_64:\njbcs-httpd24-apr-1.7.0-6.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-debuginfo-1.7.0-6.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-devel-1.7.0-6.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-debuginfo-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-devel-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-ldap-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-mysql-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-nss-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-odbc-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-openssl-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-pgsql-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-sqlite-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-brotli-1.0.9-2.el7jbcs.x86_64.rpm\njbcs-httpd24-brotli-debuginfo-1.0.9-2.el7jbcs.x86_64.rpm\njbcs-httpd24-brotli-devel-1.0.9-2.el7jbcs.x86_64.rpm\njbcs-httpd24-curl-7.83.1-6.el7jbcs.x86_64.rpm\njbcs-httpd24-curl-debuginfo-7.83.1-6.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-debuginfo-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-devel-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-selinux-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-tools-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-jansson-2.14-1.el7jbcs.x86_64.rpm\njbcs-httpd24-jansson-debuginfo-2.14-1.el7jbcs.x86_64.rpm\njbcs-httpd24-jansson-devel-2.14-1.el7jbcs.x86_64.rpm\njbcs-httpd24-libcurl-7.83.1-6.el7jbcs.x86_64.rpm\njbcs-httpd24-libcurl-devel-7.83.1-6.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_http2-1.15.19-17.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_http2-debuginfo-1.15.19-17.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_jk-ap24-1.2.48-41.redhat_1.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_jk-debuginfo-1.2.48-41.redhat_1.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_ldap-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_md-2.4.0-15.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_md-debuginfo-2.4.0-15.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_cluster-1.3.17-9.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-9.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_html-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_security-2.9.3-19.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_security-debuginfo-2.9.3-19.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_session-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_ssl-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-1.43.0-10.el7jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-debuginfo-1.43.0-10.el7jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-devel-1.43.0-10.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-1.1.1k-12.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-chil-1.0.0-16.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-chil-debuginfo-1.0.0-16.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-debuginfo-1.1.1k-12.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-devel-1.1.1k-12.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-libs-1.1.1k-12.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-perl-1.1.1k-12.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-31.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-31.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-static-1.1.1k-12.el7jbcs.x86_64.rpm\n\nRed Hat JBoss Core Services on RHEL 8:\n\nSource:\njbcs-httpd24-apr-1.7.0-6.el8jbcs.src.rpm\njbcs-httpd24-apr-util-1.6.1-98.el8jbcs.src.rpm\njbcs-httpd24-brotli-1.0.9-2.el8jbcs.src.rpm\njbcs-httpd24-curl-7.83.1-6.el8jbcs.src.rpm\njbcs-httpd24-httpd-2.4.51-28.el8jbcs.src.rpm\njbcs-httpd24-jansson-2.14-1.el8jbcs.src.rpm\njbcs-httpd24-mod_http2-1.15.19-17.el8jbcs.src.rpm\njbcs-httpd24-mod_jk-1.2.48-41.redhat_1.el8jbcs.src.rpm\njbcs-httpd24-mod_md-2.4.0-15.el8jbcs.src.rpm\njbcs-httpd24-mod_proxy_cluster-1.3.17-9.el8jbcs.src.rpm\njbcs-httpd24-mod_security-2.9.3-19.el8jbcs.src.rpm\njbcs-httpd24-nghttp2-1.43.0-10.el8jbcs.src.rpm\njbcs-httpd24-openssl-1.1.1k-12.el8jbcs.src.rpm\njbcs-httpd24-openssl-chil-1.0.0-16.el8jbcs.src.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-31.el8jbcs.src.rpm\n\nnoarch:\njbcs-httpd24-httpd-manual-2.4.51-28.el8jbcs.noarch.rpm\n\nx86_64:\njbcs-httpd24-apr-1.7.0-6.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-debuginfo-1.7.0-6.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-devel-1.7.0-6.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-devel-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-ldap-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-ldap-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-mysql-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-mysql-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-nss-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-nss-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-odbc-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-odbc-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-openssl-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-openssl-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-pgsql-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-pgsql-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-sqlite-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-sqlite-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-brotli-1.0.9-2.el8jbcs.x86_64.rpm\njbcs-httpd24-brotli-debuginfo-1.0.9-2.el8jbcs.x86_64.rpm\njbcs-httpd24-brotli-devel-1.0.9-2.el8jbcs.x86_64.rpm\njbcs-httpd24-curl-7.83.1-6.el8jbcs.x86_64.rpm\njbcs-httpd24-curl-debuginfo-7.83.1-6.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-devel-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-selinux-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-tools-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-tools-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-jansson-2.14-1.el8jbcs.x86_64.rpm\njbcs-httpd24-jansson-debuginfo-2.14-1.el8jbcs.x86_64.rpm\njbcs-httpd24-jansson-devel-2.14-1.el8jbcs.x86_64.rpm\njbcs-httpd24-libcurl-7.83.1-6.el8jbcs.x86_64.rpm\njbcs-httpd24-libcurl-debuginfo-7.83.1-6.el8jbcs.x86_64.rpm\njbcs-httpd24-libcurl-devel-7.83.1-6.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_http2-1.15.19-17.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_http2-debuginfo-1.15.19-17.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_jk-ap24-1.2.48-41.redhat_1.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_jk-ap24-debuginfo-1.2.48-41.redhat_1.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_ldap-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_ldap-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_md-2.4.0-15.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_md-debuginfo-2.4.0-15.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_cluster-1.3.17-9.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-9.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_html-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_html-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_security-2.9.3-19.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_security-debuginfo-2.9.3-19.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_session-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_session-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_ssl-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_ssl-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-1.43.0-10.el8jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-debuginfo-1.43.0-10.el8jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-devel-1.43.0-10.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-1.1.1k-12.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-chil-1.0.0-16.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-chil-debuginfo-1.0.0-16.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-debuginfo-1.1.1k-12.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-devel-1.1.1k-12.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-libs-1.1.1k-12.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-libs-debuginfo-1.1.1k-12.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-perl-1.1.1k-12.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-31.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-31.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-static-1.1.1k-12.el8jbcs.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-33193\nhttps://access.redhat.com/security/cve/CVE-2021-36160\nhttps://access.redhat.com/security/cve/CVE-2021-39275\nhttps://access.redhat.com/security/cve/CVE-2021-41524\nhttps://access.redhat.com/security/cve/CVE-2021-44224\nhttps://access.redhat.com/security/cve/CVE-2021-45960\nhttps://access.redhat.com/security/cve/CVE-2021-46143\nhttps://access.redhat.com/security/cve/CVE-2022-22822\nhttps://access.redhat.com/security/cve/CVE-2022-22823\nhttps://access.redhat.com/security/cve/CVE-2022-22824\nhttps://access.redhat.com/security/cve/CVE-2022-22825\nhttps://access.redhat.com/security/cve/CVE-2022-22826\nhttps://access.redhat.com/security/cve/CVE-2022-22827\nhttps://access.redhat.com/security/cve/CVE-2022-23852\nhttps://access.redhat.com/security/cve/CVE-2022-23990\nhttps://access.redhat.com/security/cve/CVE-2022-25235\nhttps://access.redhat.com/security/cve/CVE-2022-25236\nhttps://access.redhat.com/security/cve/CVE-2022-25313\nhttps://access.redhat.com/security/cve/CVE-2022-25314\nhttps://access.redhat.com/security/cve/CVE-2022-25315\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBY1nOZtzjgjWX9erEAQjuIxAApYL8vG/A+EEcbUqbTvVWogX49KtpAbJR\nV1Gv6llWWogAKT9HEE9AGansLscDYD8cyh6TNShY7lDkX7iYchzJLCs6IYDhBzls\nj7jSdQEgpEVUCPLdKA17rFMO5FvZSlp0pgvFjSH3r+Q1+IVhsxKSXagTbFaTqGgP\nJVqYMrbot+wzwkC1oHda0/Wh4UwqraveivOT/56FOXw6T0uxF0G51RuT+GSusUFe\np7hwNNbE/xWONnQu29QNqMdB9IYFTEjpDV1Tn2i2wPMl1IhQVFhQUqgpjfL29KLc\nM+bOg6nE2NP4a6+YcYQevKwWTmq+VMLwwwCaNKsqFtK9KrDc/cy3nEDvBwQNx6gM\n+OjpDGXbUBvKe6qkXIXMbBuJA1hDug+wdlGlDsC6n1MR6EKFPLs3oDdmsVMyAeXv\nuA9lgkdwIeMpJ96JyDwQ5pCQ94NdLUPy84PlNPH3TJYshpp1di9tFe9MQ9j5lOds\nRMsc1OJLl06aavpMuyFLoV71+xFksTCeNZVEBlSr31kaf1wxr0hG3oCMjlFw/QcY\nFmY8nMirBSnrhGcOzg9zx4gfdvdf84mLmoRIAX/r1O5/RtiV13RQRp8/vo0h+4ou\nBtep5k5CnSag4tBSWvSzX5oaEcrCvaCU9CI/2vhmocTl5O1nsJVvWIHrbu7ygorx\nm+Yms1hf0io=Dgle\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202208-20\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: Apache HTTPD: Multiple Vulnerabilities\n     Date: August 14, 2022\n     Bugs: #813429, #816399, #816864, #829722, #835131, #850622\n       ID: 202208-20\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Apache Webserver, the\nworst of which could result in remote code execution. \n\nAffected packages\n================\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  app-admin/apache-tools     \u003c 2.4.54                    \u003e= 2.4.54\n  2  www-servers/apache         \u003c 2.4.54                    \u003e= 2.4.54\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Apache HTTPD. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Apache HTTPD users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.4.54\"\n\nAll Apache HTTPD tools users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=app-admin/apache-tools-2.4.54\"\n\nReferences\n=========\n[ 1 ] CVE-2021-33193\n      https://nvd.nist.gov/vuln/detail/CVE-2021-33193\n[ 2 ] CVE-2021-34798\n      https://nvd.nist.gov/vuln/detail/CVE-2021-34798\n[ 3 ] CVE-2021-36160\n      https://nvd.nist.gov/vuln/detail/CVE-2021-36160\n[ 4 ] CVE-2021-39275\n      https://nvd.nist.gov/vuln/detail/CVE-2021-39275\n[ 5 ] CVE-2021-40438\n      https://nvd.nist.gov/vuln/detail/CVE-2021-40438\n[ 6 ] CVE-2021-41524\n      https://nvd.nist.gov/vuln/detail/CVE-2021-41524\n[ 7 ] CVE-2021-41773\n      https://nvd.nist.gov/vuln/detail/CVE-2021-41773\n[ 8 ] CVE-2021-42013\n      https://nvd.nist.gov/vuln/detail/CVE-2021-42013\n[ 9 ] CVE-2021-44224\n      https://nvd.nist.gov/vuln/detail/CVE-2021-44224\n[ 10 ] CVE-2021-44790\n      https://nvd.nist.gov/vuln/detail/CVE-2021-44790\n[ 11 ] CVE-2022-22719\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22719\n[ 12 ] CVE-2022-22720\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22720\n[ 13 ] CVE-2022-22721\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22721\n[ 14 ] CVE-2022-23943\n      https://nvd.nist.gov/vuln/detail/CVE-2022-23943\n[ 15 ] CVE-2022-26377\n      https://nvd.nist.gov/vuln/detail/CVE-2022-26377\n[ 16 ] CVE-2022-28614\n      https://nvd.nist.gov/vuln/detail/CVE-2022-28614\n[ 17 ] CVE-2022-28615\n      https://nvd.nist.gov/vuln/detail/CVE-2022-28615\n[ 18 ] CVE-2022-29404\n      https://nvd.nist.gov/vuln/detail/CVE-2022-29404\n[ 19 ] CVE-2022-30522\n      https://nvd.nist.gov/vuln/detail/CVE-2022-30522\n[ 20 ] CVE-2022-30556\n      https://nvd.nist.gov/vuln/detail/CVE-2022-30556\n[ 21 ] CVE-2022-31813\n      https://nvd.nist.gov/vuln/detail/CVE-2022-31813\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-20\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-5090-3\nSeptember 28, 2021\n\napache2 regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.04\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nUSN-5090-1 introduced a regression in Apache HTTP Server. One of the upstream\nfixes introduced a regression in UDS URIs. This update fixes the problem. \n\nOriginal advisory details:\n\n James Kettle discovered that the Apache HTTP Server HTTP/2 module\n incorrectly handled certain crafted methods. A remote attacker could\n possibly use this issue to perform request splitting or cache poisoning\n attacks. A remote attacker could possibly use this issue to\n cause the server to crash, resulting in a denial of service. \n (CVE-2021-34798)\n  Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly\n handled certain request uri-paths. A remote attacker could possibly use\n this issue to cause the server to crash, resulting in a denial of service. \n This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. If the server was configured with third-party modules, a remote\n attacker could use this issue to cause the server to crash, resulting in a\n denial of service, or possibly execute arbitrary code. (CVE-2021-39275)\n  It was discovered that the Apache mod_proxy module incorrectly handled\n certain request uri-paths. A remote attacker could possibly use this issue\n to cause the server to forward requests to arbitrary origin servers. \n (CVE-2021-40438)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.04:\n  apache2                         2.4.46-4ubuntu1.3\n  apache2-bin                     2.4.46-4ubuntu1.3\n\nUbuntu 20.04 LTS:\n  apache2                         2.4.41-4ubuntu3.6\n  apache2-bin                     2.4.41-4ubuntu3.6\n\nUbuntu 18.04 LTS:\n  apache2                         2.4.29-1ubuntu4.18\n  apache2-bin                     2.4.29-1ubuntu4.18\n\nIn general, a standard system update will make all the necessary changes",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-36160"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-03205"
          },
          {
            "db": "VULHUB",
            "id": "VHN-397448"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-36160"
          },
          {
            "db": "PACKETSTORM",
            "id": "169132"
          },
          {
            "db": "PACKETSTORM",
            "id": "169540"
          },
          {
            "db": "PACKETSTORM",
            "id": "169541"
          },
          {
            "db": "PACKETSTORM",
            "id": "168072"
          },
          {
            "db": "PACKETSTORM",
            "id": "164305"
          },
          {
            "db": "PACKETSTORM",
            "id": "164329"
          },
          {
            "db": "PACKETSTORM",
            "id": "164318"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-36160",
            "trust": 3.1
          },
          {
            "db": "PACKETSTORM",
            "id": "168072",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "169541",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-03205",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1113",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "168565",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "167073",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "164329",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "164318",
            "trust": 0.7
          },
          {
            "db": "CS-HELP",
            "id": "SB2022012041",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022051150",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021092301",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021101101",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021091707",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021101513",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4004.3",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4004.2",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3357",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3387",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4004.7",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3591",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3229",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3248",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3489",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4004.5",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3148",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "169540",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-397448",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-36160",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169132",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "164305",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-03205"
          },
          {
            "db": "VULHUB",
            "id": "VHN-397448"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-36160"
          },
          {
            "db": "PACKETSTORM",
            "id": "169132"
          },
          {
            "db": "PACKETSTORM",
            "id": "169540"
          },
          {
            "db": "PACKETSTORM",
            "id": "169541"
          },
          {
            "db": "PACKETSTORM",
            "id": "168072"
          },
          {
            "db": "PACKETSTORM",
            "id": "164305"
          },
          {
            "db": "PACKETSTORM",
            "id": "164329"
          },
          {
            "db": "PACKETSTORM",
            "id": "164318"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1113"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-36160"
          }
        ]
      },
      "id": "VAR-202109-1804",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-03205"
          },
          {
            "db": "VULHUB",
            "id": "VHN-397448"
          }
        ],
        "trust": 1.325
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-03205"
          }
        ]
      },
      "last_update_date": "2026-04-10T21:46:55.194000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Patch for Apache HTTP Server Denial of Service Vulnerability (CNVD-2022-03205)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/313441"
          },
          {
            "title": "Apache HTTP Server Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=163990"
          },
          {
            "title": "Red Hat: Moderate: httpd:2.4 security and bug fix update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221915 - Security Advisory"
          },
          {
            "title": "Red Hat: CVE-2021-36160",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-36160"
          },
          {
            "title": "Debian Security Advisories: DSA-4982-1 apache2 -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=93a29f7ecf9a6aaba79d3b3320aa4b85"
          },
          {
            "title": "Red Hat: Moderate: httpd24-httpd security and bug fix update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226753 - Security Advisory"
          },
          {
            "title": "Arch Linux Issues: ",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-36160 log"
          },
          {
            "title": "Amazon Linux AMI: ALAS-2021-1543",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2021-1543"
          },
          {
            "title": "Cisco: Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-apache-httpd-2.4.49-VWL69sWQ"
          },
          {
            "title": "Amazon Linux 2: ALAS2-2021-1716",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1716"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/PierreChrd/py-projet-tut "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-03205"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-36160"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1113"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-125",
            "trust": 1.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-397448"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-36160"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.9,
            "url": "https://security.gentoo.org/glsa/202208-20"
          },
          {
            "trust": 1.8,
            "url": "https://security.netapp.com/advisory/ntap-20211008-0004/"
          },
          {
            "trust": 1.8,
            "url": "https://www.debian.org/security/2021/dsa-4982"
          },
          {
            "trust": 1.8,
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "trust": 1.8,
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "trust": 1.8,
            "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00016.html"
          },
          {
            "trust": 1.8,
            "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00016.html"
          },
          {
            "trust": 1.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36160"
          },
          {
            "trust": 1.2,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-httpd-2.4.49-vwl69swq"
          },
          {
            "trust": 1.2,
            "url": "http://httpd.apache.org/security/vulnerabilities_24.html"
          },
          {
            "trust": 1.2,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3cbugs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/ra87a69d0703d09dc52b86e32b08f8d7327af10acdd5f577a4e82596a%40%3cbugs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/ree7519d71415ecdd170ff1889cab552d71758d2ba2904a17ded21a70%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r94a61a1517133a19dcf40016e87454ea86e355d06a0cec4c778530f3%40%3cbugs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3cusers.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/rb2341c8786d0f9924f5b666e82d8d170b4804f50a523d750551bef1a%40%3cbugs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r73260f6ba9fb52e43d860905fc90462ba5a814afda2d011f32bbd41c%40%3cbugs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3cusers.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3cusers.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/re4162adc051c1a0a79e7a24093f3776373e8733abaff57253fef341d%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3cusers.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/ra1c05a392587bfe34383dffe1213edc425de8d4afc25b7cefab3e781%40%3cbugs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r7f2746e916ed370239bc1a1025e5ebbf345f79df9ea0ea39e44acfbb%40%3cbugs.httpd.apache.org%3e"
          },
          {
            "trust": 0.9,
            "url": "https://access.redhat.com/security/cve/cve-2021-36160"
          },
          {
            "trust": 0.8,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/"
          },
          {
            "trust": 0.8,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39275"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33193"
          },
          {
            "trust": 0.6,
            "url": "httpd.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/r73260f6ba9fb52e43d860905fc90462ba5a814afda2d011f32bbd41c@%3cbugs."
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/r7f2746e916ed370239bc1a1025e5ebbf345f79df9ea0ea39e44acfbb@%3cbugs."
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/r94a61a1517133a19dcf40016e87454ea86e355d06a0cec4c778530f3@%3cbugs."
          },
          {
            "trust": 0.6,
            "url": "httpd.apache.org/security/vulnerabilities_24.html"
          },
          {
            "trust": 0.6,
            "url": "http://"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37@%3cbugs."
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3cusers."
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/ra1c05a392587bfe34383dffe1213edc425de8d4afc25b7cefab3e781@%3cbugs."
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/ree7519d71415ecdd170ff1889cab552d71758d2ba2904a17ded21a70@%3ccvs."
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/ra87a69d0703d09dc52b86e32b08f8d7327af10acdd5f577a4e82596a@%3cbugs."
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3cusers."
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/rb2341c8786d0f9924f5b666e82d8d170b4804f50a523d750551bef1a@%3cbugs."
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3cusers."
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/re4162adc051c1a0a79e7a24093f3776373e8733abaff57253fef341d@%3ccvs."
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3cusers."
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3229"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021101513"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/169541/red-hat-security-advisory-2022-7143-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3357"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3591"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168072/gentoo-linux-security-advisory-202208-20.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4004.7"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/164318/ubuntu-security-notice-usn-5090-3.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168565/red-hat-security-advisory-2022-6753-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4004.3"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4004.2"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4004.5"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021092301"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3387"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/164329/ubuntu-security-notice-usn-5090-4.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3248"
          },
          {
            "trust": 0.6,
            "url": "httpd-2.4.49-vwl69swq"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022051150"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3148"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3489"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022012041"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021091707"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021101101"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/apache-http-server-four-vulnerabilities-36444"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/167073/red-hat-security-advisory-2022-1915-01.html"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-40438"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34798"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41524"
          },
          {
            "trust": 0.3,
            "url": "https://ubuntu.com/security/notices/usn-5090-1"
          },
          {
            "trust": 0.2,
            "url": "https://lists.apache.org/thread.html/r73260f6ba9fb52e43d860905fc90462ba5a814afda2d011f32bbd41c@%3cbugs.httpd.apache.org%3e"
          },
          {
            "trust": 0.2,
            "url": "https://lists.apache.org/thread.html/ra1c05a392587bfe34383dffe1213edc425de8d4afc25b7cefab3e781@%3cbugs.httpd.apache.org%3e"
          },
          {
            "trust": 0.2,
            "url": "https://lists.apache.org/thread.html/r7f2746e916ed370239bc1a1025e5ebbf345f79df9ea0ea39e44acfbb@%3cbugs.httpd.apache.org%3e"
          },
          {
            "trust": 0.2,
            "url": "https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37@%3cbugs.httpd.apache.org%3e"
          },
          {
            "trust": 0.2,
            "url": "https://lists.apache.org/thread.html/r94a61a1517133a19dcf40016e87454ea86e355d06a0cec4c778530f3@%3cbugs.httpd.apache.org%3e"
          },
          {
            "trust": 0.2,
            "url": "https://lists.apache.org/thread.html/ra87a69d0703d09dc52b86e32b08f8d7327af10acdd5f577a4e82596a@%3cbugs.httpd.apache.org%3e"
          },
          {
            "trust": 0.2,
            "url": "https://lists.apache.org/thread.html/rb2341c8786d0f9924f5b666e82d8d170b4804f50a523d750551bef1a@%3cbugs.httpd.apache.org%3e"
          },
          {
            "trust": 0.2,
            "url": "https://lists.apache.org/thread.html/ree7519d71415ecdd170ff1889cab552d71758d2ba2904a17ded21a70@%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 0.2,
            "url": "https://lists.apache.org/thread.html/re4162adc051c1a0a79e7a24093f3776373e8733abaff57253fef341d@%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 0.2,
            "url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3cusers.httpd.apache.org%3e"
          },
          {
            "trust": 0.2,
            "url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3cusers.httpd.apache.org%3e"
          },
          {
            "trust": 0.2,
            "url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3cusers.httpd.apache.org%3e"
          },
          {
            "trust": 0.2,
            "url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3cusers.httpd.apache.org%3e"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-33193"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-25313"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-22822"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-22824"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-22826"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-22827"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-45960"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-41524"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22827"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22826"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-23990"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-25315"
          },
          {
            "trust": 0.2,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-25314"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-44224"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-22823"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-25236"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-25235"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23852"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-23852"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-22825"
          },
          {
            "trust": 0.2,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-46143"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-39275"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/125.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1915"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/"
          },
          {
            "trust": 0.1,
            "url": "https://security-tracker.debian.org/tracker/apache2"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:7144"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:7143"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28614"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-31813"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29404"
          },
          {
            "trust": 0.1,
            "url": "https://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44790"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28615"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30522"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41773"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22719"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30556"
          },
          {
            "trust": 0.1,
            "url": "https://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-42013"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23943"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22720"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26377"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.17"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.5"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.46-4ubuntu1.2"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/bugs/xxxxxx"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-5090-4"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-5090-3"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.6"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/bugs/1945311"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.18"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.46-4ubuntu1.3"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-397448"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-36160"
          },
          {
            "db": "PACKETSTORM",
            "id": "169132"
          },
          {
            "db": "PACKETSTORM",
            "id": "169540"
          },
          {
            "db": "PACKETSTORM",
            "id": "169541"
          },
          {
            "db": "PACKETSTORM",
            "id": "168072"
          },
          {
            "db": "PACKETSTORM",
            "id": "164305"
          },
          {
            "db": "PACKETSTORM",
            "id": "164329"
          },
          {
            "db": "PACKETSTORM",
            "id": "164318"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1113"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-36160"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-03205",
            "ident": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-397448",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-36160",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "169132",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "169540",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "169541",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "168072",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164305",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164329",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164318",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1113",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2021-36160",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-01-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-03205",
            "ident": null
          },
          {
            "date": "2021-09-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-397448",
            "ident": null
          },
          {
            "date": "2021-09-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-36160",
            "ident": null
          },
          {
            "date": "2021-10-28T19:12:00",
            "db": "PACKETSTORM",
            "id": "169132",
            "ident": null
          },
          {
            "date": "2022-10-27T13:05:19",
            "db": "PACKETSTORM",
            "id": "169540",
            "ident": null
          },
          {
            "date": "2022-10-27T13:05:26",
            "db": "PACKETSTORM",
            "id": "169541",
            "ident": null
          },
          {
            "date": "2022-08-15T16:02:48",
            "db": "PACKETSTORM",
            "id": "168072",
            "ident": null
          },
          {
            "date": "2021-09-28T15:06:35",
            "db": "PACKETSTORM",
            "id": "164305",
            "ident": null
          },
          {
            "date": "2021-09-29T14:50:01",
            "db": "PACKETSTORM",
            "id": "164329",
            "ident": null
          },
          {
            "date": "2021-09-28T15:23:06",
            "db": "PACKETSTORM",
            "id": "164318",
            "ident": null
          },
          {
            "date": "2021-09-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202109-1113",
            "ident": null
          },
          {
            "date": "2021-09-16T15:15:07.330000",
            "db": "NVD",
            "id": "CVE-2021-36160",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-01-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-03205",
            "ident": null
          },
          {
            "date": "2022-10-18T00:00:00",
            "db": "VULHUB",
            "id": "VHN-397448",
            "ident": null
          },
          {
            "date": "2022-08-15T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-36160",
            "ident": null
          },
          {
            "date": "2022-10-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202109-1113",
            "ident": null
          },
          {
            "date": "2025-05-01T15:40:05.120000",
            "db": "NVD",
            "id": "CVE-2021-36160",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "168072"
          },
          {
            "db": "PACKETSTORM",
            "id": "164305"
          },
          {
            "db": "PACKETSTORM",
            "id": "164329"
          },
          {
            "db": "PACKETSTORM",
            "id": "164318"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1113"
          }
        ],
        "trust": 1.0
      },
      "title": {
        "_id": null,
        "data": "Apache HTTP Server Denial of Service Vulnerability (CNVD-2022-03205)",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-03205"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "_id": null,
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1113"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202208-2263

    Vulnerability from variot - Updated: 2026-03-09 23:13

    When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings. A security vulnerability exists in curl versions 4.9 through 7.84. ========================================================================== Ubuntu Security Notice USN-5587-1 September 01, 2022

    curl vulnerability

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 22.04 LTS
    • Ubuntu 20.04 LTS
    • Ubuntu 18.04 LTS
    • Ubuntu 16.04 ESM
    • Ubuntu 14.04 ESM

    Summary:

    curl could be denied access to a HTTP(S) content if it recieved a specially crafted cookie.

    Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries

    Details:

    Axel Chong discovered that when curl accepted and sent back cookies containing control bytes that a HTTP(S) server might return a 400 (Bad Request Error) response. A malicious cookie host could possibly use this to cause denial-of-service.

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 22.04 LTS: curl 7.81.0-1ubuntu1.4 libcurl3-gnutls 7.81.0-1ubuntu1.4 libcurl3-nss 7.81.0-1ubuntu1.4 libcurl4 7.81.0-1ubuntu1.4

    Ubuntu 20.04 LTS: curl 7.68.0-1ubuntu2.13 libcurl3-gnutls 7.68.0-1ubuntu2.13 libcurl3-nss 7.68.0-1ubuntu2.13 libcurl4 7.68.0-1ubuntu2.13

    Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.20 libcurl3-gnutls 7.58.0-2ubuntu3.20 libcurl3-nss 7.58.0-2ubuntu3.20 libcurl4 7.58.0-2ubuntu3.20

    Ubuntu 16.04 ESM: curl 7.47.0-1ubuntu2.19+esm5 libcurl3 7.47.0-1ubuntu2.19+esm5 libcurl3-gnutls 7.47.0-1ubuntu2.19+esm5 libcurl3-nss 7.47.0-1ubuntu2.19+esm5

    Ubuntu 14.04 ESM: curl 7.35.0-1ubuntu2.20+esm12 libcurl3 7.35.0-1ubuntu2.20+esm12 libcurl3-gnutls 7.35.0-1ubuntu2.20+esm12 libcurl3-nss 7.35.0-1ubuntu2.20+esm12

    In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202212-01


                                           https://security.gentoo.org/
    

    Severity: High Title: curl: Multiple Vulnerabilities Date: December 19, 2022 Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365 ID: 202212-01


    Synopsis

    Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution.

    Background

    A command line tool and library for transferring data with URLs.

    Affected packages

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
    

    1 net-misc/curl < 7.86.0 >= 7.86.0

    Description

    Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details.

    Impact

    Please review the referenced CVE identifiers for details.

    Workaround

    There is no known workaround at this time.

    Resolution

    All curl users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.86.0"

    References

    [ 1 ] CVE-2021-22922 https://nvd.nist.gov/vuln/detail/CVE-2021-22922 [ 2 ] CVE-2021-22923 https://nvd.nist.gov/vuln/detail/CVE-2021-22923 [ 3 ] CVE-2021-22925 https://nvd.nist.gov/vuln/detail/CVE-2021-22925 [ 4 ] CVE-2021-22926 https://nvd.nist.gov/vuln/detail/CVE-2021-22926 [ 5 ] CVE-2021-22945 https://nvd.nist.gov/vuln/detail/CVE-2021-22945 [ 6 ] CVE-2021-22946 https://nvd.nist.gov/vuln/detail/CVE-2021-22946 [ 7 ] CVE-2021-22947 https://nvd.nist.gov/vuln/detail/CVE-2021-22947 [ 8 ] CVE-2022-22576 https://nvd.nist.gov/vuln/detail/CVE-2022-22576 [ 9 ] CVE-2022-27774 https://nvd.nist.gov/vuln/detail/CVE-2022-27774 [ 10 ] CVE-2022-27775 https://nvd.nist.gov/vuln/detail/CVE-2022-27775 [ 11 ] CVE-2022-27776 https://nvd.nist.gov/vuln/detail/CVE-2022-27776 [ 12 ] CVE-2022-27779 https://nvd.nist.gov/vuln/detail/CVE-2022-27779 [ 13 ] CVE-2022-27780 https://nvd.nist.gov/vuln/detail/CVE-2022-27780 [ 14 ] CVE-2022-27781 https://nvd.nist.gov/vuln/detail/CVE-2022-27781 [ 15 ] CVE-2022-27782 https://nvd.nist.gov/vuln/detail/CVE-2022-27782 [ 16 ] CVE-2022-30115 https://nvd.nist.gov/vuln/detail/CVE-2022-30115 [ 17 ] CVE-2022-32205 https://nvd.nist.gov/vuln/detail/CVE-2022-32205 [ 18 ] CVE-2022-32206 https://nvd.nist.gov/vuln/detail/CVE-2022-32206 [ 19 ] CVE-2022-32207 https://nvd.nist.gov/vuln/detail/CVE-2022-32207 [ 20 ] CVE-2022-32208 https://nvd.nist.gov/vuln/detail/CVE-2022-32208 [ 21 ] CVE-2022-32221 https://nvd.nist.gov/vuln/detail/CVE-2022-32221 [ 22 ] CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 [ 23 ] CVE-2022-35260 https://nvd.nist.gov/vuln/detail/CVE-2022-35260 [ 24 ] CVE-2022-42915 https://nvd.nist.gov/vuln/detail/CVE-2022-42915 [ 25 ] CVE-2022-42916 https://nvd.nist.gov/vuln/detail/CVE-2022-42916

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    https://security.gentoo.org/glsa/202212-01

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3

    macOS Monterey 12.6.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213604.

    AppleMobileFileIntegrity Available for: macOS Monterey Impact: An app may be able to access user-sensitive data Description: This issue was addressed by enabling hardened runtime. CVE-2023-23499: Wojciech Reguła (@_r3ggi) of SecuRing (wojciechregula.blog)

    curl Available for: macOS Monterey Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.86.0. CVE-2022-42915 CVE-2022-42916 CVE-2022-32221 CVE-2022-35260

    curl Available for: macOS Monterey Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.85.0. CVE-2022-35252

    dcerpc Available for: macOS Monterey Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2023-23513: Dimitrios Tatsis and Aleksandar Nikolic of Cisco Talos

    DiskArbitration Available for: macOS Monterey Impact: An encrypted volume may be unmounted and remounted by a different user without prompting for the password Description: A logic issue was addressed with improved state management. CVE-2023-23493: Oliver Norpoth (@norpoth) of KLIXX GmbH (klixx.com)

    DriverKit Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved checks. CVE-2022-32915: Tommy Muir (@Muirey03)

    Intel Graphics Driver Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2023-23507: an anonymous researcher

    Kernel Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2023-23504: Adam Doupé of ASU SEFCOM

    Kernel Available for: macOS Monterey Impact: An app may be able to determine kernel memory layout Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2023-23502: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. (@starlabs_sg)

    PackageKit Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: A logic issue was addressed with improved state management. CVE-2023-23497: Mickey Jin (@patch1t)

    Screen Time Available for: macOS Monterey Impact: An app may be able to access information about a user’s contacts Description: A privacy issue was addressed with improved private data redaction for log entries. CVE-2023-23505: Wojciech Regula of SecuRing (wojciechregula.blog)

    Weather Available for: macOS Monterey Impact: An app may be able to bypass Privacy preferences Description: The issue was addressed with improved memory handling. CVE-2023-23511: Wojciech Regula of SecuRing (wojciechregula.blog), an anonymous researcher

    WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 248268 CVE-2023-23518: YeongHyeon Choi (@hyeon101010), Hyeon Park (@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung), JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE WebKit Bugzilla: 248268 CVE-2023-23517: YeongHyeon Choi (@hyeon101010), Hyeon Park (@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung), JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE

    Windows Installer Available for: macOS Monterey Impact: An app may be able to bypass Privacy preferences Description: The issue was addressed with improved memory handling. CVE-2023-23508: Mickey Jin (@patch1t)

    Additional recognition

    Kernel We would like to acknowledge Nick Stenning of Replicate for their assistance.

    macOS Monterey 12.6.3 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.

    The following advisory data is extracted from:

    https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0428.json

    Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. Summary:

    Red Hat Advanced Cluster Management for Kubernetes 2.6.6 General Availability release images, which fix security issues and update container images. Description:

    Red Hat Advanced Cluster Management for Kubernetes 2.6.6 images

    Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.

    This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:

    https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/

    Security Fix(es): * CVE-2023-28856 redis: Insufficient validation of HINCRBYFLOAT command * CVE-2023-32314 vm2: Sandbox Escape * CVE-2023-32313 vm2: Inspect Manipulation

    1. Solution:

    For Red Hat Advanced Cluster Management for Kubernetes, see the following documentation for details on how to install the images:

    https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/install/installing#installing-while-connected-online

    1. Bugs fixed (https://bugzilla.redhat.com/):

    2187525 - CVE-2023-28856 redis: Insufficient validation of HINCRBYFLOAT command 2208376 - CVE-2023-32314 vm2: Sandbox Escape 2208377 - CVE-2023-32313 vm2: Inspect Manipulation

    1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Low: curl security update Advisory ID: RHSA-2023:2478-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2478 Issue date: 2023-05-09 CVE Names: CVE-2022-35252 CVE-2022-43552 ==================================================================== 1. Summary:

    An update for curl is now available for Red Hat Enterprise Linux 9.

    Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64

    1. Description:

    The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

    Security Fix(es):

    • curl: Incorrect handling of control code characters in cookies (CVE-2022-35252)

    • curl: Use-after-free triggered by an HTTP proxy deny response (CVE-2022-43552)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    1. Bugs fixed (https://bugzilla.redhat.com/):

    2120718 - CVE-2022-35252 curl: Incorrect handling of control code characters in cookies 2152652 - CVE-2022-43552 curl: Use-after-free triggered by an HTTP proxy deny response

    1. Package List:

    Red Hat Enterprise Linux AppStream (v. 9):

    aarch64: curl-debuginfo-7.76.1-23.el9.aarch64.rpm curl-debugsource-7.76.1-23.el9.aarch64.rpm curl-minimal-debuginfo-7.76.1-23.el9.aarch64.rpm libcurl-debuginfo-7.76.1-23.el9.aarch64.rpm libcurl-devel-7.76.1-23.el9.aarch64.rpm libcurl-minimal-debuginfo-7.76.1-23.el9.aarch64.rpm

    ppc64le: curl-debuginfo-7.76.1-23.el9.ppc64le.rpm curl-debugsource-7.76.1-23.el9.ppc64le.rpm curl-minimal-debuginfo-7.76.1-23.el9.ppc64le.rpm libcurl-debuginfo-7.76.1-23.el9.ppc64le.rpm libcurl-devel-7.76.1-23.el9.ppc64le.rpm libcurl-minimal-debuginfo-7.76.1-23.el9.ppc64le.rpm

    s390x: curl-debuginfo-7.76.1-23.el9.s390x.rpm curl-debugsource-7.76.1-23.el9.s390x.rpm curl-minimal-debuginfo-7.76.1-23.el9.s390x.rpm libcurl-debuginfo-7.76.1-23.el9.s390x.rpm libcurl-devel-7.76.1-23.el9.s390x.rpm libcurl-minimal-debuginfo-7.76.1-23.el9.s390x.rpm

    x86_64: curl-debuginfo-7.76.1-23.el9.i686.rpm curl-debuginfo-7.76.1-23.el9.x86_64.rpm curl-debugsource-7.76.1-23.el9.i686.rpm curl-debugsource-7.76.1-23.el9.x86_64.rpm curl-minimal-debuginfo-7.76.1-23.el9.i686.rpm curl-minimal-debuginfo-7.76.1-23.el9.x86_64.rpm libcurl-debuginfo-7.76.1-23.el9.i686.rpm libcurl-debuginfo-7.76.1-23.el9.x86_64.rpm libcurl-devel-7.76.1-23.el9.i686.rpm libcurl-devel-7.76.1-23.el9.x86_64.rpm libcurl-minimal-debuginfo-7.76.1-23.el9.i686.rpm libcurl-minimal-debuginfo-7.76.1-23.el9.x86_64.rpm

    Red Hat Enterprise Linux BaseOS (v. 9):

    Source: curl-7.76.1-23.el9.src.rpm

    aarch64: curl-7.76.1-23.el9.aarch64.rpm curl-debuginfo-7.76.1-23.el9.aarch64.rpm curl-debugsource-7.76.1-23.el9.aarch64.rpm curl-minimal-7.76.1-23.el9.aarch64.rpm curl-minimal-debuginfo-7.76.1-23.el9.aarch64.rpm libcurl-7.76.1-23.el9.aarch64.rpm libcurl-debuginfo-7.76.1-23.el9.aarch64.rpm libcurl-minimal-7.76.1-23.el9.aarch64.rpm libcurl-minimal-debuginfo-7.76.1-23.el9.aarch64.rpm

    ppc64le: curl-7.76.1-23.el9.ppc64le.rpm curl-debuginfo-7.76.1-23.el9.ppc64le.rpm curl-debugsource-7.76.1-23.el9.ppc64le.rpm curl-minimal-7.76.1-23.el9.ppc64le.rpm curl-minimal-debuginfo-7.76.1-23.el9.ppc64le.rpm libcurl-7.76.1-23.el9.ppc64le.rpm libcurl-debuginfo-7.76.1-23.el9.ppc64le.rpm libcurl-minimal-7.76.1-23.el9.ppc64le.rpm libcurl-minimal-debuginfo-7.76.1-23.el9.ppc64le.rpm

    s390x: curl-7.76.1-23.el9.s390x.rpm curl-debuginfo-7.76.1-23.el9.s390x.rpm curl-debugsource-7.76.1-23.el9.s390x.rpm curl-minimal-7.76.1-23.el9.s390x.rpm curl-minimal-debuginfo-7.76.1-23.el9.s390x.rpm libcurl-7.76.1-23.el9.s390x.rpm libcurl-debuginfo-7.76.1-23.el9.s390x.rpm libcurl-minimal-7.76.1-23.el9.s390x.rpm libcurl-minimal-debuginfo-7.76.1-23.el9.s390x.rpm

    x86_64: curl-7.76.1-23.el9.x86_64.rpm curl-debuginfo-7.76.1-23.el9.i686.rpm curl-debuginfo-7.76.1-23.el9.x86_64.rpm curl-debugsource-7.76.1-23.el9.i686.rpm curl-debugsource-7.76.1-23.el9.x86_64.rpm curl-minimal-7.76.1-23.el9.x86_64.rpm curl-minimal-debuginfo-7.76.1-23.el9.i686.rpm curl-minimal-debuginfo-7.76.1-23.el9.x86_64.rpm libcurl-7.76.1-23.el9.i686.rpm libcurl-7.76.1-23.el9.x86_64.rpm libcurl-debuginfo-7.76.1-23.el9.i686.rpm libcurl-debuginfo-7.76.1-23.el9.x86_64.rpm libcurl-minimal-7.76.1-23.el9.i686.rpm libcurl-minimal-7.76.1-23.el9.x86_64.rpm libcurl-minimal-debuginfo-7.76.1-23.el9.i686.rpm libcurl-minimal-debuginfo-7.76.1-23.el9.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2022-35252 https://access.redhat.com/security/cve/CVE-2022-43552 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBZFo0V9zjgjWX9erEAQhmTw/9FUwLCGRKCmddNVTMAaay54EPggJFOPKx nN06YIqiK5arkX4SD58YZrX9J0gUZcwGs6s5WO35pG3F+qJXhe8E8fbzavqRG5NB oxG+pDC5+6xQxK41tkuLYJoUhF1w4yG8SuMSzroLcpbut/MAjKGGw4qgyNGit1Su xFGrDTyFxtj+tUZIQCil0HAqlXswQ7G2ukB9kQBpxNRfR0V2ANfmfkkGj8+xWauh L1PcaDezNWgAbgWbuf3mHNiwDMxWsNfcwCbx3P8sF+vRe7q5RdIFNL1oXJkPxQVy C6L29KcaLYxToNmUNyrOncWAj8KSlrDngVq3NXnG34lVzqz2t/ouc/0lX4Jc9qTL mGwYoXvlTqQgV4hGQPfDufApaukxgZfcSidSfqlNt1amYYNiYcvIyf15dht87ipB 27ahZWDKvunB4gqMG62XNHyiu9bKmDCyL57ggUBt3wxJ7H9M/OgjsI7C/i/10SMT D75GjYaU2TWyGLd4SvbV6/3pA3zAZ0Ffqc66uANwfBXC7jFd2/ykEBir3vJYTq17 r2YWYgH2sma5kwb7ZHQhLKk+N2a0g1KX+Mr0V2wJ+yAYwkbz6wu/BVDXstBFkumJ /iKmtOn0Mk07wo/3wvWu5M4tk4kZzmLzs1/ybH3GWOUbFUxbqgOos3/0Vi/uSW88 Yxf4bV/uBmU=HlZ2 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description:

    VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters. After deploying the VolSync operator, it can create and maintain copies of your persistent data.

    For more information about VolSync, see:

    https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/add-ons/add-ons-overview#volsync

    or the VolSync open source community website at: https://volsync.readthedocs.io/en/stable/.

    Security fix(es): * CVE-2023-3089 openshift: OCP & FIPS mode

    1. Bugs fixed (https://bugzilla.redhat.com/):

    2212085 - CVE-2023-3089 openshift: OCP & FIPS mode

    5

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.1.0"
          },
          {
            "_id": null,
            "model": "clustered data ontap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "bootstrap os",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "h700s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "solidfire",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.0.6"
          },
          {
            "_id": null,
            "model": "h500s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "macos",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "12.6.3"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.0.0"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "8.2.12"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.85.0"
          },
          {
            "_id": null,
            "model": "hci management node",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "element software",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "macos",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "12.0.0"
          },
          {
            "_id": null,
            "model": "h410s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "h300s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "macos",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "11.7.3"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "8.2.0"
          },
          {
            "_id": null,
            "model": "macos",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "11.0"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-35252"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "176746"
          },
          {
            "db": "PACKETSTORM",
            "id": "172378"
          },
          {
            "db": "PACKETSTORM",
            "id": "172587"
          },
          {
            "db": "PACKETSTORM",
            "id": "172195"
          },
          {
            "db": "PACKETSTORM",
            "id": "174080"
          }
        ],
        "trust": 0.5
      },
      "cve": "CVE-2022-35252",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "LOW",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.2,
                "id": "CVE-2022-35252",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-35252",
                "trust": 1.0,
                "value": "LOW"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-35252",
                "trust": 1.0,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202208-4523",
                "trust": 0.6,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202208-4523"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-35252"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-35252"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a\"sister site\" to deny service to all siblings. A security vulnerability exists in curl versions 4.9 through 7.84. ==========================================================================\nUbuntu Security Notice USN-5587-1\nSeptember 01, 2022\n\ncurl vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\ncurl could be denied access to a HTTP(S) content if it recieved\na specially crafted cookie. \n\nSoftware Description:\n- curl: HTTP, HTTPS, and FTP client and client libraries\n\nDetails:\n\nAxel Chong discovered that when curl accepted and sent back\ncookies containing control bytes that a HTTP(S) server might\nreturn a 400 (Bad Request Error) response. A malicious cookie\nhost could possibly use this to cause denial-of-service. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\ncurl 7.81.0-1ubuntu1.4\nlibcurl3-gnutls 7.81.0-1ubuntu1.4\nlibcurl3-nss 7.81.0-1ubuntu1.4\nlibcurl4 7.81.0-1ubuntu1.4\n\nUbuntu 20.04 LTS:\ncurl 7.68.0-1ubuntu2.13\nlibcurl3-gnutls 7.68.0-1ubuntu2.13\nlibcurl3-nss 7.68.0-1ubuntu2.13\nlibcurl4 7.68.0-1ubuntu2.13\n\nUbuntu 18.04 LTS:\ncurl 7.58.0-2ubuntu3.20\nlibcurl3-gnutls 7.58.0-2ubuntu3.20\nlibcurl3-nss 7.58.0-2ubuntu3.20\nlibcurl4 7.58.0-2ubuntu3.20\n\nUbuntu 16.04 ESM:\ncurl 7.47.0-1ubuntu2.19+esm5\nlibcurl3 7.47.0-1ubuntu2.19+esm5\nlibcurl3-gnutls 7.47.0-1ubuntu2.19+esm5\nlibcurl3-nss 7.47.0-1ubuntu2.19+esm5\n\nUbuntu 14.04 ESM:\ncurl 7.35.0-1ubuntu2.20+esm12\nlibcurl3 7.35.0-1ubuntu2.20+esm12\nlibcurl3-gnutls 7.35.0-1ubuntu2.20+esm12\nlibcurl3-nss 7.35.0-1ubuntu2.20+esm12\n\nIn general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202212-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: curl: Multiple Vulnerabilities\n     Date: December 19, 2022\n     Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365\n       ID: 202212-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in curl, the worst of which\ncould result in arbitrary code execution. \n\nBackground\n=========\nA command line tool and library for transferring data with URLs. \n\nAffected packages\n================\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-misc/curl              \u003c 7.86.0                    \u003e= 7.86.0\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in curl. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll curl users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-misc/curl-7.86.0\"\n\nReferences\n=========\n[ 1 ] CVE-2021-22922\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22922\n[ 2 ] CVE-2021-22923\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22923\n[ 3 ] CVE-2021-22925\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22925\n[ 4 ] CVE-2021-22926\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22926\n[ 5 ] CVE-2021-22945\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22945\n[ 6 ] CVE-2021-22946\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22946\n[ 7 ] CVE-2021-22947\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22947\n[ 8 ] CVE-2022-22576\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22576\n[ 9 ] CVE-2022-27774\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27774\n[ 10 ] CVE-2022-27775\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27775\n[ 11 ] CVE-2022-27776\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27776\n[ 12 ] CVE-2022-27779\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27779\n[ 13 ] CVE-2022-27780\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27780\n[ 14 ] CVE-2022-27781\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27781\n[ 15 ] CVE-2022-27782\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27782\n[ 16 ] CVE-2022-30115\n      https://nvd.nist.gov/vuln/detail/CVE-2022-30115\n[ 17 ] CVE-2022-32205\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32205\n[ 18 ] CVE-2022-32206\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32206\n[ 19 ] CVE-2022-32207\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32207\n[ 20 ] CVE-2022-32208\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32208\n[ 21 ] CVE-2022-32221\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32221\n[ 22 ] CVE-2022-35252\n      https://nvd.nist.gov/vuln/detail/CVE-2022-35252\n[ 23 ] CVE-2022-35260\n      https://nvd.nist.gov/vuln/detail/CVE-2022-35260\n[ 24 ] CVE-2022-42915\n      https://nvd.nist.gov/vuln/detail/CVE-2022-42915\n[ 25 ] CVE-2022-42916\n      https://nvd.nist.gov/vuln/detail/CVE-2022-42916\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202212-01\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2023-01-23-5 macOS Monterey 12.6.3\n\nmacOS Monterey 12.6.3 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213604. \n\nAppleMobileFileIntegrity\nAvailable for: macOS Monterey\nImpact: An app may be able to access user-sensitive data\nDescription: This issue was addressed by enabling hardened runtime. \nCVE-2023-23499: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n(wojciechregula.blog)\n\ncurl\nAvailable for: macOS Monterey\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.86.0. \nCVE-2022-42915\nCVE-2022-42916\nCVE-2022-32221\nCVE-2022-35260\n\ncurl\nAvailable for: macOS Monterey\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.85.0. \nCVE-2022-35252\n\ndcerpc\nAvailable for: macOS Monterey\nImpact: Mounting a maliciously crafted Samba network share may lead\nto arbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2023-23513: Dimitrios Tatsis and Aleksandar Nikolic of Cisco\nTalos\n\nDiskArbitration\nAvailable for: macOS Monterey\nImpact: An encrypted volume may be unmounted and remounted by a\ndifferent user without prompting for the password\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2023-23493: Oliver Norpoth (@norpoth) of KLIXX GmbH (klixx.com)\n\nDriverKit\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A type confusion issue was addressed with improved\nchecks. \nCVE-2022-32915: Tommy Muir (@Muirey03)\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved bounds checks. \nCVE-2023-23507: an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2023-23504: Adam Doup\u00e9 of ASU SEFCOM\n\nKernel\nAvailable for: macOS Monterey\nImpact: An app may be able to determine kernel memory layout\nDescription: An information disclosure issue was addressed by\nremoving the vulnerable code. \nCVE-2023-23502: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. (@starlabs_sg)\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: An app may be able to gain root privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2023-23497: Mickey Jin (@patch1t)\n\nScreen Time\nAvailable for: macOS Monterey\nImpact: An app may be able to access information about a user\u2019s\ncontacts\nDescription: A privacy issue was addressed with improved private data\nredaction for log entries. \nCVE-2023-23505: Wojciech Regula of SecuRing (wojciechregula.blog)\n\nWeather\nAvailable for: macOS Monterey\nImpact: An app may be able to bypass Privacy preferences\nDescription: The issue was addressed with improved memory handling. \nCVE-2023-23511: Wojciech Regula of SecuRing (wojciechregula.blog), an\nanonymous researcher\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: The issue was addressed with improved memory handling. \nWebKit Bugzilla: 248268\nCVE-2023-23518: YeongHyeon Choi (@hyeon101010), Hyeon Park\n(@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung),\nJunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE\nWebKit Bugzilla: 248268\nCVE-2023-23517: YeongHyeon Choi (@hyeon101010), Hyeon Park\n(@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung),\nJunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE\n\nWindows Installer\nAvailable for: macOS Monterey\nImpact: An app may be able to bypass Privacy preferences\nDescription: The issue was addressed with improved memory handling. \nCVE-2023-23508: Mickey Jin (@patch1t)\n\nAdditional recognition\n\nKernel\nWe would like to acknowledge Nick Stenning of Replicate for their\nassistance. \n\nmacOS Monterey 12.6.3 may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThe following advisory data is extracted from:\n\nhttps://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0428.json\n\nRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat\u0027s archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. Summary:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.6.6 General\nAvailability release images, which fix security issues and update container\nimages. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.6.6 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which fix several bugs. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/\n\nSecurity Fix(es):\n* CVE-2023-28856 redis: Insufficient validation of HINCRBYFLOAT command\n* CVE-2023-32314 vm2: Sandbox Escape\n* CVE-2023-32313 vm2: Inspect Manipulation\n\n3. Solution:\n\nFor Red Hat Advanced Cluster Management for Kubernetes, see the following\ndocumentation for details on how to install the images:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/install/installing#installing-while-connected-online\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2187525 - CVE-2023-28856 redis: Insufficient validation of HINCRBYFLOAT command\n2208376 - CVE-2023-32314 vm2: Sandbox Escape\n2208377 - CVE-2023-32313 vm2: Inspect Manipulation\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Low: curl security update\nAdvisory ID:       RHSA-2023:2478-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2023:2478\nIssue date:        2023-05-09\nCVE Names:         CVE-2022-35252 CVE-2022-43552\n====================================================================\n1. Summary:\n\nAn update for curl is now available for Red Hat Enterprise Linux 9. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. \n\nSecurity Fix(es):\n\n* curl: Incorrect handling of control code characters in cookies\n(CVE-2022-35252)\n\n* curl: Use-after-free triggered by an HTTP proxy deny response\n(CVE-2022-43552)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 9.2 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2120718 - CVE-2022-35252 curl: Incorrect handling of control code characters in cookies\n2152652 - CVE-2022-43552 curl: Use-after-free triggered by an HTTP proxy deny response\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 9):\n\naarch64:\ncurl-debuginfo-7.76.1-23.el9.aarch64.rpm\ncurl-debugsource-7.76.1-23.el9.aarch64.rpm\ncurl-minimal-debuginfo-7.76.1-23.el9.aarch64.rpm\nlibcurl-debuginfo-7.76.1-23.el9.aarch64.rpm\nlibcurl-devel-7.76.1-23.el9.aarch64.rpm\nlibcurl-minimal-debuginfo-7.76.1-23.el9.aarch64.rpm\n\nppc64le:\ncurl-debuginfo-7.76.1-23.el9.ppc64le.rpm\ncurl-debugsource-7.76.1-23.el9.ppc64le.rpm\ncurl-minimal-debuginfo-7.76.1-23.el9.ppc64le.rpm\nlibcurl-debuginfo-7.76.1-23.el9.ppc64le.rpm\nlibcurl-devel-7.76.1-23.el9.ppc64le.rpm\nlibcurl-minimal-debuginfo-7.76.1-23.el9.ppc64le.rpm\n\ns390x:\ncurl-debuginfo-7.76.1-23.el9.s390x.rpm\ncurl-debugsource-7.76.1-23.el9.s390x.rpm\ncurl-minimal-debuginfo-7.76.1-23.el9.s390x.rpm\nlibcurl-debuginfo-7.76.1-23.el9.s390x.rpm\nlibcurl-devel-7.76.1-23.el9.s390x.rpm\nlibcurl-minimal-debuginfo-7.76.1-23.el9.s390x.rpm\n\nx86_64:\ncurl-debuginfo-7.76.1-23.el9.i686.rpm\ncurl-debuginfo-7.76.1-23.el9.x86_64.rpm\ncurl-debugsource-7.76.1-23.el9.i686.rpm\ncurl-debugsource-7.76.1-23.el9.x86_64.rpm\ncurl-minimal-debuginfo-7.76.1-23.el9.i686.rpm\ncurl-minimal-debuginfo-7.76.1-23.el9.x86_64.rpm\nlibcurl-debuginfo-7.76.1-23.el9.i686.rpm\nlibcurl-debuginfo-7.76.1-23.el9.x86_64.rpm\nlibcurl-devel-7.76.1-23.el9.i686.rpm\nlibcurl-devel-7.76.1-23.el9.x86_64.rpm\nlibcurl-minimal-debuginfo-7.76.1-23.el9.i686.rpm\nlibcurl-minimal-debuginfo-7.76.1-23.el9.x86_64.rpm\n\nRed Hat Enterprise Linux BaseOS (v. 9):\n\nSource:\ncurl-7.76.1-23.el9.src.rpm\n\naarch64:\ncurl-7.76.1-23.el9.aarch64.rpm\ncurl-debuginfo-7.76.1-23.el9.aarch64.rpm\ncurl-debugsource-7.76.1-23.el9.aarch64.rpm\ncurl-minimal-7.76.1-23.el9.aarch64.rpm\ncurl-minimal-debuginfo-7.76.1-23.el9.aarch64.rpm\nlibcurl-7.76.1-23.el9.aarch64.rpm\nlibcurl-debuginfo-7.76.1-23.el9.aarch64.rpm\nlibcurl-minimal-7.76.1-23.el9.aarch64.rpm\nlibcurl-minimal-debuginfo-7.76.1-23.el9.aarch64.rpm\n\nppc64le:\ncurl-7.76.1-23.el9.ppc64le.rpm\ncurl-debuginfo-7.76.1-23.el9.ppc64le.rpm\ncurl-debugsource-7.76.1-23.el9.ppc64le.rpm\ncurl-minimal-7.76.1-23.el9.ppc64le.rpm\ncurl-minimal-debuginfo-7.76.1-23.el9.ppc64le.rpm\nlibcurl-7.76.1-23.el9.ppc64le.rpm\nlibcurl-debuginfo-7.76.1-23.el9.ppc64le.rpm\nlibcurl-minimal-7.76.1-23.el9.ppc64le.rpm\nlibcurl-minimal-debuginfo-7.76.1-23.el9.ppc64le.rpm\n\ns390x:\ncurl-7.76.1-23.el9.s390x.rpm\ncurl-debuginfo-7.76.1-23.el9.s390x.rpm\ncurl-debugsource-7.76.1-23.el9.s390x.rpm\ncurl-minimal-7.76.1-23.el9.s390x.rpm\ncurl-minimal-debuginfo-7.76.1-23.el9.s390x.rpm\nlibcurl-7.76.1-23.el9.s390x.rpm\nlibcurl-debuginfo-7.76.1-23.el9.s390x.rpm\nlibcurl-minimal-7.76.1-23.el9.s390x.rpm\nlibcurl-minimal-debuginfo-7.76.1-23.el9.s390x.rpm\n\nx86_64:\ncurl-7.76.1-23.el9.x86_64.rpm\ncurl-debuginfo-7.76.1-23.el9.i686.rpm\ncurl-debuginfo-7.76.1-23.el9.x86_64.rpm\ncurl-debugsource-7.76.1-23.el9.i686.rpm\ncurl-debugsource-7.76.1-23.el9.x86_64.rpm\ncurl-minimal-7.76.1-23.el9.x86_64.rpm\ncurl-minimal-debuginfo-7.76.1-23.el9.i686.rpm\ncurl-minimal-debuginfo-7.76.1-23.el9.x86_64.rpm\nlibcurl-7.76.1-23.el9.i686.rpm\nlibcurl-7.76.1-23.el9.x86_64.rpm\nlibcurl-debuginfo-7.76.1-23.el9.i686.rpm\nlibcurl-debuginfo-7.76.1-23.el9.x86_64.rpm\nlibcurl-minimal-7.76.1-23.el9.i686.rpm\nlibcurl-minimal-7.76.1-23.el9.x86_64.rpm\nlibcurl-minimal-debuginfo-7.76.1-23.el9.i686.rpm\nlibcurl-minimal-debuginfo-7.76.1-23.el9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-35252\nhttps://access.redhat.com/security/cve/CVE-2022-43552\nhttps://access.redhat.com/security/updates/classification/#low\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBZFo0V9zjgjWX9erEAQhmTw/9FUwLCGRKCmddNVTMAaay54EPggJFOPKx\nnN06YIqiK5arkX4SD58YZrX9J0gUZcwGs6s5WO35pG3F+qJXhe8E8fbzavqRG5NB\noxG+pDC5+6xQxK41tkuLYJoUhF1w4yG8SuMSzroLcpbut/MAjKGGw4qgyNGit1Su\nxFGrDTyFxtj+tUZIQCil0HAqlXswQ7G2ukB9kQBpxNRfR0V2ANfmfkkGj8+xWauh\nL1PcaDezNWgAbgWbuf3mHNiwDMxWsNfcwCbx3P8sF+vRe7q5RdIFNL1oXJkPxQVy\nC6L29KcaLYxToNmUNyrOncWAj8KSlrDngVq3NXnG34lVzqz2t/ouc/0lX4Jc9qTL\nmGwYoXvlTqQgV4hGQPfDufApaukxgZfcSidSfqlNt1amYYNiYcvIyf15dht87ipB\n27ahZWDKvunB4gqMG62XNHyiu9bKmDCyL57ggUBt3wxJ7H9M/OgjsI7C/i/10SMT\nD75GjYaU2TWyGLd4SvbV6/3pA3zAZ0Ffqc66uANwfBXC7jFd2/ykEBir3vJYTq17\nr2YWYgH2sma5kwb7ZHQhLKk+N2a0g1KX+Mr0V2wJ+yAYwkbz6wu/BVDXstBFkumJ\n/iKmtOn0Mk07wo/3wvWu5M4tk4kZzmLzs1/ybH3GWOUbFUxbqgOos3/0Vi/uSW88\nYxf4bV/uBmU=HlZ2\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nVolSync is a Kubernetes operator that enables asynchronous replication of\npersistent volumes within a cluster, or across clusters. After deploying\nthe VolSync operator, it can create and maintain copies of your persistent\ndata. \n\nFor more information about VolSync, see:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/add-ons/add-ons-overview#volsync\n\nor the VolSync open source community website at:\nhttps://volsync.readthedocs.io/en/stable/. \n\nSecurity fix(es): * CVE-2023-3089 openshift: OCP \u0026 FIPS mode\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2212085 - CVE-2023-3089 openshift: OCP \u0026 FIPS mode\n\n5",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-35252"
          },
          {
            "db": "VULHUB",
            "id": "VHN-428403"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-35252"
          },
          {
            "db": "PACKETSTORM",
            "id": "168239"
          },
          {
            "db": "PACKETSTORM",
            "id": "170303"
          },
          {
            "db": "PACKETSTORM",
            "id": "170697"
          },
          {
            "db": "PACKETSTORM",
            "id": "170698"
          },
          {
            "db": "PACKETSTORM",
            "id": "176746"
          },
          {
            "db": "PACKETSTORM",
            "id": "172378"
          },
          {
            "db": "PACKETSTORM",
            "id": "172587"
          },
          {
            "db": "PACKETSTORM",
            "id": "172195"
          },
          {
            "db": "PACKETSTORM",
            "id": "174080"
          }
        ],
        "trust": 1.89
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-35252",
            "trust": 2.7
          },
          {
            "db": "HACKERONE",
            "id": "1613943",
            "trust": 1.7
          },
          {
            "db": "PACKETSTORM",
            "id": "168239",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202208-4523",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "170698",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.4343",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.6333",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.4375",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.3732",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.2163",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.3143",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.3060",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.4374",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-428403",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-35252",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "170303",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "170697",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "176746",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "172378",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "172587",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "172195",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "174080",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-428403"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-35252"
          },
          {
            "db": "PACKETSTORM",
            "id": "168239"
          },
          {
            "db": "PACKETSTORM",
            "id": "170303"
          },
          {
            "db": "PACKETSTORM",
            "id": "170697"
          },
          {
            "db": "PACKETSTORM",
            "id": "170698"
          },
          {
            "db": "PACKETSTORM",
            "id": "176746"
          },
          {
            "db": "PACKETSTORM",
            "id": "172378"
          },
          {
            "db": "PACKETSTORM",
            "id": "172587"
          },
          {
            "db": "PACKETSTORM",
            "id": "172195"
          },
          {
            "db": "PACKETSTORM",
            "id": "174080"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202208-4523"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-35252"
          }
        ]
      },
      "id": "VAR-202208-2263",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-428403"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2026-03-09T23:13:33.194000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "curl Security vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=206230"
          },
          {
            "title": "Debian CVElist Bug Report Logs: curl: CVE-2022-35252: control code in cookie denial of service",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=f071eb46e3ac96bc3c50d0406c2d0685"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/JtMotoX/docker-trivy "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-35252"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202208-4523"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-20",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-35252"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.8,
            "url": "https://security.gentoo.org/glsa/202212-01"
          },
          {
            "trust": 1.7,
            "url": "https://security.netapp.com/advisory/ntap-20220930-0005/"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/kb/ht213603"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/kb/ht213604"
          },
          {
            "trust": 1.7,
            "url": "http://seclists.org/fulldisclosure/2023/jan/20"
          },
          {
            "trust": 1.7,
            "url": "http://seclists.org/fulldisclosure/2023/jan/21"
          },
          {
            "trust": 1.7,
            "url": "https://hackerone.com/reports/1613943"
          },
          {
            "trust": 1.7,
            "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html"
          },
          {
            "trust": 1.0,
            "url": "https://access.redhat.com/security/cve/cve-2022-35252"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-35252"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/170698/apple-security-advisory-2023-01-23-6.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.3143"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.2163"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.3060"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-35252/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.3732"
          },
          {
            "trust": 0.6,
            "url": "https://support.apple.com/en-us/ht213604"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/curl-denial-of-service-via-cookies-control-codes-39156"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168239/ubuntu-security-notice-usn-5587-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.4374"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.4343"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.4375"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.6333"
          },
          {
            "trust": 0.4,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.4,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2022-43552"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-43552"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-35260"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42916"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42915"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32221"
          },
          {
            "trust": 0.2,
            "url": "https://support.apple.com/downloads/"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23497"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23505"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23499"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23508"
          },
          {
            "trust": 0.2,
            "url": "https://www.apple.com/support/security/pgp/"
          },
          {
            "trust": 0.2,
            "url": "https://support.apple.com/en-us/ht201222."
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/updates/classification/#low"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2023-0361"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2023-27535"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-36227"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018831"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/jtmotox/docker-trivy"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.20"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-5587-1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.4"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.13"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22922"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27782"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27776"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27779"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30115"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22576"
          },
          {
            "trust": 0.1,
            "url": "https://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22926"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27781"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22945"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32208"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32207"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27774"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27775"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32205"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27780"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22923"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
          },
          {
            "trust": 0.1,
            "url": "https://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23507"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23493"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23504"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32915"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/ht213604."
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23502"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23518"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/ht213603."
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23517"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-23513"
          },
          {
            "trust": 0.1,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2152652"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2024:0428"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0428.json"
          },
          {
            "trust": 0.1,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179073"
          },
          {
            "trust": 0.1,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2120718"
          },
          {
            "trust": 0.1,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179092"
          },
          {
            "trust": 0.1,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252030"
          },
          {
            "trust": 0.1,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196793"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:2963"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-3619"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-41674"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-42721"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-30594"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#critical"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-2196"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-3625"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-43750"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30594"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-4129"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-41218"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3239"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3522"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-26341"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-3239"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-25815"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-42722"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1679"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2663"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-3707"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-1582"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1462"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-22490"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3028"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-20141"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-32314"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-47929"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-39188"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-2663"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-32313"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-3623"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-1999"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-26341"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-3566"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1789"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-3627"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1789"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-20141"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-28856"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2196"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-23454"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25265"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-3524"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-39189"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33656"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-3970"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-3028"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-3567"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33656"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-0394"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-0461"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33655"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-25652"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33655"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:3326"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-3628"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-3564"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-1195"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/install/installing#installing-while-connected-online"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-42720"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-23946"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-42703"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-25265"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-3522"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-29007"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1462"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1679"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:2478"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-1667"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-2283"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-0361"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24736"
          },
          {
            "trust": 0.1,
            "url": "https://volsync.readthedocs.io/en/stable/."
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2023:4576"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-38408"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-24736"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/add-ons/add-ons-overview#volsync"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-2283"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/add-ons/add-ons-overview#volsync-rep"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-3089"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-24329"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-1667"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-26604"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/vulnerabilities/rhsb-2023-001"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-24329"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-27535"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-38408"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-3089"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2023-26604"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-36227"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-428403"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-35252"
          },
          {
            "db": "PACKETSTORM",
            "id": "168239"
          },
          {
            "db": "PACKETSTORM",
            "id": "170303"
          },
          {
            "db": "PACKETSTORM",
            "id": "170697"
          },
          {
            "db": "PACKETSTORM",
            "id": "170698"
          },
          {
            "db": "PACKETSTORM",
            "id": "176746"
          },
          {
            "db": "PACKETSTORM",
            "id": "172378"
          },
          {
            "db": "PACKETSTORM",
            "id": "172587"
          },
          {
            "db": "PACKETSTORM",
            "id": "172195"
          },
          {
            "db": "PACKETSTORM",
            "id": "174080"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202208-4523"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-35252"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-428403",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-35252",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "168239",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "170303",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "170697",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "170698",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "176746",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "172378",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "172587",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "172195",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "174080",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202208-4523",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2022-35252",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-09-23T00:00:00",
            "db": "VULHUB",
            "id": "VHN-428403",
            "ident": null
          },
          {
            "date": "2022-09-02T15:21:41",
            "db": "PACKETSTORM",
            "id": "168239",
            "ident": null
          },
          {
            "date": "2022-12-19T13:48:31",
            "db": "PACKETSTORM",
            "id": "170303",
            "ident": null
          },
          {
            "date": "2023-01-24T16:41:07",
            "db": "PACKETSTORM",
            "id": "170697",
            "ident": null
          },
          {
            "date": "2023-01-24T16:41:28",
            "db": "PACKETSTORM",
            "id": "170698",
            "ident": null
          },
          {
            "date": "2024-01-26T15:24:15",
            "db": "PACKETSTORM",
            "id": "176746",
            "ident": null
          },
          {
            "date": "2023-05-16T17:09:54",
            "db": "PACKETSTORM",
            "id": "172378",
            "ident": null
          },
          {
            "date": "2023-05-26T14:34:05",
            "db": "PACKETSTORM",
            "id": "172587",
            "ident": null
          },
          {
            "date": "2023-05-09T15:14:58",
            "db": "PACKETSTORM",
            "id": "172195",
            "ident": null
          },
          {
            "date": "2023-08-09T15:56:32",
            "db": "PACKETSTORM",
            "id": "174080",
            "ident": null
          },
          {
            "date": "2022-08-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202208-4523",
            "ident": null
          },
          {
            "date": "2022-09-23T14:15:12.323000",
            "db": "NVD",
            "id": "CVE-2022-35252",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2023-03-01T00:00:00",
            "db": "VULHUB",
            "id": "VHN-428403",
            "ident": null
          },
          {
            "date": "2023-06-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202208-4523",
            "ident": null
          },
          {
            "date": "2025-05-05T17:18:16.463000",
            "db": "NVD",
            "id": "CVE-2022-35252",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202208-4523"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "curl Security hole",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202208-4523"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "_id": null,
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202208-4523"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201708-1547

    Vulnerability from variot - Updated: 2026-03-09 22:53

    The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages. The NTP.org reference implementation of ntpd contains multiple vulnerabilities. NTP Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Network Time Protocol is prone to a denial-of-service vulnerability. An attacker can leverage this issue to cause a denial-of-service condition. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. The vulnerability can be exploited over the 'SSH' protocol. The 'SSH' sub component is affected. This vulnerability affects the following supported versions: 3.0, 3.1, 3.2 NOTE: This BID is being retired as it is a duplicate of BID 75990 (OpenSSH Login Handling Security Bypass Weakness). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    ===================================================================== Red Hat Security Advisory

    Synopsis: Important: ntp security update Advisory ID: RHSA-2015:1930-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1930.html Issue date: 2015-10-26 CVE Names: CVE-2015-5300 CVE-2015-7704 =====================================================================

    1. Summary:

    Updated ntp packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7.

    Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

    1. Relevant releases/architectures:

    Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64

    It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that would increase the client's polling interval value, and effectively disable synchronization with the server. (CVE-2015-7704)

    It was found that ntpd did not correctly implement the threshold limitation for the '-g' option, which is used to set the time without any restrictions. A man-in-the-middle attacker able to intercept NTP traffic between a connecting client and an NTP server could use this flaw to force that client to make multiple steps larger than the panic threshold, effectively changing the time to an arbitrary value. (CVE-2015-5300)

    Red Hat would like to thank Aanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg of Boston University for reporting these issues.

    All ntp users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the update, the ntpd daemon will restart automatically.

    1. Solution:

    Before applying this update, make sure all previously released errata relevant to your system have been applied.

    For details on how to apply this update, refer to:

    https://access.redhat.com/articles/11258

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1271070 - CVE-2015-7704 ntp: disabling synchronization via crafted KoD packet 1271076 - CVE-2015-5300 ntp: MITM attacker can force ntpd to make a step larger than the panic threshold

    1. Package List:

    Red Hat Enterprise Linux Desktop (v. 6):

    Source: ntp-4.2.6p5-5.el6_7.2.src.rpm

    i386: ntp-4.2.6p5-5.el6_7.2.i686.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.i686.rpm ntpdate-4.2.6p5-5.el6_7.2.i686.rpm

    x86_64: ntp-4.2.6p5-5.el6_7.2.x86_64.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm ntpdate-4.2.6p5-5.el6_7.2.x86_64.rpm

    Red Hat Enterprise Linux Desktop Optional (v. 6):

    i386: ntp-debuginfo-4.2.6p5-5.el6_7.2.i686.rpm ntp-perl-4.2.6p5-5.el6_7.2.i686.rpm

    noarch: ntp-doc-4.2.6p5-5.el6_7.2.noarch.rpm

    x86_64: ntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm ntp-perl-4.2.6p5-5.el6_7.2.x86_64.rpm

    Red Hat Enterprise Linux HPC Node (v. 6):

    Source: ntp-4.2.6p5-5.el6_7.2.src.rpm

    x86_64: ntp-4.2.6p5-5.el6_7.2.x86_64.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm ntpdate-4.2.6p5-5.el6_7.2.x86_64.rpm

    Red Hat Enterprise Linux HPC Node Optional (v. 6):

    noarch: ntp-doc-4.2.6p5-5.el6_7.2.noarch.rpm

    x86_64: ntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm ntp-perl-4.2.6p5-5.el6_7.2.x86_64.rpm

    Red Hat Enterprise Linux Server (v. 6):

    Source: ntp-4.2.6p5-5.el6_7.2.src.rpm

    i386: ntp-4.2.6p5-5.el6_7.2.i686.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.i686.rpm ntpdate-4.2.6p5-5.el6_7.2.i686.rpm

    ppc64: ntp-4.2.6p5-5.el6_7.2.ppc64.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.ppc64.rpm ntpdate-4.2.6p5-5.el6_7.2.ppc64.rpm

    s390x: ntp-4.2.6p5-5.el6_7.2.s390x.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.s390x.rpm ntpdate-4.2.6p5-5.el6_7.2.s390x.rpm

    x86_64: ntp-4.2.6p5-5.el6_7.2.x86_64.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm ntpdate-4.2.6p5-5.el6_7.2.x86_64.rpm

    Red Hat Enterprise Linux Server Optional (v. 6):

    i386: ntp-debuginfo-4.2.6p5-5.el6_7.2.i686.rpm ntp-perl-4.2.6p5-5.el6_7.2.i686.rpm

    noarch: ntp-doc-4.2.6p5-5.el6_7.2.noarch.rpm

    ppc64: ntp-debuginfo-4.2.6p5-5.el6_7.2.ppc64.rpm ntp-perl-4.2.6p5-5.el6_7.2.ppc64.rpm

    s390x: ntp-debuginfo-4.2.6p5-5.el6_7.2.s390x.rpm ntp-perl-4.2.6p5-5.el6_7.2.s390x.rpm

    x86_64: ntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm ntp-perl-4.2.6p5-5.el6_7.2.x86_64.rpm

    Red Hat Enterprise Linux Workstation (v. 6):

    Source: ntp-4.2.6p5-5.el6_7.2.src.rpm

    i386: ntp-4.2.6p5-5.el6_7.2.i686.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.i686.rpm ntpdate-4.2.6p5-5.el6_7.2.i686.rpm

    x86_64: ntp-4.2.6p5-5.el6_7.2.x86_64.rpm ntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm ntpdate-4.2.6p5-5.el6_7.2.x86_64.rpm

    Red Hat Enterprise Linux Workstation Optional (v. 6):

    i386: ntp-debuginfo-4.2.6p5-5.el6_7.2.i686.rpm ntp-perl-4.2.6p5-5.el6_7.2.i686.rpm

    noarch: ntp-doc-4.2.6p5-5.el6_7.2.noarch.rpm

    x86_64: ntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm ntp-perl-4.2.6p5-5.el6_7.2.x86_64.rpm

    Red Hat Enterprise Linux Client (v. 7):

    Source: ntp-4.2.6p5-19.el7_1.3.src.rpm

    x86_64: ntp-4.2.6p5-19.el7_1.3.x86_64.rpm ntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm ntpdate-4.2.6p5-19.el7_1.3.x86_64.rpm

    Red Hat Enterprise Linux Client Optional (v. 7):

    noarch: ntp-doc-4.2.6p5-19.el7_1.3.noarch.rpm ntp-perl-4.2.6p5-19.el7_1.3.noarch.rpm

    x86_64: ntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm sntp-4.2.6p5-19.el7_1.3.x86_64.rpm

    Red Hat Enterprise Linux ComputeNode (v. 7):

    Source: ntp-4.2.6p5-19.el7_1.3.src.rpm

    x86_64: ntp-4.2.6p5-19.el7_1.3.x86_64.rpm ntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm ntpdate-4.2.6p5-19.el7_1.3.x86_64.rpm

    Red Hat Enterprise Linux ComputeNode Optional (v. 7):

    noarch: ntp-doc-4.2.6p5-19.el7_1.3.noarch.rpm ntp-perl-4.2.6p5-19.el7_1.3.noarch.rpm

    x86_64: ntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm sntp-4.2.6p5-19.el7_1.3.x86_64.rpm

    Red Hat Enterprise Linux Server (v. 7):

    Source: ntp-4.2.6p5-19.el7_1.3.src.rpm

    ppc64: ntp-4.2.6p5-19.el7_1.3.ppc64.rpm ntp-debuginfo-4.2.6p5-19.el7_1.3.ppc64.rpm ntpdate-4.2.6p5-19.el7_1.3.ppc64.rpm

    s390x: ntp-4.2.6p5-19.el7_1.3.s390x.rpm ntp-debuginfo-4.2.6p5-19.el7_1.3.s390x.rpm ntpdate-4.2.6p5-19.el7_1.3.s390x.rpm

    x86_64: ntp-4.2.6p5-19.el7_1.3.x86_64.rpm ntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm ntpdate-4.2.6p5-19.el7_1.3.x86_64.rpm

    Red Hat Enterprise Linux Server (v. 7):

    Source: ntp-4.2.6p5-19.ael7b_1.3.src.rpm

    ppc64le: ntp-4.2.6p5-19.ael7b_1.3.ppc64le.rpm ntp-debuginfo-4.2.6p5-19.ael7b_1.3.ppc64le.rpm ntpdate-4.2.6p5-19.ael7b_1.3.ppc64le.rpm

    Red Hat Enterprise Linux Server Optional (v. 7):

    noarch: ntp-doc-4.2.6p5-19.el7_1.3.noarch.rpm ntp-perl-4.2.6p5-19.el7_1.3.noarch.rpm

    ppc64: ntp-debuginfo-4.2.6p5-19.el7_1.3.ppc64.rpm sntp-4.2.6p5-19.el7_1.3.ppc64.rpm

    s390x: ntp-debuginfo-4.2.6p5-19.el7_1.3.s390x.rpm sntp-4.2.6p5-19.el7_1.3.s390x.rpm

    x86_64: ntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm sntp-4.2.6p5-19.el7_1.3.x86_64.rpm

    Red Hat Enterprise Linux Server Optional (v. 7):

    noarch: ntp-doc-4.2.6p5-19.ael7b_1.3.noarch.rpm ntp-perl-4.2.6p5-19.ael7b_1.3.noarch.rpm

    ppc64le: ntp-debuginfo-4.2.6p5-19.ael7b_1.3.ppc64le.rpm sntp-4.2.6p5-19.ael7b_1.3.ppc64le.rpm

    Red Hat Enterprise Linux Workstation (v. 7):

    Source: ntp-4.2.6p5-19.el7_1.3.src.rpm

    x86_64: ntp-4.2.6p5-19.el7_1.3.x86_64.rpm ntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm ntpdate-4.2.6p5-19.el7_1.3.x86_64.rpm

    Red Hat Enterprise Linux Workstation Optional (v. 7):

    noarch: ntp-doc-4.2.6p5-19.el7_1.3.noarch.rpm ntp-perl-4.2.6p5-19.el7_1.3.noarch.rpm

    x86_64: ntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm sntp-4.2.6p5-19.el7_1.3.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2015-5300 https://access.redhat.com/security/cve/CVE-2015-7704 https://access.redhat.com/security/updates/classification/#important

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iD8DBQFWLpsKXlSAg2UNWIIRAvn5AJ0YbKe9DZYq3JmTarVuEvM3l3fC3gCgmwd8 D1msx7GTmRIz9oZ3uE0m6Io= =mPYp -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .


    Gentoo Linux Security Advisory GLSA 201607-15


                                           https://security.gentoo.org/
    

    Severity: Normal Title: NTP: Multiple vulnerabilities Date: July 20, 2016 Bugs: #563774, #572452, #581528, #584954 ID: 201607-15


    Synopsis

    Multiple vulnerabilities have been found in NTP, the worst of which could lead to Denial of Service.

    Affected packages

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
    

    1 net-misc/ntp < 4.2.8_p8 >= 4.2.8_p8

    Description

    Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details.

    Workaround

    There is no known workaround at this time.

    Resolution

    All NTP users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8_p8"

    References

    [ 1 ] CVE-2015-7691 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7691 [ 2 ] CVE-2015-7692 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7692 [ 3 ] CVE-2015-7701 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7701 [ 4 ] CVE-2015-7702 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7702 [ 5 ] CVE-2015-7703 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7703 [ 6 ] CVE-2015-7704 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7704 [ 7 ] CVE-2015-7705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7705 [ 8 ] CVE-2015-7848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7848 [ 9 ] CVE-2015-7849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7849 [ 10 ] CVE-2015-7850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7850 [ 11 ] CVE-2015-7851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7851 [ 12 ] CVE-2015-7852 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7852 [ 13 ] CVE-2015-7853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7853 [ 14 ] CVE-2015-7854 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7854 [ 15 ] CVE-2015-7855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7855 [ 16 ] CVE-2015-7871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871 [ 17 ] CVE-2015-7973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7973 [ 18 ] CVE-2015-7974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7974 [ 19 ] CVE-2015-7975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7975 [ 20 ] CVE-2015-7976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7976 [ 21 ] CVE-2015-7977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7977 [ 22 ] CVE-2015-7978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7978 [ 23 ] CVE-2015-7979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7979 [ 24 ] CVE-2015-8138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8138 [ 25 ] CVE-2015-8139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8139 [ 26 ] CVE-2015-8140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8140 [ 27 ] CVE-2015-8158 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8158 [ 28 ] CVE-2016-1547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1547 [ 29 ] CVE-2016-1548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1548 [ 30 ] CVE-2016-1549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1549 [ 31 ] CVE-2016-1550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1550 [ 32 ] CVE-2016-1551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1551 [ 33 ] CVE-2016-2516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2516 [ 34 ] CVE-2016-2517 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2517 [ 35 ] CVE-2016-2518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2518 [ 36 ] CVE-2016-2519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2519 [ 37 ] CVE-2016-4953 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4953 [ 38 ] CVE-2016-4954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4954 [ 39 ] CVE-2016-4955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4955 [ 40 ] CVE-2016-4956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4956 [ 41 ] CVE-2016-4957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4957

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    https://security.gentoo.org/glsa/201607-15

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    http://creativecommons.org/licenses/by-sa/2.5

    .

    Release Date: 2016-09-21 Last Updated: 2016-09-21

    Potential Security Impact: Multiple Remote Vulnerabilities

    Source: Hewlett Packard Enterprise, Product Security Response Team

    VULNERABILITY SUMMARY Potential security vulnerabilities in NTP have been addressed with HPE Comware 7 (CW7) network products.

    References:

    • CVE-2015-7704
    • CVE-2015-7705
    • CVE-2015-7855
    • CVE-2015-7871
    • PSRT110228
    • SSRT102943

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - Comware 7 (CW7) Products - Please refer to the RESOLUTION below for a list of impacted products. All product versions are impacted prior to the fixed versions listed.

    BACKGROUND

    CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

    CVE-2015-7704
      6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
      6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)
    
    CVE-2015-7705
      6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
      6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)
    
    CVE-2015-7855
      6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
      6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)
    
    CVE-2015-7871
      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
      5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
    
    Information on CVSS is documented in
    HPE Customer Notice HPSN-2008-002 here:
    

    https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

    RESOLUTION HPE has released the following software updates to resolve the vulnerabilities in HPE Comware 7 network products.

    COMWARE 7 Products

    • 12500 (Comware 7) - Version: R7377
      • HP Network Products
      • JC072B HP 12500 Main Processing Unit
      • JC085A HP A12518 Switch Chassis
      • JC086A HP A12508 Switch Chassis
      • JC652A HP 12508 DC Switch Chassis
      • JC653A HP 12518 DC Switch Chassis
      • JC654A HP 12504 AC Switch Chassis
      • JC655A HP 12504 DC Switch Chassis
      • JF430A HP A12518 Switch Chassis
      • JF430B HP 12518 Switch Chassis
      • JF430C HP 12518 AC Switch Chassis
      • JF431A HP A12508 Switch Chassis
      • JF431B HP 12508 Switch Chassis
      • JF431C HP 12508 AC Switch Chassis
      • JG497A HP 12500 MPU w/Comware V7 OS
      • JG782A HP FF 12508E AC Switch Chassis
      • JG783A HP FF 12508E DC Switch Chassis
      • JG784A HP FF 12518E AC Switch Chassis
      • JG785A HP FF 12518E DC Switch Chassis
      • JG802A HP FF 12500E MPU
    • 10500 (Comware 7) - Version: R7178
      • HP Network Products
      • JC611A HP 10508-V Switch Chassis
      • JC612A HP 10508 Switch Chassis
      • JC613A HP 10504 Switch Chassis
      • JC748A HP 10512 Switch Chassis
      • JG608A HP FlexFabric 11908-V Switch Chassis
      • JG609A HP FlexFabric 11900 Main Processing Unit
      • JG820A HP 10504 TAA Switch Chassis
      • JG821A HP 10508 TAA Switch Chassis
      • JG822A HP 10508-V TAA Switch Chassis
      • JG823A HP 10512 TAA Switch Chassis
      • JG496A HP 10500 Type A MPU w/Comware v7 OS
      • JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
      • JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit
    • 12900 (Comware 7) - Version: R1138P03
      • HP Network Products
      • JG619A HP FlexFabric 12910 Switch AC Chassis
      • JG621A HP FlexFabric 12910 Main Processing Unit
      • JG632A HP FlexFabric 12916 Switch AC Chassis
      • JG634A HP FlexFabric 12916 Main Processing Unit
      • JH104A HP FlexFabric 12900E Main Processing Unit
      • JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
      • JH263A HP FlexFabric 12904E Main Processing Unit
      • JH255A HP FlexFabric 12908E Switch Chassis
      • JH262A HP FlexFabric 12904E Switch Chassis
      • JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
      • JH103A HP FlexFabric 12916E Switch Chassis
    • 5900 (Comware 7) - Version: R2422P02
      • HP Network Products
      • JC772A HP 5900AF-48XG-4QSFP+ Switch
      • JG296A HP 5920AF-24XG Switch
      • JG336A HP 5900AF-48XGT-4QSFP+ Switch
      • JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
      • JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
      • JG555A HP 5920AF-24XG TAA Switch
      • JG838A HP FF 5900CP-48XG-4QSFP+ Switch
      • JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
      • JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
      • JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
    • MSR1000 (Comware 7) - Version: R0305P08
      • HP Network Products
      • JG875A HP MSR1002-4 AC Router
      • JH060A HP MSR1003-8S AC Router
    • MSR2000 (Comware 7) - Version: R0305P08
      • HP Network Products
      • JG411A HP MSR2003 AC Router
      • JG734A HP MSR2004-24 AC Router
      • JG735A HP MSR2004-48 Router
      • JG866A HP MSR2003 TAA-compliant AC Router
    • MSR3000 (Comware 7) - Version: R0305P08
      • HP Network Products
      • JG404A HP MSR3064 Router
      • JG405A HP MSR3044 Router
      • JG406A HP MSR3024 AC Router
      • JG407A HP MSR3024 DC Router
      • JG408A HP MSR3024 PoE Router
      • JG409A HP MSR3012 AC Router
      • JG410A HP MSR3012 DC Router
      • JG861A HP MSR3024 TAA-compliant AC Router
    • MSR4000 (Comware 7) - Version: R0305P08
      • HP Network Products
      • JG402A HP MSR4080 Router Chassis
      • JG403A HP MSR4060 Router Chassis
      • JG412A HP MSR4000 MPU-100 Main Processing Unit
      • JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
    • VSR (Comware 7) - Version: E0322
      • HP Network Products
      • JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
      • JG811AAE HP VSR1001 Comware 7 Virtual Services Router
      • JG812AAE HP VSR1004 Comware 7 Virtual Services Router
      • JG813AAE HP VSR1008 Comware 7 Virtual Services Router
    • 7900 (Comware 7) - Version: R2138P03
      • HP Network Products
      • JG682A HP FlexFabric 7904 Switch Chassis
      • JG841A HP FlexFabric 7910 Switch Chassis
      • JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
      • JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
      • JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
      • JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
      • JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
      • JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
    • 5130 (Comware 7) - Version: R3111P03
      • HP Network Products
      • JG932A HP 5130-24G-4SFP+ EI Switch
      • JG933A HP 5130-24G-SFP-4SFP+ EI Switch
      • JG934A HP 5130-48G-4SFP+ EI Switch
      • JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
      • JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
      • JG938A HP 5130-24G-2SFP+-2XGT EI Switch
      • JG939A HP 5130-48G-2SFP+-2XGT EI Switch
      • JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
      • JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
      • JG975A HP 5130-24G-4SFP+ EI Brazil Switch
      • JG976A HP 5130-48G-4SFP+ EI Brazil Switch
      • JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
      • JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
    • 5700 (Comware 7) - Version: R2422P02
      • HP Network Products
      • JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
      • JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
      • JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
      • JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
      • JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
      • JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
    • 5930 (Comware 7) - Version: R2422P02
      • HP Network Products
      • JG726A HP FlexFabric 5930 32QSFP+ Switch
      • JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
      • JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
      • JH179A HP FlexFabric 5930 4-slot Switch
      • JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
      • JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
    • HSR6600 (Comware 7) - Version: R7103P07
      • HP Network Products
      • JG353A HP HSR6602-G Router
      • JG354A HP HSR6602-XG Router
      • JG776A HP HSR6602-G TAA-compliant Router
      • JG777A HP HSR6602-XG TAA-compliant Router
    • HSR6800 (Comware 7) - Version: R7103P07
      • HP Network Products
      • JG361A HP HSR6802 Router Chassis
      • JG361B HP HSR6802 Router Chassis
      • JG362A HP HSR6804 Router Chassis
      • JG362B HP HSR6804 Router Chassis
      • JG363A HP HSR6808 Router Chassis
      • JG363B HP HSR6808 Router Chassis
      • JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
      • JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing
      • JH075A HP HSR6800 RSE-X3 Router Main Processing Unit
    • 1950 (Comware 7) - Version: R3111P03
      • HP Network Products
      • JG960A HP 1950-24G-4XG Switch
      • JG961A HP 1950-48G-2SFP+-2XGT Switch
      • JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
      • JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
    • 7500 (Comware 7) - Version: R7178
      • HP Network Products
      • JD238C HP 7510 Switch Chassis
      • JD239C HP 7506 Switch Chassis
      • JD240C HP 7503 Switch Chassis
      • JD242C HP 7502 Switch Chassis
      • JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit
      • JH208A HP 7502 Main Processing Unit
      • JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit
    • 5130HI - Version: R1118P02
      • HP Network Products
      • JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch
      • JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch
      • JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch
      • JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch
    • 5510HI - Version: R1118P02
      • HP Network Products
      • JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch
      • JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch
      • JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch
      • JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch
      • JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch

    Note: Please contact HPE Technical Support if any assistance is needed acquiring the software updates.

    HISTORY Version:1 (rev.1) - 21 September 2016 Initial release

    Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

    Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

    Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com

    Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

    Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

    Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

    3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX

    Copyright 2016 Hewlett Packard Enterprise

    Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

    Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8p7-i486-1_slack14.1.txz: Upgraded. This release patches several low and medium severity security issues: CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering CVE-2016-1549: Sybil vulnerability: ephemeral association attack, AKA: ntp-sybil - MITIGATION ONLY CVE-2016-2516: Duplicate IPs on unconfig directives will cause an assertion botch CVE-2016-2517: Remote configuration trustedkey/requestkey values are not properly validated CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC CVE-2016-2519: ctl_getitem() return value not always checked CVE-2016-1547: Validate crypto-NAKs, AKA: nak-dos CVE-2016-1548: Interleave-pivot - MITIGATION ONLY CVE-2015-7704: KoD fix: peer associations were broken by the fix for NtpBug2901, AKA: Symmetric active/passive mode is broken CVE-2015-8138: Zero Origin Timestamp Bypass, AKA: Additional KoD Checks CVE-2016-1550: Improve NTP security against buffer comparison timing attacks, authdecrypt-timing, AKA: authdecrypt-timing For more information, see: http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519 ( Security fix ) +--------------------------+

    Where to find the new packages: +-----------------------------+

    Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

    Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

    Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p7-i486-1_slack13.0.txz

    Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.0.txz

    Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p7-i486-1_slack13.1.txz

    Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.1.txz

    Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p7-i486-1_slack13.37.txz

    Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.37.txz

    Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p7-i486-1_slack14.0.txz

    Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p7-x86_64-1_slack14.0.txz

    Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p7-i486-1_slack14.1.txz

    Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p7-x86_64-1_slack14.1.txz

    Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p7-i586-1.txz

    Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p7-x86_64-1.txz

    MD5 signatures: +-------------+

    Slackware 13.0 package: 785dc2ef5f80edb28dc781e261c3fe3f ntp-4.2.8p7-i486-1_slack13.0.txz

    Slackware x86_64 13.0 package: 899421096b7b63e6cb269f8b01dfd875 ntp-4.2.8p7-x86_64-1_slack13.0.txz

    Slackware 13.1 package: dfd34cbd31be3572a2bcae7f59cdfd91 ntp-4.2.8p7-i486-1_slack13.1.txz

    Slackware x86_64 13.1 package: 63c4b31736040e7950361cd0d7081c8b ntp-4.2.8p7-x86_64-1_slack13.1.txz

    Slackware 13.37 package: e760ae0c6cc3fa933e4d65d6995b0c84 ntp-4.2.8p7-i486-1_slack13.37.txz

    Slackware x86_64 13.37 package: aa448523b27bb4fcccc2f46cf4d72bc5 ntp-4.2.8p7-x86_64-1_slack13.37.txz

    Slackware 14.0 package: 3bc7e54a4164a4f91be996b5cf2e643e ntp-4.2.8p7-i486-1_slack14.0.txz

    Slackware x86_64 14.0 package: 0f6ea4dae476709f26f5d0e33378576c ntp-4.2.8p7-x86_64-1_slack14.0.txz

    Slackware 14.1 package: dbe827ee7ece6ce5ca083cdd5960162c ntp-4.2.8p7-i486-1_slack14.1.txz

    Slackware x86_64 14.1 package: 89f3edf183a6a9847d69b8349f98c901 ntp-4.2.8p7-x86_64-1_slack14.1.txz

    Slackware -current package: 4018b86edd15e40e8c5e9f50d907dcff n/ntp-4.2.8p7-i586-1.txz

    Slackware x86_64 -current package: 7dd6b64ba8c9fdaebb7becc1f5c3963d n/ntp-4.2.8p7-x86_64-1.txz

    Installation instructions: +------------------------+

    Upgrade the package as root:

    upgradepkg ntp-4.2.8p7-i486-1_slack14.1.txz

    Then, restart the NTP daemon:

    sh /etc/rc.d/rc.ntpd restart

    +-----+

    Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

    +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. 6.6) - i386, noarch, ppc64, s390x, x86_64

    1. ============================================================================ Ubuntu Security Notice USN-2783-1 October 27, 2015

    ntp vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 15.10
    • Ubuntu 15.04
    • Ubuntu 14.04 LTS
    • Ubuntu 12.04 LTS

    Summary:

    Several security issues were fixed in NTP. (CVE-2015-5146)

    Miroslav Lichvar discovered that NTP incorrectly handled logconfig directives. (CVE-2015-5194)

    Miroslav Lichvar discovered that NTP incorrectly handled certain statistics types. (CVE-2015-5195)

    Miroslav Lichvar discovered that NTP incorrectly handled certain file paths. Cohen, and Sharon Goldberg discovered that NTP incorrectly handled restarting after hitting a panic threshold. A remote attacker could possibly use this issue to alter the system time on clients. (CVE-2015-7691, CVE-2015-7692, CVE-2015-7702)

    It was discovered that NTP incorrectly handled memory when processing certain autokey messages. Cohen, and Sharon Goldberg discovered that NTP incorrectly handled rate limiting. A remote attacker could possibly use this issue to cause clients to stop updating their clock. (CVE-2015-7704, CVE-2015-7705)

    Yves Younan discovered that NTP incorrectly handled logfile and keyfile directives. (CVE-2015-7850)

    Yves Younan and Aleksander Nikolich discovered that NTP incorrectly handled ascii conversion. (CVE-2015-7852)

    Yves Younan discovered that NTP incorrectly handled reference clock memory. A malicious refclock could possibly use this issue to cause NTP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-7853)

    John D "Doug" Birdwell discovered that NTP incorrectly handled decoding certain bogus values. (CVE-2015-7855)

    Stephen Gray discovered that NTP incorrectly handled symmetric association authentication. A remote attacker could use this issue to possibly bypass authentication and alter the system clock. (CVE-2015-7871)

    In the default installation, attackers would be isolated by the NTP AppArmor profile.

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 15.10: ntp 1:4.2.6.p5+dfsg-3ubuntu8.1

    Ubuntu 15.04: ntp 1:4.2.6.p5+dfsg-3ubuntu6.2

    Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.5

    Ubuntu 12.04 LTS: ntp 1:4.2.6.p3+dfsg-1ubuntu3.6

    In general, a standard system update will make all the necessary changes. An attacker could use a specially crafted package to cause ntpd to crash if:

    • ntpd enabled remote configuration
    • The attacker had the knowledge of the configuration password
    • The attacker had access to a computer entrusted to perform remote configuration

    Note that remote configuration is disabled by default in NTP.

    CVE-2015-5194

    It was found that ntpd could crash due to an uninitialized
    variable when processing malformed logconfig configuration
    commands.
    

    CVE-2015-5195

    It was found that ntpd exits with a segmentation fault when a
    statistics type that was not enabled during compilation (e.g. 
    timingstats) is referenced by the statistics or filegen
    configuration command
    

    CVE-2015-5219

    It was discovered that sntp program would hang in an infinite loop
    when a crafted NTP packet was received, related to the conversion
    of the precision value in the packet to double. If the threshold is exceeded
    after that, ntpd will exit with a message to the system log. This
    option can be used with the -q and -x options.
    
    ntpd could actually step the clock multiple times by more than the
    panic threshold if its clock discipline doesn't have enough time to
    reach the sync state and stay there for at least one update.
    
    This is contrary to what the documentation says. Normally, the
    assumption is that an MITM attacker can step the clock more than the
    panic threshold only once when ntpd starts and to make a larger
    adjustment the attacker has to divide it into multiple smaller
    steps, each taking 15 minutes, which is slow.
    

    CVE-2015-7691, CVE-2015-7692, CVE-2015-7702

    It was found that the fix for CVE-2014-9750 was incomplete: three
    issues were found in the value length checks in ntp_crypto.c, where
    a packet with particular autokey operations that contained malicious
    data was not always being completely validated. Receipt of these
    packets can cause ntpd to crash.
    

    CVE-2015-7701

    A memory leak flaw was found in ntpd's CRYPTO_ASSOC. If ntpd is
    configured to use autokey authentication, an attacker could send
    packets to ntpd that would, after several days of ongoing attack,
    cause it to run out of memory.
    

    CVE-2015-7703

    Miroslav Lichvar of Red Hat found that the :config command can be
    used to set the pidfile and driftfile paths without any
    restrictions. A remote attacker could use this flaw to overwrite a
    file on the file system with a file containing the pid of the ntpd
    process (immediately) or the current estimated drift of the system
    clock (in hourly intervals). For example:
    
    ntpq -c ':config pidfile /tmp/ntp.pid'
    ntpq -c ':config driftfile /tmp/ntp.drift'
    
    In Debian ntpd is configured to drop root privileges, which limits
    the impact of this issue.
    

    CVE-2015-7704

    If ntpd as an NTP client receives a Kiss-of-Death (KoD) packet
    from the server to reduce its polling rate, it doesn't check if the
    originate timestamp in the reply matches the transmit timestamp from
    its request. A
    specially crafted configuration file could cause an endless loop
    resulting in a denial of service.  An attacker could provide a the
    malicious configuration file to trigger this vulnerability.
    

    CVE-2015-7852

    A potential off by one vulnerability exists in the cookedprint
    functionality of ntpq. A specially crafted buffer could cause a
    buffer overflow potentially resulting in null byte being written out
    of bounds.
    

    CVE-2015-7855

    It was found that NTP's decodenetnum() would abort with an assertion
    failure when processing a mode 6 or mode 7 packet containing an
    unusually long data value where a network address was expected. This
    could allow an authenticated attacker to crash ntpd.
    

    CVE-2015-7871

    An error handling logic error exists within ntpd that manifests due
    to improper error condition handling associated with certain
    crypto-NAK packets. An unauthenticated, off-path attacker can force
    ntpd processes on targeted servers to peer with time sources of the
    attacker's choosing by transmitting symmetric active crypto-NAK
    packets to ntpd. This attack bypasses the authentication typically
    required to establish a peer association and allows an attacker to
    make arbitrary changes to system time.
    

    For the oldstable distribution (wheezy), these problems have been fixed in version 1:4.2.6.p5+dfsg-2+deb7u6.

    For the stable distribution (jessie), these problems have been fixed in version 1:4.2.6.p5+dfsg-7+deb8u1.

    For the testing distribution (stretch), these problems have been fixed in version 1:4.2.8p4+dfsg-3.

    For the unstable distribution (sid), these problems have been fixed in version 1:4.2.8p4+dfsg-3.

    We recommend that you upgrade your ntp packages

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "ntp",
            "version": "4.2.8"
          },
          {
            "_id": null,
            "model": "xenserver",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "citrix",
            "version": "6.0.2"
          },
          {
            "_id": null,
            "model": "xenserver",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "citrix",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "xenserver",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "citrix",
            "version": "6.5"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 1.1,
            "vendor": "ntp",
            "version": "4.3.77"
          },
          {
            "_id": null,
            "model": "enterprise linux workstation",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "enterprise linux server tus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "6.6"
          },
          {
            "_id": null,
            "model": "enterprise security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "10.4.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "enterprise linux server eus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "enterprise linux server tus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.7"
          },
          {
            "_id": null,
            "model": "data ontap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise linux server tus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.3"
          },
          {
            "_id": null,
            "model": "enterprise security manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ntp",
            "version": "4.3.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "enterprise linux server tus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "6.5"
          },
          {
            "_id": null,
            "model": "enterprise linux server aus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "6.6"
          },
          {
            "_id": null,
            "model": "enterprise linux server eus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "6.7"
          },
          {
            "_id": null,
            "model": "enterprise linux workstation",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "enterprise linux server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "enterprise linux server aus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.7"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ntp",
            "version": "4.2.0"
          },
          {
            "_id": null,
            "model": "enterprise linux server eus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "6.6"
          },
          {
            "_id": null,
            "model": "enterprise linux server eus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "enterprise linux server aus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.3"
          },
          {
            "_id": null,
            "model": "oncommand unified manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise linux server eus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.7"
          },
          {
            "_id": null,
            "model": "xenserver",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "citrix",
            "version": "6.2.0"
          },
          {
            "_id": null,
            "model": "enterprise linux server eus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.3"
          },
          {
            "_id": null,
            "model": "enterprise linux server aus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "6.5"
          },
          {
            "_id": null,
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "enterprise linux server aus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.4"
          },
          {
            "_id": null,
            "model": "enterprise linux server tus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.6"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "enterprise linux server eus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "6.5"
          },
          {
            "_id": null,
            "model": "clustered data ontap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "ntp",
            "version": "4.2.8"
          },
          {
            "_id": null,
            "model": "enterprise linux server eus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.4"
          },
          {
            "_id": null,
            "model": "enterprise security manager",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "11.0.0"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "ntp",
            "version": "4.3.77"
          },
          {
            "_id": null,
            "model": "oncommand performance manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise linux server aus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.6"
          },
          {
            "_id": null,
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "enterprise linux server eus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.6"
          },
          {
            "_id": null,
            "model": "enterprise linux server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "ntp",
            "version": "4.3.70"
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ntp",
            "version": null
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "ntp",
            "version": "4.3.x"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ntp",
            "version": "4.2.8p4"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "ntp",
            "version": "4.x"
          },
          {
            "_id": null,
            "model": "web gateway",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mcafee",
            "version": "7.6.2.0"
          },
          {
            "_id": null,
            "model": "web gateway",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mcafee",
            "version": "7.3.28"
          },
          {
            "_id": null,
            "model": "web gateway",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "mcafee",
            "version": "7.5.2.9"
          },
          {
            "_id": null,
            "model": "web gateway",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mcafee",
            "version": "7.3.2.9."
          },
          {
            "_id": null,
            "model": "web gateway",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mcafee",
            "version": "7.3.2.4"
          },
          {
            "_id": null,
            "model": "web gateway",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "mcafee",
            "version": "7.6.2.1"
          },
          {
            "_id": null,
            "model": "web gateway",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mcafee",
            "version": "7.3.2.9"
          },
          {
            "_id": null,
            "model": "web gateway",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mcafee",
            "version": "7.5.2.8"
          },
          {
            "_id": null,
            "model": "web gateway",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mcafee",
            "version": "7.4.2.1"
          },
          {
            "_id": null,
            "model": "web gateway",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mcafee",
            "version": "7.3.2"
          },
          {
            "_id": null,
            "model": "web gateway",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mcafee",
            "version": "7.4.0"
          },
          {
            "_id": null,
            "model": "web gateway",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mcafee",
            "version": "7.1.5.1"
          },
          {
            "_id": null,
            "model": "web gateway",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mcafee",
            "version": "7.3.2.10"
          },
          {
            "_id": null,
            "model": "web gateway",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mcafee",
            "version": "7.4.2"
          },
          {
            "_id": null,
            "model": "web gateway",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mcafee",
            "version": "7.2.0.9"
          },
          {
            "_id": null,
            "model": "web gateway",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mcafee",
            "version": "7.3.2.6"
          },
          {
            "_id": null,
            "model": "web gateway",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mcafee",
            "version": "7.1.5.2"
          },
          {
            "_id": null,
            "model": "web gateway",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mcafee",
            "version": "7.4.1"
          },
          {
            "_id": null,
            "model": "web gateway",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mcafee",
            "version": "7.4.13"
          },
          {
            "_id": null,
            "model": "web gateway",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mcafee",
            "version": "7.0.0"
          },
          {
            "_id": null,
            "model": "web gateway",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "mcafee",
            "version": "7.3.2.2"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ntp",
            "version": "4.3.67"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ntp",
            "version": "4.3.74"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ntp",
            "version": "4.3.68"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ntp",
            "version": "4.3.69"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ntp",
            "version": "4.3.72"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ntp",
            "version": "4.3.73"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ntp",
            "version": "4.3.75"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ntp",
            "version": "4.3.76"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ntp",
            "version": "4.3.71"
          },
          {
            "_id": null,
            "model": "taa switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10508-v0"
          },
          {
            "_id": null,
            "model": "switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "105080"
          },
          {
            "_id": null,
            "model": "10.2-rc1-p2",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "power hmc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.3.0.0"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "taa switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "105080"
          },
          {
            "_id": null,
            "model": "smartcloud entry fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.211"
          },
          {
            "_id": null,
            "model": "enterprise linux server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "nexus series switches",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "90000"
          },
          {
            "_id": null,
            "model": "qlogic virtual fabric extension module for ibm bladecenter",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.3.14.0"
          },
          {
            "_id": null,
            "model": "extremexos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "21.1"
          },
          {
            "_id": null,
            "model": "flexfabric 7.2tbps taa-compliant fabric/main processing uni",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "79100"
          },
          {
            "_id": null,
            "model": "flexfabric 2qsfp+ 2-slot switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "59300"
          },
          {
            "_id": null,
            "model": "security access manager for mobile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.5"
          },
          {
            "_id": null,
            "model": "1950-24g-2sfp+-2xgt-poe+ switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "smartcloud entry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.0.1"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.4"
          },
          {
            "_id": null,
            "model": "hsr6800 rse-x3 router main processing unit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "24g 4sfp+ hi 1-slot switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "55100"
          },
          {
            "_id": null,
            "model": "powerkvm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "smartcloud entry appliance fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.24"
          },
          {
            "_id": null,
            "model": "power hmc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.4.0.0"
          },
          {
            "_id": null,
            "model": "edge digital media player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3400"
          },
          {
            "_id": null,
            "model": "enterprise linux workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "_id": null,
            "model": "small business series wireless access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3210"
          },
          {
            "_id": null,
            "model": "security access manager for mobile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.3"
          },
          {
            "_id": null,
            "model": "48g 4sfp+ 1-slot hi switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "51300"
          },
          {
            "_id": null,
            "model": "extremexos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "15.7.4"
          },
          {
            "_id": null,
            "model": "jabber guest",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "10.0(2)"
          },
          {
            "_id": null,
            "model": "smartcloud entry fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.219"
          },
          {
            "_id": null,
            "model": "10.1-release-p5",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "smartcloud entry appliance fi",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.0.4"
          },
          {
            "_id": null,
            "model": "5130-24g-4sfp+ ei brazil switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "smartcloud entry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1.0.2"
          },
          {
            "_id": null,
            "model": "real-time compression appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.1.2"
          },
          {
            "_id": null,
            "model": "prime license manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "visual quality experience server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "9.3-release-p22",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "ff 12508e dc switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "10.1-rc1-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "smartcloud entry fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.22"
          },
          {
            "_id": null,
            "model": "flex system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.3.4.0"
          },
          {
            "_id": null,
            "model": "5130-48g-poe+-4sfp+ ei brazil switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "prime collaboration assurance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "hsr6602-xg taa-compliant router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flexfabric 12904e switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "9.3-release-p10",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-release-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "extremexos patch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "15.7.38"
          },
          {
            "_id": null,
            "model": "1950-48g-2sfp+-2xgt switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "mpu w/comware os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "12500v70"
          },
          {
            "_id": null,
            "model": "prime infrastructure standalone plug and play gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ff 12518e dc switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5130-24g-poe+-4sfp+ ei brazil switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "qlogic 8gb intelligent pass-thru module and san switch module",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.10.1.37.00"
          },
          {
            "_id": null,
            "model": "dc switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "125040"
          },
          {
            "_id": null,
            "model": "smartcloud entry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.0.4"
          },
          {
            "_id": null,
            "model": "ruggedcom rox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "flexfabric 2.4tbps fabric main processing unit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7910/0"
          },
          {
            "_id": null,
            "model": "4.2.8p3",
            "scope": null,
            "trust": 0.3,
            "vendor": "ntp",
            "version": null
          },
          {
            "_id": null,
            "model": "prime access registrar appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "scos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flexfabric taa-compliant switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "79100"
          },
          {
            "_id": null,
            "model": "10.1-release-p17",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "msr2003 taa-compliant ac router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "10.1-releng",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "smartcloud entry appliance fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.44"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ntp",
            "version": "4.2.6"
          },
          {
            "_id": null,
            "model": "main processing unit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "125000"
          },
          {
            "_id": null,
            "model": "msr2004-48 router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flexfabric 5700-32xgt-8xg-2qsfp+ taa-compliant switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5900af-48xg-4qsfp+ taa switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "clean access manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "xenserver common criteria",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "citrix",
            "version": "6.0.2"
          },
          {
            "_id": null,
            "model": "common services platform collector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ac switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "125080"
          },
          {
            "_id": null,
            "model": "9.3-beta3-p2",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "media experience engines",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "wap371 wireless access point",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "security access manager for mobile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.2"
          },
          {
            "_id": null,
            "model": "flexfabric 12916e switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "p1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ntp",
            "version": "4.2.2"
          },
          {
            "_id": null,
            "model": "flexfabric 5700-48g-4xg-2qsfp+ switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "10.1-rc2-p3",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise linux server eus 6.7.z",
            "scope": null,
            "trust": 0.3,
            "vendor": "redhat",
            "version": null
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1"
          },
          {
            "_id": null,
            "model": "10.1-release-p23",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "xenserver sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "citrix",
            "version": "6.2.0"
          },
          {
            "_id": null,
            "model": "mediasense",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flexfabric 7.2tbps fabric main processing unit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7910/0"
          },
          {
            "_id": null,
            "model": "hsr6808 router chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "smartcloud entry fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.42"
          },
          {
            "_id": null,
            "model": "hsr6800 rse-x2 router taa-compliant main processing",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "msr1003-8s ac router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5130-24g-sfp-4sfp+ ei switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flexfabric 12900e main processing unit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "show and share",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "sentinel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ucs director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "msr4060 router chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ff 12500e mpu",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ruggedcom rox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "1.14.5"
          },
          {
            "_id": null,
            "model": "telepresence isdn link",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "1950-24g-4xg switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "48g poe+ 4sfp+ 1-slot hi switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "51300"
          },
          {
            "_id": null,
            "model": "physical access manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flexfabric 32qsfp+ switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "59300"
          },
          {
            "_id": null,
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "powerkvm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "ac switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "125180"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "smartcloud entry fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.08"
          },
          {
            "_id": null,
            "model": "5130-48g-poe+-2sfp+-2xgt ei switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "msr4000 mpu-100 main processing unit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "communications session border controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "7.2.0"
          },
          {
            "_id": null,
            "model": "smartcloud entry appliance fp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.4.0.4"
          },
          {
            "_id": null,
            "model": "nac guest server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "enterprise content delivery system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "security network protection",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.1"
          },
          {
            "_id": null,
            "model": "vsr1001 comware virtual services router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "70"
          },
          {
            "_id": null,
            "model": "9.3-rc",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "flexfabric 12904e main processing unit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "enterprise linux workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "9.3-beta1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "smartcloud entry fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1.08"
          },
          {
            "_id": null,
            "model": "5130-24g-4sfp+ ei switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "10.2-rc2-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "ff 12508e ac switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "smartcloud entry appliance fp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.4.0.3"
          },
          {
            "_id": null,
            "model": "10.1-rc2-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "_id": null,
            "model": "video delivery system recorder",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "msr4080 router chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "smartcloud entry fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.213"
          },
          {
            "_id": null,
            "model": "10.1-release",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "communications session border controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "7.3.0"
          },
          {
            "_id": null,
            "model": "websphere datapower xc10 appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.5"
          },
          {
            "_id": null,
            "model": "msr3044 router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5130-48g-4sfp+ ei brazil switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "4.2.5p186",
            "scope": null,
            "trust": 0.3,
            "vendor": "ntp",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-release-p2",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "smartcloud entry appliance fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.22"
          },
          {
            "_id": null,
            "model": "9.3-stable",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.1-release-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "digital media manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "linux x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "14.1"
          },
          {
            "_id": null,
            "model": "msr3064 router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "48g poe+ 4sfp+ hi 1-slot switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "55100"
          },
          {
            "_id": null,
            "model": "10.1-release-p9",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "netsight appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "4.2.5p3",
            "scope": null,
            "trust": 0.3,
            "vendor": "ntp",
            "version": null
          },
          {
            "_id": null,
            "model": "msr2004-24 ac router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flexfabric 32qsfp+ taa-compliant switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "59300"
          },
          {
            "_id": null,
            "model": "smartcloud entry appliance fixpac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "smartcloud entry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1.0.1"
          },
          {
            "_id": null,
            "model": "smartcloud entry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.0.2"
          },
          {
            "_id": null,
            "model": "automation stratix",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "rockwell",
            "version": "590015.6.3"
          },
          {
            "_id": null,
            "model": "9.3-rc2-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "flex system fc3171 8gb san switch and san pass-thru",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.0.00"
          },
          {
            "_id": null,
            "model": "security access manager for mobile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.1"
          },
          {
            "_id": null,
            "model": "smartcloud entry appliance fix pack",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.46"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.5"
          },
          {
            "_id": null,
            "model": "smartcloud entry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1.0.3"
          },
          {
            "_id": null,
            "model": "unity express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "smartcloud entry appliance fix pack",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.26"
          },
          {
            "_id": null,
            "model": "10.2-rc1-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "flexfabric 2qsfp+ 2-slot taa-compliant switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "59300"
          },
          {
            "_id": null,
            "model": "switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "75030"
          },
          {
            "_id": null,
            "model": "switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "75060"
          },
          {
            "_id": null,
            "model": "4.2.8p5",
            "scope": null,
            "trust": 0.3,
            "vendor": "ntp",
            "version": null
          },
          {
            "_id": null,
            "model": "hsr6602-g taa-compliant router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "netsight appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "6.3"
          },
          {
            "_id": null,
            "model": "telepresence exchange system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5130-24g-poe+-2sfp+-2xgt ei switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "7"
          },
          {
            "_id": null,
            "model": "flexfabric main processing unit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "119000"
          },
          {
            "_id": null,
            "model": "security access manager for mobile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.4"
          },
          {
            "_id": null,
            "model": "10.1-beta1-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "automation stratix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rockwell",
            "version": "59000"
          },
          {
            "_id": null,
            "model": "9.3-release-p3",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "smartcloud entry fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.32"
          },
          {
            "_id": null,
            "model": "5130-24g-poe+-4sfp+ ei switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.3"
          },
          {
            "_id": null,
            "model": "switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "75020"
          },
          {
            "_id": null,
            "model": "security access manager for mobile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.2"
          },
          {
            "_id": null,
            "model": "msr3024 taa-compliant ac router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "hosted collaboration mediation fulfillment",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "smartcloud entry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.4.0"
          },
          {
            "_id": null,
            "model": "smartcloud entry appliance fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.34"
          },
          {
            "_id": null,
            "model": "5900af 48g 4xg 2qsfp+ taa-compliant",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flexfabric switch ac chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "129160"
          },
          {
            "_id": null,
            "model": "10.1-stable",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "type a mpu w/comware os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10500v70"
          },
          {
            "_id": null,
            "model": "dc switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "125080"
          },
          {
            "_id": null,
            "model": "5900af-48xgt-4qsfp+ switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "intrusion prevention system solutions",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "prime access registrar",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "onepk all-in-one vm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "xenserver sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "citrix",
            "version": "6.5"
          },
          {
            "_id": null,
            "model": "smartcloud entry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.0.0"
          },
          {
            "_id": null,
            "model": "msr3024 dc router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flexfabric switch ac chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "129100"
          },
          {
            "_id": null,
            "model": "9.3-beta1-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-release-p25",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "summit wm3000 series",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "0"
          },
          {
            "_id": null,
            "model": "hsr6800 rse-x2 router main processing unit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "14.1"
          },
          {
            "_id": null,
            "model": "series ip phones vpn feature",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "8800-0"
          },
          {
            "_id": null,
            "model": "smartcloud entry fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.21"
          },
          {
            "_id": null,
            "model": "small business series wireless access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1210"
          },
          {
            "_id": null,
            "model": "msr3012 dc router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5130-48g-poe+-4sfp+ ei switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "industrial router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "9100"
          },
          {
            "_id": null,
            "model": "10.2-beta2-p2",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "vsr1008 comware virtual services router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "70"
          },
          {
            "_id": null,
            "model": "smartcloud entry fixpack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.3.0.33"
          },
          {
            "_id": null,
            "model": "type d taa-compliant with comware os main processing un",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10500v70"
          },
          {
            "_id": null,
            "model": "security network protection",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.2"
          },
          {
            "_id": null,
            "model": "video distribution suite for internet streaming",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "smartcloud entry fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.31"
          },
          {
            "_id": null,
            "model": "4.2.8p7",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ntp",
            "version": null
          },
          {
            "_id": null,
            "model": "smartcloud entry fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.218"
          },
          {
            "_id": null,
            "model": "flexfabric taa-compliant switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "79040"
          },
          {
            "_id": null,
            "model": "websphere datapower xc10 appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "vsr1004 comware virtual services router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "70"
          },
          {
            "_id": null,
            "model": "flex system manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.3.20"
          },
          {
            "_id": null,
            "model": "smartcloud entry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "24g poe+ 4sfp+ 1-slot hi switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "51300"
          },
          {
            "_id": null,
            "model": "p4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ntp",
            "version": "4.2.4"
          },
          {
            "_id": null,
            "model": "ruggedcom rox",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "2.9.0"
          },
          {
            "_id": null,
            "model": "linux x86 64 -current",
            "scope": null,
            "trust": 0.3,
            "vendor": "slackware",
            "version": null
          },
          {
            "_id": null,
            "model": "10.1-beta3-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "freebsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "14.0"
          },
          {
            "_id": null,
            "model": "netsight appliance",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "6.4"
          },
          {
            "_id": null,
            "model": "smartcloud entry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.0.3"
          },
          {
            "_id": null,
            "model": "dcm series 9900-digital content manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "freebsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "9.3"
          },
          {
            "_id": null,
            "model": "flexfabric switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "79100"
          },
          {
            "_id": null,
            "model": "10.1-rc3-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "smartcloud entry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.3.0"
          },
          {
            "_id": null,
            "model": "dc switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "125180"
          },
          {
            "_id": null,
            "model": "hsr6802 router chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "hsr6602-xg router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "extremexos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "15.7"
          },
          {
            "_id": null,
            "model": "switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "75100"
          },
          {
            "_id": null,
            "model": "smartcloud entry fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.214"
          },
          {
            "_id": null,
            "model": "flexfabric 5700-32xgt-8xg-2qsfp+ switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "9.3-prerelease",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-release-p21",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "flexfabric 4-slot taa-compliant switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "59300"
          },
          {
            "_id": null,
            "model": "smartcloud entry fp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.19"
          },
          {
            "_id": null,
            "model": "9.3-release-p24",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "extremexos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "16.2"
          },
          {
            "_id": null,
            "model": "smartcloud entry appliance fp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1.0.4"
          },
          {
            "_id": null,
            "model": "10.1-release-p19",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "hsr6804 router chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "extremexos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "15.4.1.0"
          },
          {
            "_id": null,
            "model": "ac switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "125040"
          },
          {
            "_id": null,
            "model": "ruggedcom rox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "2.6.2"
          },
          {
            "_id": null,
            "model": "smartcloud entry appliance fixpac",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "5900af-48g-4xg-2qsfp+ switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "9.3-release-p13",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.1-prerelease",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "msr3024 ac router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "purview appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "smartcloud entry fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.113"
          },
          {
            "_id": null,
            "model": "ff 5900cp-48xg-4qsfp+ switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "network device security assessment",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "smartcloud entry appliance fp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.3.0.4"
          },
          {
            "_id": null,
            "model": "24g 4sfp+ 1-slot hi switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "51300"
          },
          {
            "_id": null,
            "model": "smartcloud entry appliance fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.11"
          },
          {
            "_id": null,
            "model": "asa cx and cisco prime security manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5920af-24xg switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flexfabric 4-slot switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "59300"
          },
          {
            "_id": null,
            "model": "nac appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "flexfabric 5700-40xg-2qsfp+ taa-compliant switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "msr2003 ac router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "msr4000 taa-compliant mpu-100 main processing unit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ruggedcom rox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "1.16"
          },
          {
            "_id": null,
            "model": "9.3-release-p29",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "smartcloud entry fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.110"
          },
          {
            "_id": null,
            "model": "standalone rack server cimc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "power hmc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.2.0.0"
          },
          {
            "_id": null,
            "model": "flexfabric main processing unit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "129160"
          },
          {
            "_id": null,
            "model": "9.3-rc2",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "purview appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "6.3"
          },
          {
            "_id": null,
            "model": "9.3-rc3-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.37"
          },
          {
            "_id": null,
            "model": "freebsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "10.2"
          },
          {
            "_id": null,
            "model": "flexfabric main processing unit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "129100"
          },
          {
            "_id": null,
            "model": "smartcloud entry appliance fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.21"
          },
          {
            "_id": null,
            "model": "smartcloud entry appliance fix pack",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.36"
          },
          {
            "_id": null,
            "model": "telepresence video communication server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "nac appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "6.3"
          },
          {
            "_id": null,
            "model": "switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "125080"
          },
          {
            "_id": null,
            "model": "telepresence sx series",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "9.3-rc1-p2",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.1-rc4-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "meetingplace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "48g 4sfp+ hi 1-slot switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "55100"
          },
          {
            "_id": null,
            "model": "security guardium",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "smartcloud entry appliance fp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.3.0.3"
          },
          {
            "_id": null,
            "model": "unified computing system e-series blade server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "smartcloud entry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1.0.0"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ntp",
            "version": "4.3.92"
          },
          {
            "_id": null,
            "model": "flexfabric taa-compliant main processing unit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "129100"
          },
          {
            "_id": null,
            "model": "p74",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ntp",
            "version": "4.2.5"
          },
          {
            "_id": null,
            "model": "expressway series",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "smartcloud entry appliance fp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.0.4"
          },
          {
            "_id": null,
            "model": "flexfabric 5700-48g-4xg-2qsfp+ taa-compliant switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5900af 48xgt 4qsfp+ taa-compliant switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "4.2.8p2",
            "scope": null,
            "trust": 0.3,
            "vendor": "ntp",
            "version": null
          },
          {
            "_id": null,
            "model": "10.1-release-p6",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "edge digital media player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3000"
          },
          {
            "_id": null,
            "model": "extremexos patch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "15.7.31"
          },
          {
            "_id": null,
            "model": "10.2-beta2-p3",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "smartcloud entry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "msr3012 ac router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "smartcloud entry appliance fi",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.4.0.4"
          },
          {
            "_id": null,
            "model": "management heartbeat server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flex system fc3171 8gb san switch and san pass-thru",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.7.03.00"
          },
          {
            "_id": null,
            "model": "smartcloud entry fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1.09"
          },
          {
            "_id": null,
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "14.0"
          },
          {
            "_id": null,
            "model": "smartcloud entry appliance fp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.0.4"
          },
          {
            "_id": null,
            "model": "real-time compression appliance",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.1.17"
          },
          {
            "_id": null,
            "model": "p6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ntp",
            "version": "4.2.4"
          },
          {
            "_id": null,
            "model": "switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "105040"
          },
          {
            "_id": null,
            "model": "connected grid routers",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "125180"
          },
          {
            "_id": null,
            "model": "telepresence integrator c series",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "taa switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "105040"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.2"
          },
          {
            "_id": null,
            "model": "p7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ntp",
            "version": "4.2.4"
          },
          {
            "_id": null,
            "model": "nac server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "smartcloud entry appliance fp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.0.3"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ntp",
            "version": "4.3"
          },
          {
            "_id": null,
            "model": "smartcloud entry appliance fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.12"
          },
          {
            "_id": null,
            "model": "linux x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.1"
          },
          {
            "_id": null,
            "model": "smartcloud entry fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.4.01"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ntp",
            "version": "4.1.2"
          },
          {
            "_id": null,
            "model": "p5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ntp",
            "version": "4.2.4"
          },
          {
            "_id": null,
            "model": "flexfabric 2.4tbps taa-compliant fabric/main processing uni",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "79100"
          },
          {
            "_id": null,
            "model": "nac appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5130-48g-4sfp+ ei switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "smartcloud entry appliance fixpac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "security access manager for mobile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.3"
          },
          {
            "_id": null,
            "model": "linux x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.0"
          },
          {
            "_id": null,
            "model": "smartcloud entry fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.09"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.02"
          },
          {
            "_id": null,
            "model": "a12508 switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "application policy infrastructure controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5130-24g-2sfp+-2xgt ei switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ntp",
            "version": "4.3.25"
          },
          {
            "_id": null,
            "model": "network analysis module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "4.2.8p4",
            "scope": null,
            "trust": 0.3,
            "vendor": "ntp",
            "version": null
          },
          {
            "_id": null,
            "model": "extremexos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "15.6.4"
          },
          {
            "_id": null,
            "model": "purview appliance",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "6.4"
          },
          {
            "_id": null,
            "model": "prime infrastructure",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise linux server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "_id": null,
            "model": "power hmc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.1.0.0"
          },
          {
            "_id": null,
            "model": "identity services engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "extremexos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "15.3"
          },
          {
            "_id": null,
            "model": "5130-48g-2sfp+-2xgt ei switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "4.2.8p6",
            "scope": null,
            "trust": 0.3,
            "vendor": "ntp",
            "version": null
          },
          {
            "_id": null,
            "model": "nac appliance",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "6.4"
          },
          {
            "_id": null,
            "model": "telepresence ex series",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "msr1002-4 ac router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "105120"
          },
          {
            "_id": null,
            "model": "qlogic virtual fabric extension module for ibm bladecenter",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "4.2.7p11",
            "scope": null,
            "trust": 0.3,
            "vendor": "ntp",
            "version": null
          },
          {
            "_id": null,
            "model": "5900af-48xg-4qsfp+ switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "type d main processing unit with comware os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10500v70"
          },
          {
            "_id": null,
            "model": "taa switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "105120"
          },
          {
            "_id": null,
            "model": "smartcloud entry jre update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.3.0.34"
          },
          {
            "_id": null,
            "model": "vsr1001 virtual services router day evaluation software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "600"
          },
          {
            "_id": null,
            "model": "unified communications manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "linux x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.37"
          },
          {
            "_id": null,
            "model": "24g sfp 4sfp+ hi 1-slot switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "55100"
          },
          {
            "_id": null,
            "model": "10.2-release-p6",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.2-stable",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-release-p5",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "5920af-24xg taa switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "smartcloud entry fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.010"
          },
          {
            "_id": null,
            "model": "junos os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flexfabric switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "79040"
          },
          {
            "_id": null,
            "model": "flexfabric 12908e switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "xenserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "citrix",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "9.3-beta1-p2",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "linux -current",
            "scope": null,
            "trust": 0.3,
            "vendor": "slackware",
            "version": null
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.1"
          },
          {
            "_id": null,
            "model": "telepresence conductor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "smartcloud entry appliance fixpac",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "security access manager for mobile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1"
          },
          {
            "_id": null,
            "model": "security access manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.0"
          },
          {
            "_id": null,
            "model": "content security appliance updater servers",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "centos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "centos",
            "version": "6"
          },
          {
            "_id": null,
            "model": "flexfabric taa-compliant switch ac chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "129100"
          },
          {
            "_id": null,
            "model": "10.1-release-p16",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "unified communications manager session management edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flexfabric 5700-40xg-2qsfp+ switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "9.3-release-p6",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise linux hpc node",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "main processing unit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "75020"
          },
          {
            "_id": null,
            "model": "support central",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "9.3-release-p9",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "ff 12518e ac switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "small business series wireless access points",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5000"
          },
          {
            "_id": null,
            "model": "virtual security gateway for microsoft hyper-v",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "p4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ntp",
            "version": "4.2.2"
          },
          {
            "_id": null,
            "model": "flexfabric 5900cp 48xg 4qsfp+ taa-compliant",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "prime service catalog virtual appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "access registrar appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "24g poe+ 4sfp+ hi 1-slot switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "55100"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ntp",
            "version": "4.3.90"
          },
          {
            "_id": null,
            "model": "hsr6602-g router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "videoscape control suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "1950-48g-2sfp+-2xgt-poe+ switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "0"
          },
          {
            "_id": null,
            "model": "security access manager for mobile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "smartcloud entry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "telepresence mx series",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ucs central",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "telepresence profile series",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "msr3024 poe router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "a12518 switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "visual quality experience tools server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "smartcloud entry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1.0.4"
          },
          {
            "_id": null,
            "model": "emergency responder",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "enterprise linux hpc node",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "_id": null,
            "model": "extremexos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "15.7.2"
          },
          {
            "_id": null,
            "model": "im and presence service",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ruggedcom rox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "ruggedcom rox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "2.6.3"
          },
          {
            "_id": null,
            "model": "flexfabric switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "11908-v0"
          },
          {
            "_id": null,
            "model": "smartcloud entry appliance fi",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.3.0.4"
          },
          {
            "_id": null,
            "model": "cloud object store",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "10.2-prerelease",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10508-v0"
          },
          {
            "_id": null,
            "model": "qlogic 8gb intelligent pass-thru module and san switch module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.10"
          },
          {
            "_id": null,
            "model": "vm server for",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "x863.4"
          },
          {
            "_id": null,
            "model": "vm server for",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "x863.3"
          },
          {
            "_id": null,
            "model": "vm server for",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "x863.2"
          },
          {
            "_id": null,
            "model": "integrated lights out manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "integrated lights out manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "integrated lights out manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "3.0"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#718152"
          },
          {
            "db": "BID",
            "id": "77280"
          },
          {
            "db": "BID",
            "id": "92012"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-585"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007700"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7704"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:ntp:ntp",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007700"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Aanchal Malhotra, Isaac E. Cohen, Erik Brakke, and Sharon Goldberg from Boston University",
        "sources": [
          {
            "db": "BID",
            "id": "77280"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2015-7704",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2015-7704",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2015-7704",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2015-7704",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-7704",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2015-7704",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201510-585",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2015-7704",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2015-7704"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-585"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007700"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7704"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted \"KOD\" messages. The NTP.org reference implementation of ntpd contains multiple vulnerabilities. NTP Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Network Time Protocol is prone to a denial-of-service vulnerability. \nAn attacker can leverage this issue to cause a denial-of-service condition. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. \nThe vulnerability can be exploited over the \u0027SSH\u0027 protocol. The \u0027SSH\u0027 sub component is affected. \nThis vulnerability affects the following supported versions:\n3.0, 3.1, 3.2\nNOTE: This BID is being retired as it is a duplicate of BID 75990 (OpenSSH Login Handling Security Bypass Weakness). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: ntp security update\nAdvisory ID:       RHSA-2015:1930-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1930.html\nIssue date:        2015-10-26\nCVE Names:         CVE-2015-5300 CVE-2015-7704 \n=====================================================================\n\n1. Summary:\n\nUpdated ntp packages that fix two security issues are now available for\nRed Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64\n\n3. \n\nIt was discovered that ntpd as a client did not correctly check timestamps\nin Kiss-of-Death packets. A remote attacker could use this flaw to send a\ncrafted Kiss-of-Death packet to an ntpd client that would increase the\nclient\u0027s polling interval value, and effectively disable synchronization\nwith the server. (CVE-2015-7704)\n\nIt was found that ntpd did not correctly implement the threshold limitation\nfor the \u0027-g\u0027 option, which is used to set the time without any\nrestrictions. A man-in-the-middle attacker able to intercept NTP traffic\nbetween a connecting client and an NTP server could use this flaw to force\nthat client to make multiple steps larger than the panic threshold,\neffectively changing the time to an arbitrary value. (CVE-2015-5300)\n\nRed Hat would like to thank Aanchal Malhotra, Isaac E. Cohen, and Sharon\nGoldberg of Boston University for reporting these issues. \n\nAll ntp users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing the\nupdate, the ntpd daemon will restart automatically. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1271070 - CVE-2015-7704 ntp: disabling synchronization via crafted KoD packet\n1271076 - CVE-2015-5300 ntp: MITM attacker can force ntpd to make a step larger than the panic threshold\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nntp-4.2.6p5-5.el6_7.2.src.rpm\n\ni386:\nntp-4.2.6p5-5.el6_7.2.i686.rpm\nntp-debuginfo-4.2.6p5-5.el6_7.2.i686.rpm\nntpdate-4.2.6p5-5.el6_7.2.i686.rpm\n\nx86_64:\nntp-4.2.6p5-5.el6_7.2.x86_64.rpm\nntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm\nntpdate-4.2.6p5-5.el6_7.2.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nntp-debuginfo-4.2.6p5-5.el6_7.2.i686.rpm\nntp-perl-4.2.6p5-5.el6_7.2.i686.rpm\n\nnoarch:\nntp-doc-4.2.6p5-5.el6_7.2.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm\nntp-perl-4.2.6p5-5.el6_7.2.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nntp-4.2.6p5-5.el6_7.2.src.rpm\n\nx86_64:\nntp-4.2.6p5-5.el6_7.2.x86_64.rpm\nntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm\nntpdate-4.2.6p5-5.el6_7.2.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nnoarch:\nntp-doc-4.2.6p5-5.el6_7.2.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm\nntp-perl-4.2.6p5-5.el6_7.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nntp-4.2.6p5-5.el6_7.2.src.rpm\n\ni386:\nntp-4.2.6p5-5.el6_7.2.i686.rpm\nntp-debuginfo-4.2.6p5-5.el6_7.2.i686.rpm\nntpdate-4.2.6p5-5.el6_7.2.i686.rpm\n\nppc64:\nntp-4.2.6p5-5.el6_7.2.ppc64.rpm\nntp-debuginfo-4.2.6p5-5.el6_7.2.ppc64.rpm\nntpdate-4.2.6p5-5.el6_7.2.ppc64.rpm\n\ns390x:\nntp-4.2.6p5-5.el6_7.2.s390x.rpm\nntp-debuginfo-4.2.6p5-5.el6_7.2.s390x.rpm\nntpdate-4.2.6p5-5.el6_7.2.s390x.rpm\n\nx86_64:\nntp-4.2.6p5-5.el6_7.2.x86_64.rpm\nntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm\nntpdate-4.2.6p5-5.el6_7.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nntp-debuginfo-4.2.6p5-5.el6_7.2.i686.rpm\nntp-perl-4.2.6p5-5.el6_7.2.i686.rpm\n\nnoarch:\nntp-doc-4.2.6p5-5.el6_7.2.noarch.rpm\n\nppc64:\nntp-debuginfo-4.2.6p5-5.el6_7.2.ppc64.rpm\nntp-perl-4.2.6p5-5.el6_7.2.ppc64.rpm\n\ns390x:\nntp-debuginfo-4.2.6p5-5.el6_7.2.s390x.rpm\nntp-perl-4.2.6p5-5.el6_7.2.s390x.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm\nntp-perl-4.2.6p5-5.el6_7.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nntp-4.2.6p5-5.el6_7.2.src.rpm\n\ni386:\nntp-4.2.6p5-5.el6_7.2.i686.rpm\nntp-debuginfo-4.2.6p5-5.el6_7.2.i686.rpm\nntpdate-4.2.6p5-5.el6_7.2.i686.rpm\n\nx86_64:\nntp-4.2.6p5-5.el6_7.2.x86_64.rpm\nntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm\nntpdate-4.2.6p5-5.el6_7.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nntp-debuginfo-4.2.6p5-5.el6_7.2.i686.rpm\nntp-perl-4.2.6p5-5.el6_7.2.i686.rpm\n\nnoarch:\nntp-doc-4.2.6p5-5.el6_7.2.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-5.el6_7.2.x86_64.rpm\nntp-perl-4.2.6p5-5.el6_7.2.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nntp-4.2.6p5-19.el7_1.3.src.rpm\n\nx86_64:\nntp-4.2.6p5-19.el7_1.3.x86_64.rpm\nntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm\nntpdate-4.2.6p5-19.el7_1.3.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-19.el7_1.3.noarch.rpm\nntp-perl-4.2.6p5-19.el7_1.3.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm\nsntp-4.2.6p5-19.el7_1.3.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nntp-4.2.6p5-19.el7_1.3.src.rpm\n\nx86_64:\nntp-4.2.6p5-19.el7_1.3.x86_64.rpm\nntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm\nntpdate-4.2.6p5-19.el7_1.3.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-19.el7_1.3.noarch.rpm\nntp-perl-4.2.6p5-19.el7_1.3.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm\nsntp-4.2.6p5-19.el7_1.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nntp-4.2.6p5-19.el7_1.3.src.rpm\n\nppc64:\nntp-4.2.6p5-19.el7_1.3.ppc64.rpm\nntp-debuginfo-4.2.6p5-19.el7_1.3.ppc64.rpm\nntpdate-4.2.6p5-19.el7_1.3.ppc64.rpm\n\ns390x:\nntp-4.2.6p5-19.el7_1.3.s390x.rpm\nntp-debuginfo-4.2.6p5-19.el7_1.3.s390x.rpm\nntpdate-4.2.6p5-19.el7_1.3.s390x.rpm\n\nx86_64:\nntp-4.2.6p5-19.el7_1.3.x86_64.rpm\nntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm\nntpdate-4.2.6p5-19.el7_1.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nntp-4.2.6p5-19.ael7b_1.3.src.rpm\n\nppc64le:\nntp-4.2.6p5-19.ael7b_1.3.ppc64le.rpm\nntp-debuginfo-4.2.6p5-19.ael7b_1.3.ppc64le.rpm\nntpdate-4.2.6p5-19.ael7b_1.3.ppc64le.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-19.el7_1.3.noarch.rpm\nntp-perl-4.2.6p5-19.el7_1.3.noarch.rpm\n\nppc64:\nntp-debuginfo-4.2.6p5-19.el7_1.3.ppc64.rpm\nsntp-4.2.6p5-19.el7_1.3.ppc64.rpm\n\ns390x:\nntp-debuginfo-4.2.6p5-19.el7_1.3.s390x.rpm\nsntp-4.2.6p5-19.el7_1.3.s390x.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm\nsntp-4.2.6p5-19.el7_1.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-19.ael7b_1.3.noarch.rpm\nntp-perl-4.2.6p5-19.ael7b_1.3.noarch.rpm\n\nppc64le:\nntp-debuginfo-4.2.6p5-19.ael7b_1.3.ppc64le.rpm\nsntp-4.2.6p5-19.ael7b_1.3.ppc64le.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nntp-4.2.6p5-19.el7_1.3.src.rpm\n\nx86_64:\nntp-4.2.6p5-19.el7_1.3.x86_64.rpm\nntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm\nntpdate-4.2.6p5-19.el7_1.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-19.el7_1.3.noarch.rpm\nntp-perl-4.2.6p5-19.el7_1.3.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-19.el7_1.3.x86_64.rpm\nsntp-4.2.6p5-19.el7_1.3.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-5300\nhttps://access.redhat.com/security/cve/CVE-2015-7704\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFWLpsKXlSAg2UNWIIRAvn5AJ0YbKe9DZYq3JmTarVuEvM3l3fC3gCgmwd8\nD1msx7GTmRIz9oZ3uE0m6Io=\n=mPYp\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201607-15\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: NTP: Multiple vulnerabilities\n     Date: July 20, 2016\n     Bugs: #563774, #572452, #581528, #584954\n       ID: 201607-15\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in NTP, the worst of which\ncould lead to Denial of Service. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-misc/ntp                \u003c 4.2.8_p8               \u003e= 4.2.8_p8\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in NTP. Please review the\nCVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll NTP users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-misc/ntp-4.2.8_p8\"\n\nReferences\n==========\n\n[  1 ] CVE-2015-7691\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7691\n[  2 ] CVE-2015-7692\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7692\n[  3 ] CVE-2015-7701\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7701\n[  4 ] CVE-2015-7702\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7702\n[  5 ] CVE-2015-7703\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7703\n[  6 ] CVE-2015-7704\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7704\n[  7 ] CVE-2015-7705\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7705\n[  8 ] CVE-2015-7848\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7848\n[  9 ] CVE-2015-7849\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7849\n[ 10 ] CVE-2015-7850\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7850\n[ 11 ] CVE-2015-7851\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7851\n[ 12 ] CVE-2015-7852\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7852\n[ 13 ] CVE-2015-7853\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7853\n[ 14 ] CVE-2015-7854\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7854\n[ 15 ] CVE-2015-7855\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7855\n[ 16 ] CVE-2015-7871\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871\n[ 17 ] CVE-2015-7973\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7973\n[ 18 ] CVE-2015-7974\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7974\n[ 19 ] CVE-2015-7975\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7975\n[ 20 ] CVE-2015-7976\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7976\n[ 21 ] CVE-2015-7977\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7977\n[ 22 ] CVE-2015-7978\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7978\n[ 23 ] CVE-2015-7979\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7979\n[ 24 ] CVE-2015-8138\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8138\n[ 25 ] CVE-2015-8139\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8139\n[ 26 ] CVE-2015-8140\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8140\n[ 27 ] CVE-2015-8158\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8158\n[ 28 ] CVE-2016-1547\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1547\n[ 29 ] CVE-2016-1548\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1548\n[ 30 ] CVE-2016-1549\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1549\n[ 31 ] CVE-2016-1550\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1550\n[ 32 ] CVE-2016-1551\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1551\n[ 33 ] CVE-2016-2516\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2516\n[ 34 ] CVE-2016-2517\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2517\n[ 35 ] CVE-2016-2518\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2518\n[ 36 ] CVE-2016-2519\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2519\n[ 37 ] CVE-2016-4953\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4953\n[ 38 ] CVE-2016-4954\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4954\n[ 39 ] CVE-2016-4955\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4955\n[ 40 ] CVE-2016-4956\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4956\n[ 41 ] CVE-2016-4957\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4957\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201607-15\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. \n\nRelease Date: 2016-09-21\nLast Updated: 2016-09-21\n\nPotential Security Impact: Multiple Remote Vulnerabilities\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities in NTP have been addressed with HPE\nComware 7 (CW7) network products. \n\nReferences:\n\n  - CVE-2015-7704\n  - CVE-2015-7705\n  - CVE-2015-7855\n  - CVE-2015-7871\n  - PSRT110228\n  - SSRT102943\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n  - Comware 7 (CW7) Products - Please refer to the RESOLUTION\n below for a list of impacted products. All product versions are impacted\nprior to the fixed versions listed. \n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n    CVE-2015-7704\n      6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\n      6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)\n\n    CVE-2015-7705\n      6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\n      6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)\n\n    CVE-2015-7855\n      6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\n      6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)\n\n    CVE-2015-7871\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\n      5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n    Information on CVSS is documented in\n    HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\nHPE has released the following software updates to resolve the\nvulnerabilities in HPE Comware 7 network products. \n\n**COMWARE 7 Products**\n\n  + **12500 (Comware 7) - Version: R7377**\n    * HP Network Products\n      - JC072B HP 12500 Main Processing Unit\n      - JC085A HP A12518 Switch Chassis\n      - JC086A HP A12508 Switch Chassis\n      - JC652A HP 12508 DC Switch Chassis\n      - JC653A HP 12518 DC Switch Chassis\n      - JC654A HP 12504 AC Switch Chassis\n      - JC655A HP 12504 DC Switch Chassis\n      - JF430A HP A12518 Switch Chassis\n      - JF430B HP 12518 Switch Chassis\n      - JF430C HP 12518 AC Switch Chassis\n      - JF431A HP A12508 Switch Chassis\n      - JF431B HP 12508 Switch Chassis\n      - JF431C HP 12508 AC Switch Chassis\n      - JG497A HP 12500 MPU w/Comware V7 OS\n      - JG782A HP FF 12508E AC Switch Chassis\n      - JG783A HP FF 12508E DC Switch Chassis\n      - JG784A HP FF 12518E AC Switch Chassis\n      - JG785A HP FF 12518E DC Switch Chassis\n      - JG802A HP FF 12500E MPU\n  + **10500 (Comware 7) - Version: R7178**\n    * HP Network Products\n      - JC611A HP 10508-V Switch Chassis\n      - JC612A HP 10508 Switch Chassis\n      - JC613A HP 10504 Switch Chassis\n      - JC748A HP 10512 Switch Chassis\n      - JG608A HP FlexFabric 11908-V Switch Chassis\n      - JG609A HP FlexFabric 11900 Main Processing Unit\n      - JG820A HP 10504 TAA Switch Chassis\n      - JG821A HP 10508 TAA Switch Chassis\n      - JG822A HP 10508-V TAA Switch Chassis\n      - JG823A HP 10512 TAA Switch Chassis\n      - JG496A HP 10500 Type A MPU w/Comware v7 OS\n      - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n      - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System\nMain Processing Unit\n  + **12900 (Comware 7) - Version: R1138P03**\n    * HP Network Products\n      - JG619A HP FlexFabric 12910 Switch AC Chassis\n      - JG621A HP FlexFabric 12910 Main Processing Unit\n      - JG632A HP FlexFabric 12916 Switch AC Chassis\n      - JG634A HP FlexFabric 12916 Main Processing Unit\n      - JH104A HP FlexFabric 12900E Main Processing Unit\n      - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n      - JH263A HP FlexFabric 12904E Main Processing Unit\n      - JH255A HP FlexFabric 12908E Switch Chassis\n      - JH262A HP FlexFabric 12904E Switch Chassis\n      - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n      - JH103A HP FlexFabric 12916E Switch Chassis\n  + **5900 (Comware 7) - Version: R2422P02**\n    * HP Network Products\n      - JC772A HP 5900AF-48XG-4QSFP+ Switch\n      - JG296A HP 5920AF-24XG Switch\n      - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n      - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n      - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n      - JG555A HP 5920AF-24XG TAA Switch\n      - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n      - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n      - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n      - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n  + **MSR1000 (Comware 7) - Version: R0305P08**\n    * HP Network Products\n      - JG875A HP MSR1002-4 AC Router\n      - JH060A HP MSR1003-8S AC Router\n  + **MSR2000 (Comware 7) - Version: R0305P08**\n    * HP Network Products\n      - JG411A HP MSR2003 AC Router\n      - JG734A HP MSR2004-24 AC Router\n      - JG735A HP MSR2004-48 Router\n      - JG866A HP MSR2003 TAA-compliant AC Router\n  + **MSR3000 (Comware 7) - Version: R0305P08**\n    * HP Network Products\n      - JG404A HP MSR3064 Router\n      - JG405A HP MSR3044 Router\n      - JG406A HP MSR3024 AC Router\n      - JG407A HP MSR3024 DC Router\n      - JG408A HP MSR3024 PoE Router\n      - JG409A HP MSR3012 AC Router\n      - JG410A HP MSR3012 DC Router\n      - JG861A HP MSR3024 TAA-compliant AC Router\n  + **MSR4000 (Comware 7) - Version: R0305P08**\n    * HP Network Products\n      - JG402A HP MSR4080 Router Chassis\n      - JG403A HP MSR4060 Router Chassis\n      - JG412A HP MSR4000 MPU-100 Main Processing Unit\n      - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n  + **VSR (Comware 7) - Version: E0322**\n    * HP Network Products\n      - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n      - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n      - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n      - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n  + **7900 (Comware 7) - Version: R2138P03**\n    * HP Network Products\n      - JG682A HP FlexFabric 7904 Switch Chassis\n      - JG841A HP FlexFabric 7910 Switch Chassis\n      - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n      - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n      - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n      - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n      - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n      - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n  + **5130 (Comware 7) - Version: R3111P03**\n    * HP Network Products\n      - JG932A HP 5130-24G-4SFP+ EI Switch\n      - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n      - JG934A HP 5130-48G-4SFP+ EI Switch\n      - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n      - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n      - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n      - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n      - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n      - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n      - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n      - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n  + **5700 (Comware 7) - Version: R2422P02**\n    * HP Network Products\n      - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n      - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n      - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n      - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n      - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n      - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n  + **5930 (Comware 7) - Version: R2422P02**\n    * HP Network Products\n      - JG726A HP FlexFabric 5930 32QSFP+ Switch\n      - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n      - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n      - JH179A HP FlexFabric 5930 4-slot Switch\n      - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n      - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n  + **HSR6600 (Comware 7) - Version: R7103P07**\n    * HP Network Products\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n  + **HSR6800 (Comware 7) - Version: R7103P07**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing\n      - JH075A HP HSR6800 RSE-X3 Router Main Processing Unit\n  + **1950 (Comware 7) - Version: R3111P03**\n    * HP Network Products\n      - JG960A HP 1950-24G-4XG Switch\n      - JG961A HP 1950-48G-2SFP+-2XGT Switch\n      - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n      - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n  + **7500 (Comware 7) - Version: R7178**\n    * HP Network Products\n      - JD238C HP 7510 Switch Chassis\n      - JD239C HP 7506 Switch Chassis\n      - JD240C HP 7503 Switch Chassis\n      - JD242C HP 7502 Switch Chassis\n      - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only\nMain Processing Unit\n      - JH208A HP 7502 Main Processing Unit\n      - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port\n40GbE QSFP+ Main Processing Unit\n  + **5130HI - Version: R1118P02**\n    * HP Network Products\n      - JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch\n      - JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch\n      - JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch\n      - JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch\n  + **5510HI - Version: R1118P02**\n    * HP Network Products\n      - JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch\n      - JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch\n      - JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch\n      - JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch\n      - JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch\n\n**Note:** Please contact HPE Technical Support if any assistance is needed\nacquiring the software updates. \n\nHISTORY\nVersion:1 (rev.1) - 21 September 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n  Web form: https://www.hpe.com/info/report-security-vulnerability\n  Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/ntp-4.2.8p7-i486-1_slack14.1.txz:  Upgraded. \n  This release patches several low and medium severity security issues:\n  CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering\n  CVE-2016-1549: Sybil vulnerability: ephemeral association attack,\n    AKA: ntp-sybil - MITIGATION ONLY\n  CVE-2016-2516: Duplicate IPs on unconfig directives will cause an assertion\n    botch\n  CVE-2016-2517: Remote configuration trustedkey/requestkey values are not\n    properly validated\n  CVE-2016-2518: Crafted addpeer with hmode \u003e 7 causes array wraparound with\n    MATCH_ASSOC\n  CVE-2016-2519: ctl_getitem() return value not always checked\n  CVE-2016-1547: Validate crypto-NAKs, AKA: nak-dos\n  CVE-2016-1548: Interleave-pivot - MITIGATION ONLY\n  CVE-2015-7704: KoD fix: peer associations were broken by the fix for\n    NtpBug2901, AKA: Symmetric active/passive mode is broken\n  CVE-2015-8138: Zero Origin Timestamp Bypass, AKA: Additional KoD Checks\n  CVE-2016-1550: Improve NTP security against buffer comparison timing attacks,\n    authdecrypt-timing, AKA: authdecrypt-timing\n  For more information, see:\n    http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p7-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p7-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p7-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p7-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p7-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p7-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p7-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p7-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p7-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 package:\n785dc2ef5f80edb28dc781e261c3fe3f  ntp-4.2.8p7-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n899421096b7b63e6cb269f8b01dfd875  ntp-4.2.8p7-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\ndfd34cbd31be3572a2bcae7f59cdfd91  ntp-4.2.8p7-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n63c4b31736040e7950361cd0d7081c8b  ntp-4.2.8p7-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\ne760ae0c6cc3fa933e4d65d6995b0c84  ntp-4.2.8p7-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\naa448523b27bb4fcccc2f46cf4d72bc5  ntp-4.2.8p7-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n3bc7e54a4164a4f91be996b5cf2e643e  ntp-4.2.8p7-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n0f6ea4dae476709f26f5d0e33378576c  ntp-4.2.8p7-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\ndbe827ee7ece6ce5ca083cdd5960162c  ntp-4.2.8p7-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n89f3edf183a6a9847d69b8349f98c901  ntp-4.2.8p7-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n4018b86edd15e40e8c5e9f50d907dcff  n/ntp-4.2.8p7-i586-1.txz\n\nSlackware x86_64 -current package:\n7dd6b64ba8c9fdaebb7becc1f5c3963d  n/ntp-4.2.8p7-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg ntp-4.2.8p7-i486-1_slack14.1.txz\n\nThen, restart the NTP daemon:\n\n# sh /etc/rc.d/rc.ntpd restart\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. 6.6) - i386, noarch, ppc64, s390x, x86_64\n\n3. ============================================================================\nUbuntu Security Notice USN-2783-1\nOctober 27, 2015\n\nntp vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 15.04\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in NTP. (CVE-2015-5146)\n\nMiroslav Lichvar discovered that NTP incorrectly handled logconfig\ndirectives. (CVE-2015-5194)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain statistics\ntypes. (CVE-2015-5195)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain file\npaths. Cohen, and Sharon Goldberg discovered that NTP\nincorrectly handled restarting after hitting a panic threshold. A remote\nattacker could possibly use this issue to alter the system time on clients. \n(CVE-2015-7691, CVE-2015-7692, CVE-2015-7702)\n\nIt was discovered that NTP incorrectly handled memory when processing\ncertain autokey messages. Cohen, and Sharon Goldberg discovered that NTP\nincorrectly handled rate limiting. A remote attacker could possibly use\nthis issue to cause clients to stop updating their clock. (CVE-2015-7704,\nCVE-2015-7705)\n\nYves Younan discovered that NTP incorrectly handled logfile and keyfile\ndirectives. (CVE-2015-7850)\n\nYves Younan and Aleksander Nikolich discovered that NTP incorrectly handled\nascii conversion. (CVE-2015-7852)\n\nYves Younan discovered that NTP incorrectly handled reference clock memory. \nA malicious refclock could possibly use this issue to cause NTP to crash,\nresulting in a denial of service, or possibly execute arbitrary code. \n(CVE-2015-7853)\n\nJohn D \"Doug\" Birdwell discovered that NTP incorrectly handled decoding\ncertain bogus values. (CVE-2015-7855)\n\nStephen Gray discovered that NTP incorrectly handled symmetric association\nauthentication. A remote attacker could use this issue to possibly bypass\nauthentication and alter the system clock. (CVE-2015-7871)\n\nIn the default installation, attackers would be isolated by the NTP\nAppArmor profile. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n  ntp                             1:4.2.6.p5+dfsg-3ubuntu8.1\n\nUbuntu 15.04:\n  ntp                             1:4.2.6.p5+dfsg-3ubuntu6.2\n\nUbuntu 14.04 LTS:\n  ntp                             1:4.2.6.p5+dfsg-3ubuntu2.14.04.5\n\nUbuntu 12.04 LTS:\n  ntp                             1:4.2.6.p3+dfsg-1ubuntu3.6\n\nIn general, a standard system update will make all the necessary changes. An attacker could use a specially crafted\n   package to cause ntpd to crash if:\n\n   * ntpd enabled remote configuration\n   * The attacker had the knowledge of the configuration password\n   * The attacker had access to a computer entrusted to perform remote\n     configuration\n\n   Note that remote configuration is disabled by default in NTP. \n\nCVE-2015-5194\n\n    It was found that ntpd could crash due to an uninitialized\n    variable when processing malformed logconfig configuration\n    commands. \n\nCVE-2015-5195\n\n    It was found that ntpd exits with a segmentation fault when a\n    statistics type that was not enabled during compilation (e.g. \n    timingstats) is referenced by the statistics or filegen\n    configuration command\n\nCVE-2015-5219\n\n    It was discovered that sntp program would hang in an infinite loop\n    when a crafted NTP packet was received, related to the conversion\n    of the precision value in the packet to double. If the threshold is exceeded\n    after that, ntpd will exit with a message to the system log. This\n    option can be used with the -q and -x options. \n\n    ntpd could actually step the clock multiple times by more than the\n    panic threshold if its clock discipline doesn\u0027t have enough time to\n    reach the sync state and stay there for at least one update. \n\n    This is contrary to what the documentation says. Normally, the\n    assumption is that an MITM attacker can step the clock more than the\n    panic threshold only once when ntpd starts and to make a larger\n    adjustment the attacker has to divide it into multiple smaller\n    steps, each taking 15 minutes, which is slow. \n\nCVE-2015-7691, CVE-2015-7692, CVE-2015-7702\n\n    It was found that the fix for CVE-2014-9750 was incomplete: three\n    issues were found in the value length checks in ntp_crypto.c, where\n    a packet with particular autokey operations that contained malicious\n    data was not always being completely validated. Receipt of these\n    packets can cause ntpd to crash. \n\nCVE-2015-7701\n\n    A memory leak flaw was found in ntpd\u0027s CRYPTO_ASSOC. If ntpd is\n    configured to use autokey authentication, an attacker could send\n    packets to ntpd that would, after several days of ongoing attack,\n    cause it to run out of memory. \n\nCVE-2015-7703\n\n    Miroslav Lichvar of Red Hat found that the :config command can be\n    used to set the pidfile and driftfile paths without any\n    restrictions. A remote attacker could use this flaw to overwrite a\n    file on the file system with a file containing the pid of the ntpd\n    process (immediately) or the current estimated drift of the system\n    clock (in hourly intervals). For example:\n\n    ntpq -c \u0027:config pidfile /tmp/ntp.pid\u0027\n    ntpq -c \u0027:config driftfile /tmp/ntp.drift\u0027\n\n    In Debian ntpd is configured to drop root privileges, which limits\n    the impact of this issue. \n\nCVE-2015-7704\n\n    If ntpd as an NTP client receives a Kiss-of-Death (KoD) packet\n    from the server to reduce its polling rate, it doesn\u0027t check if the\n    originate timestamp in the reply matches the transmit timestamp from\n    its request. A\n    specially crafted configuration file could cause an endless loop\n    resulting in a denial of service.  An attacker could provide a the\n    malicious configuration file to trigger this vulnerability. \n\nCVE-2015-7852\n\n    A potential off by one vulnerability exists in the cookedprint\n    functionality of ntpq. A specially crafted buffer could cause a\n    buffer overflow potentially resulting in null byte being written out\n    of bounds. \n\nCVE-2015-7855\n\n    It was found that NTP\u0027s decodenetnum() would abort with an assertion\n    failure when processing a mode 6 or mode 7 packet containing an\n    unusually long data value where a network address was expected. This\n    could allow an authenticated attacker to crash ntpd. \n\nCVE-2015-7871\n\n    An error handling logic error exists within ntpd that manifests due\n    to improper error condition handling associated with certain\n    crypto-NAK packets. An unauthenticated, off-path attacker can force\n    ntpd processes on targeted servers to peer with time sources of the\n    attacker\u0027s choosing by transmitting symmetric active crypto-NAK\n    packets to ntpd. This attack bypasses the authentication typically\n    required to establish a peer association and allows an attacker to\n    make arbitrary changes to system time. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1:4.2.6.p5+dfsg-2+deb7u6. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1:4.2.6.p5+dfsg-7+deb8u1. \n\nFor the testing distribution (stretch), these problems have been fixed\nin version 1:4.2.8p4+dfsg-3. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:4.2.8p4+dfsg-3. \n\nWe recommend that you upgrade your ntp packages",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-7704"
          },
          {
            "db": "CERT/CC",
            "id": "VU#718152"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007700"
          },
          {
            "db": "BID",
            "id": "77280"
          },
          {
            "db": "BID",
            "id": "92012"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7704"
          },
          {
            "db": "PACKETSTORM",
            "id": "134093"
          },
          {
            "db": "PACKETSTORM",
            "id": "137992"
          },
          {
            "db": "PACKETSTORM",
            "id": "138803"
          },
          {
            "db": "PACKETSTORM",
            "id": "136864"
          },
          {
            "db": "PACKETSTORM",
            "id": "134542"
          },
          {
            "db": "PACKETSTORM",
            "id": "134102"
          },
          {
            "db": "PACKETSTORM",
            "id": "134162"
          }
        ],
        "trust": 3.6
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#718152",
            "trust": 3.6
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7704",
            "trust": 3.5
          },
          {
            "db": "BID",
            "id": "77280",
            "trust": 2.0
          },
          {
            "db": "SECTRACK",
            "id": "1033951",
            "trust": 1.7
          },
          {
            "db": "MCAFEE",
            "id": "SB10284",
            "trust": 1.7
          },
          {
            "db": "JVN",
            "id": "JVNVU91176422",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007700",
            "trust": 0.8
          },
          {
            "db": "MCAFEE",
            "id": "SB10164",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-585",
            "trust": 0.6
          },
          {
            "db": "JUNIPER",
            "id": "JSA10711",
            "trust": 0.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-094-04",
            "trust": 0.3
          },
          {
            "db": "BID",
            "id": "92012",
            "trust": 0.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-15-356-01",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7704",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "134093",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "137992",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "138803",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "136864",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "134542",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "134102",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "134162",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#718152"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7704"
          },
          {
            "db": "BID",
            "id": "77280"
          },
          {
            "db": "BID",
            "id": "92012"
          },
          {
            "db": "PACKETSTORM",
            "id": "134093"
          },
          {
            "db": "PACKETSTORM",
            "id": "137992"
          },
          {
            "db": "PACKETSTORM",
            "id": "138803"
          },
          {
            "db": "PACKETSTORM",
            "id": "136864"
          },
          {
            "db": "PACKETSTORM",
            "id": "134542"
          },
          {
            "db": "PACKETSTORM",
            "id": "134102"
          },
          {
            "db": "PACKETSTORM",
            "id": "134162"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-585"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007700"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7704"
          }
        ]
      },
      "id": "VAR-201708-1547",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.365299625
      },
      "last_update_date": "2026-03-09T22:53:37.691000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "HPSBHF03646",
            "trust": 0.8,
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05270839"
          },
          {
            "title": "Bug 2901",
            "trust": 0.8,
            "url": "http://bugs.ntp.org/show_bug.cgi?id=2901"
          },
          {
            "title": "Bug 1271070",
            "trust": 0.8,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271070"
          },
          {
            "title": "NTP Bug 2901",
            "trust": 0.8,
            "url": "http://support.ntp.org/bin/view/Main/NtpBug2901"
          },
          {
            "title": "October 2015 NTP-4.2.8p4 Security Vulnerability Announcement (Medium)",
            "trust": 0.8,
            "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_4_2_8p4_Securit"
          },
          {
            "title": "NTP Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=119777"
          },
          {
            "title": "Red Hat: Important: ntp security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20152520 - Security Advisory"
          },
          {
            "title": "Red Hat: CVE-2015-7704",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2015-7704"
          },
          {
            "title": "Amazon Linux AMI: ALAS-2015-607",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2015-607"
          },
          {
            "title": "Ubuntu Security Notice: ntp vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2783-1"
          },
          {
            "title": "Citrix Security Bulletins: Citrix XenServer Multiple Security Updates",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=089f3f781342f5003697826b78ce46a9"
          },
          {
            "title": "Debian Security Advisories: DSA-3388-1 ntp -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=61fe4252a877d02aaea1c931efa0a305"
          },
          {
            "title": "Symantec Security Advisories: SA103 : October 2015 NTP Security Vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=f5e05389a60d3a56f2a0ad0ec21579d9"
          },
          {
            "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2015",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=435ed9abc2fb1e74ce2a69605a01e326"
          },
          {
            "title": "Cisco: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20151021-ntp"
          },
          {
            "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eb439566c9130adc92d21bc093204cf8"
          },
          {
            "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=976a4da35d55283870dbb31b88a6c655"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2015-7704"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-585"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007700"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007700"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7704"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.9,
            "url": "https://www.kb.cert.org/vuls/id/718152"
          },
          {
            "trust": 2.1,
            "url": "http://rhn.redhat.com/errata/rhsa-2015-1930.html"
          },
          {
            "trust": 2.0,
            "url": "https://www.cs.bu.edu/~goldbe/ntpattack.html"
          },
          {
            "trust": 2.0,
            "url": "https://support.citrix.com/article/ctx220112"
          },
          {
            "trust": 1.8,
            "url": "https://security.gentoo.org/glsa/201607-15"
          },
          {
            "trust": 1.8,
            "url": "http://rhn.redhat.com/errata/rhsa-2015-2520.html"
          },
          {
            "trust": 1.7,
            "url": "https://eprint.iacr.org/2015/1020.pdf"
          },
          {
            "trust": 1.7,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271070"
          },
          {
            "trust": 1.7,
            "url": "http://support.ntp.org/bin/view/main/securitynotice#october_2015_ntp_4_2_8p4_securit"
          },
          {
            "trust": 1.7,
            "url": "http://support.ntp.org/bin/view/main/ntpbug2901"
          },
          {
            "trust": 1.7,
            "url": "http://bugs.ntp.org/show_bug.cgi?id=2901"
          },
          {
            "trust": 1.7,
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05270839"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/77280"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1033951"
          },
          {
            "trust": 1.7,
            "url": "http://www.debian.org/security/2015/dsa-3388"
          },
          {
            "trust": 1.7,
            "url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
          },
          {
            "trust": 1.7,
            "url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
          },
          {
            "trust": 1.7,
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "trust": 1.7,
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10284"
          },
          {
            "trust": 1.6,
            "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1212-security-advisory-0016"
          },
          {
            "trust": 1.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7704"
          },
          {
            "trust": 0.9,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7704"
          },
          {
            "trust": 0.8,
            "url": "http://support.ntp.org/bin/view/main/securitynotice#april_2016_ntp_4_2_8p7_security"
          },
          {
            "trust": 0.8,
            "url": "http://support.ntp.org/bin/view/main/securitynotice#january_2016_ntp_4_2_8p6_securit"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu91176422/"
          },
          {
            "trust": 0.6,
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "trust": 0.6,
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10164"
          },
          {
            "trust": 0.4,
            "url": "http://support.ntp.org/bin/view/main/securitynotice#recent_vulnerabilities"
          },
          {
            "trust": 0.4,
            "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05270839"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7871"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7855"
          },
          {
            "trust": 0.3,
            "url": "https://github.com/ntp-project/ntp/blob/stable/news#l295"
          },
          {
            "trust": 0.3,
            "url": "http://www.ntp.org"
          },
          {
            "trust": 0.3,
            "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10711"
          },
          {
            "trust": 0.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-094-04"
          },
          {
            "trust": 0.3,
            "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151021-ntp"
          },
          {
            "trust": 0.3,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160428-ntpd"
          },
          {
            "trust": 0.3,
            "url": "http://learn.extremenetworks.com/rs/641-vmv-602/images/vn-2015-009_multiple_ntp_vulnerabilities.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://seclists.org/bugtraq/2015/oct/113"
          },
          {
            "trust": 0.3,
            "url": "isg3t1023874"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023885"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024073"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023874"
          },
          {
            "trust": 0.3,
            "url": "http://support.ntp.org/bin/view/main/ntpbug2952"
          },
          {
            "trust": 0.3,
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981747"
          },
          {
            "trust": 0.3,
            "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099260"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005821"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979393"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980676"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983501"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983506"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021264"
          },
          {
            "trust": 0.3,
            "url": "http://www.oracle.com/index.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5300"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7705"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7702"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7852"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7701"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7703"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7691"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7692"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7850"
          },
          {
            "trust": 0.2,
            "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.2,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2015-7704"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8138"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7853"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1547"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5219"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5194"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5146"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5195"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/20.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2015:2520"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-15-356-01"
          },
          {
            "trust": 0.1,
            "url": "https://usn.ubuntu.com/2783-1/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2015-5300"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7702"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1549"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7849"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7852"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7978"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8140"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7978"
          },
          {
            "trust": 0.1,
            "url": "https://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1551"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2516"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7975"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7848"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7973"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7979"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8139"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8158"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4954"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4956"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7973"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7853"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7704"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8140"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7974"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7691"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8139"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4957"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7703"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7855"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4955"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7849"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7854"
          },
          {
            "trust": 0.1,
            "url": "http://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7705"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2517"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1548"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1547"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8158"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7854"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2519"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2518"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7851"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7871"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7977"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7848"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7977"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1550"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7850"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7701"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7692"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8138"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7979"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7974"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7851"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4953"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7975"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7976"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7976"
          },
          {
            "trust": 0.1,
            "url": "http://www.hpe.com/support/security_bulletin_archive"
          },
          {
            "trust": 0.1,
            "url": "https://www.hpe.com/info/report-security-vulnerability"
          },
          {
            "trust": 0.1,
            "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
          },
          {
            "trust": 0.1,
            "url": "http://www.hpe.com/support/subscriber_choice"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2516"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1551"
          },
          {
            "trust": 0.1,
            "url": "http://slackware.com"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1548"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2519"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2516"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2517"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2519"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1550"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1547"
          },
          {
            "trust": 0.1,
            "url": "http://slackware.com/gpg-key"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8138"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2518"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1549"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1551"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1550"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2518"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2517"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1548"
          },
          {
            "trust": 0.1,
            "url": "http://osuosl.org)"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1549"
          },
          {
            "trust": 0.1,
            "url": "http://www.ubuntu.com/usn/usn-2783-1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu8.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.5"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.6"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu6.2"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5196"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9751"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9750"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3405"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#718152"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7704"
          },
          {
            "db": "BID",
            "id": "77280"
          },
          {
            "db": "BID",
            "id": "92012"
          },
          {
            "db": "PACKETSTORM",
            "id": "134093"
          },
          {
            "db": "PACKETSTORM",
            "id": "137992"
          },
          {
            "db": "PACKETSTORM",
            "id": "138803"
          },
          {
            "db": "PACKETSTORM",
            "id": "136864"
          },
          {
            "db": "PACKETSTORM",
            "id": "134542"
          },
          {
            "db": "PACKETSTORM",
            "id": "134102"
          },
          {
            "db": "PACKETSTORM",
            "id": "134162"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-585"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007700"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7704"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#718152",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7704",
            "ident": null
          },
          {
            "db": "BID",
            "id": "77280",
            "ident": null
          },
          {
            "db": "BID",
            "id": "92012",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "134093",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "137992",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "138803",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "136864",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "134542",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "134102",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "134162",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-585",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007700",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7704",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2016-04-27T00:00:00",
            "db": "CERT/CC",
            "id": "VU#718152",
            "ident": null
          },
          {
            "date": "2017-08-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-7704",
            "ident": null
          },
          {
            "date": "2015-10-21T00:00:00",
            "db": "BID",
            "id": "77280",
            "ident": null
          },
          {
            "date": "2016-07-19T00:00:00",
            "db": "BID",
            "id": "92012",
            "ident": null
          },
          {
            "date": "2015-10-27T03:38:46",
            "db": "PACKETSTORM",
            "id": "134093",
            "ident": null
          },
          {
            "date": "2016-07-21T15:56:23",
            "db": "PACKETSTORM",
            "id": "137992",
            "ident": null
          },
          {
            "date": "2016-09-21T17:24:00",
            "db": "PACKETSTORM",
            "id": "138803",
            "ident": null
          },
          {
            "date": "2016-05-02T21:38:58",
            "db": "PACKETSTORM",
            "id": "136864",
            "ident": null
          },
          {
            "date": "2015-11-27T18:25:38",
            "db": "PACKETSTORM",
            "id": "134542",
            "ident": null
          },
          {
            "date": "2015-10-27T23:30:50",
            "db": "PACKETSTORM",
            "id": "134102",
            "ident": null
          },
          {
            "date": "2015-11-02T16:48:39",
            "db": "PACKETSTORM",
            "id": "134162",
            "ident": null
          },
          {
            "date": "2015-10-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201510-585",
            "ident": null
          },
          {
            "date": "2017-09-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-007700",
            "ident": null
          },
          {
            "date": "2017-08-07T20:29:00.683000",
            "db": "NVD",
            "id": "CVE-2015-7704",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2016-04-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#718152",
            "ident": null
          },
          {
            "date": "2020-06-18T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-7704",
            "ident": null
          },
          {
            "date": "2017-05-23T16:23:00",
            "db": "BID",
            "id": "77280",
            "ident": null
          },
          {
            "date": "2016-11-24T01:13:00",
            "db": "BID",
            "id": "92012",
            "ident": null
          },
          {
            "date": "2021-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201510-585",
            "ident": null
          },
          {
            "date": "2017-09-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-007700",
            "ident": null
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2015-7704",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "134093"
          },
          {
            "db": "PACKETSTORM",
            "id": "134542"
          },
          {
            "db": "PACKETSTORM",
            "id": "134102"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-585"
          }
        ],
        "trust": 0.9
      },
      "title": {
        "_id": null,
        "data": "NTP.org ntpd contains multiple vulnerabilities",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#718152"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-585"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201708-0212

    Vulnerability from variot - Updated: 2026-03-09 22:31

    The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. NTP Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. NTP is prone to a denial-of-service vulnerability. A remote attacker may exploit this issue to cause a denial-of-service condition, denying service to legitimate users. Due to the nature of this issue, code-injection may be possible; however this has not been confirmed. Versions prior to NTP 4.2.8p4 and 4.3.x prior to 4.3.77 are vulnerable. Note #2: This issue was previously titled 'NTP CVE-2015-7692 Denial of Service Vulnerability'. The title has been changed to better reflect the vulnerability information.


    Gentoo Linux Security Advisory GLSA 201607-15


                                           https://security.gentoo.org/
    

    Severity: Normal Title: NTP: Multiple vulnerabilities Date: July 20, 2016 Bugs: #563774, #572452, #581528, #584954 ID: 201607-15


    Synopsis

    Multiple vulnerabilities have been found in NTP, the worst of which could lead to Denial of Service.

    Affected packages

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
    

    1 net-misc/ntp < 4.2.8_p8 >= 4.2.8_p8

    Description

    Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details.

    Workaround

    There is no known workaround at this time.

    Resolution

    All NTP users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8_p8"

    References

    [ 1 ] CVE-2015-7691 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7691 [ 2 ] CVE-2015-7692 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7692 [ 3 ] CVE-2015-7701 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7701 [ 4 ] CVE-2015-7702 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7702 [ 5 ] CVE-2015-7703 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7703 [ 6 ] CVE-2015-7704 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7704 [ 7 ] CVE-2015-7705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7705 [ 8 ] CVE-2015-7848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7848 [ 9 ] CVE-2015-7849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7849 [ 10 ] CVE-2015-7850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7850 [ 11 ] CVE-2015-7851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7851 [ 12 ] CVE-2015-7852 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7852 [ 13 ] CVE-2015-7853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7853 [ 14 ] CVE-2015-7854 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7854 [ 15 ] CVE-2015-7855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7855 [ 16 ] CVE-2015-7871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871 [ 17 ] CVE-2015-7973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7973 [ 18 ] CVE-2015-7974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7974 [ 19 ] CVE-2015-7975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7975 [ 20 ] CVE-2015-7976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7976 [ 21 ] CVE-2015-7977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7977 [ 22 ] CVE-2015-7978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7978 [ 23 ] CVE-2015-7979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7979 [ 24 ] CVE-2015-8138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8138 [ 25 ] CVE-2015-8139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8139 [ 26 ] CVE-2015-8140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8140 [ 27 ] CVE-2015-8158 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8158 [ 28 ] CVE-2016-1547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1547 [ 29 ] CVE-2016-1548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1548 [ 30 ] CVE-2016-1549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1549 [ 31 ] CVE-2016-1550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1550 [ 32 ] CVE-2016-1551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1551 [ 33 ] CVE-2016-2516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2516 [ 34 ] CVE-2016-2517 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2517 [ 35 ] CVE-2016-2518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2518 [ 36 ] CVE-2016-2519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2519 [ 37 ] CVE-2016-4953 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4953 [ 38 ] CVE-2016-4954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4954 [ 39 ] CVE-2016-4955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4955 [ 40 ] CVE-2016-4956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4956 [ 41 ] CVE-2016-4957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4957

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    https://security.gentoo.org/glsa/201607-15

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    http://creativecommons.org/licenses/by-sa/2.5

    . ============================================================================ Ubuntu Security Notice USN-2783-1 October 27, 2015

    ntp vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 15.10
    • Ubuntu 15.04
    • Ubuntu 14.04 LTS
    • Ubuntu 12.04 LTS

    Summary:

    Several security issues were fixed in NTP. (CVE-2015-5146)

    Miroslav Lichvar discovered that NTP incorrectly handled logconfig directives. (CVE-2015-5194)

    Miroslav Lichvar discovered that NTP incorrectly handled certain statistics types. (CVE-2015-5195)

    Miroslav Lichvar discovered that NTP incorrectly handled certain file paths. (CVE-2015-5196, CVE-2015-7703)

    Miroslav Lichvar discovered that NTP incorrectly handled certain packets. (CVE-2015-5219)

    Aanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that NTP incorrectly handled restarting after hitting a panic threshold. (CVE-2015-5300)

    It was discovered that NTP incorrectly handled autokey data packets. (CVE-2015-7701)

    Aanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that NTP incorrectly handled rate limiting. (CVE-2015-7704, CVE-2015-7705)

    Yves Younan discovered that NTP incorrectly handled logfile and keyfile directives. (CVE-2015-7850)

    Yves Younan and Aleksander Nikolich discovered that NTP incorrectly handled ascii conversion. (CVE-2015-7852)

    Yves Younan discovered that NTP incorrectly handled reference clock memory. (CVE-2015-7853)

    John D "Doug" Birdwell discovered that NTP incorrectly handled decoding certain bogus values. (CVE-2015-7871)

    In the default installation, attackers would be isolated by the NTP AppArmor profile.

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 15.10: ntp 1:4.2.6.p5+dfsg-3ubuntu8.1

    Ubuntu 15.04: ntp 1:4.2.6.p5+dfsg-3ubuntu6.2

    Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.5

    Ubuntu 12.04 LTS: ntp 1:4.2.6.p3+dfsg-1ubuntu3.6

    In general, a standard system update will make all the necessary changes. 6) - i386, noarch, x86_64

    On October 21st, 2015, NTP.org released a security advisory detailing 13 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may result in an attacker gaining the ability to modify an NTP server's advertised time.

    Workarounds that mitigate one or more of the vulnerabilities may be available for certain products, please see the individual Cisco Bug IDs for details. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    ===================================================================== Red Hat Security Advisory

    Synopsis: Moderate: ntp security and bug fix update Advisory ID: RHSA-2016:2583-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2583.html Issue date: 2016-11-03 CVE Names: CVE-2015-5194 CVE-2015-5195 CVE-2015-5196 CVE-2015-5219 CVE-2015-7691 CVE-2015-7692 CVE-2015-7701 CVE-2015-7702 CVE-2015-7703 CVE-2015-7852 CVE-2015-7974 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979 CVE-2015-8158 =====================================================================

    1. Summary:

    An update for ntp is now available for Red Hat Enterprise Linux 7.

    Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64

    1. Description:

    The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service.

    Security Fix(es):

    • It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in NTP's ntp_crypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. (CVE-2015-7691, CVE-2015-7692, CVE-2015-7702)

    • A memory leak flaw was found in ntpd's CRYPTO_ASSOC. If ntpd was configured to use autokey authentication, an attacker could send packets to ntpd that would, after several days of ongoing attack, cause it to run out of memory. (CVE-2015-7701)

    • An off-by-one flaw, leading to a buffer overflow, was found in cookedprint functionality of ntpq. (CVE-2015-7852)

    • A NULL pointer dereference flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. (CVE-2015-7977)

    • A stack-based buffer overflow flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. (CVE-2015-7978)

    • It was found that when NTP was configured in broadcast mode, a remote attacker could broadcast packets with bad authentication to all clients. The clients, upon receiving the malformed packets, would break the association with the broadcast server, causing them to become out of sync over a longer period of time. (CVE-2015-7979)

    • It was found that ntpd could crash due to an uninitialized variable when processing malformed logconfig configuration commands. (CVE-2015-5194)

    • It was found that ntpd would exit with a segmentation fault when a statistics type that was not enabled during compilation (e.g. timingstats) was referenced by the statistics or filegen configuration command. (CVE-2015-5195)

    • It was found that NTP's :config command could be used to set the pidfile and driftfile paths without any restrictions. A remote attacker could use this flaw to overwrite a file on the file system with a file containing the pid of the ntpd process (immediately) or the current estimated drift of the system clock (in hourly intervals). (CVE-2015-5196, CVE-2015-7703)

    • It was discovered that the sntp utility could become unresponsive due to being caught in an infinite loop when processing a crafted NTP packet. (CVE-2015-5219)

    • A flaw was found in the way NTP verified trusted keys during symmetric key authentication. An authenticated client (A) could use this flaw to modify a packet sent between a server (B) and a client (C) using a key that is different from the one known to the client (A). (CVE-2015-7974)

    • A flaw was found in the way the ntpq client processed certain incoming packets in a loop in the getresponse() function. A remote attacker could potentially use this flaw to crash an ntpq client instance. (CVE-2015-8158)

    The CVE-2015-5219 and CVE-2015-7703 issues were discovered by Miroslav LichvA!r (Red Hat).

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    After installing this update, the ntpd daemon will restart automatically.

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1242553 - ntpd doesn't reset system leap status when disarming leap timer 1254542 - CVE-2015-5194 ntp: crash with crafted logconfig configuration command 1254544 - CVE-2015-5195 ntp: ntpd crash when processing config commands with statistics type 1254547 - CVE-2015-7703 ntp: config command can be used to set the pidfile and drift file paths 1255118 - CVE-2015-5219 ntp: infinite loop in sntp processing crafted packet 1274254 - CVE-2015-7691 CVE-2015-7692 CVE-2015-7702 ntp: incomplete checks in ntp_crypto.c 1274255 - CVE-2015-7701 ntp: slow memory leak in CRYPTO_ASSOC 1274261 - CVE-2015-7852 ntp: ntpq atoascii memory corruption vulnerability 1297471 - CVE-2015-7974 ntp: missing key check allows impersonation between authenticated peers (VU#357792) 1300269 - CVE-2015-7977 ntp: restriction list NULL pointer dereference 1300270 - CVE-2015-7978 ntp: stack exhaustion in recursive traversal of restriction list 1300271 - CVE-2015-7979 ntp: off-path denial of service on authenticated broadcast mode 1300273 - CVE-2015-8158 ntp: potential infinite loop in ntpq

    1. Package List:

    Red Hat Enterprise Linux Client (v. 7):

    Source: ntp-4.2.6p5-25.el7.src.rpm

    x86_64: ntp-4.2.6p5-25.el7.x86_64.rpm ntp-debuginfo-4.2.6p5-25.el7.x86_64.rpm ntpdate-4.2.6p5-25.el7.x86_64.rpm

    Red Hat Enterprise Linux Client Optional (v. 7):

    noarch: ntp-doc-4.2.6p5-25.el7.noarch.rpm ntp-perl-4.2.6p5-25.el7.noarch.rpm

    x86_64: ntp-debuginfo-4.2.6p5-25.el7.x86_64.rpm sntp-4.2.6p5-25.el7.x86_64.rpm

    Red Hat Enterprise Linux ComputeNode (v. 7):

    Source: ntp-4.2.6p5-25.el7.src.rpm

    x86_64: ntp-4.2.6p5-25.el7.x86_64.rpm ntp-debuginfo-4.2.6p5-25.el7.x86_64.rpm ntpdate-4.2.6p5-25.el7.x86_64.rpm

    Red Hat Enterprise Linux ComputeNode Optional (v. 7):

    noarch: ntp-doc-4.2.6p5-25.el7.noarch.rpm ntp-perl-4.2.6p5-25.el7.noarch.rpm

    x86_64: ntp-debuginfo-4.2.6p5-25.el7.x86_64.rpm sntp-4.2.6p5-25.el7.x86_64.rpm

    Red Hat Enterprise Linux Server (v. 7):

    Source: ntp-4.2.6p5-25.el7.src.rpm

    aarch64: ntp-4.2.6p5-25.el7.aarch64.rpm ntp-debuginfo-4.2.6p5-25.el7.aarch64.rpm ntpdate-4.2.6p5-25.el7.aarch64.rpm

    ppc64: ntp-4.2.6p5-25.el7.ppc64.rpm ntp-debuginfo-4.2.6p5-25.el7.ppc64.rpm ntpdate-4.2.6p5-25.el7.ppc64.rpm

    ppc64le: ntp-4.2.6p5-25.el7.ppc64le.rpm ntp-debuginfo-4.2.6p5-25.el7.ppc64le.rpm ntpdate-4.2.6p5-25.el7.ppc64le.rpm

    s390x: ntp-4.2.6p5-25.el7.s390x.rpm ntp-debuginfo-4.2.6p5-25.el7.s390x.rpm ntpdate-4.2.6p5-25.el7.s390x.rpm

    x86_64: ntp-4.2.6p5-25.el7.x86_64.rpm ntp-debuginfo-4.2.6p5-25.el7.x86_64.rpm ntpdate-4.2.6p5-25.el7.x86_64.rpm

    Red Hat Enterprise Linux Server Optional (v. 7):

    aarch64: ntp-debuginfo-4.2.6p5-25.el7.aarch64.rpm sntp-4.2.6p5-25.el7.aarch64.rpm

    noarch: ntp-doc-4.2.6p5-25.el7.noarch.rpm ntp-perl-4.2.6p5-25.el7.noarch.rpm

    ppc64: ntp-debuginfo-4.2.6p5-25.el7.ppc64.rpm sntp-4.2.6p5-25.el7.ppc64.rpm

    ppc64le: ntp-debuginfo-4.2.6p5-25.el7.ppc64le.rpm sntp-4.2.6p5-25.el7.ppc64le.rpm

    s390x: ntp-debuginfo-4.2.6p5-25.el7.s390x.rpm sntp-4.2.6p5-25.el7.s390x.rpm

    x86_64: ntp-debuginfo-4.2.6p5-25.el7.x86_64.rpm sntp-4.2.6p5-25.el7.x86_64.rpm

    Red Hat Enterprise Linux Workstation (v. 7):

    Source: ntp-4.2.6p5-25.el7.src.rpm

    x86_64: ntp-4.2.6p5-25.el7.x86_64.rpm ntp-debuginfo-4.2.6p5-25.el7.x86_64.rpm ntpdate-4.2.6p5-25.el7.x86_64.rpm

    Red Hat Enterprise Linux Workstation Optional (v. 7):

    noarch: ntp-doc-4.2.6p5-25.el7.noarch.rpm ntp-perl-4.2.6p5-25.el7.noarch.rpm

    x86_64: ntp-debuginfo-4.2.6p5-25.el7.x86_64.rpm sntp-4.2.6p5-25.el7.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2015-5194 https://access.redhat.com/security/cve/CVE-2015-5195 https://access.redhat.com/security/cve/CVE-2015-5196 https://access.redhat.com/security/cve/CVE-2015-5219 https://access.redhat.com/security/cve/CVE-2015-7691 https://access.redhat.com/security/cve/CVE-2015-7692 https://access.redhat.com/security/cve/CVE-2015-7701 https://access.redhat.com/security/cve/CVE-2015-7702 https://access.redhat.com/security/cve/CVE-2015-7703 https://access.redhat.com/security/cve/CVE-2015-7852 https://access.redhat.com/security/cve/CVE-2015-7974 https://access.redhat.com/security/cve/CVE-2015-7977 https://access.redhat.com/security/cve/CVE-2015-7978 https://access.redhat.com/security/cve/CVE-2015-7979 https://access.redhat.com/security/cve/CVE-2015-8158 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.3_Release_Notes/index.html

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iD8DBQFYGvvBXlSAg2UNWIIRAhRGAJ44LtHkhexE/w50LEGifKeLUMXYkwCgmm/0 XqilrenZq9cyvtnH8eGxdCw= =XqfK -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .

    CVE-2015-5300

    It was found that ntpd did not correctly implement the -g option:
    
    Normally, ntpd exits with a message to the system log if the offset
    exceeds the panic threshold, which is 1000 s by default. This
    option allows the time to be set to any value without restriction;
    however, this can happen only once. If the threshold is exceeded
    after that, ntpd will exit with a message to the system log. This
    option can be used with the -q and -x options.
    
    ntpd could actually step the clock multiple times by more than the
    panic threshold if its clock discipline doesn't have enough time to
    reach the sync state and stay there for at least one update. If a
    man-in-the-middle attacker can control the NTP traffic since ntpd
    was started (or maybe up to 15-30 minutes after that), they can
    prevent the client from reaching the sync state and force it to step
    its clock by any amount any number of times, which can be used by
    attackers to expire certificates, etc.
    
    This is contrary to what the documentation says. Normally, the
    assumption is that an MITM attacker can step the clock more than the
    panic threshold only once when ntpd starts and to make a larger
    adjustment the attacker has to divide it into multiple smaller
    steps, each taking 15 minutes, which is slow. For example:
    
    ntpq -c ':config pidfile /tmp/ntp.pid'
    ntpq -c ':config driftfile /tmp/ntp.drift'
    
    In Debian ntpd is configured to drop root privileges, which limits
    the impact of this issue.
    

    CVE-2015-7704

    If ntpd as an NTP client receives a Kiss-of-Death (KoD) packet
    from the server to reduce its polling rate, it doesn't check if the
    originate timestamp in the reply matches the transmit timestamp from
    its request. An off-path attacker can send a crafted KoD packet to
    the client, which will increase the client's polling interval to a
    large value and effectively disable synchronization with the server.
    

    CVE-2015-7850

    An exploitable denial of service vulnerability exists in the remote
    configuration functionality of the Network Time Protocol. A
    specially crafted configuration file could cause an endless loop
    resulting in a denial of service.  An attacker could provide a the
    malicious configuration file to trigger this vulnerability.
    

    CVE-2015-7855

    It was found that NTP's decodenetnum() would abort with an assertion
    failure when processing a mode 6 or mode 7 packet containing an
    unusually long data value where a network address was expected.
    

    CVE-2015-7871

    An error handling logic error exists within ntpd that manifests due
    to improper error condition handling associated with certain
    crypto-NAK packets. An unauthenticated, off-path attacker can force
    ntpd processes on targeted servers to peer with time sources of the
    attacker's choosing by transmitting symmetric active crypto-NAK
    packets to ntpd. This attack bypasses the authentication typically
    required to establish a peer association and allows an attacker to
    make arbitrary changes to system time.
    

    For the oldstable distribution (wheezy), these problems have been fixed in version 1:4.2.6.p5+dfsg-2+deb7u6.

    For the stable distribution (jessie), these problems have been fixed in version 1:4.2.6.p5+dfsg-7+deb8u1.

    For the testing distribution (stretch), these problems have been fixed in version 1:4.2.8p4+dfsg-3.

    For the unstable distribution (sid), these problems have been fixed in version 1:4.2.8p4+dfsg-3.

    We recommend that you upgrade your ntp packages.

    Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz: Upgraded. In addition to bug fixes and enhancements, this release fixes several low and medium severity vulnerabilities. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9750 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5196 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871 ( Security fix ) +--------------------------+

    Where to find the new packages: +-----------------------------+

    Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

    Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

    Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p4-i486-1_slack13.0.txz

    Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.0.txz

    Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p4-i486-1_slack13.1.txz

    Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.1.txz

    Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p4-i486-1_slack13.37.txz

    Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.37.txz

    Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p4-i486-1_slack14.0.txz

    Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.0.txz

    Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz

    Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.1.txz

    Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p4-i586-1.txz

    Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p4-x86_64-1.txz

    MD5 signatures: +-------------+

    Slackware 13.0 package: 21dd14178fea17a88c9326c8672ecefd ntp-4.2.8p4-i486-1_slack13.0.txz

    Slackware x86_64 13.0 package: 8647479b2007b92ff8598184f2275263 ntp-4.2.8p4-x86_64-1_slack13.0.txz

    Slackware 13.1 package: e0f122e8e271dc84db06202c03cc0288 ntp-4.2.8p4-i486-1_slack13.1.txz

    Slackware x86_64 13.1 package: db0aff04b72b3d8c96ca8c8e1ed36c05 ntp-4.2.8p4-x86_64-1_slack13.1.txz

    Slackware 13.37 package: 5914e43e886e5ff88fefd30083493e30 ntp-4.2.8p4-i486-1_slack13.37.txz

    Slackware x86_64 13.37 package: 4335c3bf2ae24afc5ad734e8d80b3e94 ntp-4.2.8p4-x86_64-1_slack13.37.txz

    Slackware 14.0 package: 39b05698797b638b67130e0b170e0a4b ntp-4.2.8p4-i486-1_slack14.0.txz

    Slackware x86_64 14.0 package: dcf4a56ba1d013ee1c9d0e624e158709 ntp-4.2.8p4-x86_64-1_slack14.0.txz

    Slackware 14.1 package: 1fd3a7beaf23303e2c211af377662614 ntp-4.2.8p4-i486-1_slack14.1.txz

    Slackware x86_64 14.1 package: 438c3185aa8ec20d1c2b5e51786e4d41 ntp-4.2.8p4-x86_64-1_slack14.1.txz

    Slackware -current package: 81bfb2fed450cb26a51b5e1cee0d33ed n/ntp-4.2.8p4-i586-1.txz

    Slackware x86_64 -current package: 8bae4ad633af40d4d54b7686e4b225f9 n/ntp-4.2.8p4-x86_64-1.txz

    Installation instructions: +------------------------+

    Upgrade the package as root:

    upgradepkg ntp-4.2.8p4-i486-1_slack14.1.txz

    Then, restart the NTP daemon:

    sh /etc/rc.d/rc.ntpd restart

    +-----+

    Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

    +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "ntp",
            "version": "4.2.8"
          },
          {
            "_id": null,
            "model": "enterprise linux workstation",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "enterprise linux server eus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.3"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "enterprise linux server aus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.4"
          },
          {
            "_id": null,
            "model": "enterprise linux server tus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.6"
          },
          {
            "_id": null,
            "model": "enterprise linux server eus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "enterprise linux server tus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.7"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "clustered data ontap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "data ontap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "ntp",
            "version": "4.2.8"
          },
          {
            "_id": null,
            "model": "enterprise linux server tus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.3"
          },
          {
            "_id": null,
            "model": "enterprise linux server aus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.3"
          },
          {
            "_id": null,
            "model": "enterprise linux server eus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.4"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ntp",
            "version": "4.3.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "ntp",
            "version": "4.3.77"
          },
          {
            "_id": null,
            "model": "enterprise linux workstation",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "6"
          },
          {
            "_id": null,
            "model": "enterprise linux server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "oncommand performance manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise linux server aus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.6"
          },
          {
            "_id": null,
            "model": "enterprise linux server aus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.7"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ntp",
            "version": "4.2.0"
          },
          {
            "_id": null,
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "oncommand unified manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise linux server eus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.6"
          },
          {
            "_id": null,
            "model": "enterprise linux server eus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.7"
          },
          {
            "_id": null,
            "model": "enterprise linux server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "ntp",
            "version": "4.3.70"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "ntp",
            "version": "4.3.x"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ntp",
            "version": "4.3.77"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ntp",
            "version": "4.2.8p4"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "ntp",
            "version": "4.2.x"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ntp",
            "version": "4.3.67"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ntp",
            "version": "4.3.74"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ntp",
            "version": "4.3.68"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ntp",
            "version": "4.3.69"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ntp",
            "version": "4.3.72"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ntp",
            "version": "4.3.73"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ntp",
            "version": "4.3.75"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ntp",
            "version": "4.3.76"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ntp",
            "version": "4.3.71"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "14.0"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.3.4"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.1.16"
          },
          {
            "_id": null,
            "model": "security access manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.0.1"
          },
          {
            "_id": null,
            "model": "security access manager for mobile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.3"
          },
          {
            "_id": null,
            "model": "linux x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.0"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.2"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.02"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.0.13"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.9"
          },
          {
            "_id": null,
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ntp",
            "version": "4.3.25"
          },
          {
            "_id": null,
            "model": "smartcloud entry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.3.0"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.6"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.4"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.3.50"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.4.1"
          },
          {
            "_id": null,
            "model": "qlogic virtual fabric extension module for ibm bladecenter",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.3.14.0"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.7.16"
          },
          {
            "_id": null,
            "model": "security access manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.1.0"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.1.8"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.20"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.3.2"
          },
          {
            "_id": null,
            "model": "security access manager for mobile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.5"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.16"
          },
          {
            "_id": null,
            "model": "security network protection",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.2.4"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.4"
          },
          {
            "_id": null,
            "model": "security network protection",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.2.1"
          },
          {
            "_id": null,
            "model": "security network protection",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.1"
          },
          {
            "_id": null,
            "model": "security network protection",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.1.1"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.2"
          },
          {
            "_id": null,
            "model": "smartcloud entry appliance fp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1.0.4"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.7"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.18"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.1"
          },
          {
            "_id": null,
            "model": "security privileged identity manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.4"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.8"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.16"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.13"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.0"
          },
          {
            "_id": null,
            "model": "qlogic virtual fabric extension module for ibm bladecenter",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "4.2.7p11",
            "scope": null,
            "trust": 0.3,
            "vendor": "ntp",
            "version": null
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.0.10"
          },
          {
            "_id": null,
            "model": "security access manager for mobile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.0"
          },
          {
            "_id": null,
            "model": "security network protection",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.1.7"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.6"
          },
          {
            "_id": null,
            "model": "security access manager for mobile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.3"
          },
          {
            "_id": null,
            "model": "p153",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ntp",
            "version": "4.2.5"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.12"
          },
          {
            "_id": null,
            "model": "p7-rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ntp",
            "version": "4.2.4"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.3.5"
          },
          {
            "_id": null,
            "model": "linux x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.37"
          },
          {
            "_id": null,
            "model": "ib6131 gb infiniband switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "83.4"
          },
          {
            "_id": null,
            "model": "p150",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ntp",
            "version": "4.2.5"
          },
          {
            "_id": null,
            "model": "smartcloud entry appliance fi",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.0.4"
          },
          {
            "_id": null,
            "model": "4.2.5p186",
            "scope": null,
            "trust": 0.3,
            "vendor": "ntp",
            "version": null
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.8"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.7"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.1"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.1.5"
          },
          {
            "_id": null,
            "model": "4.2.8p4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ntp",
            "version": null
          },
          {
            "_id": null,
            "model": "flex system en6131 40gb ethernet switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.3.3"
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.3"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.75"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.3"
          },
          {
            "_id": null,
            "model": "linux x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "14.1"
          },
          {
            "_id": null,
            "model": "4.2.5p3",
            "scope": null,
            "trust": 0.3,
            "vendor": "ntp",
            "version": null
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.5"
          },
          {
            "_id": null,
            "model": "junos os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "0"
          },
          {
            "_id": null,
            "model": "security network protection",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.2.2"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.126"
          },
          {
            "_id": null,
            "model": "linux -current",
            "scope": null,
            "trust": 0.3,
            "vendor": "slackware",
            "version": null
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ntp",
            "version": "4.2.7"
          },
          {
            "_id": null,
            "model": "security network protection",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.1.2"
          },
          {
            "_id": null,
            "model": "automation stratix",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "rockwell",
            "version": "590015.6.3"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.1"
          },
          {
            "_id": null,
            "model": "strm/jsa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flex system fc3171 8gb san switch and san pass-thru",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.0.00"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.19"
          },
          {
            "_id": null,
            "model": "security access manager for mobile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.1"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.9.5"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.5"
          },
          {
            "_id": null,
            "model": "security access manager for mobile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1"
          },
          {
            "_id": null,
            "model": "security access manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "flex system en6131 40gb ethernet switch",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.5.1000"
          },
          {
            "_id": null,
            "model": "security network protection",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.1.8"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.37"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.12.9"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.8.15"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.0"
          },
          {
            "_id": null,
            "model": "qlogic 8gb intelligent pass-thru module and san switch module",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.10.1.37.00"
          },
          {
            "_id": null,
            "model": "security network protection",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.1.5"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.2"
          },
          {
            "_id": null,
            "model": "p8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ntp",
            "version": "4.2.4"
          },
          {
            "_id": null,
            "model": "ntpd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ntp",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.4"
          },
          {
            "_id": null,
            "model": "4.2.8p3",
            "scope": null,
            "trust": 0.3,
            "vendor": "ntp",
            "version": null
          },
          {
            "_id": null,
            "model": "4.2.7p111",
            "scope": null,
            "trust": 0.3,
            "vendor": "ntp",
            "version": null
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.2.4"
          },
          {
            "_id": null,
            "model": "security access manager for mobile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.4"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.11"
          },
          {
            "_id": null,
            "model": "automation stratix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rockwell",
            "version": "59000"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "security privileged identity manager fixpack",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0.28"
          },
          {
            "_id": null,
            "model": "security network protection",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.1.6"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.68"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.2.0"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.3"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ntp",
            "version": "4.2.6"
          },
          {
            "_id": null,
            "model": "security access manager for mobile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.2"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.0.12"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.2.5"
          },
          {
            "_id": null,
            "model": "security network protection",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.2.3"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.11"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.1"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.10"
          },
          {
            "_id": null,
            "model": "p74",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ntp",
            "version": "4.2.5"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.1.1"
          },
          {
            "_id": null,
            "model": "smartcloud entry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.4.0"
          },
          {
            "_id": null,
            "model": "p4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ntp",
            "version": "4.2.2"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.8"
          },
          {
            "_id": null,
            "model": "flex system en6131 40gb ethernet switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.4"
          },
          {
            "_id": null,
            "model": "smartcloud entry appliance fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.26"
          },
          {
            "_id": null,
            "model": "4.2.8p2",
            "scope": null,
            "trust": 0.3,
            "vendor": "ntp",
            "version": null
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.17"
          },
          {
            "_id": null,
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.15"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.12"
          },
          {
            "_id": null,
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "security access manager for mobile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.2"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "ib6131 gb infiniband switch",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "83.5.1000"
          },
          {
            "_id": null,
            "model": "security access manager for mobile",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.1"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.10"
          },
          {
            "_id": null,
            "model": "p1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ntp",
            "version": "4.2.2"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.14"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.9.6"
          },
          {
            "_id": null,
            "model": "smartcloud entry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "smartcloud entry appliance fi",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.4.0.4"
          },
          {
            "_id": null,
            "model": "security network protection",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.1.9"
          },
          {
            "_id": null,
            "model": "security network protection",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.1.3"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1"
          },
          {
            "_id": null,
            "model": "smartcloud entry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "14.1"
          },
          {
            "_id": null,
            "model": "flex system fc3171 8gb san switch and san pass-thru",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.7.03.00"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.3"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ntp",
            "version": "4.3.77"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.2.6"
          },
          {
            "_id": null,
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "14.0"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.14"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.0"
          },
          {
            "_id": null,
            "model": "smartcloud entry appliance fp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.0.4"
          },
          {
            "_id": null,
            "model": "p6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ntp",
            "version": "4.2.4"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.15"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.3.0"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "security network protection",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.2"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.1.0"
          },
          {
            "_id": null,
            "model": "security network protection",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.1.4"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.03"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.8.7"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.1"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.1.3"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.6"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.8.6"
          },
          {
            "_id": null,
            "model": "4.2.7p366",
            "scope": null,
            "trust": 0.3,
            "vendor": "ntp",
            "version": null
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.0.11"
          },
          {
            "_id": null,
            "model": "ib6131 gb infiniband switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "83.2"
          },
          {
            "_id": null,
            "model": "smartcloud entry",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "smartcloud entry appliance fi",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.3.0.4"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.4"
          },
          {
            "_id": null,
            "model": "security network protection",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.1.10"
          },
          {
            "_id": null,
            "model": "p4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ntp",
            "version": "4.2.4"
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.5"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.9"
          },
          {
            "_id": null,
            "model": "4.2.8p3-rc1",
            "scope": null,
            "trust": 0.3,
            "vendor": "ntp",
            "version": null
          },
          {
            "_id": null,
            "model": "security access manager for web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.2"
          },
          {
            "_id": null,
            "model": "security identity governance and intelligence",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.1"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.1.9"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.9"
          },
          {
            "_id": null,
            "model": "p7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ntp",
            "version": "4.2.4"
          },
          {
            "_id": null,
            "model": "4.2.0.a",
            "scope": null,
            "trust": 0.3,
            "vendor": "ntp",
            "version": null
          },
          {
            "_id": null,
            "model": "smartcloud entry appliance fp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.0.3"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ntp",
            "version": "4.3"
          },
          {
            "_id": null,
            "model": "linux x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.1"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0.1"
          },
          {
            "_id": null,
            "model": "linux x86 64 -current",
            "scope": null,
            "trust": 0.3,
            "vendor": "slackware",
            "version": null
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.4.0"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ntp",
            "version": "4.1.2"
          },
          {
            "_id": null,
            "model": "p5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ntp",
            "version": "4.2.4"
          },
          {
            "_id": null,
            "model": "qlogic 8gb intelligent pass-thru module and san switch module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.10"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "77285"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-588"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007697"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7692"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:ntp:ntp",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007697"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Tenable",
        "sources": [
          {
            "db": "BID",
            "id": "77285"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2015-7692",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2015-7692",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2015-7692",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2015-7692",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-7692",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2015-7692",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201510-588",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2015-7692",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2015-7692"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-588"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007697"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7692"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash).  NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. NTP Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. NTP is prone to a denial-of-service vulnerability. \nA remote attacker may exploit this issue to cause a denial-of-service condition, denying service to legitimate users. Due to the nature of this issue, code-injection may be possible; however this has not been confirmed. \nVersions prior to NTP 4.2.8p4 and 4.3.x prior to 4.3.77 are vulnerable. \nNote #2: This issue was previously titled \u0027NTP CVE-2015-7692 Denial of Service Vulnerability\u0027. The title has been changed to better reflect the vulnerability information. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201607-15\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: NTP: Multiple vulnerabilities\n     Date: July 20, 2016\n     Bugs: #563774, #572452, #581528, #584954\n       ID: 201607-15\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in NTP, the worst of which\ncould lead to Denial of Service. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-misc/ntp                \u003c 4.2.8_p8               \u003e= 4.2.8_p8\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in NTP. Please review the\nCVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll NTP users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-misc/ntp-4.2.8_p8\"\n\nReferences\n==========\n\n[  1 ] CVE-2015-7691\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7691\n[  2 ] CVE-2015-7692\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7692\n[  3 ] CVE-2015-7701\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7701\n[  4 ] CVE-2015-7702\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7702\n[  5 ] CVE-2015-7703\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7703\n[  6 ] CVE-2015-7704\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7704\n[  7 ] CVE-2015-7705\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7705\n[  8 ] CVE-2015-7848\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7848\n[  9 ] CVE-2015-7849\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7849\n[ 10 ] CVE-2015-7850\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7850\n[ 11 ] CVE-2015-7851\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7851\n[ 12 ] CVE-2015-7852\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7852\n[ 13 ] CVE-2015-7853\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7853\n[ 14 ] CVE-2015-7854\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7854\n[ 15 ] CVE-2015-7855\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7855\n[ 16 ] CVE-2015-7871\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871\n[ 17 ] CVE-2015-7973\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7973\n[ 18 ] CVE-2015-7974\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7974\n[ 19 ] CVE-2015-7975\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7975\n[ 20 ] CVE-2015-7976\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7976\n[ 21 ] CVE-2015-7977\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7977\n[ 22 ] CVE-2015-7978\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7978\n[ 23 ] CVE-2015-7979\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7979\n[ 24 ] CVE-2015-8138\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8138\n[ 25 ] CVE-2015-8139\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8139\n[ 26 ] CVE-2015-8140\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8140\n[ 27 ] CVE-2015-8158\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8158\n[ 28 ] CVE-2016-1547\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1547\n[ 29 ] CVE-2016-1548\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1548\n[ 30 ] CVE-2016-1549\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1549\n[ 31 ] CVE-2016-1550\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1550\n[ 32 ] CVE-2016-1551\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1551\n[ 33 ] CVE-2016-2516\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2516\n[ 34 ] CVE-2016-2517\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2517\n[ 35 ] CVE-2016-2518\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2518\n[ 36 ] CVE-2016-2519\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2519\n[ 37 ] CVE-2016-4953\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4953\n[ 38 ] CVE-2016-4954\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4954\n[ 39 ] CVE-2016-4955\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4955\n[ 40 ] CVE-2016-4956\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4956\n[ 41 ] CVE-2016-4957\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4957\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201607-15\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. ============================================================================\nUbuntu Security Notice USN-2783-1\nOctober 27, 2015\n\nntp vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 15.04\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in NTP. (CVE-2015-5146)\n\nMiroslav Lichvar discovered that NTP incorrectly handled logconfig\ndirectives. (CVE-2015-5194)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain statistics\ntypes. (CVE-2015-5195)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain file\npaths. (CVE-2015-5196, CVE-2015-7703)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain packets. (CVE-2015-5219)\n\nAanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that NTP\nincorrectly handled restarting after hitting a panic threshold. \n(CVE-2015-5300)\n\nIt was discovered that NTP incorrectly handled autokey data packets. \n(CVE-2015-7701)\n\nAanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that NTP\nincorrectly handled rate limiting. (CVE-2015-7704,\nCVE-2015-7705)\n\nYves Younan discovered that NTP incorrectly handled logfile and keyfile\ndirectives. (CVE-2015-7850)\n\nYves Younan and Aleksander Nikolich discovered that NTP incorrectly handled\nascii conversion. (CVE-2015-7852)\n\nYves Younan discovered that NTP incorrectly handled reference clock memory. \n(CVE-2015-7853)\n\nJohn D \"Doug\" Birdwell discovered that NTP incorrectly handled decoding\ncertain bogus values. (CVE-2015-7871)\n\nIn the default installation, attackers would be isolated by the NTP\nAppArmor profile. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n  ntp                             1:4.2.6.p5+dfsg-3ubuntu8.1\n\nUbuntu 15.04:\n  ntp                             1:4.2.6.p5+dfsg-3ubuntu6.2\n\nUbuntu 14.04 LTS:\n  ntp                             1:4.2.6.p5+dfsg-3ubuntu2.14.04.5\n\nUbuntu 12.04 LTS:\n  ntp                             1:4.2.6.p3+dfsg-1ubuntu3.6\n\nIn general, a standard system update will make all the necessary changes. 6) - i386, noarch, x86_64\n\n3. \n\nOn October 21st, 2015, NTP.org released a security advisory detailing 13 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may result in an attacker gaining the ability to modify an NTP server\u0027s advertised time. \n\nWorkarounds that mitigate one or more of the vulnerabilities may be available for certain products, please see the individual Cisco Bug IDs for details. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: ntp security and bug fix update\nAdvisory ID:       RHSA-2016:2583-02\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2016-2583.html\nIssue date:        2016-11-03\nCVE Names:         CVE-2015-5194 CVE-2015-5195 CVE-2015-5196 \n                   CVE-2015-5219 CVE-2015-7691 CVE-2015-7692 \n                   CVE-2015-7701 CVE-2015-7702 CVE-2015-7703 \n                   CVE-2015-7852 CVE-2015-7974 CVE-2015-7977 \n                   CVE-2015-7978 CVE-2015-7979 CVE-2015-8158 \n=====================================================================\n\n1. Summary:\n\nAn update for ntp is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64\n\n3. Description:\n\nThe Network Time Protocol (NTP) is used to synchronize a computer\u0027s time\nwith another referenced time source. These packages include the ntpd\nservice which continuously adjusts system time and utilities used to query\nand configure the ntpd service. \n\nSecurity Fix(es):\n\n* It was found that the fix for CVE-2014-9750 was incomplete: three issues\nwere found in the value length checks in NTP\u0027s ntp_crypto.c, where a packet\nwith particular autokey operations that contained malicious data was not\nalways being completely validated. (CVE-2015-7691, CVE-2015-7692,\nCVE-2015-7702)\n\n* A memory leak flaw was found in ntpd\u0027s CRYPTO_ASSOC. If ntpd was\nconfigured to use autokey authentication, an attacker could send packets to\nntpd that would, after several days of ongoing attack, cause it to run out\nof memory. (CVE-2015-7701)\n\n* An off-by-one flaw, leading to a buffer overflow, was found in\ncookedprint functionality of ntpq. (CVE-2015-7852)\n\n* A NULL pointer dereference flaw was found in the way ntpd processed\n\u0027ntpdc reslist\u0027 commands that queried restriction lists with a large amount\nof entries. (CVE-2015-7977)\n\n* A stack-based buffer overflow flaw was found in the way ntpd processed\n\u0027ntpdc reslist\u0027 commands that queried restriction lists with a large amount\nof entries. \n(CVE-2015-7978)\n\n* It was found that when NTP was configured in broadcast mode, a remote\nattacker could broadcast packets with bad authentication to all clients. \nThe clients, upon receiving the malformed packets, would break the\nassociation with the broadcast server, causing them to become out of sync\nover a longer period of time. (CVE-2015-7979)\n\n* It was found that ntpd could crash due to an uninitialized variable when\nprocessing malformed logconfig configuration commands. (CVE-2015-5194)\n\n* It was found that ntpd would exit with a segmentation fault when a\nstatistics type that was not enabled during compilation (e.g. timingstats)\nwas referenced by the statistics or filegen configuration command. \n(CVE-2015-5195)\n\n* It was found that NTP\u0027s :config command could be used to set the pidfile\nand driftfile paths without any restrictions. A remote attacker could use\nthis flaw to overwrite a file on the file system with a file containing the\npid of the ntpd process (immediately) or the current estimated drift of the\nsystem clock (in hourly intervals). (CVE-2015-5196, CVE-2015-7703)\n\n* It was discovered that the sntp utility could become unresponsive due to\nbeing caught in an infinite loop when processing a crafted NTP packet. \n(CVE-2015-5219)\n\n* A flaw was found in the way NTP verified trusted keys during symmetric\nkey authentication. An authenticated client (A) could use this flaw to\nmodify a packet sent between a server (B) and a client (C) using a key that\nis different from the one known to the client (A). (CVE-2015-7974)\n\n* A flaw was found in the way the ntpq client processed certain incoming\npackets in a loop in the getresponse() function. A remote attacker could\npotentially use this flaw to crash an ntpq client instance. (CVE-2015-8158)\n\nThe CVE-2015-5219 and CVE-2015-7703 issues were discovered by Miroslav\nLichvA!r (Red Hat). \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the ntpd daemon will restart automatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1242553 - ntpd doesn\u0027t reset system leap status when disarming leap timer\n1254542 - CVE-2015-5194 ntp: crash with crafted logconfig configuration command\n1254544 - CVE-2015-5195 ntp: ntpd crash when processing config commands with statistics type\n1254547 - CVE-2015-7703 ntp: config command can be used to set the pidfile and drift file paths\n1255118 - CVE-2015-5219 ntp: infinite loop in sntp processing crafted packet\n1274254 - CVE-2015-7691 CVE-2015-7692 CVE-2015-7702 ntp: incomplete checks in ntp_crypto.c\n1274255 - CVE-2015-7701 ntp: slow memory leak in CRYPTO_ASSOC\n1274261 - CVE-2015-7852 ntp: ntpq atoascii memory corruption vulnerability\n1297471 - CVE-2015-7974 ntp: missing key check allows impersonation between authenticated peers (VU#357792)\n1300269 - CVE-2015-7977 ntp: restriction list NULL pointer dereference\n1300270 - CVE-2015-7978 ntp: stack exhaustion in recursive traversal of restriction list\n1300271 - CVE-2015-7979 ntp: off-path denial of service on authenticated broadcast mode\n1300273 - CVE-2015-8158 ntp: potential infinite loop in ntpq\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nntp-4.2.6p5-25.el7.src.rpm\n\nx86_64:\nntp-4.2.6p5-25.el7.x86_64.rpm\nntp-debuginfo-4.2.6p5-25.el7.x86_64.rpm\nntpdate-4.2.6p5-25.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-25.el7.noarch.rpm\nntp-perl-4.2.6p5-25.el7.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-25.el7.x86_64.rpm\nsntp-4.2.6p5-25.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nntp-4.2.6p5-25.el7.src.rpm\n\nx86_64:\nntp-4.2.6p5-25.el7.x86_64.rpm\nntp-debuginfo-4.2.6p5-25.el7.x86_64.rpm\nntpdate-4.2.6p5-25.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-25.el7.noarch.rpm\nntp-perl-4.2.6p5-25.el7.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-25.el7.x86_64.rpm\nsntp-4.2.6p5-25.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nntp-4.2.6p5-25.el7.src.rpm\n\naarch64:\nntp-4.2.6p5-25.el7.aarch64.rpm\nntp-debuginfo-4.2.6p5-25.el7.aarch64.rpm\nntpdate-4.2.6p5-25.el7.aarch64.rpm\n\nppc64:\nntp-4.2.6p5-25.el7.ppc64.rpm\nntp-debuginfo-4.2.6p5-25.el7.ppc64.rpm\nntpdate-4.2.6p5-25.el7.ppc64.rpm\n\nppc64le:\nntp-4.2.6p5-25.el7.ppc64le.rpm\nntp-debuginfo-4.2.6p5-25.el7.ppc64le.rpm\nntpdate-4.2.6p5-25.el7.ppc64le.rpm\n\ns390x:\nntp-4.2.6p5-25.el7.s390x.rpm\nntp-debuginfo-4.2.6p5-25.el7.s390x.rpm\nntpdate-4.2.6p5-25.el7.s390x.rpm\n\nx86_64:\nntp-4.2.6p5-25.el7.x86_64.rpm\nntp-debuginfo-4.2.6p5-25.el7.x86_64.rpm\nntpdate-4.2.6p5-25.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\naarch64:\nntp-debuginfo-4.2.6p5-25.el7.aarch64.rpm\nsntp-4.2.6p5-25.el7.aarch64.rpm\n\nnoarch:\nntp-doc-4.2.6p5-25.el7.noarch.rpm\nntp-perl-4.2.6p5-25.el7.noarch.rpm\n\nppc64:\nntp-debuginfo-4.2.6p5-25.el7.ppc64.rpm\nsntp-4.2.6p5-25.el7.ppc64.rpm\n\nppc64le:\nntp-debuginfo-4.2.6p5-25.el7.ppc64le.rpm\nsntp-4.2.6p5-25.el7.ppc64le.rpm\n\ns390x:\nntp-debuginfo-4.2.6p5-25.el7.s390x.rpm\nsntp-4.2.6p5-25.el7.s390x.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-25.el7.x86_64.rpm\nsntp-4.2.6p5-25.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nntp-4.2.6p5-25.el7.src.rpm\n\nx86_64:\nntp-4.2.6p5-25.el7.x86_64.rpm\nntp-debuginfo-4.2.6p5-25.el7.x86_64.rpm\nntpdate-4.2.6p5-25.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-25.el7.noarch.rpm\nntp-perl-4.2.6p5-25.el7.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-25.el7.x86_64.rpm\nsntp-4.2.6p5-25.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-5194\nhttps://access.redhat.com/security/cve/CVE-2015-5195\nhttps://access.redhat.com/security/cve/CVE-2015-5196\nhttps://access.redhat.com/security/cve/CVE-2015-5219\nhttps://access.redhat.com/security/cve/CVE-2015-7691\nhttps://access.redhat.com/security/cve/CVE-2015-7692\nhttps://access.redhat.com/security/cve/CVE-2015-7701\nhttps://access.redhat.com/security/cve/CVE-2015-7702\nhttps://access.redhat.com/security/cve/CVE-2015-7703\nhttps://access.redhat.com/security/cve/CVE-2015-7852\nhttps://access.redhat.com/security/cve/CVE-2015-7974\nhttps://access.redhat.com/security/cve/CVE-2015-7977\nhttps://access.redhat.com/security/cve/CVE-2015-7978\nhttps://access.redhat.com/security/cve/CVE-2015-7979\nhttps://access.redhat.com/security/cve/CVE-2015-8158\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.3_Release_Notes/index.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFYGvvBXlSAg2UNWIIRAhRGAJ44LtHkhexE/w50LEGifKeLUMXYkwCgmm/0\nXqilrenZq9cyvtnH8eGxdCw=\n=XqfK\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nCVE-2015-5300\n\n    It was found that ntpd did not correctly implement the -g option:\n\n    Normally, ntpd exits with a message to the system log if the offset\n    exceeds the panic threshold, which is 1000 s by default. This\n    option allows the time to be set to any value without restriction;\n    however, this can happen only once. If the threshold is exceeded\n    after that, ntpd will exit with a message to the system log. This\n    option can be used with the -q and -x options. \n\n    ntpd could actually step the clock multiple times by more than the\n    panic threshold if its clock discipline doesn\u0027t have enough time to\n    reach the sync state and stay there for at least one update. If a\n    man-in-the-middle attacker can control the NTP traffic since ntpd\n    was started (or maybe up to 15-30 minutes after that), they can\n    prevent the client from reaching the sync state and force it to step\n    its clock by any amount any number of times, which can be used by\n    attackers to expire certificates, etc. \n\n    This is contrary to what the documentation says. Normally, the\n    assumption is that an MITM attacker can step the clock more than the\n    panic threshold only once when ntpd starts and to make a larger\n    adjustment the attacker has to divide it into multiple smaller\n    steps, each taking 15 minutes, which is slow. For example:\n\n    ntpq -c \u0027:config pidfile /tmp/ntp.pid\u0027\n    ntpq -c \u0027:config driftfile /tmp/ntp.drift\u0027\n\n    In Debian ntpd is configured to drop root privileges, which limits\n    the impact of this issue. \n\nCVE-2015-7704\n\n    If ntpd as an NTP client receives a Kiss-of-Death (KoD) packet\n    from the server to reduce its polling rate, it doesn\u0027t check if the\n    originate timestamp in the reply matches the transmit timestamp from\n    its request. An off-path attacker can send a crafted KoD packet to\n    the client, which will increase the client\u0027s polling interval to a\n    large value and effectively disable synchronization with the server. \n\nCVE-2015-7850\n\n    An exploitable denial of service vulnerability exists in the remote\n    configuration functionality of the Network Time Protocol. A\n    specially crafted configuration file could cause an endless loop\n    resulting in a denial of service.  An attacker could provide a the\n    malicious configuration file to trigger this vulnerability. \n\nCVE-2015-7855\n\n    It was found that NTP\u0027s decodenetnum() would abort with an assertion\n    failure when processing a mode 6 or mode 7 packet containing an\n    unusually long data value where a network address was expected. \n\nCVE-2015-7871\n\n    An error handling logic error exists within ntpd that manifests due\n    to improper error condition handling associated with certain\n    crypto-NAK packets. An unauthenticated, off-path attacker can force\n    ntpd processes on targeted servers to peer with time sources of the\n    attacker\u0027s choosing by transmitting symmetric active crypto-NAK\n    packets to ntpd. This attack bypasses the authentication typically\n    required to establish a peer association and allows an attacker to\n    make arbitrary changes to system time. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1:4.2.6.p5+dfsg-2+deb7u6. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1:4.2.6.p5+dfsg-7+deb8u1. \n\nFor the testing distribution (stretch), these problems have been fixed\nin version 1:4.2.8p4+dfsg-3. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:4.2.8p4+dfsg-3. \n\nWe recommend that you upgrade your ntp packages. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz:  Upgraded. \n  In addition to bug fixes and enhancements, this release fixes\n  several low and medium severity vulnerabilities. \n  For more information, see:\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9750\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5196\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p4-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p4-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p4-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p4-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p4-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p4-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 package:\n21dd14178fea17a88c9326c8672ecefd  ntp-4.2.8p4-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n8647479b2007b92ff8598184f2275263  ntp-4.2.8p4-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\ne0f122e8e271dc84db06202c03cc0288  ntp-4.2.8p4-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\ndb0aff04b72b3d8c96ca8c8e1ed36c05  ntp-4.2.8p4-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n5914e43e886e5ff88fefd30083493e30  ntp-4.2.8p4-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n4335c3bf2ae24afc5ad734e8d80b3e94  ntp-4.2.8p4-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n39b05698797b638b67130e0b170e0a4b  ntp-4.2.8p4-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\ndcf4a56ba1d013ee1c9d0e624e158709  ntp-4.2.8p4-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n1fd3a7beaf23303e2c211af377662614  ntp-4.2.8p4-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n438c3185aa8ec20d1c2b5e51786e4d41  ntp-4.2.8p4-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n81bfb2fed450cb26a51b5e1cee0d33ed  n/ntp-4.2.8p4-i586-1.txz\n\nSlackware x86_64 -current package:\n8bae4ad633af40d4d54b7686e4b225f9  n/ntp-4.2.8p4-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg ntp-4.2.8p4-i486-1_slack14.1.txz\n\nThen, restart the NTP daemon:\n\n# sh /etc/rc.d/rc.ntpd restart\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-7692"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007697"
          },
          {
            "db": "BID",
            "id": "77285"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7692"
          },
          {
            "db": "PACKETSTORM",
            "id": "137992"
          },
          {
            "db": "PACKETSTORM",
            "id": "134102"
          },
          {
            "db": "PACKETSTORM",
            "id": "136963"
          },
          {
            "db": "PACKETSTORM",
            "id": "134034"
          },
          {
            "db": "PACKETSTORM",
            "id": "139511"
          },
          {
            "db": "PACKETSTORM",
            "id": "134162"
          },
          {
            "db": "PACKETSTORM",
            "id": "134137"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2015-7692",
            "trust": 3.5
          },
          {
            "db": "BID",
            "id": "77285",
            "trust": 2.0
          },
          {
            "db": "SECTRACK",
            "id": "1033951",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007697",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-588",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-094-04",
            "trust": 0.4
          },
          {
            "db": "JUNIPER",
            "id": "JSA10711",
            "trust": 0.3
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7692",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "137992",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "134102",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "136963",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "134034",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "139511",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "134162",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "134137",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2015-7692"
          },
          {
            "db": "BID",
            "id": "77285"
          },
          {
            "db": "PACKETSTORM",
            "id": "137992"
          },
          {
            "db": "PACKETSTORM",
            "id": "134102"
          },
          {
            "db": "PACKETSTORM",
            "id": "136963"
          },
          {
            "db": "PACKETSTORM",
            "id": "134034"
          },
          {
            "db": "PACKETSTORM",
            "id": "139511"
          },
          {
            "db": "PACKETSTORM",
            "id": "134162"
          },
          {
            "db": "PACKETSTORM",
            "id": "134137"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-588"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007697"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7692"
          }
        ]
      },
      "id": "VAR-201708-0212",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.20833333
      },
      "last_update_date": "2026-03-09T22:31:06.390000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Bug 1274254",
            "trust": 0.8,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274254"
          },
          {
            "title": "NTP Bug 2899",
            "trust": 0.8,
            "url": "http://support.ntp.org/bin/view/Main/NtpBug2899"
          },
          {
            "title": "NTP Remediation measures for denial of service vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=119774"
          },
          {
            "title": "Red Hat: Moderate: ntp security and bug fix update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20162583 - Security Advisory"
          },
          {
            "title": "Red Hat: CVE-2015-7692",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2015-7692"
          },
          {
            "title": "Amazon Linux AMI: ALAS-2015-607",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2015-607"
          },
          {
            "title": "Ubuntu Security Notice: ntp vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2783-1"
          },
          {
            "title": "Debian Security Advisories: DSA-3388-1 ntp -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=61fe4252a877d02aaea1c931efa0a305"
          },
          {
            "title": "Symantec Security Advisories: SA103 : October 2015 NTP Security Vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=f5e05389a60d3a56f2a0ad0ec21579d9"
          },
          {
            "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - April 2016",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=83bbd91f8369c8f064e6d68dac68400f"
          },
          {
            "title": "Cisco: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20151021-ntp"
          },
          {
            "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eb439566c9130adc92d21bc093204cf8"
          },
          {
            "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2016",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=13f3551b67d913fba90df4b2c0dae0bf"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2015-7692"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-588"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007697"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007697"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7692"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/77285"
          },
          {
            "trust": 1.8,
            "url": "https://security.gentoo.org/glsa/201607-15"
          },
          {
            "trust": 1.8,
            "url": "http://rhn.redhat.com/errata/rhsa-2016-2583.html"
          },
          {
            "trust": 1.8,
            "url": "http://rhn.redhat.com/errata/rhsa-2016-0780.html"
          },
          {
            "trust": 1.7,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274254"
          },
          {
            "trust": 1.7,
            "url": "http://support.ntp.org/bin/view/main/ntpbug2899"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1033951"
          },
          {
            "trust": 1.7,
            "url": "http://www.debian.org/security/2015/dsa-3388"
          },
          {
            "trust": 1.7,
            "url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
          },
          {
            "trust": 1.7,
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
          },
          {
            "trust": 1.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7692"
          },
          {
            "trust": 0.9,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7692"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7702"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7852"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7701"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7691"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7703"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7871"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7855"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7704"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7850"
          },
          {
            "trust": 0.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-094-04"
          },
          {
            "trust": 0.4,
            "url": "http://support.ntp.org/bin/view/main/securitynotice#recent_vulnerabilities"
          },
          {
            "trust": 0.4,
            "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151021-ntp"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7705"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7853"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5219"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5194"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5195"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2015-7692"
          },
          {
            "trust": 0.3,
            "url": "https://github.com/ntp-project/ntp/blob/stable/news#l295"
          },
          {
            "trust": 0.3,
            "url": "http://www.ntp.org"
          },
          {
            "trust": 0.3,
            "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10711"
          },
          {
            "trust": 0.3,
            "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10711\u0026cat=sirt_1\u0026actp=list"
          },
          {
            "trust": 0.3,
            "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.asc"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024157"
          },
          {
            "trust": 0.3,
            "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099260"
          },
          {
            "trust": 0.3,
            "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099225"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985122"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986956"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988706"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989542"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7978"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7848"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7849"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7854"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7977"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7851"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5196"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7979"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7974"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8158"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5300"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5146"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2015-5219"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2015-5194"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2015-7978"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2015-7702"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2015-7977"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.2,
            "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2015-7691"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2015-5195"
          },
          {
            "trust": 0.2,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2015-7701"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2015-7852"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2015-7703"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9750"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/20.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2016:2583"
          },
          {
            "trust": 0.1,
            "url": "https://usn.ubuntu.com/2783-1/"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7702"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1549"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7849"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7852"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7978"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8140"
          },
          {
            "trust": 0.1,
            "url": "https://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1551"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2516"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7975"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7973"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8138"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8139"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8158"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4954"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4956"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7973"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7853"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7704"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8140"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7691"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8139"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4957"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7703"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7855"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4955"
          },
          {
            "trust": 0.1,
            "url": "http://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7705"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2517"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1548"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1547"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7854"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1547"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2519"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2518"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7851"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7871"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7977"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7848"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1550"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7850"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7701"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7692"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8138"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7979"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7974"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4953"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7975"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7976"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7976"
          },
          {
            "trust": 0.1,
            "url": "http://www.ubuntu.com/usn/usn-2783-1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu8.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.5"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.6"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu6.2"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/6.8_technical_notes/index.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/6.8_release_notes/index.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.cs.bu.edu/~goldbe/ntpattack.html"
          },
          {
            "trust": 0.1,
            "url": "http://gpgtools.org"
          },
          {
            "trust": 0.1,
            "url": "http://talosintel.com/vulnerability-reports/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2015-7979"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2015-8158"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.3_release_notes/index.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2015-7974"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2015-5196"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9751"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3405"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7704"
          },
          {
            "trust": 0.1,
            "url": "http://slackware.com"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7848"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7705"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7701"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7691"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5196"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7849"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7850"
          },
          {
            "trust": 0.1,
            "url": "http://slackware.com/gpg-key"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7852"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7855"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9750"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7854"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7702"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7871"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7851"
          },
          {
            "trust": 0.1,
            "url": "http://osuosl.org)"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7853"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2015-7692"
          },
          {
            "db": "BID",
            "id": "77285"
          },
          {
            "db": "PACKETSTORM",
            "id": "137992"
          },
          {
            "db": "PACKETSTORM",
            "id": "134102"
          },
          {
            "db": "PACKETSTORM",
            "id": "136963"
          },
          {
            "db": "PACKETSTORM",
            "id": "134034"
          },
          {
            "db": "PACKETSTORM",
            "id": "139511"
          },
          {
            "db": "PACKETSTORM",
            "id": "134162"
          },
          {
            "db": "PACKETSTORM",
            "id": "134137"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-588"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007697"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7692"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2015-7692",
            "ident": null
          },
          {
            "db": "BID",
            "id": "77285",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "137992",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "134102",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "136963",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "134034",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "139511",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "134162",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "134137",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-588",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007697",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7692",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2017-08-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-7692",
            "ident": null
          },
          {
            "date": "2015-10-21T00:00:00",
            "db": "BID",
            "id": "77285",
            "ident": null
          },
          {
            "date": "2016-07-21T15:56:23",
            "db": "PACKETSTORM",
            "id": "137992",
            "ident": null
          },
          {
            "date": "2015-10-27T23:30:50",
            "db": "PACKETSTORM",
            "id": "134102",
            "ident": null
          },
          {
            "date": "2016-05-11T14:00:18",
            "db": "PACKETSTORM",
            "id": "136963",
            "ident": null
          },
          {
            "date": "2015-10-21T19:22:22",
            "db": "PACKETSTORM",
            "id": "134034",
            "ident": null
          },
          {
            "date": "2016-11-03T10:21:00",
            "db": "PACKETSTORM",
            "id": "139511",
            "ident": null
          },
          {
            "date": "2015-11-02T16:48:39",
            "db": "PACKETSTORM",
            "id": "134162",
            "ident": null
          },
          {
            "date": "2015-10-30T23:22:57",
            "db": "PACKETSTORM",
            "id": "134137",
            "ident": null
          },
          {
            "date": "2015-10-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201510-588",
            "ident": null
          },
          {
            "date": "2017-09-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-007697",
            "ident": null
          },
          {
            "date": "2017-08-07T20:29:00.573000",
            "db": "NVD",
            "id": "CVE-2015-7692",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2020-06-18T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-7692",
            "ident": null
          },
          {
            "date": "2017-05-23T16:23:00",
            "db": "BID",
            "id": "77285",
            "ident": null
          },
          {
            "date": "2020-05-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201510-588",
            "ident": null
          },
          {
            "date": "2017-09-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-007697",
            "ident": null
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2015-7692",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "134102"
          },
          {
            "db": "PACKETSTORM",
            "id": "136963"
          },
          {
            "db": "PACKETSTORM",
            "id": "134034"
          },
          {
            "db": "PACKETSTORM",
            "id": "139511"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-588"
          }
        ],
        "trust": 1.0
      },
      "title": {
        "_id": null,
        "data": "NTP Input validation vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007697"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-588"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202109-1790

    Vulnerability from variot - Updated: 2026-03-09 22:30

    A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (--ssl-reqd on the command line orCURLOPT_USE_SSL set to CURLUSESSL_CONTROL or CURLUSESSL_ALL withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations withoutTLS contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network. A security issue was found in curl prior to 7.79.0. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    APPLE-SA-2022-03-14-4 macOS Monterey 12.3

    macOS Monterey 12.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213183.

    Accelerate Framework Available for: macOS Monterey Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-22633: an anonymous researcher

    AMD Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22669: an anonymous researcher

    AppKit Available for: macOS Monterey Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22665: Lockheed Martin Red Team

    AppleGraphicsControl Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22631: an anonymous researcher

    AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro

    AppleScript Available for: macOS Monterey Impact: An application may be able to read restricted memory Description: This issue was addressed with improved checks. CVE-2022-22648: an anonymous researcher

    AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro CVE-2022-22627: Qi Sun and Robert Ai of Trend Micro

    AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2022-22597: Qi Sun and Robert Ai of Trend Micro

    BOM Available for: macOS Monterey Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)

    curl Available for: macOS Monterey Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.79.1. CVE-2021-22946 CVE-2021-22947 CVE-2021-22945 CVE-2022-22623

    FaceTime Available for: macOS Monterey Impact: A user may send audio and video in a FaceTime call without knowing that they have done so Description: This issue was addressed with improved checks. CVE-2022-22643: Sonali Luthar of the University of Virginia, Michael Liao of the University of Illinois at Urbana-Champaign, Rohan Pahwa of Rutgers University, and Bao Nguyen of the University of Florida

    ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22611: Xingyu Jin of Google

    ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to heap corruption Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-22612: Xingyu Jin of Google

    Intel Graphics Driver Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba Security Pandora Lab

    IOGPUFamily Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22641: Mohamed Ghannam (@_simo36)

    Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22613: Alex, an anonymous researcher

    Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22614: an anonymous researcher CVE-2022-22615: an anonymous researcher

    Kernel Available for: macOS Monterey Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved state management. CVE-2022-22632: Keegan Saunders

    Kernel Available for: macOS Monterey Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A null pointer dereference was addressed with improved validation. CVE-2022-22638: derrek (@derrekr6)

    Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-22640: sqrtpwn

    libarchive Available for: macOS Monterey Impact: Multiple issues in libarchive Description: Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation. CVE-2021-36976

    Login Window Available for: macOS Monterey Impact: A person with access to a Mac may be able to bypass Login Window Description: This issue was addressed with improved checks. CVE-2022-22647: an anonymous researcher

    LoginWindow Available for: macOS Monterey Impact: A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen Description: An authentication issue was addressed with improved state management. CVE-2022-22656

    GarageBand MIDI Available for: macOS Monterey Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-22657: Brandon Perry of Atredis Partners

    GarageBand MIDI Available for: macOS Monterey Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22664: Brandon Perry of Atredis Partners

    NSSpellChecker Available for: macOS Monterey Impact: A malicious application may be able to access information about a user's contacts Description: A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. CVE-2022-22644: an anonymous researcher

    PackageKit Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22617: Mickey Jin (@patch1t)

    Preferences Available for: macOS Monterey Impact: A malicious application may be able to read other applications' settings Description: The issue was addressed with additional permissions checks. CVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)

    QuickTime Player Available for: macOS Monterey Impact: A plug-in may be able to inherit the application's permissions and access user data Description: This issue was addressed with improved checks. CVE-2022-22650: Wojciech Reguła (@_r3ggi) of SecuRing

    Safari Downloads Available for: macOS Monterey Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)

    Sandbox Available for: macOS Monterey Impact: A malicious application may be able to bypass certain Privacy preferences Description: The issue was addressed with improved permissions logic. CVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited, Khiem Tran

    Siri Available for: macOS Monterey Impact: A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen Description: A permissions issue was addressed with improved validation. CVE-2022-22599: Andrew Goldberg of the University of Texas at Austin, McCombs School of Business (linkedin.com/andrew-goldberg/)

    SMB Available for: macOS Monterey Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22651: Felix Poulin-Belanger

    SoftwareUpdate Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22639: Mickey Jin (@patch1t)

    System Preferences Available for: macOS Monterey Impact: An app may be able to spoof system notifications and UI Description: This issue was addressed with a new entitlement. CVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes)

    UIKit Available for: macOS Monterey Impact: A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions Description: This issue was addressed with improved checks. CVE-2022-22621: Joey Hewitt

    Vim Available for: macOS Monterey Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2021-4136 CVE-2021-4166 CVE-2021-4173 CVE-2021-4187 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 CVE-2022-0156 CVE-2022-0158

    VoiceOver Available for: macOS Monterey Impact: A user may be able to view restricted content from the lock screen Description: A lock screen issue was addressed with improved state management. CVE-2021-30918: an anonymous researcher

    WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A cookie management issue was addressed with improved state management. WebKit Bugzilla: 232748 CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix

    WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 232812 CVE-2022-22610: Quan Yin of Bigo Technology Live Client Team

    WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 233172 CVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab WebKit Bugzilla: 234147 CVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab

    WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 234966 CVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro Zero Day Initiative

    WebKit Available for: macOS Monterey Impact: A malicious website may cause unexpected cross-origin behavior Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 235294 CVE-2022-22637: Tom McKee of Google

    Wi-Fi Available for: macOS Monterey Impact: A malicious application may be able to leak sensitive user information Description: A logic issue was addressed with improved restrictions. CVE-2022-22668: MrPhil17

    xar Available for: macOS Monterey Impact: A local user may be able to write arbitrary files Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. CVE-2022-22582: Richard Warren of NCC Group

    Additional recognition

    AirDrop We would like to acknowledge Omar Espino (omespino.com), Ron Masas of BreakPoint.sh for their assistance.

    Bluetooth We would like to acknowledge an anonymous researcher, chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab for their assistance.

    Face Gallery We would like to acknowledge Tian Zhang (@KhaosT) for their assistance.

    Intel Graphics Driver We would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi Wu (@3ndy1) for their assistance.

    Local Authentication We would like to acknowledge an anonymous researcher for their assistance.

    Notes We would like to acknowledge Nathaniel Ekoniak of Ennate Technologies for their assistance.

    Password Manager We would like to acknowledge Maximilian Golla (@m33x) of Max Planck Institute for Security and Privacy (MPI-SP) for their assistance.

    Siri We would like to acknowledge an anonymous researcher for their assistance.

    syslog We would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for their assistance.

    TCC We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.

    UIKit We would like to acknowledge Tim Shadel of Day Logger, Inc. for their assistance.

    WebKit We would like to acknowledge Abdullah Md Shaleh for their assistance.

    WebKit Storage We would like to acknowledge Martin Bajanik of FingerprintJS for their assistance.

    macOS Monterey 12.3 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.

    This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0O4ACgkQeC9qKD1p rhjGGRAAjqIyEzN+LAk+2uzHIMQNEwav9fqo/ZNoYAOzNgActK56PIC/PBM3SzHd LrGFKbBq/EMU4EqXT6ycB7/uZfaAZVCBDNo1qOoYNHXnKtGL2Z/96mV14qbSmRvC jfg1pC0G1jPTxJKvHhuQSZHDGj+BI458fwuTY48kjCnzlWf9dKr2kdjUjE38X9RM 0upKVKqY+oWdbn5jPwgZ408NOqzHrHDW1iIYd4v9UrKN3pfMGDzVZTr/offL6VFL osOVWv1IZvXrhPsrtd2KfG0hTHz71vShVZ7jGAsGEdC/mT79zwFbYuzBFy791xFa rizr/ZWGfWBSYy8O90d1l13lDlE739YPc/dt1mjcvP9FTnzMwBagy+6//zAVe0v/ KZOjmvtK5sRvrQH54E8qTYitdMpY2aZhfT6D8tcl+98TjxTDNXXj/gypdCXNWqyB L1PtFhTjQ0WnzUNB7sosM0zAjfZ1iPAZq0XHDQ6p6gEdVavNOHo/ekgibVm5f1pi kwBHkKyq55QbzipDWwXl6Owk/iaHPxgENYb78BpeUQSFei+IYDUsyLkPh3L95PHZ JSyKOtbBArlYOWcxlYHn+hDK8iotA1c/SHDefYOoNkp1uP853Ge09eWq+zMzUwEo GXXJYMi1Q8gmJ9wK/A3d/FKY4FBZxpByUUgjYhiMKTU5cSeihaI= =RiA+ -----END PGP SIGNATURE-----

    . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ===================================================================== Red Hat Security Advisory

    Synopsis: Moderate: curl security update Advisory ID: RHSA-2022:0635-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0635 Issue date: 2022-02-22 CVE Names: CVE-2021-22946 CVE-2021-22947 =====================================================================

    1. Summary:

    An update for curl is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.

    Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64

    1. Description:

    The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

    Security Fix(es):

    • curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols (CVE-2021-22946)

    • curl: Server responses received before STARTTLS processed after TLS handshake (CVE-2021-22947)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    1. Package List:

    Red Hat Enterprise Linux BaseOS EUS (v. 8.2):

    Source: curl-7.61.1-12.el8_2.4.src.rpm

    aarch64: curl-7.61.1-12.el8_2.4.aarch64.rpm curl-debuginfo-7.61.1-12.el8_2.4.aarch64.rpm curl-debugsource-7.61.1-12.el8_2.4.aarch64.rpm curl-minimal-debuginfo-7.61.1-12.el8_2.4.aarch64.rpm libcurl-7.61.1-12.el8_2.4.aarch64.rpm libcurl-debuginfo-7.61.1-12.el8_2.4.aarch64.rpm libcurl-devel-7.61.1-12.el8_2.4.aarch64.rpm libcurl-minimal-7.61.1-12.el8_2.4.aarch64.rpm libcurl-minimal-debuginfo-7.61.1-12.el8_2.4.aarch64.rpm

    ppc64le: curl-7.61.1-12.el8_2.4.ppc64le.rpm curl-debuginfo-7.61.1-12.el8_2.4.ppc64le.rpm curl-debugsource-7.61.1-12.el8_2.4.ppc64le.rpm curl-minimal-debuginfo-7.61.1-12.el8_2.4.ppc64le.rpm libcurl-7.61.1-12.el8_2.4.ppc64le.rpm libcurl-debuginfo-7.61.1-12.el8_2.4.ppc64le.rpm libcurl-devel-7.61.1-12.el8_2.4.ppc64le.rpm libcurl-minimal-7.61.1-12.el8_2.4.ppc64le.rpm libcurl-minimal-debuginfo-7.61.1-12.el8_2.4.ppc64le.rpm

    s390x: curl-7.61.1-12.el8_2.4.s390x.rpm curl-debuginfo-7.61.1-12.el8_2.4.s390x.rpm curl-debugsource-7.61.1-12.el8_2.4.s390x.rpm curl-minimal-debuginfo-7.61.1-12.el8_2.4.s390x.rpm libcurl-7.61.1-12.el8_2.4.s390x.rpm libcurl-debuginfo-7.61.1-12.el8_2.4.s390x.rpm libcurl-devel-7.61.1-12.el8_2.4.s390x.rpm libcurl-minimal-7.61.1-12.el8_2.4.s390x.rpm libcurl-minimal-debuginfo-7.61.1-12.el8_2.4.s390x.rpm

    x86_64: curl-7.61.1-12.el8_2.4.x86_64.rpm curl-debuginfo-7.61.1-12.el8_2.4.i686.rpm curl-debuginfo-7.61.1-12.el8_2.4.x86_64.rpm curl-debugsource-7.61.1-12.el8_2.4.i686.rpm curl-debugsource-7.61.1-12.el8_2.4.x86_64.rpm curl-minimal-debuginfo-7.61.1-12.el8_2.4.i686.rpm curl-minimal-debuginfo-7.61.1-12.el8_2.4.x86_64.rpm libcurl-7.61.1-12.el8_2.4.i686.rpm libcurl-7.61.1-12.el8_2.4.x86_64.rpm libcurl-debuginfo-7.61.1-12.el8_2.4.i686.rpm libcurl-debuginfo-7.61.1-12.el8_2.4.x86_64.rpm libcurl-devel-7.61.1-12.el8_2.4.i686.rpm libcurl-devel-7.61.1-12.el8_2.4.x86_64.rpm libcurl-minimal-7.61.1-12.el8_2.4.i686.rpm libcurl-minimal-7.61.1-12.el8_2.4.x86_64.rpm libcurl-minimal-debuginfo-7.61.1-12.el8_2.4.i686.rpm libcurl-minimal-debuginfo-7.61.1-12.el8_2.4.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2021-22946 https://access.redhat.com/security/cve/CVE-2021-22947 https://access.redhat.com/security/updates/classification/#moderate

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2022 Red Hat, Inc. ========================================================================== Ubuntu Security Notice USN-5079-3 September 21, 2021

    curl vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 18.04 LTS

    Summary:

    USN-5079-1 introduced a regression in curl. One of the fixes introduced a regression on Ubuntu 18.04 LTS. This update fixes the problem.

    We apologize for the inconvenience.

    Original advisory details:

    It was discovered that curl incorrect handled memory when sending data to an MQTT server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-22945) Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. (CVE-2021-22946) Patrick Monnerat discovered that curl incorrectly handled responses received before STARTTLS. A remote attacker could possibly use this issue to inject responses and intercept communications. (CVE-2021-22947)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.16 libcurl3-gnutls 7.58.0-2ubuntu3.16 libcurl3-nss 7.58.0-2ubuntu3.16 libcurl4 7.58.0-2ubuntu3.16

    In general, a standard system update will make all the necessary changes. Summary:

    The Migration Toolkit for Containers (MTC) 1.5.2 is now available. Description:

    The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):

    2000734 - CVE-2021-3757 nodejs-immer: prototype pollution may lead to DoS or remote code execution 2005438 - Combining Rsync and Stunnel in a single pod can degrade performance (1.5 backport) 2006842 - MigCluster CR remains in "unready" state and source registry is inaccessible after temporary shutdown of source cluster 2007429 - "oc describe" and "oc log" commands on "Migration resources" tree cannot be copied after failed migration 2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)

    1. Solution:

    For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:

    https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html

    For Red Hat OpenShift Logging 5.1, see the following instructions to apply this update:

    https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option 1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option

    1. JIRA issues fixed (https://issues.jboss.org/):

    LOG-1858 - OpenShift Alerting Rules Style-Guide Compliance LOG-1917 - [release-5.1] Fluentd logs emit transaction failed: error_class=NoMethodError while forwarding to external syslog server

    6

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "h300s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "h410s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "communications cloud native core binding support function",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "22.1.3"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.1.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "h700s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "communications cloud native core console",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "22.2.0"
          },
          {
            "_id": null,
            "model": "communications cloud native core service communication proxy",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "1.15.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.0.6"
          },
          {
            "_id": null,
            "model": "sinec infrastructure network services",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "1.0.1.1"
          },
          {
            "_id": null,
            "model": "communications cloud native core network function cloud native environment",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "1.10.0"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.0.0"
          },
          {
            "_id": null,
            "model": "communications cloud native core network repository function",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "22.2.0"
          },
          {
            "_id": null,
            "model": "mysql server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.0.26"
          },
          {
            "_id": null,
            "model": "communications cloud native core security edge protection proxy",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "22.1.1"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "33"
          },
          {
            "_id": null,
            "model": "mysql server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "5.7.0"
          },
          {
            "_id": null,
            "model": "communications cloud native core network slice selection function",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "1.8.0"
          },
          {
            "_id": null,
            "model": "macos",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "12.3"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "8.2.0"
          },
          {
            "_id": null,
            "model": "oncommand workflow automation",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "oncommand insight",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.20.0"
          },
          {
            "_id": null,
            "model": "mysql server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.0.0"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "8.2.12"
          },
          {
            "_id": null,
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.58"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "35"
          },
          {
            "_id": null,
            "model": "snapcenter",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.57"
          },
          {
            "_id": null,
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.59"
          },
          {
            "_id": null,
            "model": "communications cloud native core binding support function",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "1.11.0"
          },
          {
            "_id": null,
            "model": "solidfire baseboard management controller",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "h500e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "h700e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.79.0"
          },
          {
            "_id": null,
            "model": "communications cloud native core network repository function",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "22.1.0"
          },
          {
            "_id": null,
            "model": "h300e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "mysql server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "5.7.35"
          },
          {
            "_id": null,
            "model": "cloud backup",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "communications cloud native core network repository function",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "1.15.0"
          },
          {
            "_id": null,
            "model": "clustered data ontap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "h500s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "communications cloud native core network repository function",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "1.15.1"
          },
          {
            "_id": null,
            "model": "commerce guided search",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "11.3.2"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-22946"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "165631"
          },
          {
            "db": "PACKETSTORM",
            "id": "166112"
          },
          {
            "db": "PACKETSTORM",
            "id": "165099"
          },
          {
            "db": "PACKETSTORM",
            "id": "164993"
          }
        ],
        "trust": 0.4
      },
      "cve": "CVE-2021-22946",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2021-22946",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-381420",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-22946",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-22946",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202109-997",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-381420",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381420"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-997"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22946"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "A user can tell curl \u003e= 7.20.0 and \u003c= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network. A security issue was found in curl prior to 7.79.0. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-03-14-4 macOS Monterey 12.3\n\nmacOS Monterey 12.3 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213183. \n\nAccelerate Framework\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-22633: an anonymous researcher\n\nAMD\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22669: an anonymous researcher\n\nAppKit\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to gain root privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2022-22665: Lockheed Martin Red Team\n\nAppleGraphicsControl\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22631: an anonymous researcher\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: An application may be able to read restricted memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-22648: an anonymous researcher\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro\nCVE-2022-22627: Qi Sun and Robert Ai of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted file may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-22597: Qi Sun and Robert Ai of Trend Micro\n\nBOM\nAvailable for: macOS Monterey\nImpact: A maliciously crafted ZIP archive may bypass Gatekeeper\nchecks\nDescription: This issue was addressed with improved checks. \nCVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley\n(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)\n\ncurl\nAvailable for: macOS Monterey\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.79.1. \nCVE-2021-22946\nCVE-2021-22947\nCVE-2021-22945\nCVE-2022-22623\n\nFaceTime\nAvailable for: macOS Monterey\nImpact: A user may send audio and video in a FaceTime call without\nknowing that they have done so\nDescription: This issue was addressed with improved checks. \nCVE-2022-22643: Sonali Luthar of the University of Virginia, Michael\nLiao of the University of Illinois at Urbana-Champaign, Rohan Pahwa\nof Rutgers University, and Bao Nguyen of the University of Florida\n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-22611: Xingyu Jin of Google\n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may lead to heap\ncorruption\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-22612: Xingyu Jin of Google\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba\nSecurity Pandora Lab\n\nIOGPUFamily\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22641: Mohamed Ghannam (@_simo36)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22613: Alex, an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22614: an anonymous researcher\nCVE-2022-22615: an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to elevate privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22632: Keegan Saunders\n\nKernel\nAvailable for: macOS Monterey\nImpact: An attacker in a privileged position may be able to perform a\ndenial of service attack\nDescription: A null pointer dereference was addressed with improved\nvalidation. \nCVE-2022-22638: derrek (@derrekr6)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-22640: sqrtpwn\n\nlibarchive\nAvailable for: macOS Monterey\nImpact: Multiple issues in libarchive\nDescription: Multiple memory corruption issues existed in libarchive. \nThese issues were addressed with improved input validation. \nCVE-2021-36976\n\nLogin Window\nAvailable for: macOS Monterey\nImpact: A person with access to a Mac may be able to bypass Login\nWindow\nDescription: This issue was addressed with improved checks. \nCVE-2022-22647: an anonymous researcher\n\nLoginWindow\nAvailable for: macOS Monterey\nImpact: A local attacker may be able to view the previous logged in\nuser\u2019s desktop from the fast user switching screen\nDescription: An authentication issue was addressed with improved\nstate management. \nCVE-2022-22656\n\nGarageBand MIDI\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2022-22657: Brandon Perry of Atredis Partners\n\nGarageBand MIDI\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2022-22664: Brandon Perry of Atredis Partners\n\nNSSpellChecker\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to access information\nabout a user\u0027s contacts\nDescription: A privacy issue existed in the handling of Contact\ncards. This was addressed with improved state management. \nCVE-2022-22644: an anonymous researcher\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22617: Mickey Jin (@patch1t)\n\nPreferences\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to read other\napplications\u0027 settings\nDescription: The issue was addressed with additional permissions\nchecks. \nCVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nQuickTime Player\nAvailable for: macOS Monterey\nImpact: A plug-in may be able to inherit the application\u0027s\npermissions and access user data\nDescription: This issue was addressed with improved checks. \nCVE-2022-22650: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nSafari Downloads\nAvailable for: macOS Monterey\nImpact: A maliciously crafted ZIP archive may bypass Gatekeeper\nchecks\nDescription: This issue was addressed with improved checks. \nCVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley\n(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)\n\nSandbox\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: The issue was addressed with improved permissions logic. \nCVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited,\nKhiem Tran\n\nSiri\nAvailable for: macOS Monterey\nImpact: A person with physical access to a device may be able to use\nSiri to obtain some location information from the lock screen\nDescription: A permissions issue was addressed with improved\nvalidation. \nCVE-2022-22599: Andrew Goldberg of the University of Texas at Austin,\nMcCombs School of Business (linkedin.com/andrew-goldberg/)\n\nSMB\nAvailable for: macOS Monterey\nImpact: A remote attacker may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22651: Felix Poulin-Belanger\n\nSoftwareUpdate\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22639: Mickey Jin (@patch1t)\n\nSystem Preferences\nAvailable for: macOS Monterey\nImpact: An app may be able to spoof system notifications and UI\nDescription: This issue was addressed with a new entitlement. \nCVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes)\n\nUIKit\nAvailable for: macOS Monterey\nImpact: A person with physical access to an iOS device may be able to\nsee sensitive information via keyboard suggestions\nDescription: This issue was addressed with improved checks. \nCVE-2022-22621: Joey Hewitt\n\nVim\nAvailable for: macOS Monterey\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2021-4136\nCVE-2021-4166\nCVE-2021-4173\nCVE-2021-4187\nCVE-2021-4192\nCVE-2021-4193\nCVE-2021-46059\nCVE-2022-0128\nCVE-2022-0156\nCVE-2022-0158\n\nVoiceOver\nAvailable for: macOS Monterey\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A lock screen issue was addressed with improved state\nmanagement. \nCVE-2021-30918: an anonymous researcher\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A cookie management issue was addressed with improved\nstate management. \nWebKit Bugzilla: 232748\nCVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 232812\nCVE-2022-22610: Quan Yin of Bigo Technology Live Client Team\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 233172\nCVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\nWebKit Bugzilla: 234147\nCVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 234966\nCVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro\nZero Day Initiative\n\nWebKit\nAvailable for: macOS Monterey\nImpact: A malicious website may cause unexpected cross-origin\nbehavior\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 235294\nCVE-2022-22637: Tom McKee of Google\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to leak sensitive user\ninformation\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-22668: MrPhil17\n\nxar\nAvailable for: macOS Monterey\nImpact: A local user may be able to write arbitrary files\nDescription: A validation issue existed in the handling of symlinks. \nThis issue was addressed with improved validation of symlinks. \nCVE-2022-22582: Richard Warren of NCC Group\n\nAdditional recognition\n\nAirDrop\nWe would like to acknowledge Omar Espino (omespino.com), Ron Masas of\nBreakPoint.sh for their assistance. \n\nBluetooth\nWe would like to acknowledge an anonymous researcher, chenyuwang\n(@mzzzz__) of Tencent Security Xuanwu Lab for their assistance. \n\nFace Gallery\nWe would like to acknowledge Tian Zhang (@KhaosT) for their\nassistance. \n\nIntel Graphics Driver\nWe would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi\nWu (@3ndy1) for their assistance. \n\nLocal Authentication\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nNotes\nWe would like to acknowledge Nathaniel Ekoniak of Ennate Technologies\nfor their assistance. \n\nPassword Manager\nWe would like to acknowledge Maximilian Golla (@m33x) of Max Planck\nInstitute for Security and Privacy (MPI-SP) for their assistance. \n\nSiri\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nsyslog\nWe would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for\ntheir assistance. \n\nTCC\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nUIKit\nWe would like to acknowledge Tim Shadel of Day Logger, Inc. for their\nassistance. \n\nWebKit\nWe would like to acknowledge Abdullah Md Shaleh for their assistance. \n\nWebKit Storage\nWe would like to acknowledge Martin Bajanik of FingerprintJS for\ntheir assistance. \n\nmacOS Monterey 12.3 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0O4ACgkQeC9qKD1p\nrhjGGRAAjqIyEzN+LAk+2uzHIMQNEwav9fqo/ZNoYAOzNgActK56PIC/PBM3SzHd\nLrGFKbBq/EMU4EqXT6ycB7/uZfaAZVCBDNo1qOoYNHXnKtGL2Z/96mV14qbSmRvC\njfg1pC0G1jPTxJKvHhuQSZHDGj+BI458fwuTY48kjCnzlWf9dKr2kdjUjE38X9RM\n0upKVKqY+oWdbn5jPwgZ408NOqzHrHDW1iIYd4v9UrKN3pfMGDzVZTr/offL6VFL\nosOVWv1IZvXrhPsrtd2KfG0hTHz71vShVZ7jGAsGEdC/mT79zwFbYuzBFy791xFa\nrizr/ZWGfWBSYy8O90d1l13lDlE739YPc/dt1mjcvP9FTnzMwBagy+6//zAVe0v/\nKZOjmvtK5sRvrQH54E8qTYitdMpY2aZhfT6D8tcl+98TjxTDNXXj/gypdCXNWqyB\nL1PtFhTjQ0WnzUNB7sosM0zAjfZ1iPAZq0XHDQ6p6gEdVavNOHo/ekgibVm5f1pi\nkwBHkKyq55QbzipDWwXl6Owk/iaHPxgENYb78BpeUQSFei+IYDUsyLkPh3L95PHZ\nJSyKOtbBArlYOWcxlYHn+hDK8iotA1c/SHDefYOoNkp1uP853Ge09eWq+zMzUwEo\nGXXJYMi1Q8gmJ9wK/A3d/FKY4FBZxpByUUgjYhiMKTU5cSeihaI=\n=RiA+\n-----END PGP SIGNATURE-----\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: curl security update\nAdvisory ID:       RHSA-2022:0635-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:0635\nIssue date:        2022-02-22\nCVE Names:         CVE-2021-22946 CVE-2021-22947 \n=====================================================================\n\n1. Summary:\n\nAn update for curl is now available for Red Hat Enterprise Linux 8.2\nExtended Update Support. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. \n\nSecurity Fix(es):\n\n* curl: Requirement to use TLS not properly enforced for IMAP, POP3, and\nFTP protocols (CVE-2021-22946)\n\n* curl: Server responses received before STARTTLS processed after TLS\nhandshake (CVE-2021-22947)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux BaseOS EUS (v. 8.2):\n\nSource:\ncurl-7.61.1-12.el8_2.4.src.rpm\n\naarch64:\ncurl-7.61.1-12.el8_2.4.aarch64.rpm\ncurl-debuginfo-7.61.1-12.el8_2.4.aarch64.rpm\ncurl-debugsource-7.61.1-12.el8_2.4.aarch64.rpm\ncurl-minimal-debuginfo-7.61.1-12.el8_2.4.aarch64.rpm\nlibcurl-7.61.1-12.el8_2.4.aarch64.rpm\nlibcurl-debuginfo-7.61.1-12.el8_2.4.aarch64.rpm\nlibcurl-devel-7.61.1-12.el8_2.4.aarch64.rpm\nlibcurl-minimal-7.61.1-12.el8_2.4.aarch64.rpm\nlibcurl-minimal-debuginfo-7.61.1-12.el8_2.4.aarch64.rpm\n\nppc64le:\ncurl-7.61.1-12.el8_2.4.ppc64le.rpm\ncurl-debuginfo-7.61.1-12.el8_2.4.ppc64le.rpm\ncurl-debugsource-7.61.1-12.el8_2.4.ppc64le.rpm\ncurl-minimal-debuginfo-7.61.1-12.el8_2.4.ppc64le.rpm\nlibcurl-7.61.1-12.el8_2.4.ppc64le.rpm\nlibcurl-debuginfo-7.61.1-12.el8_2.4.ppc64le.rpm\nlibcurl-devel-7.61.1-12.el8_2.4.ppc64le.rpm\nlibcurl-minimal-7.61.1-12.el8_2.4.ppc64le.rpm\nlibcurl-minimal-debuginfo-7.61.1-12.el8_2.4.ppc64le.rpm\n\ns390x:\ncurl-7.61.1-12.el8_2.4.s390x.rpm\ncurl-debuginfo-7.61.1-12.el8_2.4.s390x.rpm\ncurl-debugsource-7.61.1-12.el8_2.4.s390x.rpm\ncurl-minimal-debuginfo-7.61.1-12.el8_2.4.s390x.rpm\nlibcurl-7.61.1-12.el8_2.4.s390x.rpm\nlibcurl-debuginfo-7.61.1-12.el8_2.4.s390x.rpm\nlibcurl-devel-7.61.1-12.el8_2.4.s390x.rpm\nlibcurl-minimal-7.61.1-12.el8_2.4.s390x.rpm\nlibcurl-minimal-debuginfo-7.61.1-12.el8_2.4.s390x.rpm\n\nx86_64:\ncurl-7.61.1-12.el8_2.4.x86_64.rpm\ncurl-debuginfo-7.61.1-12.el8_2.4.i686.rpm\ncurl-debuginfo-7.61.1-12.el8_2.4.x86_64.rpm\ncurl-debugsource-7.61.1-12.el8_2.4.i686.rpm\ncurl-debugsource-7.61.1-12.el8_2.4.x86_64.rpm\ncurl-minimal-debuginfo-7.61.1-12.el8_2.4.i686.rpm\ncurl-minimal-debuginfo-7.61.1-12.el8_2.4.x86_64.rpm\nlibcurl-7.61.1-12.el8_2.4.i686.rpm\nlibcurl-7.61.1-12.el8_2.4.x86_64.rpm\nlibcurl-debuginfo-7.61.1-12.el8_2.4.i686.rpm\nlibcurl-debuginfo-7.61.1-12.el8_2.4.x86_64.rpm\nlibcurl-devel-7.61.1-12.el8_2.4.i686.rpm\nlibcurl-devel-7.61.1-12.el8_2.4.x86_64.rpm\nlibcurl-minimal-7.61.1-12.el8_2.4.i686.rpm\nlibcurl-minimal-7.61.1-12.el8_2.4.x86_64.rpm\nlibcurl-minimal-debuginfo-7.61.1-12.el8_2.4.i686.rpm\nlibcurl-minimal-debuginfo-7.61.1-12.el8_2.4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-22946\nhttps://access.redhat.com/security/cve/CVE-2021-22947\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. ==========================================================================\nUbuntu Security Notice USN-5079-3\nSeptember 21, 2021\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.04 LTS\n\nSummary:\n\nUSN-5079-1 introduced a regression in curl. One of the fixes introduced a\nregression on Ubuntu 18.04 LTS. This update fixes the problem. \n\nWe apologize for the inconvenience. \n\nOriginal advisory details:\n\n It was discovered that curl incorrect handled memory when sending data to\n an MQTT server. A remote attacker could use this issue to cause curl to\n crash, resulting in a denial of service, or possibly execute arbitrary\n code. (CVE-2021-22945)\n  Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. (CVE-2021-22946)\n  Patrick Monnerat discovered that curl incorrectly handled responses\n received before STARTTLS. A remote attacker could possibly use this issue\n to inject responses and intercept communications. (CVE-2021-22947)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.04 LTS:\n  curl                            7.58.0-2ubuntu3.16\n  libcurl3-gnutls                 7.58.0-2ubuntu3.16\n  libcurl3-nss                    7.58.0-2ubuntu3.16\n  libcurl4                        7.58.0-2ubuntu3.16\n\nIn general, a standard system update will make all the necessary changes. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.5.2 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):\n\n2000734 - CVE-2021-3757 nodejs-immer: prototype pollution may lead to DoS or remote code execution\n2005438 - Combining Rsync and Stunnel in a single pod can degrade performance (1.5 backport)\n2006842 - MigCluster CR remains in \"unready\" state and source registry is inaccessible after temporary shutdown of source cluster\n2007429 - \"oc describe\" and \"oc log\" commands on \"Migration resources\" tree cannot be copied after failed migration\n2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)\n\n5. Solution:\n\nFor OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.1, see the following instructions to apply\nthis update:\n\nhttps://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option\n1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1858 - OpenShift Alerting Rules Style-Guide Compliance\nLOG-1917 - [release-5.1] Fluentd logs emit transaction failed: error_class=NoMethodError while forwarding to external syslog server\n\n6",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-22946"
          },
          {
            "db": "VULHUB",
            "id": "VHN-381420"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22946"
          },
          {
            "db": "PACKETSTORM",
            "id": "165631"
          },
          {
            "db": "PACKETSTORM",
            "id": "166319"
          },
          {
            "db": "PACKETSTORM",
            "id": "166112"
          },
          {
            "db": "PACKETSTORM",
            "id": "164220"
          },
          {
            "db": "PACKETSTORM",
            "id": "165099"
          },
          {
            "db": "PACKETSTORM",
            "id": "164993"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-22946",
            "trust": 2.4
          },
          {
            "db": "SIEMENS",
            "id": "SSA-389290",
            "trust": 1.7
          },
          {
            "db": "HACKERONE",
            "id": "1334111",
            "trust": 1.7
          },
          {
            "db": "PACKETSTORM",
            "id": "164993",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "165099",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "166319",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "166112",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "165053",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "165337",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "165135",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "164740",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "165209",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "164948",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "170303",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "164220",
            "trust": 0.7
          },
          {
            "db": "CS-HELP",
            "id": "SB2021111512",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021101006",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021092301",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022062007",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022011905",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022071832",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022042261",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021091514",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022031433",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021110316",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021091715",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022022222",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021091601",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022031104",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "166714",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "164172",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "169318",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3260",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.4266",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3215",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4172",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3878",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3934",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3979",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1025",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3658",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0245",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4095",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.3022",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3392",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1637",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1837",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3119.2",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3349",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3119",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.3146",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4280",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-997",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-381420",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22946",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "165631",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381420"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22946"
          },
          {
            "db": "PACKETSTORM",
            "id": "165631"
          },
          {
            "db": "PACKETSTORM",
            "id": "166319"
          },
          {
            "db": "PACKETSTORM",
            "id": "166112"
          },
          {
            "db": "PACKETSTORM",
            "id": "164220"
          },
          {
            "db": "PACKETSTORM",
            "id": "165099"
          },
          {
            "db": "PACKETSTORM",
            "id": "164993"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-997"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22946"
          }
        ]
      },
      "id": "VAR-202109-1790",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381420"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2026-03-09T22:30:44.639000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "HAXX Haxx curl Security vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=178532"
          },
          {
            "title": "Arch Linux Issues: ",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-22946 log"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-22946"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-997"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-319",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-325",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381420"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22946"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.3,
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "trust": 1.7,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
          },
          {
            "trust": 1.7,
            "url": "https://security.netapp.com/advisory/ntap-20211029-0003/"
          },
          {
            "trust": 1.7,
            "url": "https://security.netapp.com/advisory/ntap-20220121-0008/"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/kb/ht213183"
          },
          {
            "trust": 1.7,
            "url": "https://www.debian.org/security/2022/dsa-5197"
          },
          {
            "trust": 1.7,
            "url": "http://seclists.org/fulldisclosure/2022/mar/29"
          },
          {
            "trust": 1.7,
            "url": "https://security.gentoo.org/glsa/202212-01"
          },
          {
            "trust": 1.7,
            "url": "https://hackerone.com/reports/1334111"
          },
          {
            "trust": 1.7,
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "trust": 1.7,
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "trust": 1.7,
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "trust": 1.7,
            "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html"
          },
          {
            "trust": 1.7,
            "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
          },
          {
            "trust": 1.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
          },
          {
            "trust": 1.0,
            "url": "https://access.redhat.com/security/cve/cve-2021-22946"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/apoak4x73ejtaptsvt7irvdmuwvxnwgd/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rwlec6yvem2hwubx67sdgpsy4cqb72oe/"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/apoak4x73ejtaptsvt7irvdmuwvxnwgd/"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rwlec6yvem2hwubx67sdgpsy4cqb72oe/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0245"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022042261"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3349"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/170303/gentoo-linux-security-advisory-202212-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021111512"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/165337/red-hat-security-advisory-2021-5191-02.html"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/curl-man-in-the-middle-via-protocol-downgrade-36418"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3392"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/6510176"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4280"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022022222"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3119"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3878"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021110316"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/164948/red-hat-security-advisory-2021-4618-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022062007"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/169318/debian-security-advisory-5197-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/164172/ubuntu-security-notice-usn-5079-2.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166714/red-hat-security-advisory-2022-1354-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166319/apple-security-advisory-2022-03-14-4.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4095"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4172"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.4266"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1837"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1637"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021101006"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/164740/red-hat-security-advisory-2021-4059-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/164220/ubuntu-security-notice-usn-5079-3.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/6527796"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.3146"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021091514"
          },
          {
            "trust": 0.6,
            "url": "https://support.apple.com/en-us/ht213183"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021091715"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3215"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.3022"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/165135/red-hat-security-advisory-2021-4914-06.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022071832"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/165209/red-hat-security-advisory-2021-5038-04.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022031433"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1025"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166112/red-hat-security-advisory-2022-0635-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3979"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3658"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022011905"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021092301"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3934"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021091601"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/165099/red-hat-security-advisory-2021-4848-07.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/165053/red-hat-security-advisory-2021-4766-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/164993/red-hat-security-advisory-2021-4628-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3119.2"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3260"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022031104"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
          },
          {
            "trust": 0.4,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-22947"
          },
          {
            "trust": 0.4,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-3733"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-33938"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-33929"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-33928"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-33930"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-3200"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-37750"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-27645"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-33574"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-13435"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-5827"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-24370"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-14145"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-13751"
          },
          {
            "trust": 0.2,
            "url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-19603"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14145"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-35942"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-17594"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-12762"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-36086"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-3778"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-22898"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-16135"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-36084"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-3800"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-36087"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-3445"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-22925"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-20232"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-20266"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-20838"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-22876"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-20231"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-14155"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-3948"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-36085"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-33560"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-17595"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-28153"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-13750"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-18218"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-3580"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-3796"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22945"
          },
          {
            "trust": 0.1,
            "url": "http://seclists.org/oss-sec/2021/q3/167"
          },
          {
            "trust": 0.1,
            "url": "https://security.archlinux.org/cve-2021-22946"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-25013"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25012"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27823"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-35522"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-1870"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-35524"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3575"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-30758"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25013"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-13558"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-15389"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25009"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-5727"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-43527"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5785"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-41617"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-30665"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-12973"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-30689"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20847"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-30682"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10001"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-25014"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-25012"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-35521"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-18032"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3572"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-1801"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-1765"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-4658"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-20845"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-26927"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-20847"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-17541"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27918"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-36331"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3712"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-30749"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-30795"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-5785"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-1788"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-31535"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5727"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-30744"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-21775"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-21806"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27814"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-36330"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-36241"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-30797"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4658"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13558"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20321"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27842"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-36332"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-1799"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25010"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-21779"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-10001"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-29623"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20271"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25014"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27828"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12973"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20845"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-1844"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3481"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-42574"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-25009"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-1871"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-25010"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-29338"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-30734"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-35523"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-26926"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-30720"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3426"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-28650"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27843"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-24870"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27845"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-1789"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-30663"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-30799"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3272"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:0202"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15389"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27824"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22609"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22612"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22610"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22616"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/en-us/ht201222."
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/downloads/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22613"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
          },
          {
            "trust": 0.1,
            "url": "https://www.apple.com/support/security/pgp/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30918"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22600"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36976"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22599"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22597"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22611"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22615"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22582"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/ht213183."
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22614"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:0635"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-5079-3"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.16"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-5079-1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/bugs/1944120"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27218"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3757"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23841"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20231"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:4848"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23841"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-27218"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23840"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20673"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20266"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-20673"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36222"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3620"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23840"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20232"
          },
          {
            "trust": 0.1,
            "url": "https://issues.jboss.org/):"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33929"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-0512"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33930"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23369"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3656"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3733"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-36385"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#low"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36385"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3656"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23383"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-0512"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23369"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:4628"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23383"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33928"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33938"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381420"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22946"
          },
          {
            "db": "PACKETSTORM",
            "id": "165631"
          },
          {
            "db": "PACKETSTORM",
            "id": "166319"
          },
          {
            "db": "PACKETSTORM",
            "id": "166112"
          },
          {
            "db": "PACKETSTORM",
            "id": "164220"
          },
          {
            "db": "PACKETSTORM",
            "id": "165099"
          },
          {
            "db": "PACKETSTORM",
            "id": "164993"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-997"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22946"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-381420",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22946",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "165631",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166319",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166112",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164220",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "165099",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164993",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-997",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22946",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-09-29T00:00:00",
            "db": "VULHUB",
            "id": "VHN-381420",
            "ident": null
          },
          {
            "date": "2022-01-20T17:48:29",
            "db": "PACKETSTORM",
            "id": "165631",
            "ident": null
          },
          {
            "date": "2022-03-15T15:49:02",
            "db": "PACKETSTORM",
            "id": "166319",
            "ident": null
          },
          {
            "date": "2022-02-23T13:41:41",
            "db": "PACKETSTORM",
            "id": "166112",
            "ident": null
          },
          {
            "date": "2021-09-21T15:39:10",
            "db": "PACKETSTORM",
            "id": "164220",
            "ident": null
          },
          {
            "date": "2021-11-30T14:44:48",
            "db": "PACKETSTORM",
            "id": "165099",
            "ident": null
          },
          {
            "date": "2021-11-17T15:07:42",
            "db": "PACKETSTORM",
            "id": "164993",
            "ident": null
          },
          {
            "date": "2021-09-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202109-997",
            "ident": null
          },
          {
            "date": "2021-09-29T20:15:08.187000",
            "db": "NVD",
            "id": "CVE-2021-22946",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2023-01-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-381420",
            "ident": null
          },
          {
            "date": "2023-06-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202109-997",
            "ident": null
          },
          {
            "date": "2024-03-27T15:12:52.090000",
            "db": "NVD",
            "id": "CVE-2021-22946",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "164220"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-997"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "_id": null,
        "data": "libcurl Security hole",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-997"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "_id": null,
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-997"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202201-0395

    Vulnerability from variot - Updated: 2026-03-09 22:06

    Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. Bugs fixed (https://bugzilla.redhat.com/):

    2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs

    1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

    Debian Security Advisory DSA-5073-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 12, 2022 https://www.debian.org/security/faq


    Package : expat CVE ID : CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-23990 Debian Bug : 1002994 1003474

    Several vulnerabilities have been discovered in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed.

    For the oldstable distribution (buster), these problems have been fixed in version 2.2.6-2+deb10u2.

    For the stable distribution (bullseye), these problems have been fixed in version 2.2.10-2+deb11u1.

    We recommend that you upgrade your expat packages.

    For the detailed security status of expat please refer to its security tracker page at: https://security-tracker.debian.org/tracker/expat

    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIHtfRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0R5Uw/8Cx7ErfU/j1OgJxyfoRH3/Rz5YNCRzmEzjg7Uh8ZuJl6WfkcvcKvYlCoi /RtUOzYfk2Zg7NHXE86TWOWtbxU1n16n22XwhpbLHAIPuw1GhvwDG6Ctt8U3YAaJ zBReZvw3NSxWJdOD7rTJlAtlQcFpHSUJd2jWjcggZCfySduYMKwLYNzt5+eruwpe YhPKDdZH/MUMe0zOV43qfyYTeP7bqCbpnyhZXk8cNC39SzrJnXwovn7eKmFFCW5x g/ptvOIBJVzh3LxemMyWF4qomQ1rRxGWbkXx46cUQ7alyTcExMnIwBfpzJYCpAKC XV9FvhGS0sfug9NelY9+xpQAvrfCYToHW5niA6OzPuP/Lf7AAWinmGNpxTlYWQcF 1ZxOEQbv8XGikfM74pEsSjIkFwjkLQEFfETaImsvonZf6A3IIhLqkSBsS+j7LNcl ht3uMiJIXkn+iJyDYcCaB0PhgPAqBVk/wk9X01sygzMNrFrYfcX8CeALq5uaZkl6 ut1wYIirLFRKIhuHdGsmt/NKyFIJTzfmaL2W0nvAdLFVxPZQwIzaGxUALo04O+Zn AQj2/JbsAiO2p/N5CXEwtyBNzmJNqlzPlcZ+42uuo/nvsscw2QAL+Yk88XZKwx1B QS4zjj7Lf38+ATT5CFR8m8MTjlv4pUVnYABjx+8LX3pDS3QH4mM= =hLGY -----END PGP SIGNATURE----- . Description:

    Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.

    Security Fix(es):

    • Openshift-Gitops: Improper access control allows admin privilege escalation (CVE-2022-1025)

    • argocd: path traversal and improper access control allows leaking out-of-bound files (CVE-2022-24730)

    • argocd: path traversal allows leaking out-of-bound files (CVE-2022-24731)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):

    2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files 2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files 2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation

    1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update Advisory ID: RHSA-2022:7143-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2022:7143 Issue date: 2022-10-26 CVE Names: CVE-2021-33193 CVE-2021-36160 CVE-2021-39275 CVE-2021-41524 CVE-2021-44224 CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-23990 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 ==================================================================== 1. Summary:

    An update is now available for Red Hat JBoss Core Services.

    Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat JBoss Core Services on RHEL 7 Server - noarch, x86_64 Red Hat JBoss Core Services on RHEL 8 - noarch, x86_64

    1. Description:

    Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.

    This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    Applications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.

    1. Package List:

    Red Hat JBoss Core Services on RHEL 7 Server:

    Source: jbcs-httpd24-apr-1.7.0-6.el7jbcs.src.rpm jbcs-httpd24-apr-util-1.6.1-98.el7jbcs.src.rpm jbcs-httpd24-brotli-1.0.9-2.el7jbcs.src.rpm jbcs-httpd24-curl-7.83.1-6.el7jbcs.src.rpm jbcs-httpd24-httpd-2.4.51-28.el7jbcs.src.rpm jbcs-httpd24-jansson-2.14-1.el7jbcs.src.rpm jbcs-httpd24-mod_http2-1.15.19-17.el7jbcs.src.rpm jbcs-httpd24-mod_jk-1.2.48-41.redhat_1.el7jbcs.src.rpm jbcs-httpd24-mod_md-2.4.0-15.el7jbcs.src.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-9.el7jbcs.src.rpm jbcs-httpd24-mod_security-2.9.3-19.el7jbcs.src.rpm jbcs-httpd24-nghttp2-1.43.0-10.el7jbcs.src.rpm jbcs-httpd24-openssl-1.1.1k-12.el7jbcs.src.rpm jbcs-httpd24-openssl-chil-1.0.0-16.el7jbcs.src.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-31.el7jbcs.src.rpm

    noarch: jbcs-httpd24-httpd-manual-2.4.51-28.el7jbcs.noarch.rpm

    x86_64: jbcs-httpd24-apr-1.7.0-6.el7jbcs.x86_64.rpm jbcs-httpd24-apr-debuginfo-1.7.0-6.el7jbcs.x86_64.rpm jbcs-httpd24-apr-devel-1.7.0-6.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-devel-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-brotli-1.0.9-2.el7jbcs.x86_64.rpm jbcs-httpd24-brotli-debuginfo-1.0.9-2.el7jbcs.x86_64.rpm jbcs-httpd24-brotli-devel-1.0.9-2.el7jbcs.x86_64.rpm jbcs-httpd24-curl-7.83.1-6.el7jbcs.x86_64.rpm jbcs-httpd24-curl-debuginfo-7.83.1-6.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-jansson-2.14-1.el7jbcs.x86_64.rpm jbcs-httpd24-jansson-debuginfo-2.14-1.el7jbcs.x86_64.rpm jbcs-httpd24-jansson-devel-2.14-1.el7jbcs.x86_64.rpm jbcs-httpd24-libcurl-7.83.1-6.el7jbcs.x86_64.rpm jbcs-httpd24-libcurl-devel-7.83.1-6.el7jbcs.x86_64.rpm jbcs-httpd24-mod_http2-1.15.19-17.el7jbcs.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.19-17.el7jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.48-41.redhat_1.el7jbcs.x86_64.rpm jbcs-httpd24-mod_jk-debuginfo-1.2.48-41.redhat_1.el7jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-mod_md-2.4.0-15.el7jbcs.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.4.0-15.el7jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-9.el7jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-9.el7jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-mod_security-2.9.3-19.el7jbcs.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.3-19.el7jbcs.x86_64.rpm jbcs-httpd24-mod_session-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-nghttp2-1.43.0-10.el7jbcs.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.43.0-10.el7jbcs.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.43.0-10.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-1.1.1k-12.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-1.0.0-16.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-16.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1k-12.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1k-12.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1k-12.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1k-12.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-31.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-31.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1k-12.el7jbcs.x86_64.rpm

    Red Hat JBoss Core Services on RHEL 8:

    Source: jbcs-httpd24-apr-1.7.0-6.el8jbcs.src.rpm jbcs-httpd24-apr-util-1.6.1-98.el8jbcs.src.rpm jbcs-httpd24-brotli-1.0.9-2.el8jbcs.src.rpm jbcs-httpd24-curl-7.83.1-6.el8jbcs.src.rpm jbcs-httpd24-httpd-2.4.51-28.el8jbcs.src.rpm jbcs-httpd24-jansson-2.14-1.el8jbcs.src.rpm jbcs-httpd24-mod_http2-1.15.19-17.el8jbcs.src.rpm jbcs-httpd24-mod_jk-1.2.48-41.redhat_1.el8jbcs.src.rpm jbcs-httpd24-mod_md-2.4.0-15.el8jbcs.src.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-9.el8jbcs.src.rpm jbcs-httpd24-mod_security-2.9.3-19.el8jbcs.src.rpm jbcs-httpd24-nghttp2-1.43.0-10.el8jbcs.src.rpm jbcs-httpd24-openssl-1.1.1k-12.el8jbcs.src.rpm jbcs-httpd24-openssl-chil-1.0.0-16.el8jbcs.src.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-31.el8jbcs.src.rpm

    noarch: jbcs-httpd24-httpd-manual-2.4.51-28.el8jbcs.noarch.rpm

    x86_64: jbcs-httpd24-apr-1.7.0-6.el8jbcs.x86_64.rpm jbcs-httpd24-apr-debuginfo-1.7.0-6.el8jbcs.x86_64.rpm jbcs-httpd24-apr-devel-1.7.0-6.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-devel-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-brotli-1.0.9-2.el8jbcs.x86_64.rpm jbcs-httpd24-brotli-debuginfo-1.0.9-2.el8jbcs.x86_64.rpm jbcs-httpd24-brotli-devel-1.0.9-2.el8jbcs.x86_64.rpm jbcs-httpd24-curl-7.83.1-6.el8jbcs.x86_64.rpm jbcs-httpd24-curl-debuginfo-7.83.1-6.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-jansson-2.14-1.el8jbcs.x86_64.rpm jbcs-httpd24-jansson-debuginfo-2.14-1.el8jbcs.x86_64.rpm jbcs-httpd24-jansson-devel-2.14-1.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-7.83.1-6.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-debuginfo-7.83.1-6.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-devel-7.83.1-6.el8jbcs.x86_64.rpm jbcs-httpd24-mod_http2-1.15.19-17.el8jbcs.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.19-17.el8jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.48-41.redhat_1.el8jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-debuginfo-1.2.48-41.redhat_1.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_md-2.4.0-15.el8jbcs.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.4.0-15.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-9.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-9.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_security-2.9.3-19.el8jbcs.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.3-19.el8jbcs.x86_64.rpm jbcs-httpd24-mod_session-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_session-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-1.43.0-10.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.43.0-10.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.43.0-10.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-1.0.0-16.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-16.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-libs-debuginfo-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-31.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-31.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1k-12.el8jbcs.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2021-33193 https://access.redhat.com/security/cve/CVE-2021-36160 https://access.redhat.com/security/cve/CVE-2021-39275 https://access.redhat.com/security/cve/CVE-2021-41524 https://access.redhat.com/security/cve/CVE-2021-44224 https://access.redhat.com/security/cve/CVE-2021-45960 https://access.redhat.com/security/cve/CVE-2021-46143 https://access.redhat.com/security/cve/CVE-2022-22822 https://access.redhat.com/security/cve/CVE-2022-22823 https://access.redhat.com/security/cve/CVE-2022-22824 https://access.redhat.com/security/cve/CVE-2022-22825 https://access.redhat.com/security/cve/CVE-2022-22826 https://access.redhat.com/security/cve/CVE-2022-22827 https://access.redhat.com/security/cve/CVE-2022-23852 https://access.redhat.com/security/cve/CVE-2022-23990 https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25313 https://access.redhat.com/security/cve/CVE-2022-25314 https://access.redhat.com/security/cve/CVE-2022-25315 https://access.redhat.com/security/updates/classification/#important

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBY1nOZtzjgjWX9erEAQjuIxAApYL8vG/A+EEcbUqbTvVWogX49KtpAbJR V1Gv6llWWogAKT9HEE9AGansLscDYD8cyh6TNShY7lDkX7iYchzJLCs6IYDhBzls j7jSdQEgpEVUCPLdKA17rFMO5FvZSlp0pgvFjSH3r+Q1+IVhsxKSXagTbFaTqGgP JVqYMrbot+wzwkC1oHda0/Wh4UwqraveivOT/56FOXw6T0uxF0G51RuT+GSusUFe p7hwNNbE/xWONnQu29QNqMdB9IYFTEjpDV1Tn2i2wPMl1IhQVFhQUqgpjfL29KLc M+bOg6nE2NP4a6+YcYQevKwWTmq+VMLwwwCaNKsqFtK9KrDc/cy3nEDvBwQNx6gM +OjpDGXbUBvKe6qkXIXMbBuJA1hDug+wdlGlDsC6n1MR6EKFPLs3oDdmsVMyAeXv uA9lgkdwIeMpJ96JyDwQ5pCQ94NdLUPy84PlNPH3TJYshpp1di9tFe9MQ9j5lOds RMsc1OJLl06aavpMuyFLoV71+xFksTCeNZVEBlSr31kaf1wxr0hG3oCMjlFw/QcY FmY8nMirBSnrhGcOzg9zx4gfdvdf84mLmoRIAX/r1O5/RtiV13RQRp8/vo0h+4ou Btep5k5CnSag4tBSWvSzX5oaEcrCvaCU9CI/2vhmocTl5O1nsJVvWIHrbu7ygorx m+Yms1hf0io=Dgle -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "oncommand workflow automation",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "clustered data ontap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "nessus",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "tenable",
            "version": "8.15.3"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "communications metasolv solution",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "6.3.1"
          },
          {
            "_id": null,
            "model": "nessus",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "tenable",
            "version": "10.0.0"
          },
          {
            "_id": null,
            "model": "sinema remote connect server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "nessus",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "tenable",
            "version": "10.1.1"
          },
          {
            "_id": null,
            "model": "libexpat",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "libexpat",
            "version": "2.4.4"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-23852"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "168696"
          },
          {
            "db": "PACKETSTORM",
            "id": "166431"
          },
          {
            "db": "PACKETSTORM",
            "id": "166433"
          },
          {
            "db": "PACKETSTORM",
            "id": "166437"
          },
          {
            "db": "PACKETSTORM",
            "id": "169540"
          },
          {
            "db": "PACKETSTORM",
            "id": "169541"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2022-23852",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2022-23852",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-413070",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-23852",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-23852",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-23852",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202201-2194",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-413070",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-23852",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-413070"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23852"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2194"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23852"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23852"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. Bugs fixed (https://bugzilla.redhat.com/):\n\n2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5073-1                   security@debian.org\nhttps://www.debian.org/security/                     Salvatore Bonaccorso\nFebruary 12, 2022                     https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : expat\nCVE ID         : CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823\n                 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827\n                 CVE-2022-23852 CVE-2022-23990\nDebian Bug     : 1002994 1003474\n\nSeveral vulnerabilities have been discovered in Expat, an XML parsing C\nlibrary, which could result in denial of service or potentially the\nexecution of arbitrary code, if a malformed XML file is processed. \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 2.2.6-2+deb10u2. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.2.10-2+deb11u1. \n\nWe recommend that you upgrade your expat packages. \n\nFor the detailed security status of expat please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/expat\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIHtfRfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0R5Uw/8Cx7ErfU/j1OgJxyfoRH3/Rz5YNCRzmEzjg7Uh8ZuJl6WfkcvcKvYlCoi\n/RtUOzYfk2Zg7NHXE86TWOWtbxU1n16n22XwhpbLHAIPuw1GhvwDG6Ctt8U3YAaJ\nzBReZvw3NSxWJdOD7rTJlAtlQcFpHSUJd2jWjcggZCfySduYMKwLYNzt5+eruwpe\nYhPKDdZH/MUMe0zOV43qfyYTeP7bqCbpnyhZXk8cNC39SzrJnXwovn7eKmFFCW5x\ng/ptvOIBJVzh3LxemMyWF4qomQ1rRxGWbkXx46cUQ7alyTcExMnIwBfpzJYCpAKC\nXV9FvhGS0sfug9NelY9+xpQAvrfCYToHW5niA6OzPuP/Lf7AAWinmGNpxTlYWQcF\n1ZxOEQbv8XGikfM74pEsSjIkFwjkLQEFfETaImsvonZf6A3IIhLqkSBsS+j7LNcl\nht3uMiJIXkn+iJyDYcCaB0PhgPAqBVk/wk9X01sygzMNrFrYfcX8CeALq5uaZkl6\nut1wYIirLFRKIhuHdGsmt/NKyFIJTzfmaL2W0nvAdLFVxPZQwIzaGxUALo04O+Zn\nAQj2/JbsAiO2p/N5CXEwtyBNzmJNqlzPlcZ+42uuo/nvsscw2QAL+Yk88XZKwx1B\nQS4zjj7Lf38+ATT5CFR8m8MTjlv4pUVnYABjx+8LX3pDS3QH4mM=\n=hLGY\n-----END PGP SIGNATURE-----\n. Description:\n\nRed Hat Openshift GitOps is a declarative way to implement continuous\ndeployment for cloud native applications. \n\nSecurity Fix(es):\n\n* Openshift-Gitops: Improper access control allows admin privilege\nescalation (CVE-2022-1025)\n\n* argocd: path traversal and improper access control allows leaking\nout-of-bound files (CVE-2022-24730)\n\n* argocd: path traversal allows leaking out-of-bound files (CVE-2022-24731)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files\n2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files\n2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update\nAdvisory ID:       RHSA-2022:7143-01\nProduct:           Red Hat JBoss Core Services\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:7143\nIssue date:        2022-10-26\nCVE Names:         CVE-2021-33193 CVE-2021-36160 CVE-2021-39275\n                   CVE-2021-41524 CVE-2021-44224 CVE-2021-45960\n                   CVE-2021-46143 CVE-2022-22822 CVE-2022-22823\n                   CVE-2022-22824 CVE-2022-22825 CVE-2022-22826\n                   CVE-2022-22827 CVE-2022-23852 CVE-2022-23990\n                   CVE-2022-25235 CVE-2022-25236 CVE-2022-25313\n                   CVE-2022-25314 CVE-2022-25315\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat JBoss Core Services. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss Core Services on RHEL 7 Server - noarch, x86_64\nRed Hat JBoss Core Services on RHEL 8 - noarch, x86_64\n\n3. Description:\n\nRed Hat JBoss Core Services is a set of supplementary software for Red Hat\nJBoss middleware products. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51\nserves as a replacement for Red Hat JBoss Core Services Apache HTTP Server\n2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are\ndocumented in the Release Notes document linked to in the References. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for\nthis update to take effect. After installing the updated packages, the\nhttpd daemon will be restarted automatically. \n\n5. Package List:\n\nRed Hat JBoss Core Services on RHEL 7 Server:\n\nSource:\njbcs-httpd24-apr-1.7.0-6.el7jbcs.src.rpm\njbcs-httpd24-apr-util-1.6.1-98.el7jbcs.src.rpm\njbcs-httpd24-brotli-1.0.9-2.el7jbcs.src.rpm\njbcs-httpd24-curl-7.83.1-6.el7jbcs.src.rpm\njbcs-httpd24-httpd-2.4.51-28.el7jbcs.src.rpm\njbcs-httpd24-jansson-2.14-1.el7jbcs.src.rpm\njbcs-httpd24-mod_http2-1.15.19-17.el7jbcs.src.rpm\njbcs-httpd24-mod_jk-1.2.48-41.redhat_1.el7jbcs.src.rpm\njbcs-httpd24-mod_md-2.4.0-15.el7jbcs.src.rpm\njbcs-httpd24-mod_proxy_cluster-1.3.17-9.el7jbcs.src.rpm\njbcs-httpd24-mod_security-2.9.3-19.el7jbcs.src.rpm\njbcs-httpd24-nghttp2-1.43.0-10.el7jbcs.src.rpm\njbcs-httpd24-openssl-1.1.1k-12.el7jbcs.src.rpm\njbcs-httpd24-openssl-chil-1.0.0-16.el7jbcs.src.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-31.el7jbcs.src.rpm\n\nnoarch:\njbcs-httpd24-httpd-manual-2.4.51-28.el7jbcs.noarch.rpm\n\nx86_64:\njbcs-httpd24-apr-1.7.0-6.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-debuginfo-1.7.0-6.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-devel-1.7.0-6.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-debuginfo-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-devel-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-ldap-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-mysql-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-nss-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-odbc-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-openssl-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-pgsql-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-sqlite-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-brotli-1.0.9-2.el7jbcs.x86_64.rpm\njbcs-httpd24-brotli-debuginfo-1.0.9-2.el7jbcs.x86_64.rpm\njbcs-httpd24-brotli-devel-1.0.9-2.el7jbcs.x86_64.rpm\njbcs-httpd24-curl-7.83.1-6.el7jbcs.x86_64.rpm\njbcs-httpd24-curl-debuginfo-7.83.1-6.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-debuginfo-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-devel-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-selinux-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-tools-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-jansson-2.14-1.el7jbcs.x86_64.rpm\njbcs-httpd24-jansson-debuginfo-2.14-1.el7jbcs.x86_64.rpm\njbcs-httpd24-jansson-devel-2.14-1.el7jbcs.x86_64.rpm\njbcs-httpd24-libcurl-7.83.1-6.el7jbcs.x86_64.rpm\njbcs-httpd24-libcurl-devel-7.83.1-6.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_http2-1.15.19-17.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_http2-debuginfo-1.15.19-17.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_jk-ap24-1.2.48-41.redhat_1.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_jk-debuginfo-1.2.48-41.redhat_1.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_ldap-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_md-2.4.0-15.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_md-debuginfo-2.4.0-15.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_cluster-1.3.17-9.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-9.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_html-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_security-2.9.3-19.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_security-debuginfo-2.9.3-19.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_session-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_ssl-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-1.43.0-10.el7jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-debuginfo-1.43.0-10.el7jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-devel-1.43.0-10.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-1.1.1k-12.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-chil-1.0.0-16.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-chil-debuginfo-1.0.0-16.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-debuginfo-1.1.1k-12.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-devel-1.1.1k-12.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-libs-1.1.1k-12.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-perl-1.1.1k-12.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-31.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-31.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-static-1.1.1k-12.el7jbcs.x86_64.rpm\n\nRed Hat JBoss Core Services on RHEL 8:\n\nSource:\njbcs-httpd24-apr-1.7.0-6.el8jbcs.src.rpm\njbcs-httpd24-apr-util-1.6.1-98.el8jbcs.src.rpm\njbcs-httpd24-brotli-1.0.9-2.el8jbcs.src.rpm\njbcs-httpd24-curl-7.83.1-6.el8jbcs.src.rpm\njbcs-httpd24-httpd-2.4.51-28.el8jbcs.src.rpm\njbcs-httpd24-jansson-2.14-1.el8jbcs.src.rpm\njbcs-httpd24-mod_http2-1.15.19-17.el8jbcs.src.rpm\njbcs-httpd24-mod_jk-1.2.48-41.redhat_1.el8jbcs.src.rpm\njbcs-httpd24-mod_md-2.4.0-15.el8jbcs.src.rpm\njbcs-httpd24-mod_proxy_cluster-1.3.17-9.el8jbcs.src.rpm\njbcs-httpd24-mod_security-2.9.3-19.el8jbcs.src.rpm\njbcs-httpd24-nghttp2-1.43.0-10.el8jbcs.src.rpm\njbcs-httpd24-openssl-1.1.1k-12.el8jbcs.src.rpm\njbcs-httpd24-openssl-chil-1.0.0-16.el8jbcs.src.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-31.el8jbcs.src.rpm\n\nnoarch:\njbcs-httpd24-httpd-manual-2.4.51-28.el8jbcs.noarch.rpm\n\nx86_64:\njbcs-httpd24-apr-1.7.0-6.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-debuginfo-1.7.0-6.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-devel-1.7.0-6.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-devel-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-ldap-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-ldap-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-mysql-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-mysql-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-nss-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-nss-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-odbc-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-odbc-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-openssl-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-openssl-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-pgsql-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-pgsql-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-sqlite-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-sqlite-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-brotli-1.0.9-2.el8jbcs.x86_64.rpm\njbcs-httpd24-brotli-debuginfo-1.0.9-2.el8jbcs.x86_64.rpm\njbcs-httpd24-brotli-devel-1.0.9-2.el8jbcs.x86_64.rpm\njbcs-httpd24-curl-7.83.1-6.el8jbcs.x86_64.rpm\njbcs-httpd24-curl-debuginfo-7.83.1-6.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-devel-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-selinux-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-tools-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-tools-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-jansson-2.14-1.el8jbcs.x86_64.rpm\njbcs-httpd24-jansson-debuginfo-2.14-1.el8jbcs.x86_64.rpm\njbcs-httpd24-jansson-devel-2.14-1.el8jbcs.x86_64.rpm\njbcs-httpd24-libcurl-7.83.1-6.el8jbcs.x86_64.rpm\njbcs-httpd24-libcurl-debuginfo-7.83.1-6.el8jbcs.x86_64.rpm\njbcs-httpd24-libcurl-devel-7.83.1-6.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_http2-1.15.19-17.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_http2-debuginfo-1.15.19-17.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_jk-ap24-1.2.48-41.redhat_1.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_jk-ap24-debuginfo-1.2.48-41.redhat_1.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_ldap-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_ldap-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_md-2.4.0-15.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_md-debuginfo-2.4.0-15.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_cluster-1.3.17-9.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-9.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_html-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_html-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_security-2.9.3-19.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_security-debuginfo-2.9.3-19.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_session-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_session-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_ssl-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_ssl-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-1.43.0-10.el8jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-debuginfo-1.43.0-10.el8jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-devel-1.43.0-10.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-1.1.1k-12.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-chil-1.0.0-16.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-chil-debuginfo-1.0.0-16.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-debuginfo-1.1.1k-12.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-devel-1.1.1k-12.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-libs-1.1.1k-12.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-libs-debuginfo-1.1.1k-12.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-perl-1.1.1k-12.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-31.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-31.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-static-1.1.1k-12.el8jbcs.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-33193\nhttps://access.redhat.com/security/cve/CVE-2021-36160\nhttps://access.redhat.com/security/cve/CVE-2021-39275\nhttps://access.redhat.com/security/cve/CVE-2021-41524\nhttps://access.redhat.com/security/cve/CVE-2021-44224\nhttps://access.redhat.com/security/cve/CVE-2021-45960\nhttps://access.redhat.com/security/cve/CVE-2021-46143\nhttps://access.redhat.com/security/cve/CVE-2022-22822\nhttps://access.redhat.com/security/cve/CVE-2022-22823\nhttps://access.redhat.com/security/cve/CVE-2022-22824\nhttps://access.redhat.com/security/cve/CVE-2022-22825\nhttps://access.redhat.com/security/cve/CVE-2022-22826\nhttps://access.redhat.com/security/cve/CVE-2022-22827\nhttps://access.redhat.com/security/cve/CVE-2022-23852\nhttps://access.redhat.com/security/cve/CVE-2022-23990\nhttps://access.redhat.com/security/cve/CVE-2022-25235\nhttps://access.redhat.com/security/cve/CVE-2022-25236\nhttps://access.redhat.com/security/cve/CVE-2022-25313\nhttps://access.redhat.com/security/cve/CVE-2022-25314\nhttps://access.redhat.com/security/cve/CVE-2022-25315\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBY1nOZtzjgjWX9erEAQjuIxAApYL8vG/A+EEcbUqbTvVWogX49KtpAbJR\nV1Gv6llWWogAKT9HEE9AGansLscDYD8cyh6TNShY7lDkX7iYchzJLCs6IYDhBzls\nj7jSdQEgpEVUCPLdKA17rFMO5FvZSlp0pgvFjSH3r+Q1+IVhsxKSXagTbFaTqGgP\nJVqYMrbot+wzwkC1oHda0/Wh4UwqraveivOT/56FOXw6T0uxF0G51RuT+GSusUFe\np7hwNNbE/xWONnQu29QNqMdB9IYFTEjpDV1Tn2i2wPMl1IhQVFhQUqgpjfL29KLc\nM+bOg6nE2NP4a6+YcYQevKwWTmq+VMLwwwCaNKsqFtK9KrDc/cy3nEDvBwQNx6gM\n+OjpDGXbUBvKe6qkXIXMbBuJA1hDug+wdlGlDsC6n1MR6EKFPLs3oDdmsVMyAeXv\nuA9lgkdwIeMpJ96JyDwQ5pCQ94NdLUPy84PlNPH3TJYshpp1di9tFe9MQ9j5lOds\nRMsc1OJLl06aavpMuyFLoV71+xFksTCeNZVEBlSr31kaf1wxr0hG3oCMjlFw/QcY\nFmY8nMirBSnrhGcOzg9zx4gfdvdf84mLmoRIAX/r1O5/RtiV13RQRp8/vo0h+4ou\nBtep5k5CnSag4tBSWvSzX5oaEcrCvaCU9CI/2vhmocTl5O1nsJVvWIHrbu7ygorx\nm+Yms1hf0io=Dgle\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-23852"
          },
          {
            "db": "VULHUB",
            "id": "VHN-413070"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23852"
          },
          {
            "db": "PACKETSTORM",
            "id": "168696"
          },
          {
            "db": "PACKETSTORM",
            "id": "169217"
          },
          {
            "db": "PACKETSTORM",
            "id": "166431"
          },
          {
            "db": "PACKETSTORM",
            "id": "166433"
          },
          {
            "db": "PACKETSTORM",
            "id": "166437"
          },
          {
            "db": "PACKETSTORM",
            "id": "169540"
          },
          {
            "db": "PACKETSTORM",
            "id": "169541"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-23852",
            "trust": 2.5
          },
          {
            "db": "TENABLE",
            "id": "TNS-2022-05",
            "trust": 1.7
          },
          {
            "db": "SIEMENS",
            "id": "SSA-484086",
            "trust": 1.7
          },
          {
            "db": "PACKETSTORM",
            "id": "168696",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "169541",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "166437",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "166348",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "167321",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "167008",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "166496",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "168578",
            "trust": 0.7
          },
          {
            "db": "CS-HELP",
            "id": "SB2022072065",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022012504",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022060617",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022032843",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022041954",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022060130",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022032013",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022012622",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022031627",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022061722",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022022416",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022070643",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022020902",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022021418",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022030721",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022072607",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022033002",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022032445",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022042116",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-167-17",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "166088",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1795",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0626",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.4174",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1677",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1154",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.4460",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0596",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1263",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.5062",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.3299",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0946",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0741",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.5666",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.2607",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.2024",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.3236",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0749",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2194",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "166431",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "166433",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "169540",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-413070",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23852",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169217",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-413070"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23852"
          },
          {
            "db": "PACKETSTORM",
            "id": "168696"
          },
          {
            "db": "PACKETSTORM",
            "id": "169217"
          },
          {
            "db": "PACKETSTORM",
            "id": "166431"
          },
          {
            "db": "PACKETSTORM",
            "id": "166433"
          },
          {
            "db": "PACKETSTORM",
            "id": "166437"
          },
          {
            "db": "PACKETSTORM",
            "id": "169540"
          },
          {
            "db": "PACKETSTORM",
            "id": "169541"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2194"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23852"
          }
        ]
      },
      "id": "VAR-202201-0395",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-413070"
          }
        ],
        "trust": 0.7003805
      },
      "last_update_date": "2026-03-09T22:06:33.725000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "libexpat Enter the fix for the verification error vulnerability",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=179981"
          },
          {
            "title": "Red Hat: Moderate: expat security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20224834 - Security Advisory"
          },
          {
            "title": "Amazon Linux AMI: ALAS-2022-1569",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1569"
          },
          {
            "title": "Red Hat: CVE-2022-23852",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-23852"
          },
          {
            "title": "Amazon Linux 2: ALAS2-2022-1754",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1754"
          },
          {
            "title": "Red Hat: Important: OpenShift Virtualization 4.8.7 Images bug fixes and security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226890 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: expat security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220951 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20227144 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20227143 - Security Advisory"
          },
          {
            "title": "Debian Security Advisories: DSA-5073-1 expat -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=131f3d669e0814049dd7f5b87ef0af84"
          },
          {
            "title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221039 - Security Advisory"
          },
          {
            "title": "Amazon Linux 2022: ALAS2022-2022-028",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-028"
          },
          {
            "title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.1 security and bug fix update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221734 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221041 - Security Advisory"
          },
          {
            "title": "Red Hat: Low: Release of OpenShift Serverless  Version 1.22.0",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221747 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221042 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.3.8 security and container updates",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221083 - Security Advisory"
          },
          {
            "title": "Tenable Security Advisories: [R1] Nessus Versions 8.15.3 and 10.1.1 Fix Multiple Third-Party Vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2022-05"
          },
          {
            "title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.4.3 security updates and bug fixes",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221476 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.2 security and bug fix update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225483 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.5.4 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221396 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: Service Telemetry Framework 1.4 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225924 - Security Advisory"
          },
          {
            "title": "IBM: Security Bulletin: Netcool Operations Insight v1.6.6 contains fixes for multiple security vulnerabilities.",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=68c6989b84f14aaac220c13b754c7702"
          },
          {
            "title": "Siemens Security Advisories: Siemens Security Advisory",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
          },
          {
            "title": "myapp-container-jaxrs",
            "trust": 0.1,
            "url": "https://github.com/akiraabe/myapp-container-jaxrs "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-23852"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2194"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-190",
            "trust": 1.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-413070"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23852"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.7,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
          },
          {
            "trust": 1.7,
            "url": "https://security.netapp.com/advisory/ntap-20220217-0001/"
          },
          {
            "trust": 1.7,
            "url": "https://www.tenable.com/security/tns-2022-05"
          },
          {
            "trust": 1.7,
            "url": "https://www.debian.org/security/2022/dsa-5073"
          },
          {
            "trust": 1.7,
            "url": "https://security.gentoo.org/glsa/202209-24"
          },
          {
            "trust": 1.7,
            "url": "https://github.com/libexpat/libexpat/pull/550"
          },
          {
            "trust": 1.7,
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "trust": 1.7,
            "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html"
          },
          {
            "trust": 1.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23852"
          },
          {
            "trust": 1.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-23852"
          },
          {
            "trust": 0.6,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.6,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22826"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22827"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-167-17"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168696/red-hat-security-advisory-2022-6890-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/expat-integer-overflow-via-xml-getbuffer-37363"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022022416"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.5062"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022020902"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.4174"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022060130"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022070643"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.5666"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022030721"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0596"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166088/ubuntu-security-notice-usn-5288-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022060617"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022012622"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022032013"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022012504"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.4460"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0749"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0946"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0626"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.3299"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/167008/red-hat-security-advisory-2022-1747-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166437/red-hat-security-advisory-2022-1039-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1677"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0741"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1795"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022031627"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1154"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.2607"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022041954"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/167321/red-hat-security-advisory-2022-4834-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/169541/red-hat-security-advisory-2022-7143-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022021418"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166348/red-hat-security-advisory-2022-0951-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022032843"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022072607"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022032445"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166496/red-hat-security-advisory-2022-1069-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168578/gentoo-linux-security-advisory-202209-24.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022072065"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1263"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022042116"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022061722"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022033002"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.2024"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.3236"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-25315"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-22824"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-22823"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-22822"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-22827"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2021-46143"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-22825"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-25235"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2021-45960"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-22826"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2022-25236"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1025"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-23219"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-23177"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-31566"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23219"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-23218"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-23308"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-24407"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24407"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-24731"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23218"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3999"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24730"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-24730"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23177"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2022-1025"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-3999"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31566"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0261"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-25710"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25709"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25710"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-25709"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0392"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0361"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0318"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0413"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-0359"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25236"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24731"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25235"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-33193"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-25313"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-36160"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39275"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-41524"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33193"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41524"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-23990"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-25314"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-44224"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36160"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-39275"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0494"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1798"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29154"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-25032"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-29154"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-2526"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2526"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0494"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:6890"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1271"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1353"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1798"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1353"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1271"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23990"
          },
          {
            "trust": 0.1,
            "url": "https://security-tracker.debian.org/tracker/expat"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1042"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0811"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0811"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1041"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25315"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1039"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:7144"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:7143"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/team/key/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-413070"
          },
          {
            "db": "PACKETSTORM",
            "id": "168696"
          },
          {
            "db": "PACKETSTORM",
            "id": "169217"
          },
          {
            "db": "PACKETSTORM",
            "id": "166431"
          },
          {
            "db": "PACKETSTORM",
            "id": "166433"
          },
          {
            "db": "PACKETSTORM",
            "id": "166437"
          },
          {
            "db": "PACKETSTORM",
            "id": "169540"
          },
          {
            "db": "PACKETSTORM",
            "id": "169541"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2194"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23852"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-413070",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23852",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "168696",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "169217",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166431",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166433",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166437",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "169540",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "169541",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2194",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23852",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-01-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-413070",
            "ident": null
          },
          {
            "date": "2022-01-24T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-23852",
            "ident": null
          },
          {
            "date": "2022-10-12T13:22:05",
            "db": "PACKETSTORM",
            "id": "168696",
            "ident": null
          },
          {
            "date": "2022-02-28T20:12:00",
            "db": "PACKETSTORM",
            "id": "169217",
            "ident": null
          },
          {
            "date": "2022-03-24T14:34:35",
            "db": "PACKETSTORM",
            "id": "166431",
            "ident": null
          },
          {
            "date": "2022-03-24T14:36:50",
            "db": "PACKETSTORM",
            "id": "166433",
            "ident": null
          },
          {
            "date": "2022-03-24T14:40:17",
            "db": "PACKETSTORM",
            "id": "166437",
            "ident": null
          },
          {
            "date": "2022-10-27T13:05:19",
            "db": "PACKETSTORM",
            "id": "169540",
            "ident": null
          },
          {
            "date": "2022-10-27T13:05:26",
            "db": "PACKETSTORM",
            "id": "169541",
            "ident": null
          },
          {
            "date": "2022-01-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2194",
            "ident": null
          },
          {
            "date": "2022-01-24T02:15:06.733000",
            "db": "NVD",
            "id": "CVE-2022-23852",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-10-29T00:00:00",
            "db": "VULHUB",
            "id": "VHN-413070",
            "ident": null
          },
          {
            "date": "2022-10-29T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-23852",
            "ident": null
          },
          {
            "date": "2022-11-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-2194",
            "ident": null
          },
          {
            "date": "2025-05-05T17:17:58.757000",
            "db": "NVD",
            "id": "CVE-2022-23852",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2194"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "libexpat Input validation error vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2194"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "_id": null,
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-2194"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201708-0038

    Vulnerability from variot - Updated: 2026-03-09 22:04

    The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value. NTP Is vulnerable to input validation.Denial of service (DoS) It may be put into a state. Network Time Protocol is prone to a denial-of-service vulnerability. A remote attacker may exploit this issue to cause a denial-of-service condition, denying service to legitimate users.


    Gentoo Linux Security Advisory GLSA 201607-15


                                           https://security.gentoo.org/
    

    Severity: Normal Title: NTP: Multiple vulnerabilities Date: July 20, 2016 Bugs: #563774, #572452, #581528, #584954 ID: 201607-15


    Synopsis

    Multiple vulnerabilities have been found in NTP, the worst of which could lead to Denial of Service.

    Affected packages

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
    

    1 net-misc/ntp < 4.2.8_p8 >= 4.2.8_p8

    Description

    Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details.

    Resolution

    All NTP users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8_p8"

    References

    [ 1 ] CVE-2015-7691 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7691 [ 2 ] CVE-2015-7692 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7692 [ 3 ] CVE-2015-7701 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7701 [ 4 ] CVE-2015-7702 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7702 [ 5 ] CVE-2015-7703 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7703 [ 6 ] CVE-2015-7704 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7704 [ 7 ] CVE-2015-7705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7705 [ 8 ] CVE-2015-7848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7848 [ 9 ] CVE-2015-7849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7849 [ 10 ] CVE-2015-7850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7850 [ 11 ] CVE-2015-7851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7851 [ 12 ] CVE-2015-7852 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7852 [ 13 ] CVE-2015-7853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7853 [ 14 ] CVE-2015-7854 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7854 [ 15 ] CVE-2015-7855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7855 [ 16 ] CVE-2015-7871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871 [ 17 ] CVE-2015-7973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7973 [ 18 ] CVE-2015-7974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7974 [ 19 ] CVE-2015-7975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7975 [ 20 ] CVE-2015-7976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7976 [ 21 ] CVE-2015-7977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7977 [ 22 ] CVE-2015-7978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7978 [ 23 ] CVE-2015-7979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7979 [ 24 ] CVE-2015-8138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8138 [ 25 ] CVE-2015-8139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8139 [ 26 ] CVE-2015-8140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8140 [ 27 ] CVE-2015-8158 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8158 [ 28 ] CVE-2016-1547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1547 [ 29 ] CVE-2016-1548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1548 [ 30 ] CVE-2016-1549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1549 [ 31 ] CVE-2016-1550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1550 [ 32 ] CVE-2016-1551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1551 [ 33 ] CVE-2016-2516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2516 [ 34 ] CVE-2016-2517 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2517 [ 35 ] CVE-2016-2518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2518 [ 36 ] CVE-2016-2519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2519 [ 37 ] CVE-2016-4953 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4953 [ 38 ] CVE-2016-4954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4954 [ 39 ] CVE-2016-4955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4955 [ 40 ] CVE-2016-4956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4956 [ 41 ] CVE-2016-4957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4957

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    https://security.gentoo.org/glsa/201607-15

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    http://creativecommons.org/licenses/by-sa/2.5

    .

    Release Date: 2016-09-21 Last Updated: 2016-09-21

    Potential Security Impact: Multiple Remote Vulnerabilities

    Source: Hewlett Packard Enterprise, Product Security Response Team

    VULNERABILITY SUMMARY Potential security vulnerabilities in NTP have been addressed with HPE Comware 7 (CW7) network products.

    References:

    • CVE-2015-7704
    • CVE-2015-7705
    • CVE-2015-7855
    • CVE-2015-7871
    • PSRT110228
    • SSRT102943

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - Comware 7 (CW7) Products - Please refer to the RESOLUTION below for a list of impacted products. All product versions are impacted prior to the fixed versions listed.

    BACKGROUND

    CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

    CVE-2015-7704
      6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
      6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)
    
    CVE-2015-7705
      6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
      6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)
    
    CVE-2015-7855
      6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
      6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)
    
    CVE-2015-7871
      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
      5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
    
    Information on CVSS is documented in
    HPE Customer Notice HPSN-2008-002 here:
    

    https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

    RESOLUTION HPE has released the following software updates to resolve the vulnerabilities in HPE Comware 7 network products.

    COMWARE 7 Products

    • 12500 (Comware 7) - Version: R7377
      • HP Network Products
      • JC072B HP 12500 Main Processing Unit
      • JC085A HP A12518 Switch Chassis
      • JC086A HP A12508 Switch Chassis
      • JC652A HP 12508 DC Switch Chassis
      • JC653A HP 12518 DC Switch Chassis
      • JC654A HP 12504 AC Switch Chassis
      • JC655A HP 12504 DC Switch Chassis
      • JF430A HP A12518 Switch Chassis
      • JF430B HP 12518 Switch Chassis
      • JF430C HP 12518 AC Switch Chassis
      • JF431A HP A12508 Switch Chassis
      • JF431B HP 12508 Switch Chassis
      • JF431C HP 12508 AC Switch Chassis
      • JG497A HP 12500 MPU w/Comware V7 OS
      • JG782A HP FF 12508E AC Switch Chassis
      • JG783A HP FF 12508E DC Switch Chassis
      • JG784A HP FF 12518E AC Switch Chassis
      • JG785A HP FF 12518E DC Switch Chassis
      • JG802A HP FF 12500E MPU
    • 10500 (Comware 7) - Version: R7178
      • HP Network Products
      • JC611A HP 10508-V Switch Chassis
      • JC612A HP 10508 Switch Chassis
      • JC613A HP 10504 Switch Chassis
      • JC748A HP 10512 Switch Chassis
      • JG608A HP FlexFabric 11908-V Switch Chassis
      • JG609A HP FlexFabric 11900 Main Processing Unit
      • JG820A HP 10504 TAA Switch Chassis
      • JG821A HP 10508 TAA Switch Chassis
      • JG822A HP 10508-V TAA Switch Chassis
      • JG823A HP 10512 TAA Switch Chassis
      • JG496A HP 10500 Type A MPU w/Comware v7 OS
      • JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
      • JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit
    • 12900 (Comware 7) - Version: R1138P03
      • HP Network Products
      • JG619A HP FlexFabric 12910 Switch AC Chassis
      • JG621A HP FlexFabric 12910 Main Processing Unit
      • JG632A HP FlexFabric 12916 Switch AC Chassis
      • JG634A HP FlexFabric 12916 Main Processing Unit
      • JH104A HP FlexFabric 12900E Main Processing Unit
      • JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
      • JH263A HP FlexFabric 12904E Main Processing Unit
      • JH255A HP FlexFabric 12908E Switch Chassis
      • JH262A HP FlexFabric 12904E Switch Chassis
      • JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
      • JH103A HP FlexFabric 12916E Switch Chassis
    • 5900 (Comware 7) - Version: R2422P02
      • HP Network Products
      • JC772A HP 5900AF-48XG-4QSFP+ Switch
      • JG296A HP 5920AF-24XG Switch
      • JG336A HP 5900AF-48XGT-4QSFP+ Switch
      • JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
      • JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
      • JG555A HP 5920AF-24XG TAA Switch
      • JG838A HP FF 5900CP-48XG-4QSFP+ Switch
      • JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
      • JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
      • JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
    • MSR1000 (Comware 7) - Version: R0305P08
      • HP Network Products
      • JG875A HP MSR1002-4 AC Router
      • JH060A HP MSR1003-8S AC Router
    • MSR2000 (Comware 7) - Version: R0305P08
      • HP Network Products
      • JG411A HP MSR2003 AC Router
      • JG734A HP MSR2004-24 AC Router
      • JG735A HP MSR2004-48 Router
      • JG866A HP MSR2003 TAA-compliant AC Router
    • MSR3000 (Comware 7) - Version: R0305P08
      • HP Network Products
      • JG404A HP MSR3064 Router
      • JG405A HP MSR3044 Router
      • JG406A HP MSR3024 AC Router
      • JG407A HP MSR3024 DC Router
      • JG408A HP MSR3024 PoE Router
      • JG409A HP MSR3012 AC Router
      • JG410A HP MSR3012 DC Router
      • JG861A HP MSR3024 TAA-compliant AC Router
    • MSR4000 (Comware 7) - Version: R0305P08
      • HP Network Products
      • JG402A HP MSR4080 Router Chassis
      • JG403A HP MSR4060 Router Chassis
      • JG412A HP MSR4000 MPU-100 Main Processing Unit
      • JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
    • VSR (Comware 7) - Version: E0322
      • HP Network Products
      • JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
      • JG811AAE HP VSR1001 Comware 7 Virtual Services Router
      • JG812AAE HP VSR1004 Comware 7 Virtual Services Router
      • JG813AAE HP VSR1008 Comware 7 Virtual Services Router
    • 7900 (Comware 7) - Version: R2138P03
      • HP Network Products
      • JG682A HP FlexFabric 7904 Switch Chassis
      • JG841A HP FlexFabric 7910 Switch Chassis
      • JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
      • JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
      • JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
      • JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
      • JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
      • JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
    • 5130 (Comware 7) - Version: R3111P03
      • HP Network Products
      • JG932A HP 5130-24G-4SFP+ EI Switch
      • JG933A HP 5130-24G-SFP-4SFP+ EI Switch
      • JG934A HP 5130-48G-4SFP+ EI Switch
      • JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
      • JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
      • JG938A HP 5130-24G-2SFP+-2XGT EI Switch
      • JG939A HP 5130-48G-2SFP+-2XGT EI Switch
      • JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
      • JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
      • JG975A HP 5130-24G-4SFP+ EI Brazil Switch
      • JG976A HP 5130-48G-4SFP+ EI Brazil Switch
      • JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
      • JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
    • 5700 (Comware 7) - Version: R2422P02
      • HP Network Products
      • JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
      • JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
      • JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
      • JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
      • JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
      • JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
    • 5930 (Comware 7) - Version: R2422P02
      • HP Network Products
      • JG726A HP FlexFabric 5930 32QSFP+ Switch
      • JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
      • JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
      • JH179A HP FlexFabric 5930 4-slot Switch
      • JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
      • JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
    • HSR6600 (Comware 7) - Version: R7103P07
      • HP Network Products
      • JG353A HP HSR6602-G Router
      • JG354A HP HSR6602-XG Router
      • JG776A HP HSR6602-G TAA-compliant Router
      • JG777A HP HSR6602-XG TAA-compliant Router
    • HSR6800 (Comware 7) - Version: R7103P07
      • HP Network Products
      • JG361A HP HSR6802 Router Chassis
      • JG361B HP HSR6802 Router Chassis
      • JG362A HP HSR6804 Router Chassis
      • JG362B HP HSR6804 Router Chassis
      • JG363A HP HSR6808 Router Chassis
      • JG363B HP HSR6808 Router Chassis
      • JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
      • JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing
      • JH075A HP HSR6800 RSE-X3 Router Main Processing Unit
    • 1950 (Comware 7) - Version: R3111P03
      • HP Network Products
      • JG960A HP 1950-24G-4XG Switch
      • JG961A HP 1950-48G-2SFP+-2XGT Switch
      • JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
      • JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
    • 7500 (Comware 7) - Version: R7178
      • HP Network Products
      • JD238C HP 7510 Switch Chassis
      • JD239C HP 7506 Switch Chassis
      • JD240C HP 7503 Switch Chassis
      • JD242C HP 7502 Switch Chassis
      • JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit
      • JH208A HP 7502 Main Processing Unit
      • JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit
    • 5130HI - Version: R1118P02
      • HP Network Products
      • JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch
      • JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch
      • JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch
      • JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch
    • 5510HI - Version: R1118P02
      • HP Network Products
      • JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch
      • JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch
      • JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch
      • JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch
      • JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch

    Note: Please contact HPE Technical Support if any assistance is needed acquiring the software updates.

    HISTORY Version:1 (rev.1) - 21 September 2016 Initial release

    Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

    Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

    Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com

    Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

    Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

    Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

    3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX

    Copyright 2016 Hewlett Packard Enterprise

    Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    ============================================================================= FreeBSD-SA-15:25.ntp Security Advisory The FreeBSD Project

    Topic: Multiple vulnerabilities of ntp

    Category: contrib Module: ntp Announced: 2015-10-26 Credits: Network Time Foundation Affects: All supported versions of FreeBSD. Corrected: 2015-10-26 11:35:40 UTC (stable/10, 10.2-STABLE) 2015-10-26 11:36:55 UTC (releng/10.2, 10.2-RELEASE-p6) 2015-10-26 11:37:31 UTC (releng/10.1, 10.1-RELEASE-p23) 2015-10-26 11:36:40 UTC (stable/9, 9.3-STABLE) 2015-10-26 11:42:25 UTC (releng/9.3, 9.3-RELEASE-p29) CVE Name: CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704, CVE-2015-7848, CVE-2015-7849, CVE-2015-7850, CVE-2015-7851, CVE-2015-7852, CVE-2015-7853, CVE-2015-7854, CVE-2015-7855, CVE-2015-7871

    For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/.

    I.

    II. Problem Description

    Crypto-NAK packets can be used to cause ntpd(8) to accept time from an unauthenticated ephemeral symmetric peer by bypassing the authentication required to mobilize peer associations. [CVE-2015-7871] FreeBSD 9.3 and 10.1 are not affected. [CVE-2015-7855]

    If ntpd(8) is configured to allow remote configuration, and if the (possibly spoofed) source IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password or if ntpd(8) was configured to disable authentication, then an attacker can send a set of packets to ntpd(8) that may cause it to crash, with the hypothetical possibility of a small code injection. [CVE-2015-7854]

    A negative value for the datalen parameter will overflow a data buffer. NTF's ntpd(8) driver implementations always set this value to 0 and are therefore not vulnerable to this weakness. If you are running a custom refclock driver in ntpd(8) and that driver supplies a negative value for datalen (no custom driver of even minimal competence would do this) then ntpd would overflow a data buffer. It is even hypothetically possible in this case that instead of simply crashing ntpd the attacker could effect a code injection attack. [CVE-2015-7853]

    If an attacker can figure out the precise moment that ntpq(8) is listening for data and the port number it is listening on or if the attacker can provide a malicious instance ntpd(8) that victims will connect to then an attacker can send a set of crafted mode 6 response packets that, if received by ntpq(8), can cause ntpq(8) to crash. [CVE-2015-7852]

    If ntpd(8) is configured to allow remote configuration, and if the (possibly spoofed) IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password or if ntpd(8) was configured to disable authentication, then an attacker can send a set of packets to ntpd that may cause ntpd(8) to overwrite files. [CVE-2015-7851]. The default configuration of ntpd(8) within FreeBSD does not allow remote configuration.

    If ntpd(8) is configured to allow remote configuration, and if the (possibly spoofed) source IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password or if ntpd(8) was configured to disable authentication, then an attacker can send a set of packets to ntpd that will cause it to crash and/or create a potentially huge log file. Specifically, the attacker could enable extended logging, point the key file at the log file, and cause what amounts to an infinite loop. [CVE-2015-7850]. The default configuration of ntpd(8) within FreeBSD does not allow remote configuration.

    If ntpd(8) is configured to allow remote configuration, and if the (possibly spoofed) source IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password or if ntpd was configured to disable authentication, then an attacker can send a set of packets to ntpd that may cause a crash or theoretically perform a code injection attack. [CVE-2015-7849]. The default configuration of ntpd(8) within FreeBSD does not allow remote configuration.

    If ntpd(8) is configured to enable mode 7 packets, and if the use of mode 7 packets is not properly protected thru the use of the available mode 7 authentication and restriction mechanisms, and if the (possibly spoofed) source IP address is allowed to send mode 7 queries, then an attacker can send a crafted packet to ntpd that will cause it to crash. [CVE-2015-7848]. The default configuration of ntpd(8) within FreeBSD does not allow mode 7 packets.

    If ntpd(8) is configured to use autokey, then an attacker can send packets to ntpd that will, after several days of ongoing attack, cause it to run out of memory. [CVE-2015-7701]. The default configuration of ntpd(8) within FreeBSD does not use autokey.

    If ntpd(8) is configured to allow for remote configuration, and if the (possibly spoofed) source IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password, it's possible for an attacker to use the "pidfile" or "driftfile" directives to potentially overwrite other files. [CVE-2015-5196]. The default configuration of ntpd(8) within FreeBSD does not allow remote configuration

    An ntpd(8) client that honors Kiss-of-Death responses will honor KoD messages that have been forged by an attacker, causing it to delay or stop querying its servers for time updates. Also, an attacker can forge packets that claim to be from the target and send them to servers often enough that a server that implements KoD rate limiting will send the target machine a KoD response to attempt to reduce the rate of incoming packets, or it may also trigger a firewall block at the server for packets from the target machine. For either of these attacks to succeed, the attacker must know what servers the target is communicating with. An attacker can be anywhere on the Internet and can frequently learn the identity of the target's time source by sending the target a time query. [CVE-2015-7704]

    The fix for CVE-2014-9750 was incomplete in that there were certain code paths where a packet with particular autokey operations that contained malicious data was not always being completely validated. Receipt of these packets can cause ntpd to crash. [CVE-2015-7702]. The default configuration of ntpd(8) within FreeBSD does not use autokey.

    III. Impact

    An attacker which can send NTP packets to ntpd(8), which uses cryptographic authentication of NTP data, may be able to inject malicious time data causing the system clock to be set incorrectly. [CVE-2015-7871]

    An attacker which can send NTP packets to ntpd(8), can block the communication of the daemon with time servers, causing the system clock not being synchronized. [CVE-2015-7704]

    An attacker which can send NTP packets to ntpd(8), can remotely crash the daemon, sending malicious data packet. [CVE-2015-7855] [CVE-2015-7854] [CVE-2015-7853] [CVE-2015-7852] [CVE-2015-7849] [CVE-2015-7848]

    An attacker which can send NTP packets to ntpd(8), can remotely trigger the daemon to overwrite its configuration files. [CVE-2015-7851] [CVE-2015-5196]

    IV. Workaround

    No workaround is available, but systems not running ntpd(8) are not affected. Network administrators are advised to implement BCP-38, which helps to reduce risk associated with the attacks.

    V. Solution

    Perform one of the following:

    1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.

    The ntpd service has to be restarted after the update. A reboot is recommended but not required.

    2) To update your vulnerable system via a binary patch:

    Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

    freebsd-update fetch

    freebsd-update install

    The ntpd service has to be restarted after the update. A reboot is recommended but not required.

    3) To update your vulnerable system via a source code patch:

    The following patches have been verified to apply to the applicable FreeBSD release branches.

    a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

    [FreeBSD 10.2]

    fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-102.patch.bz2

    bunzip2 ntp-102.patch.bz2

    fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-102.patch.asc

    gpg --verify ntp-102.patch.asc

    [FreeBSD 10.1]

    fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-101.patch.bz2

    bunzip2 ntp-101.patch.bz2

    fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-101.patch.asc

    gpg --verify ntp-101.patch.asc

    [FreeBSD 9.3]

    fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-93.patch.bz2

    bunzip2 ntp-93.patch.bz2

    fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-93.patch.asc

    gpg --verify ntp-93.patch.asc

    b) Apply the patch. Execute the following commands as root:

    cd /usr/src

    patch < /path/to/patch

    find contrib/ntp -type f -empty -delete

    c) Recompile the operating system using buildworld and installworld as described in https://www.FreeBSD.org/handbook/makeworld.html.

    d) For 9.3-RELEASE and 10.1-RELEASE an update to /etc/ntp.conf is recommended, which can be done with help of the mergemaster(8) tool on 9.3-RELEASE and with help of the etcupdate(8) tool on 10.1-RELEASE.

    Restart the ntpd(8) daemon, or reboot the system.

    VI. Correction details

    The following list contains the correction revision numbers for each affected branch.

    Branch/path Revision


    stable/9/ r289998 releng/9.3/ r290001 stable/10/ r289997 releng/10.1/ r290000 releng/10.2/ r289999


    To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:

    svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

    Or visit the following URL, replacing NNNNNN with the revision number:

    https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN

    VII. References

    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871

    The latest revision of this advisory is available at https://security.FreeBSD.org/advisories/FreeBSD-SA-15:25.ntp.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIcBAEBAgAGBQJWLhOJAAoJEO1n7NZdz2rn91wP/2GwEt1boNQq2a7nYzv/mS5D sYKkIi7o+2yr2BLXvtc3O7c9QC3/YeGsza9DTRqndcY572SWvRgtkFstMTTm8IV/ RVlIE40gVR3tex0zo7BiD7uKUrxWxWcpwMbE5dzlE+vSybyyj0dSSkwUHJjrbJoA RmyNuEEUhQn5sRCg6qJv/PLp2G7BcYAasKScukjm7QnLP2kq/tvM9mcqwfh2tadM 7kbf8uq+ykvsRzctaDnxQaB5+zJxBQYJjBelxQfIkNek0XGfdj3sRwISeFznbllq mOLTIBaFiuEtHtusO7MKKavMgS5CQJOvuuvd/l3NY1MnxC6X/1SWig9KIKDIn/hv q8dsnq7LLx+tO6Cv4Dub7EbC2ZP3xXGOC4Ie02z8bTZnbX7iwyPUidQQqtU9ra15 rxzFcZnBxu+yyMNJVsV2qVV/r9OycgKxWlEELC1wYrK9fKfvLdA5aEGjDeU1Z+s6 JS2zKr0t4F2bMrCsjYP1lQD8sHkCVjwJk+IJU/slcwSajDjBNlMH0yBxGYE1ETIZ qMF7/PAkLe8V78pdYmXw9pcaPyhI+ihPLnNrdhX8AI2RX5jDK7IuUNJeUM04UrVB 8N+mMwgamcuCPWNNyXaL0bz21fexZOuhHmU+B8Yn3SFX5O5b/r9gGvrjo8ei8jOk EUlBT3ViDhHNrI7PTaiI =djPm -----END PGP SIGNATURE----- . ============================================================================ Ubuntu Security Notice USN-2783-1 October 27, 2015

    ntp vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 15.10
    • Ubuntu 15.04
    • Ubuntu 14.04 LTS
    • Ubuntu 12.04 LTS

    Summary:

    Several security issues were fixed in NTP. (CVE-2015-5146)

    Miroslav Lichvar discovered that NTP incorrectly handled logconfig directives. (CVE-2015-5194)

    Miroslav Lichvar discovered that NTP incorrectly handled certain statistics types. (CVE-2015-5195)

    Miroslav Lichvar discovered that NTP incorrectly handled certain file paths. (CVE-2015-5196, CVE-2015-7703)

    Miroslav Lichvar discovered that NTP incorrectly handled certain packets. (CVE-2015-5219)

    Aanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that NTP incorrectly handled restarting after hitting a panic threshold. (CVE-2015-7691, CVE-2015-7692, CVE-2015-7702)

    It was discovered that NTP incorrectly handled memory when processing certain autokey messages. (CVE-2015-7701)

    Aanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that NTP incorrectly handled rate limiting. (CVE-2015-7704, CVE-2015-7705)

    Yves Younan discovered that NTP incorrectly handled logfile and keyfile directives. (CVE-2015-7850)

    Yves Younan and Aleksander Nikolich discovered that NTP incorrectly handled ascii conversion. (CVE-2015-7852)

    Yves Younan discovered that NTP incorrectly handled reference clock memory. A malicious refclock could possibly use this issue to cause NTP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-7853)

    John D "Doug" Birdwell discovered that NTP incorrectly handled decoding certain bogus values. (CVE-2015-7855)

    Stephen Gray discovered that NTP incorrectly handled symmetric association authentication. (CVE-2015-7871)

    In the default installation, attackers would be isolated by the NTP AppArmor profile.

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 15.10: ntp 1:4.2.6.p5+dfsg-3ubuntu8.1

    Ubuntu 15.04: ntp 1:4.2.6.p5+dfsg-3ubuntu6.2

    Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.5

    Ubuntu 12.04 LTS: ntp 1:4.2.6.p3+dfsg-1ubuntu3.6

    In general, a standard system update will make all the necessary changes.

    References: http://www.ubuntu.com/usn/usn-2783-1 CVE-2015-5146, CVE-2015-5194, CVE-2015-5195, CVE-2015-5196, CVE-2015-5219, CVE-2015-5300, CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704, CVE-2015-7705, CVE-2015-7850, CVE-2015-7852, CVE-2015-7853, CVE-2015-7855, CVE-2015-7871

    Package Information: https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu8.1 https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu6.2 https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.5 https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.6 .

    On October 21st, 2015, NTP.org released a security advisory detailing 13 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may result in an attacker gaining the ability to modify an NTP server's advertised time.

    Workarounds that mitigate one or more of the vulnerabilities may be available for certain products, please see the individual Cisco Bug IDs for details.

    CVE-2015-5194

    It was found that ntpd could crash due to an uninitialized
    variable when processing malformed logconfig configuration
    commands.
    

    CVE-2015-5195

    It was found that ntpd exits with a segmentation fault when a
    statistics type that was not enabled during compilation (e.g. 
    timingstats) is referenced by the statistics or filegen
    configuration command
    

    CVE-2015-5219

    It was discovered that sntp program would hang in an infinite loop
    when a crafted NTP packet was received, related to the conversion
    of the precision value in the packet to double.
    

    CVE-2015-5300

    It was found that ntpd did not correctly implement the -g option:
    
    Normally, ntpd exits with a message to the system log if the offset
    exceeds the panic threshold, which is 1000 s by default. This
    option allows the time to be set to any value without restriction;
    however, this can happen only once. If the threshold is exceeded
    after that, ntpd will exit with a message to the system log. This
    option can be used with the -q and -x options.
    
    ntpd could actually step the clock multiple times by more than the
    panic threshold if its clock discipline doesn't have enough time to
    reach the sync state and stay there for at least one update. If a
    man-in-the-middle attacker can control the NTP traffic since ntpd
    was started (or maybe up to 15-30 minutes after that), they can
    prevent the client from reaching the sync state and force it to step
    its clock by any amount any number of times, which can be used by
    attackers to expire certificates, etc.
    
    This is contrary to what the documentation says. Normally, the
    assumption is that an MITM attacker can step the clock more than the
    panic threshold only once when ntpd starts and to make a larger
    adjustment the attacker has to divide it into multiple smaller
    steps, each taking 15 minutes, which is slow.
    

    CVE-2015-7701

    A memory leak flaw was found in ntpd's CRYPTO_ASSOC.
    

    CVE-2015-7703

    Miroslav Lichvar of Red Hat found that the :config command can be
    used to set the pidfile and driftfile paths without any
    restrictions. A remote attacker could use this flaw to overwrite a
    file on the file system with a file containing the pid of the ntpd
    process (immediately) or the current estimated drift of the system
    clock (in hourly intervals). For example:
    
    ntpq -c ':config pidfile /tmp/ntp.pid'
    ntpq -c ':config driftfile /tmp/ntp.drift'
    
    In Debian ntpd is configured to drop root privileges, which limits
    the impact of this issue.
    

    CVE-2015-7704

    If ntpd as an NTP client receives a Kiss-of-Death (KoD) packet
    from the server to reduce its polling rate, it doesn't check if the
    originate timestamp in the reply matches the transmit timestamp from
    its request. An off-path attacker can send a crafted KoD packet to
    the client, which will increase the client's polling interval to a
    large value and effectively disable synchronization with the server. A
    specially crafted configuration file could cause an endless loop
    resulting in a denial of service.
    

    CVE-2015-7852

    A potential off by one vulnerability exists in the cookedprint
    functionality of ntpq. A specially crafted buffer could cause a
    buffer overflow potentially resulting in null byte being written out
    of bounds.
    

    CVE-2015-7871

    An error handling logic error exists within ntpd that manifests due
    to improper error condition handling associated with certain
    crypto-NAK packets. An unauthenticated, off-path attacker can force
    ntpd processes on targeted servers to peer with time sources of the
    attacker's choosing by transmitting symmetric active crypto-NAK
    packets to ntpd.
    

    For the oldstable distribution (wheezy), these problems have been fixed in version 1:4.2.6.p5+dfsg-2+deb7u6.

    For the stable distribution (jessie), these problems have been fixed in version 1:4.2.6.p5+dfsg-7+deb8u1.

    For the testing distribution (stretch), these problems have been fixed in version 1:4.2.8p4+dfsg-3.

    For the unstable distribution (sid), these problems have been fixed in version 1:4.2.8p4+dfsg-3.

    We recommend that you upgrade your ntp packages.

    Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz: Upgraded. In addition to bug fixes and enhancements, this release fixes several low and medium severity vulnerabilities. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9750 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5196 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871 ( Security fix ) +--------------------------+

    Where to find the new packages: +-----------------------------+

    Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

    Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

    Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p4-i486-1_slack13.0.txz

    Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.0.txz

    Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p4-i486-1_slack13.1.txz

    Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.1.txz

    Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p4-i486-1_slack13.37.txz

    Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.37.txz

    Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p4-i486-1_slack14.0.txz

    Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.0.txz

    Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz

    Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.1.txz

    Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p4-i586-1.txz

    Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p4-x86_64-1.txz

    MD5 signatures: +-------------+

    Slackware 13.0 package: 21dd14178fea17a88c9326c8672ecefd ntp-4.2.8p4-i486-1_slack13.0.txz

    Slackware x86_64 13.0 package: 8647479b2007b92ff8598184f2275263 ntp-4.2.8p4-x86_64-1_slack13.0.txz

    Slackware 13.1 package: e0f122e8e271dc84db06202c03cc0288 ntp-4.2.8p4-i486-1_slack13.1.txz

    Slackware x86_64 13.1 package: db0aff04b72b3d8c96ca8c8e1ed36c05 ntp-4.2.8p4-x86_64-1_slack13.1.txz

    Slackware 13.37 package: 5914e43e886e5ff88fefd30083493e30 ntp-4.2.8p4-i486-1_slack13.37.txz

    Slackware x86_64 13.37 package: 4335c3bf2ae24afc5ad734e8d80b3e94 ntp-4.2.8p4-x86_64-1_slack13.37.txz

    Slackware 14.0 package: 39b05698797b638b67130e0b170e0a4b ntp-4.2.8p4-i486-1_slack14.0.txz

    Slackware x86_64 14.0 package: dcf4a56ba1d013ee1c9d0e624e158709 ntp-4.2.8p4-x86_64-1_slack14.0.txz

    Slackware 14.1 package: 1fd3a7beaf23303e2c211af377662614 ntp-4.2.8p4-i486-1_slack14.1.txz

    Slackware x86_64 14.1 package: 438c3185aa8ec20d1c2b5e51786e4d41 ntp-4.2.8p4-x86_64-1_slack14.1.txz

    Slackware -current package: 81bfb2fed450cb26a51b5e1cee0d33ed n/ntp-4.2.8p4-i586-1.txz

    Slackware x86_64 -current package: 8bae4ad633af40d4d54b7686e4b225f9 n/ntp-4.2.8p4-x86_64-1.txz

    Installation instructions: +------------------------+

    Upgrade the package as root:

    upgradepkg ntp-4.2.8p4-i486-1_slack14.1.txz

    Then, restart the NTP daemon:

    sh /etc/rc.d/rc.ntpd restart

    +-----+

    Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

    +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "ntp",
            "version": "4.2.8"
          },
          {
            "_id": null,
            "model": "tim 4r-ie dnp3",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "*"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "oncommand balance",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "ntp",
            "version": "4.3.77"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "oncommand performance manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "clustered data ontap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ntp",
            "version": "4.2.0"
          },
          {
            "_id": null,
            "model": "data ontap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "ntp",
            "version": "4.2.8"
          },
          {
            "_id": null,
            "model": "tim 4r-ie",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "*"
          },
          {
            "_id": null,
            "model": "oncommand unified manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ntp",
            "version": "4.3.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "ntp",
            "version": "4.3.70"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ntp",
            "version": null
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "ntp",
            "version": "4.2.8p4  less than  4.2.x"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "ntp",
            "version": "4.3.77  less than  4.3.x"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ntp",
            "version": "4.3.66"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ntp",
            "version": "4.3.74"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ntp",
            "version": "4.3.68"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ntp",
            "version": "4.3.69"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ntp",
            "version": "4.3.72"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ntp",
            "version": "4.3.73"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ntp",
            "version": "4.3.75"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ntp",
            "version": "4.3.76"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ntp",
            "version": "4.3.71"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "14.1"
          },
          {
            "_id": null,
            "model": "linux x86 64 -current",
            "scope": null,
            "trust": 0.3,
            "vendor": "slackware",
            "version": null
          },
          {
            "_id": null,
            "model": "linux x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "14.1"
          },
          {
            "_id": null,
            "model": "linux x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "14.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "14.0"
          },
          {
            "_id": null,
            "model": "linux x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.37"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.37"
          },
          {
            "_id": null,
            "model": "linux x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.1"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.1"
          },
          {
            "_id": null,
            "model": "linux x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.0"
          },
          {
            "_id": null,
            "model": "linux -current",
            "scope": null,
            "trust": 0.3,
            "vendor": "slackware",
            "version": null
          },
          {
            "_id": null,
            "model": "ruggedcom rox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "2.6.3"
          },
          {
            "_id": null,
            "model": "ruggedcom rox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "2.6.2"
          },
          {
            "_id": null,
            "model": "ruggedcom rox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "ruggedcom rox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "1.16"
          },
          {
            "_id": null,
            "model": "ruggedcom rox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "1.14.5"
          },
          {
            "_id": null,
            "model": "ruggedcom rox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "automation stratix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rockwell",
            "version": "59000"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ntp",
            "version": "4.3.25"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ntp",
            "version": "4.3"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ntp",
            "version": "4.2.6"
          },
          {
            "_id": null,
            "model": "4.2.8p3",
            "scope": null,
            "trust": 0.3,
            "vendor": "ntp",
            "version": null
          },
          {
            "_id": null,
            "model": "4.2.8p2",
            "scope": null,
            "trust": 0.3,
            "vendor": "ntp",
            "version": null
          },
          {
            "_id": null,
            "model": "4.2.7p366",
            "scope": null,
            "trust": 0.3,
            "vendor": "ntp",
            "version": null
          },
          {
            "_id": null,
            "model": "4.2.7p111",
            "scope": null,
            "trust": 0.3,
            "vendor": "ntp",
            "version": null
          },
          {
            "_id": null,
            "model": "4.2.7p11",
            "scope": null,
            "trust": 0.3,
            "vendor": "ntp",
            "version": null
          },
          {
            "_id": null,
            "model": "4.2.5p186",
            "scope": null,
            "trust": 0.3,
            "vendor": "ntp",
            "version": null
          },
          {
            "_id": null,
            "model": "junos os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "0"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.14"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.4.0"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.3.50"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.3.4"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.3.3"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.3.2"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.3.0"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.2.6"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.2.5"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.2.4"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.2.0"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.1.9"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.1.8"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.1.3"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.1.1"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.1.0"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.0.13"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.0.12"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.0.11"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2.0.10"
          },
          {
            "_id": null,
            "model": "qlogic virtual fabric extension module for ibm bladecenter",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "qlogic 8gb intelligent pass-thru module and san switch module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.10"
          },
          {
            "_id": null,
            "model": "ib6131 gb infiniband switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "83.4"
          },
          {
            "_id": null,
            "model": "ib6131 gb infiniband switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "83.2"
          },
          {
            "_id": null,
            "model": "flex system fc3171 8gb san switch and san pass-thru",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.0.00"
          },
          {
            "_id": null,
            "model": "flex system en6131 40gb ethernet switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.4"
          },
          {
            "_id": null,
            "model": "flex system en6131 40gb ethernet switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "ds8800",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "86.31.167.0"
          },
          {
            "_id": null,
            "model": "ds8800",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ds8700",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "87.51.14.x"
          },
          {
            "_id": null,
            "model": "ds8700",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "87.41.17.x"
          },
          {
            "_id": null,
            "model": "ds8700",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "76.31.143.0"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.4"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.3"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.1"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.16"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.9"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.8"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.75"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.68"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.6"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.5"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.4"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.3"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.2"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.1"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.126"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.10"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.9"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.8"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.7"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0.1"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.4.1"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.3.5"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.6"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2.15"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.1.5"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.1.16"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.9.6"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.9.5"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.8.7"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.8.6"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.8.15"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.7.16"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.12.9"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.12"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.11"
          },
          {
            "_id": null,
            "model": "vsr1008 comware virtual services router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "70"
          },
          {
            "_id": null,
            "model": "vsr1004 comware virtual services router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "70"
          },
          {
            "_id": null,
            "model": "vsr1001 virtual services router day evaluation software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "600"
          },
          {
            "_id": null,
            "model": "vsr1001 comware virtual services router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "70"
          },
          {
            "_id": null,
            "model": "msr4080 router chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "msr4060 router chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "msr4000 taa-compliant mpu-100 main processing unit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "msr4000 mpu-100 main processing unit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "msr3064 router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "msr3044 router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "msr3024 taa-compliant ac router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "msr3024 poe router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "msr3024 dc router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "msr3024 ac router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "msr3012 dc router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "msr3012 ac router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "msr2004-48 router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "msr2004-24 ac router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "msr2003 taa-compliant ac router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "msr2003 ac router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "msr1003-8s ac router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "msr1002-4 ac router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "hsr6808 router chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "hsr6804 router chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "hsr6802 router chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "hsr6800 rse-x3 router main processing unit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "hsr6800 rse-x2 router taa-compliant main processing",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "hsr6800 rse-x2 router main processing unit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "hsr6602-xg taa-compliant router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "hsr6602-xg router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "hsr6602-g taa-compliant router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "hsr6602-g router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flexfabric taa-compliant switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "79100"
          },
          {
            "_id": null,
            "model": "flexfabric switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "79100"
          },
          {
            "_id": null,
            "model": "flexfabric 7.2tbps taa-compliant fabric/main processing uni",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "79100"
          },
          {
            "_id": null,
            "model": "flexfabric 7.2tbps fabric main processing unit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7910/0"
          },
          {
            "_id": null,
            "model": "flexfabric 2.4tbps taa-compliant fabric/main processing uni",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "79100"
          },
          {
            "_id": null,
            "model": "flexfabric 2.4tbps fabric main processing unit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7910/0"
          },
          {
            "_id": null,
            "model": "flexfabric taa-compliant switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "79040"
          },
          {
            "_id": null,
            "model": "flexfabric switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "79040"
          },
          {
            "_id": null,
            "model": "flexfabric 4-slot taa-compliant switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "59300"
          },
          {
            "_id": null,
            "model": "flexfabric 4-slot switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "59300"
          },
          {
            "_id": null,
            "model": "flexfabric 32qsfp+ taa-compliant switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "59300"
          },
          {
            "_id": null,
            "model": "flexfabric 32qsfp+ switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "59300"
          },
          {
            "_id": null,
            "model": "flexfabric 2qsfp+ 2-slot taa-compliant switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "59300"
          },
          {
            "_id": null,
            "model": "flexfabric 2qsfp+ 2-slot switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "59300"
          },
          {
            "_id": null,
            "model": "flexfabric 5900cp 48xg 4qsfp+ taa-compliant",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flexfabric 5700-48g-4xg-2qsfp+ taa-compliant switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flexfabric 5700-48g-4xg-2qsfp+ switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flexfabric 5700-40xg-2qsfp+ taa-compliant switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flexfabric 5700-40xg-2qsfp+ switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flexfabric 5700-32xgt-8xg-2qsfp+ taa-compliant switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flexfabric 5700-32xgt-8xg-2qsfp+ switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flexfabric 12916e switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flexfabric switch ac chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "129160"
          },
          {
            "_id": null,
            "model": "flexfabric main processing unit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "129160"
          },
          {
            "_id": null,
            "model": "flexfabric taa-compliant switch ac chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "129100"
          },
          {
            "_id": null,
            "model": "flexfabric taa-compliant main processing unit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "129100"
          },
          {
            "_id": null,
            "model": "flexfabric switch ac chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "129100"
          },
          {
            "_id": null,
            "model": "flexfabric main processing unit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "129100"
          },
          {
            "_id": null,
            "model": "flexfabric 12908e switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flexfabric 12904e switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flexfabric 12904e main processing unit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flexfabric 12900e main processing unit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flexfabric switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "11908-v0"
          },
          {
            "_id": null,
            "model": "flexfabric main processing unit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "119000"
          },
          {
            "_id": null,
            "model": "ff 5900cp-48xg-4qsfp+ switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ff 12518e dc switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ff 12518e ac switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ff 12508e dc switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ff 12508e ac switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ff 12500e mpu",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "a12518 switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "a12508 switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "75100"
          },
          {
            "_id": null,
            "model": "switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "75060"
          },
          {
            "_id": null,
            "model": "switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "75030"
          },
          {
            "_id": null,
            "model": "switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "75020"
          },
          {
            "_id": null,
            "model": "main processing unit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "75020"
          },
          {
            "_id": null,
            "model": "5920af-24xg taa switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5920af-24xg switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5900af-48xgt-4qsfp+ switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5900af-48xg-4qsfp+ taa switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5900af-48xg-4qsfp+ switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5900af-48g-4xg-2qsfp+ switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5900af 48xgt 4qsfp+ taa-compliant switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5900af 48g 4xg 2qsfp+ taa-compliant",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "48g poe+ 4sfp+ hi 1-slot switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "55100"
          },
          {
            "_id": null,
            "model": "48g 4sfp+ hi 1-slot switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "55100"
          },
          {
            "_id": null,
            "model": "24g sfp 4sfp+ hi 1-slot switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "55100"
          },
          {
            "_id": null,
            "model": "24g poe+ 4sfp+ hi 1-slot switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "55100"
          },
          {
            "_id": null,
            "model": "24g 4sfp+ hi 1-slot switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "55100"
          },
          {
            "_id": null,
            "model": "5130-48g-poe+-4sfp+ ei switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5130-48g-poe+-4sfp+ ei brazil switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5130-48g-poe+-2sfp+-2xgt ei switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5130-48g-4sfp+ ei switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5130-48g-4sfp+ ei brazil switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5130-48g-2sfp+-2xgt ei switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5130-24g-sfp-4sfp+ ei switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5130-24g-poe+-4sfp+ ei switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5130-24g-poe+-4sfp+ ei brazil switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5130-24g-poe+-2sfp+-2xgt ei switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5130-24g-4sfp+ ei switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5130-24g-4sfp+ ei brazil switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5130-24g-2sfp+-2xgt ei switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "48g poe+ 4sfp+ 1-slot hi switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "51300"
          },
          {
            "_id": null,
            "model": "48g 4sfp+ 1-slot hi switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "51300"
          },
          {
            "_id": null,
            "model": "24g poe+ 4sfp+ 1-slot hi switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "51300"
          },
          {
            "_id": null,
            "model": "24g 4sfp+ 1-slot hi switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "51300"
          },
          {
            "_id": null,
            "model": "1950-48g-2sfp+-2xgt-poe+ switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "1950-48g-2sfp+-2xgt switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "1950-24g-4xg switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "1950-24g-2sfp+-2xgt-poe+ switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "125180"
          },
          {
            "_id": null,
            "model": "dc switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "125180"
          },
          {
            "_id": null,
            "model": "ac switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "125180"
          },
          {
            "_id": null,
            "model": "switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "125080"
          },
          {
            "_id": null,
            "model": "dc switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "125080"
          },
          {
            "_id": null,
            "model": "ac switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "125080"
          },
          {
            "_id": null,
            "model": "dc switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "125040"
          },
          {
            "_id": null,
            "model": "ac switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "125040"
          },
          {
            "_id": null,
            "model": "mpu w/comware os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "12500v70"
          },
          {
            "_id": null,
            "model": "main processing unit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "125000"
          },
          {
            "_id": null,
            "model": "taa switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "105120"
          },
          {
            "_id": null,
            "model": "switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "105120"
          },
          {
            "_id": null,
            "model": "taa switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10508-v0"
          },
          {
            "_id": null,
            "model": "switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10508-v0"
          },
          {
            "_id": null,
            "model": "taa switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "105080"
          },
          {
            "_id": null,
            "model": "switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "105080"
          },
          {
            "_id": null,
            "model": "taa switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "105040"
          },
          {
            "_id": null,
            "model": "switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "105040"
          },
          {
            "_id": null,
            "model": "type d taa-compliant with comware os main processing un",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10500v70"
          },
          {
            "_id": null,
            "model": "type d main processing unit with comware os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10500v70"
          },
          {
            "_id": null,
            "model": "type a mpu w/comware os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10500v70"
          },
          {
            "_id": null,
            "model": "9.3-release-p9",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-release-p6",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-release-p5",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-release-p3",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-release-p25",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-release-p24",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-release-p22",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-release-p21",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-release-p2",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-release-p13",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-release-p10",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-release-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-rc3-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-rc2-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-rc2",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-rc1-p2",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-rc",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-prerelease",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-beta3-p2",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-beta1-p2",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-beta1-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-beta1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "freebsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "9.3"
          },
          {
            "_id": null,
            "model": "10.2-rc2-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.2-rc1-p2",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.2-rc1-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.2-prerelease",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.2-beta2-p3",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.2-beta2-p2",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "freebsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "10.2"
          },
          {
            "_id": null,
            "model": "10.1-stable",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.1-releng",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.1-release-p9",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.1-release-p6",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.1-release-p5",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.1-release-p19",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.1-release-p17",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.1-release-p16",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.1-release-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.1-release",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.1-rc4-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.1-rc3-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.1-rc2-p3",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.1-rc2-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.1-rc1-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.1-prerelease",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.1-beta3-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.1-beta1-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "freebsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "summit wm3000 series",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "0"
          },
          {
            "_id": null,
            "model": "purview appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "6.4"
          },
          {
            "_id": null,
            "model": "purview appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "6.3"
          },
          {
            "_id": null,
            "model": "netsight appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "6.3"
          },
          {
            "_id": null,
            "model": "netsight appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "nac appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "6.3"
          },
          {
            "_id": null,
            "model": "nac appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "extremexos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "16.1.2"
          },
          {
            "_id": null,
            "model": "extremexos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "15.7.4"
          },
          {
            "_id": null,
            "model": "extremexos patch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "15.7.38"
          },
          {
            "_id": null,
            "model": "extremexos patch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "15.7.31"
          },
          {
            "_id": null,
            "model": "extremexos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "15.7.2"
          },
          {
            "_id": null,
            "model": "extremexos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "15.7"
          },
          {
            "_id": null,
            "model": "extremexos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "15.6.4"
          },
          {
            "_id": null,
            "model": "extremexos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "16.1"
          },
          {
            "_id": null,
            "model": "extremexos 15.4.1.3-patch1-10",
            "scope": null,
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": null
          },
          {
            "_id": null,
            "model": "extremexos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "15.4.1.0"
          },
          {
            "_id": null,
            "model": "extremexos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "15.3"
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "ruggedcom rox",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "2.9.0"
          },
          {
            "_id": null,
            "model": "automation stratix",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "rockwell",
            "version": "590015.6.3"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ntp",
            "version": "4.3.77"
          },
          {
            "_id": null,
            "model": "4.2.8p4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ntp",
            "version": null
          },
          {
            "_id": null,
            "model": "qlogic virtual fabric extension module for ibm bladecenter",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.3.14.0"
          },
          {
            "_id": null,
            "model": "qlogic 8gb intelligent pass-thru module and san switch module",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.10.1.37.00"
          },
          {
            "_id": null,
            "model": "ib6131 gb infiniband switch",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "83.5.1000"
          },
          {
            "_id": null,
            "model": "flex system fc3171 8gb san switch and san pass-thru",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.7.03.00"
          },
          {
            "_id": null,
            "model": "flex system en6131 40gb ethernet switch",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.5.1000"
          },
          {
            "_id": null,
            "model": "9.3-stable",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-release-p29",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.2-stable",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.2-release-p6",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.1-release-p23",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "purview appliance",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "7.0.3"
          },
          {
            "_id": null,
            "model": "netsight appliance",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "6.4"
          },
          {
            "_id": null,
            "model": "nac appliance",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "6.4"
          },
          {
            "_id": null,
            "model": "extremexos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "21.1.1"
          },
          {
            "_id": null,
            "model": "extremexos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "16.2"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "77283"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-575"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007707"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7855"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "John D \"Doug\" Birdwell of IDA.org.",
        "sources": [
          {
            "db": "BID",
            "id": "77283"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2015-7855",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2015-7855",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2015-7855",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2015-7855",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-7855",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2015-7855",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201510-575",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2015-7855",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2015-7855"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-575"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007707"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7855"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value. NTP Is vulnerable to input validation.Denial of service (DoS) It may be put into a state. Network Time Protocol is prone to a denial-of-service vulnerability. \nA remote attacker may exploit this issue to cause a denial-of-service condition, denying service to legitimate users. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201607-15\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: NTP: Multiple vulnerabilities\n     Date: July 20, 2016\n     Bugs: #563774, #572452, #581528, #584954\n       ID: 201607-15\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in NTP, the worst of which\ncould lead to Denial of Service. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-misc/ntp                \u003c 4.2.8_p8               \u003e= 4.2.8_p8\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in NTP. Please review the\nCVE identifiers referenced below for details. \n\nResolution\n==========\n\nAll NTP users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-misc/ntp-4.2.8_p8\"\n\nReferences\n==========\n\n[  1 ] CVE-2015-7691\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7691\n[  2 ] CVE-2015-7692\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7692\n[  3 ] CVE-2015-7701\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7701\n[  4 ] CVE-2015-7702\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7702\n[  5 ] CVE-2015-7703\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7703\n[  6 ] CVE-2015-7704\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7704\n[  7 ] CVE-2015-7705\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7705\n[  8 ] CVE-2015-7848\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7848\n[  9 ] CVE-2015-7849\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7849\n[ 10 ] CVE-2015-7850\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7850\n[ 11 ] CVE-2015-7851\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7851\n[ 12 ] CVE-2015-7852\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7852\n[ 13 ] CVE-2015-7853\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7853\n[ 14 ] CVE-2015-7854\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7854\n[ 15 ] CVE-2015-7855\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7855\n[ 16 ] CVE-2015-7871\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871\n[ 17 ] CVE-2015-7973\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7973\n[ 18 ] CVE-2015-7974\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7974\n[ 19 ] CVE-2015-7975\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7975\n[ 20 ] CVE-2015-7976\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7976\n[ 21 ] CVE-2015-7977\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7977\n[ 22 ] CVE-2015-7978\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7978\n[ 23 ] CVE-2015-7979\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7979\n[ 24 ] CVE-2015-8138\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8138\n[ 25 ] CVE-2015-8139\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8139\n[ 26 ] CVE-2015-8140\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8140\n[ 27 ] CVE-2015-8158\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8158\n[ 28 ] CVE-2016-1547\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1547\n[ 29 ] CVE-2016-1548\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1548\n[ 30 ] CVE-2016-1549\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1549\n[ 31 ] CVE-2016-1550\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1550\n[ 32 ] CVE-2016-1551\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1551\n[ 33 ] CVE-2016-2516\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2516\n[ 34 ] CVE-2016-2517\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2517\n[ 35 ] CVE-2016-2518\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2518\n[ 36 ] CVE-2016-2519\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2519\n[ 37 ] CVE-2016-4953\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4953\n[ 38 ] CVE-2016-4954\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4954\n[ 39 ] CVE-2016-4955\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4955\n[ 40 ] CVE-2016-4956\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4956\n[ 41 ] CVE-2016-4957\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4957\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201607-15\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. \n\nRelease Date: 2016-09-21\nLast Updated: 2016-09-21\n\nPotential Security Impact: Multiple Remote Vulnerabilities\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities in NTP have been addressed with HPE\nComware 7 (CW7) network products. \n\nReferences:\n\n  - CVE-2015-7704\n  - CVE-2015-7705\n  - CVE-2015-7855\n  - CVE-2015-7871\n  - PSRT110228\n  - SSRT102943\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n  - Comware 7 (CW7) Products - Please refer to the RESOLUTION\n below for a list of impacted products. All product versions are impacted\nprior to the fixed versions listed. \n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n    CVE-2015-7704\n      6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\n      6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)\n\n    CVE-2015-7705\n      6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\n      6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)\n\n    CVE-2015-7855\n      6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\n      6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)\n\n    CVE-2015-7871\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\n      5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n    Information on CVSS is documented in\n    HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\nHPE has released the following software updates to resolve the\nvulnerabilities in HPE Comware 7 network products. \n\n**COMWARE 7 Products**\n\n  + **12500 (Comware 7) - Version: R7377**\n    * HP Network Products\n      - JC072B HP 12500 Main Processing Unit\n      - JC085A HP A12518 Switch Chassis\n      - JC086A HP A12508 Switch Chassis\n      - JC652A HP 12508 DC Switch Chassis\n      - JC653A HP 12518 DC Switch Chassis\n      - JC654A HP 12504 AC Switch Chassis\n      - JC655A HP 12504 DC Switch Chassis\n      - JF430A HP A12518 Switch Chassis\n      - JF430B HP 12518 Switch Chassis\n      - JF430C HP 12518 AC Switch Chassis\n      - JF431A HP A12508 Switch Chassis\n      - JF431B HP 12508 Switch Chassis\n      - JF431C HP 12508 AC Switch Chassis\n      - JG497A HP 12500 MPU w/Comware V7 OS\n      - JG782A HP FF 12508E AC Switch Chassis\n      - JG783A HP FF 12508E DC Switch Chassis\n      - JG784A HP FF 12518E AC Switch Chassis\n      - JG785A HP FF 12518E DC Switch Chassis\n      - JG802A HP FF 12500E MPU\n  + **10500 (Comware 7) - Version: R7178**\n    * HP Network Products\n      - JC611A HP 10508-V Switch Chassis\n      - JC612A HP 10508 Switch Chassis\n      - JC613A HP 10504 Switch Chassis\n      - JC748A HP 10512 Switch Chassis\n      - JG608A HP FlexFabric 11908-V Switch Chassis\n      - JG609A HP FlexFabric 11900 Main Processing Unit\n      - JG820A HP 10504 TAA Switch Chassis\n      - JG821A HP 10508 TAA Switch Chassis\n      - JG822A HP 10508-V TAA Switch Chassis\n      - JG823A HP 10512 TAA Switch Chassis\n      - JG496A HP 10500 Type A MPU w/Comware v7 OS\n      - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n      - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System\nMain Processing Unit\n  + **12900 (Comware 7) - Version: R1138P03**\n    * HP Network Products\n      - JG619A HP FlexFabric 12910 Switch AC Chassis\n      - JG621A HP FlexFabric 12910 Main Processing Unit\n      - JG632A HP FlexFabric 12916 Switch AC Chassis\n      - JG634A HP FlexFabric 12916 Main Processing Unit\n      - JH104A HP FlexFabric 12900E Main Processing Unit\n      - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n      - JH263A HP FlexFabric 12904E Main Processing Unit\n      - JH255A HP FlexFabric 12908E Switch Chassis\n      - JH262A HP FlexFabric 12904E Switch Chassis\n      - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n      - JH103A HP FlexFabric 12916E Switch Chassis\n  + **5900 (Comware 7) - Version: R2422P02**\n    * HP Network Products\n      - JC772A HP 5900AF-48XG-4QSFP+ Switch\n      - JG296A HP 5920AF-24XG Switch\n      - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n      - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n      - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n      - JG555A HP 5920AF-24XG TAA Switch\n      - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n      - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n      - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n      - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n  + **MSR1000 (Comware 7) - Version: R0305P08**\n    * HP Network Products\n      - JG875A HP MSR1002-4 AC Router\n      - JH060A HP MSR1003-8S AC Router\n  + **MSR2000 (Comware 7) - Version: R0305P08**\n    * HP Network Products\n      - JG411A HP MSR2003 AC Router\n      - JG734A HP MSR2004-24 AC Router\n      - JG735A HP MSR2004-48 Router\n      - JG866A HP MSR2003 TAA-compliant AC Router\n  + **MSR3000 (Comware 7) - Version: R0305P08**\n    * HP Network Products\n      - JG404A HP MSR3064 Router\n      - JG405A HP MSR3044 Router\n      - JG406A HP MSR3024 AC Router\n      - JG407A HP MSR3024 DC Router\n      - JG408A HP MSR3024 PoE Router\n      - JG409A HP MSR3012 AC Router\n      - JG410A HP MSR3012 DC Router\n      - JG861A HP MSR3024 TAA-compliant AC Router\n  + **MSR4000 (Comware 7) - Version: R0305P08**\n    * HP Network Products\n      - JG402A HP MSR4080 Router Chassis\n      - JG403A HP MSR4060 Router Chassis\n      - JG412A HP MSR4000 MPU-100 Main Processing Unit\n      - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n  + **VSR (Comware 7) - Version: E0322**\n    * HP Network Products\n      - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n      - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n      - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n      - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n  + **7900 (Comware 7) - Version: R2138P03**\n    * HP Network Products\n      - JG682A HP FlexFabric 7904 Switch Chassis\n      - JG841A HP FlexFabric 7910 Switch Chassis\n      - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n      - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n      - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n      - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n      - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n      - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n  + **5130 (Comware 7) - Version: R3111P03**\n    * HP Network Products\n      - JG932A HP 5130-24G-4SFP+ EI Switch\n      - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n      - JG934A HP 5130-48G-4SFP+ EI Switch\n      - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n      - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n      - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n      - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n      - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n      - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n      - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n      - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n  + **5700 (Comware 7) - Version: R2422P02**\n    * HP Network Products\n      - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n      - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n      - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n      - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n      - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n      - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n  + **5930 (Comware 7) - Version: R2422P02**\n    * HP Network Products\n      - JG726A HP FlexFabric 5930 32QSFP+ Switch\n      - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n      - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n      - JH179A HP FlexFabric 5930 4-slot Switch\n      - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n      - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n  + **HSR6600 (Comware 7) - Version: R7103P07**\n    * HP Network Products\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n  + **HSR6800 (Comware 7) - Version: R7103P07**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing\n      - JH075A HP HSR6800 RSE-X3 Router Main Processing Unit\n  + **1950 (Comware 7) - Version: R3111P03**\n    * HP Network Products\n      - JG960A HP 1950-24G-4XG Switch\n      - JG961A HP 1950-48G-2SFP+-2XGT Switch\n      - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n      - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n  + **7500 (Comware 7) - Version: R7178**\n    * HP Network Products\n      - JD238C HP 7510 Switch Chassis\n      - JD239C HP 7506 Switch Chassis\n      - JD240C HP 7503 Switch Chassis\n      - JD242C HP 7502 Switch Chassis\n      - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only\nMain Processing Unit\n      - JH208A HP 7502 Main Processing Unit\n      - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port\n40GbE QSFP+ Main Processing Unit\n  + **5130HI - Version: R1118P02**\n    * HP Network Products\n      - JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch\n      - JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch\n      - JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch\n      - JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch\n  + **5510HI - Version: R1118P02**\n    * HP Network Products\n      - JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch\n      - JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch\n      - JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch\n      - JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch\n      - JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch\n\n**Note:** Please contact HPE Technical Support if any assistance is needed\nacquiring the software updates. \n\nHISTORY\nVersion:1 (rev.1) - 21 September 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n  Web form: https://www.hpe.com/info/report-security-vulnerability\n  Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=============================================================================\nFreeBSD-SA-15:25.ntp                                        Security Advisory\n                                                          The FreeBSD Project\n\nTopic:          Multiple vulnerabilities of ntp\n\nCategory:       contrib\nModule:         ntp\nAnnounced:      2015-10-26\nCredits:        Network Time Foundation\nAffects:        All supported versions of FreeBSD. \nCorrected:      2015-10-26 11:35:40 UTC (stable/10, 10.2-STABLE)\n                2015-10-26 11:36:55 UTC (releng/10.2, 10.2-RELEASE-p6)\n                2015-10-26 11:37:31 UTC (releng/10.1, 10.1-RELEASE-p23)\n                2015-10-26 11:36:40 UTC (stable/9, 9.3-STABLE)\n                2015-10-26 11:42:25 UTC (releng/9.3, 9.3-RELEASE-p29)\nCVE Name:       CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704,\n                CVE-2015-7848, CVE-2015-7849, CVE-2015-7850, CVE-2015-7851,\n                CVE-2015-7852, CVE-2015-7853, CVE-2015-7854, CVE-2015-7855,\n                CVE-2015-7871\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit https://security.FreeBSD.org/. \n\nI. \n\nII.  Problem Description\n\nCrypto-NAK packets can be used to cause ntpd(8) to accept time from an\nunauthenticated ephemeral symmetric peer by bypassing the authentication\nrequired to mobilize peer associations. [CVE-2015-7871] FreeBSD 9.3 and\n10.1 are not affected. [CVE-2015-7855]\n\nIf ntpd(8) is configured to allow remote configuration, and if the\n(possibly spoofed) source IP address is allowed to send remote\nconfiguration requests, and if the attacker knows the remote\nconfiguration password or if ntpd(8) was configured to disable\nauthentication, then an attacker can send a set of packets to ntpd(8) that\nmay cause it to crash, with the hypothetical possibility of a small code\ninjection. [CVE-2015-7854]\n\nA negative value for the datalen parameter will overflow a data buffer. \nNTF\u0027s ntpd(8) driver implementations always set this value to 0 and are\ntherefore not vulnerable to this weakness. If you are running a custom\nrefclock driver in ntpd(8) and that driver supplies a negative value for\ndatalen (no custom driver of even minimal competence would do this)\nthen ntpd would overflow a data buffer. It is even hypothetically\npossible in this case that instead of simply crashing ntpd the\nattacker could effect a code injection attack. [CVE-2015-7853]\n\nIf an attacker can figure out the precise moment that ntpq(8) is listening\nfor data and the port number it is listening on or if the attacker can\nprovide a malicious instance ntpd(8) that victims will connect to then an\nattacker can send a set of crafted mode 6 response packets that, if\nreceived by ntpq(8), can cause ntpq(8) to crash. [CVE-2015-7852]\n\nIf ntpd(8) is configured to allow remote configuration, and if the\n(possibly spoofed) IP address is allowed to send remote configuration\nrequests, and if the attacker knows the remote configuration password\nor if ntpd(8) was configured to disable authentication, then an attacker\ncan send a set of packets to ntpd that may cause ntpd(8) to overwrite\nfiles. [CVE-2015-7851].  The default configuration of ntpd(8) within\nFreeBSD does not allow remote configuration. \n\nIf ntpd(8) is configured to allow remote configuration, and if the\n(possibly spoofed) source IP address is allowed to send remote\nconfiguration requests, and if the attacker knows the remote\nconfiguration password or if ntpd(8) was configured to disable\nauthentication, then an attacker can send a set of packets to ntpd\nthat will cause it to crash and/or create a potentially huge log\nfile.  Specifically, the attacker could enable extended logging,\npoint the key file at the log file, and cause what amounts to an\ninfinite loop. [CVE-2015-7850].  The default configuration of ntpd(8)\nwithin FreeBSD does not allow remote configuration. \n\nIf ntpd(8) is configured to allow remote configuration, and if the\n(possibly spoofed) source IP address is allowed to send remote\nconfiguration requests, and if the attacker knows the remote\nconfiguration password or if ntpd was configured to disable\nauthentication, then an attacker can send a set of packets to\nntpd that may cause a crash or theoretically perform a code\ninjection attack. [CVE-2015-7849].  The default configuration of ntpd(8)\nwithin FreeBSD does not allow remote configuration. \n\nIf ntpd(8) is configured to enable mode 7 packets, and if the use\nof mode 7 packets is not properly protected thru the use of the\navailable mode 7 authentication and restriction mechanisms, and\nif the (possibly spoofed) source IP address is allowed to send\nmode 7 queries, then an attacker can send a crafted packet to\nntpd that will cause it to crash. [CVE-2015-7848].  The default\nconfiguration of ntpd(8) within FreeBSD does not allow mode 7\npackets. \n\nIf ntpd(8) is configured to use autokey, then an attacker can send\npackets to ntpd that will, after several days of ongoing attack,\ncause it to run out of memory. [CVE-2015-7701].  The default\nconfiguration of ntpd(8) within FreeBSD does not use autokey. \n\nIf ntpd(8) is configured to allow for remote configuration, and if\nthe (possibly spoofed) source IP address is allowed to send\nremote configuration requests, and if the attacker knows the\nremote configuration password, it\u0027s possible for an attacker\nto use the \"pidfile\" or \"driftfile\" directives to potentially\noverwrite other files. [CVE-2015-5196].  The default configuration\nof ntpd(8) within FreeBSD does not allow remote configuration\n\nAn ntpd(8) client that honors Kiss-of-Death responses will honor\nKoD messages that have been forged by an attacker, causing it\nto delay or stop querying its servers for time updates. Also,\nan attacker can forge packets that claim to be from the target\nand send them to servers often enough that a server that\nimplements KoD rate limiting will send the target machine a\nKoD response to attempt to reduce the rate of incoming packets,\nor it may also trigger a firewall block at the server for\npackets from the target machine. For either of these attacks\nto succeed, the attacker must know what servers the target\nis communicating with. An attacker can be anywhere on the\nInternet and can frequently learn the identity of the target\u0027s\ntime source by sending the target a time query. [CVE-2015-7704]\n\nThe fix for CVE-2014-9750 was incomplete in that there were\ncertain code paths where a packet with particular autokey\noperations that contained malicious data was not always being\ncompletely validated. Receipt of these packets can cause ntpd\nto crash. [CVE-2015-7702].  The default configuration of ntpd(8)\nwithin FreeBSD does not use autokey. \n\nIII. Impact\n\nAn attacker which can send NTP packets to ntpd(8), which uses cryptographic\nauthentication of NTP data, may be able to inject malicious time data\ncausing the system clock to be set incorrectly. [CVE-2015-7871]\n\nAn attacker which can send NTP packets to ntpd(8), can block the\ncommunication of the daemon with time servers, causing the system\nclock not being synchronized. [CVE-2015-7704]\n\nAn attacker which can send NTP packets to ntpd(8), can remotely crash\nthe daemon, sending malicious data packet. [CVE-2015-7855] [CVE-2015-7854]\n[CVE-2015-7853] [CVE-2015-7852] [CVE-2015-7849] [CVE-2015-7848]\n\nAn attacker which can send NTP packets to ntpd(8), can remotely\ntrigger the daemon to overwrite its configuration files. [CVE-2015-7851]\n[CVE-2015-5196]\n\nIV.  Workaround\n\nNo workaround is available, but systems not running ntpd(8) are not\naffected.  Network administrators are advised to implement BCP-38,\nwhich helps to reduce risk associated with the attacks. \n\nV.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\nThe ntpd service has to be restarted after the update.  A reboot is\nrecommended but not required. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nThe ntpd service has to be restarted after the update.  A reboot is\nrecommended but not required. \n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 10.2]\n# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-102.patch.bz2\n# bunzip2 ntp-102.patch.bz2\n# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-102.patch.asc\n# gpg --verify ntp-102.patch.asc\n\n[FreeBSD 10.1]\n# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-101.patch.bz2\n# bunzip2 ntp-101.patch.bz2\n# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-101.patch.asc\n# gpg --verify ntp-101.patch.asc\n\n[FreeBSD 9.3]\n# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-93.patch.bz2\n# bunzip2 ntp-93.patch.bz2\n# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-93.patch.asc\n# gpg --verify ntp-93.patch.asc\n\nb) Apply the patch.  Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n# find contrib/ntp -type f -empty -delete\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in https://www.FreeBSD.org/handbook/makeworld.html. \n\nd) For 9.3-RELEASE and 10.1-RELEASE an update to /etc/ntp.conf is recommended,\nwhich can be done with help of the mergemaster(8) tool on 9.3-RELEASE and\nwith help of the etcupdate(8) tool on 10.1-RELEASE. \n\nRestart the ntpd(8) daemon, or reboot the system. \n\nVI.  Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/9/                                                         r289998\nreleng/9.3/                                                       r290001\nstable/10/                                                        r289997\nreleng/10.1/                                                      r290000\nreleng/10.2/                                                      r289999\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\nhttps://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\n\nVII. References\n\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871\n\nThe latest revision of this advisory is available at\nhttps://security.FreeBSD.org/advisories/FreeBSD-SA-15:25.ntp.asc\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIcBAEBAgAGBQJWLhOJAAoJEO1n7NZdz2rn91wP/2GwEt1boNQq2a7nYzv/mS5D\nsYKkIi7o+2yr2BLXvtc3O7c9QC3/YeGsza9DTRqndcY572SWvRgtkFstMTTm8IV/\nRVlIE40gVR3tex0zo7BiD7uKUrxWxWcpwMbE5dzlE+vSybyyj0dSSkwUHJjrbJoA\nRmyNuEEUhQn5sRCg6qJv/PLp2G7BcYAasKScukjm7QnLP2kq/tvM9mcqwfh2tadM\n7kbf8uq+ykvsRzctaDnxQaB5+zJxBQYJjBelxQfIkNek0XGfdj3sRwISeFznbllq\nmOLTIBaFiuEtHtusO7MKKavMgS5CQJOvuuvd/l3NY1MnxC6X/1SWig9KIKDIn/hv\nq8dsnq7LLx+tO6Cv4Dub7EbC2ZP3xXGOC4Ie02z8bTZnbX7iwyPUidQQqtU9ra15\nrxzFcZnBxu+yyMNJVsV2qVV/r9OycgKxWlEELC1wYrK9fKfvLdA5aEGjDeU1Z+s6\nJS2zKr0t4F2bMrCsjYP1lQD8sHkCVjwJk+IJU/slcwSajDjBNlMH0yBxGYE1ETIZ\nqMF7/PAkLe8V78pdYmXw9pcaPyhI+ihPLnNrdhX8AI2RX5jDK7IuUNJeUM04UrVB\n8N+mMwgamcuCPWNNyXaL0bz21fexZOuhHmU+B8Yn3SFX5O5b/r9gGvrjo8ei8jOk\nEUlBT3ViDhHNrI7PTaiI\n=djPm\n-----END PGP SIGNATURE-----\n. ============================================================================\nUbuntu Security Notice USN-2783-1\nOctober 27, 2015\n\nntp vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 15.04\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in NTP. (CVE-2015-5146)\n\nMiroslav Lichvar discovered that NTP incorrectly handled logconfig\ndirectives. (CVE-2015-5194)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain statistics\ntypes. (CVE-2015-5195)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain file\npaths. (CVE-2015-5196, CVE-2015-7703)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain packets. (CVE-2015-5219)\n\nAanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that NTP\nincorrectly handled restarting after hitting a panic threshold. \n(CVE-2015-7691, CVE-2015-7692, CVE-2015-7702)\n\nIt was discovered that NTP incorrectly handled memory when processing\ncertain autokey messages. \n(CVE-2015-7701)\n\nAanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that NTP\nincorrectly handled rate limiting. (CVE-2015-7704,\nCVE-2015-7705)\n\nYves Younan discovered that NTP incorrectly handled logfile and keyfile\ndirectives. (CVE-2015-7850)\n\nYves Younan and Aleksander Nikolich discovered that NTP incorrectly handled\nascii conversion. (CVE-2015-7852)\n\nYves Younan discovered that NTP incorrectly handled reference clock memory. \nA malicious refclock could possibly use this issue to cause NTP to crash,\nresulting in a denial of service, or possibly execute arbitrary code. \n(CVE-2015-7853)\n\nJohn D \"Doug\" Birdwell discovered that NTP incorrectly handled decoding\ncertain bogus values. (CVE-2015-7855)\n\nStephen Gray discovered that NTP incorrectly handled symmetric association\nauthentication. (CVE-2015-7871)\n\nIn the default installation, attackers would be isolated by the NTP\nAppArmor profile. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n  ntp                             1:4.2.6.p5+dfsg-3ubuntu8.1\n\nUbuntu 15.04:\n  ntp                             1:4.2.6.p5+dfsg-3ubuntu6.2\n\nUbuntu 14.04 LTS:\n  ntp                             1:4.2.6.p5+dfsg-3ubuntu2.14.04.5\n\nUbuntu 12.04 LTS:\n  ntp                             1:4.2.6.p3+dfsg-1ubuntu3.6\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n  http://www.ubuntu.com/usn/usn-2783-1\n  CVE-2015-5146, CVE-2015-5194, CVE-2015-5195, CVE-2015-5196,\n  CVE-2015-5219, CVE-2015-5300, CVE-2015-7691, CVE-2015-7692,\n  CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704,\n  CVE-2015-7705, CVE-2015-7850, CVE-2015-7852, CVE-2015-7853,\n  CVE-2015-7855, CVE-2015-7871\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu8.1\n  https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu6.2\n  https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.5\n  https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.6\n. \n\nOn October 21st, 2015, NTP.org released a security advisory detailing 13 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may result in an attacker gaining the ability to modify an NTP server\u0027s advertised time. \n\nWorkarounds that mitigate one or more of the vulnerabilities may be available for certain products, please see the individual Cisco Bug IDs for details. \n\nCVE-2015-5194\n\n    It was found that ntpd could crash due to an uninitialized\n    variable when processing malformed logconfig configuration\n    commands. \n\nCVE-2015-5195\n\n    It was found that ntpd exits with a segmentation fault when a\n    statistics type that was not enabled during compilation (e.g. \n    timingstats) is referenced by the statistics or filegen\n    configuration command\n\nCVE-2015-5219\n\n    It was discovered that sntp program would hang in an infinite loop\n    when a crafted NTP packet was received, related to the conversion\n    of the precision value in the packet to double. \n\nCVE-2015-5300\n\n    It was found that ntpd did not correctly implement the -g option:\n\n    Normally, ntpd exits with a message to the system log if the offset\n    exceeds the panic threshold, which is 1000 s by default. This\n    option allows the time to be set to any value without restriction;\n    however, this can happen only once. If the threshold is exceeded\n    after that, ntpd will exit with a message to the system log. This\n    option can be used with the -q and -x options. \n\n    ntpd could actually step the clock multiple times by more than the\n    panic threshold if its clock discipline doesn\u0027t have enough time to\n    reach the sync state and stay there for at least one update. If a\n    man-in-the-middle attacker can control the NTP traffic since ntpd\n    was started (or maybe up to 15-30 minutes after that), they can\n    prevent the client from reaching the sync state and force it to step\n    its clock by any amount any number of times, which can be used by\n    attackers to expire certificates, etc. \n\n    This is contrary to what the documentation says. Normally, the\n    assumption is that an MITM attacker can step the clock more than the\n    panic threshold only once when ntpd starts and to make a larger\n    adjustment the attacker has to divide it into multiple smaller\n    steps, each taking 15 minutes, which is slow. \n\nCVE-2015-7701\n\n    A memory leak flaw was found in ntpd\u0027s CRYPTO_ASSOC. \n\nCVE-2015-7703\n\n    Miroslav Lichvar of Red Hat found that the :config command can be\n    used to set the pidfile and driftfile paths without any\n    restrictions. A remote attacker could use this flaw to overwrite a\n    file on the file system with a file containing the pid of the ntpd\n    process (immediately) or the current estimated drift of the system\n    clock (in hourly intervals). For example:\n\n    ntpq -c \u0027:config pidfile /tmp/ntp.pid\u0027\n    ntpq -c \u0027:config driftfile /tmp/ntp.drift\u0027\n\n    In Debian ntpd is configured to drop root privileges, which limits\n    the impact of this issue. \n\nCVE-2015-7704\n\n    If ntpd as an NTP client receives a Kiss-of-Death (KoD) packet\n    from the server to reduce its polling rate, it doesn\u0027t check if the\n    originate timestamp in the reply matches the transmit timestamp from\n    its request. An off-path attacker can send a crafted KoD packet to\n    the client, which will increase the client\u0027s polling interval to a\n    large value and effectively disable synchronization with the server. A\n    specially crafted configuration file could cause an endless loop\n    resulting in a denial of service. \n\nCVE-2015-7852\n\n    A potential off by one vulnerability exists in the cookedprint\n    functionality of ntpq. A specially crafted buffer could cause a\n    buffer overflow potentially resulting in null byte being written out\n    of bounds. \n\nCVE-2015-7871\n\n    An error handling logic error exists within ntpd that manifests due\n    to improper error condition handling associated with certain\n    crypto-NAK packets. An unauthenticated, off-path attacker can force\n    ntpd processes on targeted servers to peer with time sources of the\n    attacker\u0027s choosing by transmitting symmetric active crypto-NAK\n    packets to ntpd. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1:4.2.6.p5+dfsg-2+deb7u6. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1:4.2.6.p5+dfsg-7+deb8u1. \n\nFor the testing distribution (stretch), these problems have been fixed\nin version 1:4.2.8p4+dfsg-3. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:4.2.8p4+dfsg-3. \n\nWe recommend that you upgrade your ntp packages. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz:  Upgraded. \n  In addition to bug fixes and enhancements, this release fixes\n  several low and medium severity vulnerabilities. \n  For more information, see:\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9750\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5196\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p4-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p4-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p4-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p4-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p4-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p4-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 package:\n21dd14178fea17a88c9326c8672ecefd  ntp-4.2.8p4-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n8647479b2007b92ff8598184f2275263  ntp-4.2.8p4-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\ne0f122e8e271dc84db06202c03cc0288  ntp-4.2.8p4-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\ndb0aff04b72b3d8c96ca8c8e1ed36c05  ntp-4.2.8p4-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n5914e43e886e5ff88fefd30083493e30  ntp-4.2.8p4-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n4335c3bf2ae24afc5ad734e8d80b3e94  ntp-4.2.8p4-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n39b05698797b638b67130e0b170e0a4b  ntp-4.2.8p4-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\ndcf4a56ba1d013ee1c9d0e624e158709  ntp-4.2.8p4-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n1fd3a7beaf23303e2c211af377662614  ntp-4.2.8p4-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n438c3185aa8ec20d1c2b5e51786e4d41  ntp-4.2.8p4-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n81bfb2fed450cb26a51b5e1cee0d33ed  n/ntp-4.2.8p4-i586-1.txz\n\nSlackware x86_64 -current package:\n8bae4ad633af40d4d54b7686e4b225f9  n/ntp-4.2.8p4-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg ntp-4.2.8p4-i486-1_slack14.1.txz\n\nThen, restart the NTP daemon:\n\n# sh /etc/rc.d/rc.ntpd restart\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-7855"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007707"
          },
          {
            "db": "BID",
            "id": "77283"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7855"
          },
          {
            "db": "PACKETSTORM",
            "id": "137992"
          },
          {
            "db": "PACKETSTORM",
            "id": "138803"
          },
          {
            "db": "PACKETSTORM",
            "id": "134082"
          },
          {
            "db": "PACKETSTORM",
            "id": "134102"
          },
          {
            "db": "PACKETSTORM",
            "id": "134034"
          },
          {
            "db": "PACKETSTORM",
            "id": "134162"
          },
          {
            "db": "PACKETSTORM",
            "id": "134137"
          }
        ],
        "trust": 2.61
      },
      "exploit_availability": {
        "_id": null,
        "data": [
          {
            "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=40840",
            "trust": 0.1,
            "type": "exploit"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2015-7855"
          }
        ]
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2015-7855",
            "trust": 3.5
          },
          {
            "db": "BID",
            "id": "77283",
            "trust": 2.0
          },
          {
            "db": "SECTRACK",
            "id": "1033951",
            "trust": 1.7
          },
          {
            "db": "SIEMENS",
            "id": "SSA-497656",
            "trust": 1.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-103-11",
            "trust": 1.7
          },
          {
            "db": "EXPLOIT-DB",
            "id": "40840",
            "trust": 1.7
          },
          {
            "db": "JVN",
            "id": "JVNVU96269392",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007707",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-575",
            "trust": 0.6
          },
          {
            "db": "JUNIPER",
            "id": "JSA10711",
            "trust": 0.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-094-04",
            "trust": 0.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-15-356-01",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7855",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "137992",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "138803",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "134082",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "134102",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "134034",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "134162",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "134137",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2015-7855"
          },
          {
            "db": "BID",
            "id": "77283"
          },
          {
            "db": "PACKETSTORM",
            "id": "137992"
          },
          {
            "db": "PACKETSTORM",
            "id": "138803"
          },
          {
            "db": "PACKETSTORM",
            "id": "134082"
          },
          {
            "db": "PACKETSTORM",
            "id": "134102"
          },
          {
            "db": "PACKETSTORM",
            "id": "134034"
          },
          {
            "db": "PACKETSTORM",
            "id": "134162"
          },
          {
            "db": "PACKETSTORM",
            "id": "134137"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-575"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007707"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7855"
          }
        ]
      },
      "id": "VAR-201708-0038",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.20833333
      },
      "last_update_date": "2026-03-09T22:04:39.944000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Bug\u00a01274264",
            "trust": 0.8,
            "url": "http://support.ntp.org/bin/view/Main/NtpBug2922"
          },
          {
            "title": "NTP Remediation measures for denial of service vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=119785"
          },
          {
            "title": "Red Hat: CVE-2015-7855",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2015-7855"
          },
          {
            "title": "Ubuntu Security Notice: ntp vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2783-1"
          },
          {
            "title": "Siemens Security Advisories: Siemens Security Advisory",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=e70fe4cd19746222a97e5da53d3d2b2a"
          },
          {
            "title": "Debian Security Advisories: DSA-3388-1 ntp -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=61fe4252a877d02aaea1c931efa0a305"
          },
          {
            "title": "Symantec Security Advisories: SA103 : October 2015 NTP Security Vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=f5e05389a60d3a56f2a0ad0ec21579d9"
          },
          {
            "title": "Cisco: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20151021-ntp"
          },
          {
            "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eb439566c9130adc92d21bc093204cf8"
          },
          {
            "title": "afl-cve",
            "trust": 0.1,
            "url": "https://github.com/mrash/afl-cve "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2015-7855"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-575"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007707"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.0
          },
          {
            "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007707"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7855"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.0,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274264"
          },
          {
            "trust": 1.8,
            "url": "https://security.gentoo.org/glsa/201607-15"
          },
          {
            "trust": 1.8,
            "url": "https://www.exploit-db.com/exploits/40840/"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/77283"
          },
          {
            "trust": 1.7,
            "url": "http://support.ntp.org/bin/view/main/ntpbug2922"
          },
          {
            "trust": 1.7,
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05270839"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1033951"
          },
          {
            "trust": 1.7,
            "url": "http://www.debian.org/security/2015/dsa-3388"
          },
          {
            "trust": 1.7,
            "url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
          },
          {
            "trust": 1.7,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
          },
          {
            "trust": 1.7,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
          },
          {
            "trust": 1.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7855"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu96269392/index.html"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7871"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7704"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7702"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7852"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7701"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7850"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7705"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7703"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7691"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7853"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7692"
          },
          {
            "trust": 0.4,
            "url": "http://support.ntp.org/bin/view/main/securitynotice#recent_vulnerabilities"
          },
          {
            "trust": 0.4,
            "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151021-ntp"
          },
          {
            "trust": 0.4,
            "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05270839"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7848"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7849"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7854"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7851"
          },
          {
            "trust": 0.3,
            "url": "https://github.com/ntp-project/ntp/blob/stable/news#l295"
          },
          {
            "trust": 0.3,
            "url": "http://www.ntp.org"
          },
          {
            "trust": 0.3,
            "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10711"
          },
          {
            "trust": 0.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-094-04"
          },
          {
            "trust": 0.3,
            "url": "http://learn.extremenetworks.com/rs/641-vmv-602/images/vn-2015-009_multiple_ntp_vulnerabilities.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://seclists.org/bugtraq/2015/oct/113"
          },
          {
            "trust": 0.3,
            "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.asc"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005779"
          },
          {
            "trust": 0.3,
            "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099260"
          },
          {
            "trust": 0.3,
            "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099225"
          },
          {
            "trust": 0.2,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7702"
          },
          {
            "trust": 0.2,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7851"
          },
          {
            "trust": 0.2,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7701"
          },
          {
            "trust": 0.2,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7855"
          },
          {
            "trust": 0.2,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7704"
          },
          {
            "trust": 0.2,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7852"
          },
          {
            "trust": 0.2,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7850"
          },
          {
            "trust": 0.2,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7854"
          },
          {
            "trust": 0.2,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7849"
          },
          {
            "trust": 0.2,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7853"
          },
          {
            "trust": 0.2,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7871"
          },
          {
            "trust": 0.2,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7848"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5219"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5300"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5194"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5146"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5195"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5196"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9750"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/20.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=41659"
          },
          {
            "trust": 0.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-15-356-01"
          },
          {
            "trust": 0.1,
            "url": "https://usn.ubuntu.com/2783-1/"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7702"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1549"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7849"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7852"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7978"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8140"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7978"
          },
          {
            "trust": 0.1,
            "url": "https://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1551"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2516"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7975"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7973"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7979"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8138"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8139"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8158"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4954"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4956"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7973"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7853"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7704"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8140"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7974"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7691"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8139"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4957"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7703"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7855"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4955"
          },
          {
            "trust": 0.1,
            "url": "http://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7705"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2517"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1548"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1547"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8158"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7854"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1547"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2519"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2518"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7851"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7871"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7977"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7848"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7977"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1550"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7850"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7701"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7692"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8138"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7979"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7974"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4953"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7975"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7976"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7976"
          },
          {
            "trust": 0.1,
            "url": "http://www.hpe.com/support/security_bulletin_archive"
          },
          {
            "trust": 0.1,
            "url": "https://www.hpe.com/info/report-security-vulnerability"
          },
          {
            "trust": 0.1,
            "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
          },
          {
            "trust": 0.1,
            "url": "http://www.hpe.com/support/subscriber_choice"
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/patches/sa-15:25/ntp-93.patch.asc"
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/advisories/freebsd-sa-15:25.ntp.asc"
          },
          {
            "trust": 0.1,
            "url": "https://www.freebsd.org/handbook/makeworld.html."
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/patches/sa-15:25/ntp-102.patch.asc"
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/."
          },
          {
            "trust": 0.1,
            "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn"
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/patches/sa-15:25/ntp-93.patch.bz2"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7703"
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/patches/sa-15:25/ntp-101.patch.bz2"
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/patches/sa-15:25/ntp-101.patch.asc"
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/patches/sa-15:25/ntp-102.patch.bz2"
          },
          {
            "trust": 0.1,
            "url": "http://www.ubuntu.com/usn/usn-2783-1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu8.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.5"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.6"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu6.2"
          },
          {
            "trust": 0.1,
            "url": "http://www.cs.bu.edu/~goldbe/ntpattack.html"
          },
          {
            "trust": 0.1,
            "url": "http://gpgtools.org"
          },
          {
            "trust": 0.1,
            "url": "http://talosintel.com/vulnerability-reports/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9751"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3405"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/"
          },
          {
            "trust": 0.1,
            "url": "http://slackware.com"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7705"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7691"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5196"
          },
          {
            "trust": 0.1,
            "url": "http://slackware.com/gpg-key"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9750"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7692"
          },
          {
            "trust": 0.1,
            "url": "http://osuosl.org)"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2015-7855"
          },
          {
            "db": "BID",
            "id": "77283"
          },
          {
            "db": "PACKETSTORM",
            "id": "137992"
          },
          {
            "db": "PACKETSTORM",
            "id": "138803"
          },
          {
            "db": "PACKETSTORM",
            "id": "134082"
          },
          {
            "db": "PACKETSTORM",
            "id": "134102"
          },
          {
            "db": "PACKETSTORM",
            "id": "134034"
          },
          {
            "db": "PACKETSTORM",
            "id": "134162"
          },
          {
            "db": "PACKETSTORM",
            "id": "134137"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-575"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007707"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7855"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2015-7855",
            "ident": null
          },
          {
            "db": "BID",
            "id": "77283",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "137992",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "138803",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "134082",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "134102",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "134034",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "134162",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "134137",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-575",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007707",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7855",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2017-08-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-7855",
            "ident": null
          },
          {
            "date": "2015-10-21T00:00:00",
            "db": "BID",
            "id": "77283",
            "ident": null
          },
          {
            "date": "2016-07-21T15:56:23",
            "db": "PACKETSTORM",
            "id": "137992",
            "ident": null
          },
          {
            "date": "2016-09-21T17:24:00",
            "db": "PACKETSTORM",
            "id": "138803",
            "ident": null
          },
          {
            "date": "2015-10-26T19:32:22",
            "db": "PACKETSTORM",
            "id": "134082",
            "ident": null
          },
          {
            "date": "2015-10-27T23:30:50",
            "db": "PACKETSTORM",
            "id": "134102",
            "ident": null
          },
          {
            "date": "2015-10-21T19:22:22",
            "db": "PACKETSTORM",
            "id": "134034",
            "ident": null
          },
          {
            "date": "2015-11-02T16:48:39",
            "db": "PACKETSTORM",
            "id": "134162",
            "ident": null
          },
          {
            "date": "2015-10-30T23:22:57",
            "db": "PACKETSTORM",
            "id": "134137",
            "ident": null
          },
          {
            "date": "2015-10-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201510-575",
            "ident": null
          },
          {
            "date": "2017-09-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-007707",
            "ident": null
          },
          {
            "date": "2017-08-07T20:29:00.950000",
            "db": "NVD",
            "id": "CVE-2015-7855",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-04-19T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-7855",
            "ident": null
          },
          {
            "date": "2017-05-23T16:24:00",
            "db": "BID",
            "id": "77283",
            "ident": null
          },
          {
            "date": "2021-04-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201510-575",
            "ident": null
          },
          {
            "date": "2021-04-16T08:52:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-007707",
            "ident": null
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2015-7855",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "134102"
          },
          {
            "db": "PACKETSTORM",
            "id": "134034"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-575"
          }
        ],
        "trust": 0.8
      },
      "title": {
        "_id": null,
        "data": "NTP\u00a0 Input confirmation vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007707"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-575"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202012-1278

    Vulnerability from variot - Updated: 2026-03-09 22:04

    curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. HAXX libcurl is an open source client-side URL transfer library developed by Haxx (HAXX) in Sweden. The product supports protocols such as FTP, SFTP, TFTP and HTTP. A security vulnerability exists in libcurl that could be exploited by an attacker to trigger a fatal error via libcurl's FTP wildcards, thereby triggering a denial of service. A security issue was found in curl versions 7.21.0 up to and including 7.73.0. libcurl offers a wildcard matching functionality, which allows a callback (set with CURLOPT_CHUNK_BGN_FUNCTION) to return information back to libcurl on how to handle a specific entry in a directory when libcurl iterates over a list of all available entries. When this callback returns CURL_CHUNK_BGN_FUNC_SKIP, to tell libcurl to not deal with that file, the internal function in libcurl then calls itself recursively to handle the next directory entry. If there's a sufficient amount of file entries and if the callback returns "skip" enough number of times, libcurl runs out of stack space. The exact amount will of course vary with platforms, compilers and other environmental factors. The content of the remote directory is not kept on the stack, so it seems hard for the malicious user to control exactly what data that overwrites the stack - however it remains a Denial-Of-Service vector as a malicious user who controls a server that a libcurl-using application works with under these premises can trigger a crash. Description:

    Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images

    Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:

    https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.2/html/release_notes/

    Security fixes:

    • redisgraph-tls: redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309)

    • console-header-container: nodejs-netmask: improper input validation of octal input data (CVE-2021-28092)

    • console-container: nodejs-is-svg: ReDoS via malicious string (CVE-2021-28918)

    Bug fixes:

    • RHACM 2.2.4 images (BZ# 1957254)

    • Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 (BZ#1950832)

    • ACM Operator should support using the default route TLS (BZ# 1955270)

    • The scrolling bar for search filter does not work properly (BZ# 1956852)

    • Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426)

    • The proxy setup in install-config.yaml is not worked when IPI installing with RHACM (BZ# 1960181)

    • Unable to make SSH connection to a Bitbucket server (BZ# 1966513)

    • Observability Thanos store shard crashing - cannot unmarshall DNS message (BZ# 1967890)

    • Solution:

    Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):

    1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory 1954506 - [DDF] Table does not contain data about 20 clusters. Now it's difficult to estimate CPU usage with larger clusters 1954535 - Reinstall Submariner - No endpoints found on one cluster 1955270 - ACM Operator should support using the default route TLS 1956852 - The scrolling bar for search filter does not work properly 1957254 - RHACM 2.2.4 images 1959426 - Limits on Length of MultiClusterObservability Resource Name 1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. 1963128 - [DDF] Please rename this to "Amazon Elastic Kubernetes Service" 1966513 - Unable to make SSH connection to a Bitbucket server 1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. 1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message

    1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ===================================================================== Red Hat Security Advisory

    Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP8 security update Advisory ID: RHSA-2021:2471-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2021:2471 Issue date: 2021-06-17 CVE Names: CVE-2020-8169 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2021-22876 CVE-2021-22890 CVE-2021-22901 CVE-2021-31618 =====================================================================

    1. Summary:

    Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 8 zip release for RHEL 7, RHEL 8 and Microsoft Windows is available.

    Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Description:

    Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.

    This release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages that are part of the JBoss Core Services offering.

    This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.

    Security Fix(es):

    • curl: Use-after-free in TLS session handling when using OpenSSL TLS backend (CVE-2021-22901)

    • httpd: NULL pointer dereference on specially crafted HTTP/2 request (CVE-2021-31618)

    • libcurl: partial password leak over DNS on HTTP redirect (CVE-2020-8169)

    • curl: FTP PASV command response can cause curl to connect to arbitrary host (CVE-2020-8284)

    • curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used (CVE-2020-8285)

    • curl: Inferior OCSP verification (CVE-2020-8286)

    • curl: Leak of authentication credentials in URL via automatic Referer (CVE-2021-22876)

    • curl: TLS 1.3 session ticket mix-up with HTTPS proxy host (CVE-2021-22890)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    1. Solution:

    Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.

    The References section of this erratum contains a download link for the update. You must be logged in to download the update.

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1847916 - CVE-2020-8169 libcurl: partial password leak over DNS on HTTP redirect 1902667 - CVE-2020-8284 curl: FTP PASV command response can cause curl to connect to arbitrary host 1902687 - CVE-2020-8285 curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used 1906096 - CVE-2020-8286 curl: Inferior OCSP verification 1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer 1941965 - CVE-2021-22890 curl: TLS 1.3 session ticket mix-up with HTTPS proxy host 1963146 - CVE-2021-22901 curl: Use-after-free in TLS session handling when using OpenSSL TLS backend 1968013 - CVE-2021-31618 httpd: NULL pointer dereference on specially crafted HTTP/2 request

    1. References:

    https://access.redhat.com/security/cve/CVE-2020-8169 https://access.redhat.com/security/cve/CVE-2020-8284 https://access.redhat.com/security/cve/CVE-2020-8285 https://access.redhat.com/security/cve/CVE-2020-8286 https://access.redhat.com/security/cve/CVE-2021-22876 https://access.redhat.com/security/cve/CVE-2021-22890 https://access.redhat.com/security/cve/CVE-2021-22901 https://access.redhat.com/security/cve/CVE-2021-31618 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp&downloadType=securityPatches&version=2.4.37 https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.openssl&downloadType=securityPatches&version=1.1.1g https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.37/

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBYMszstzjgjWX9erEAQgW2Q//cZOMa4KOvz7KejR03sHk7m8aMHDRdPDe Ki6PTe99phprmuXNPOCPGFuWDXbdpAlyEx3Elt3Ah+vmpV+K7ThwXGXJkGwb6mol 2xAFvcwxxO6GNsCl8gYW+JTG+5HYLZ/U4q3lgHId9qfzmuRRg0zwOuwZC7y7R6kP 3H1o1WRiIKEA1oHCh3f3OizTrkOcBZsWINsJ2ggW+ZqVeve4PJH55F3JwCJbIuhd kUhe1QQjiANWq4m/+QkTRtIYzahqK+lIubpoU5P+sFosc7ASUGe29ZPC9LsfY4hx 61bSxXbxTv2wcBaUrg/TAxRplQdHRbZe8s8eWhMtDoNHRqujYOiKHUnBgdoY6oLd 3gfAGI3w2NnWRDodGDGXfuDu6hncAukvxqOO/tOnRd2n7/R52ewGCsNKvsf/OHRG 1X7UeD4DJvXiqBNOtPaqOjR3q7xdO5MhYtkvh/8mzvhx5X/CojUWRWmtSdJDhpvQ POl+hJjFqEFTUJk/VGDJ7HsIs5OqeoV0pURP3VvYyBF75xp3aYI8Gfb1wLoqXmp2 iFhSTskqEc42iMvG/Ks5Rb1wQLrJ4RNgxunGofmNQusjgN406aAqvE79a6JUmt/z 7Z6i8Tvy9PGgNtbnalyxbikpA8Qcoxoij2pbIcSNIJXW+mA74QtI3AC4+4m0V90H butyhmDY1nQ= =gsJD -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    After installing the updated packages, the httpd daemon will be restarted automatically. Applications using the APR libraries, such as httpd, must be restarted for this update to take effect. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


    1. Gentoo Linux Security Advisory GLSA 202012-14

                                            https://security.gentoo.org/
    

    Severity: Normal Title: cURL: Multiple vulnerabilities Date: December 23, 2020 Bugs: #737990, #759259 ID: 202012-14


    Synopsis

    Multiple vulnerabilities have been found in cURL, the worst of which could result in information disclosure or data loss.

    Background

    A command line tool and library for transferring data with URLs.

    Affected packages

     -------------------------------------------------------------------
      Package              /     Vulnerable     /            Unaffected
     -------------------------------------------------------------------
    

    1 net-misc/curl < 7.74.0 >= 7.74.0

    Description

    Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details.

    Impact

    Please review the referenced CVE identifiers for details.

    Workaround

    There is no known workaround at this time.

    Resolution

    All cURL users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.74.0"

    References

    [ 1 ] CVE-2020-8231 https://nvd.nist.gov/vuln/detail/CVE-2020-8231 [ 2 ] CVE-2020-8284 https://nvd.nist.gov/vuln/detail/CVE-2020-8284 [ 3 ] CVE-2020-8285 https://nvd.nist.gov/vuln/detail/CVE-2020-8285 [ 4 ] CVE-2020-8286 https://nvd.nist.gov/vuln/detail/CVE-2020-8286

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    https://security.gentoo.org/glsa/202012-14

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    APPLE-SA-2021-04-26-2 macOS Big Sur 11.3

    macOS Big Sur 11.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212325.

    APFS Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A logic issue was addressed with improved state management. CVE-2021-1853: Gary Nield of ECSC Group plc and Tim Michaud(@TimGMichaud) of Zoom Video Communications

    AppleMobileFileIntegrity Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences Description: An issue in code signature validation was addressed with improved checks. CVE-2021-1849: Siguza

    Apple Neural Engine Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1867: Zuozhi Fan (@pattern_F_) and Wish Wu(吴潍浠) of Ant Group Tianqiong Security Lab

    Archive Utility Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management. CVE-2021-1810: an anonymous researcher

    Audio Available for: macOS Big Sur Impact: An application may be able to read restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1808: JunDong Xie of Ant Security Light-Year Lab

    CFNetwork Available for: macOS Big Sur Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1857: an anonymous researcher

    CoreAudio Available for: macOS Big Sur Impact: Processing a maliciously crafted audio file may disclose restricted memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1846: JunDong Xie of Ant Security Light-Year Lab

    CoreAudio Available for: macOS Big Sur Impact: A malicious application may be able to read restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1809: JunDong Xie of Ant Security Light-Year Lab

    CoreFoundation Available for: macOS Big Sur Impact: A malicious application may be able to leak sensitive user information Description: A validation issue was addressed with improved logic. CVE-2021-30659: Thijs Alkemade of Computest

    CoreGraphics Available for: macOS Big Sur Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2021-1847: Xuwei Liu of Purdue University

    CoreText Available for: macOS Big Sur Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: A logic issue was addressed with improved state management. CVE-2021-1811: Xingwei Lin of Ant Security Light-Year Lab

    curl Available for: macOS Big Sur Impact: An attacker may provide a fraudulent OCSP response that would appear valid Description: This issue was addressed with improved checks. CVE-2020-8286: an anonymous researcher

    curl Available for: macOS Big Sur Impact: A remote attacker may be able to cause a denial of service Description: A buffer overflow was addressed with improved input validation. CVE-2020-8285: xnynx

    DiskArbitration Available for: macOS Big Sur Impact: A malicious application may be able to modify protected parts of the file system Description: A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks. CVE-2021-1784: Mikko Kenttälä (@Turmio_) of SensorFu, Csaba Fitzl (@theevilbit) of Offensive Security, and an anonymous researcher

    FaceTime Available for: macOS Big Sur Impact: Muting a CallKit call while ringing may not result in mute being enabled Description: A logic issue was addressed with improved state management. CVE-2021-1872: Siraj Zaneer of Facebook

    FontParser Available for: macOS Big Sur Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1881: an anonymous researcher, Xingwei Lin of Ant Security Light-Year Lab, Mickey Jin of Trend Micro, and Hou JingYi (@hjy79425575) of Qihoo 360

    Foundation Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved validation. CVE-2021-1882: Gabe Kirkpatrick (@gabe_k)

    Foundation Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A validation issue was addressed with improved logic. CVE-2021-1813: Cees Elzinga

    Heimdal Available for: macOS Big Sur Impact: Processing maliciously crafted server messages may lead to heap corruption Description: This issue was addressed with improved checks. CVE-2021-1883: Gabe Kirkpatrick (@gabe_k)

    Heimdal Available for: macOS Big Sur Impact: A remote attacker may be able to cause a denial of service Description: A race condition was addressed with improved locking. CVE-2021-1884: Gabe Kirkpatrick (@gabe_k)

    ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-1880: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30653: Ye Zhang of Baidu Security CVE-2021-1814: Ye Zhang of Baidu Security, Mickey Jin & Qi Sun of Trend Micro, and Xingwei Lin of Ant Security Light-Year Lab CVE-2021-1843: Ye Zhang of Baidu Security

    ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1885: CFF of Topsec Alpha Team

    ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-1858: Mickey Jin of Trend Micro

    Installer Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved handling of file metadata. CVE-2021-30658: Wojciech Reguła (@_r3ggi) of SecuRing

    Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-1841: Jack Dates of RET2 Systems, Inc. CVE-2021-1834: ABC Research s.r.o. working with Trend Micro Zero Day Initiative

    Kernel Available for: macOS Big Sur Impact: A malicious application may be able to disclose kernel memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1860: @0xalsr

    Kernel Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A memory corruption issue was addressed with improved validation. CVE-2021-1840: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab

    Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved state management. CVE-2021-1851: @0xalsr

    Kernel Available for: macOS Big Sur Impact: Copied files may not have the expected file permissions Description: The issue was addressed with improved permissions logic. CVE-2021-1832: an anonymous researcher

    Kernel Available for: macOS Big Sur Impact: A malicious application may be able to disclose kernel memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30660: Alex Plaskett

    libxpc Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A race condition was addressed with additional validation. CVE-2021-30652: James Hutchins

    libxslt Available for: macOS Big Sur Impact: Processing a maliciously crafted file may lead to heap corruption Description: A double free issue was addressed with improved memory management. CVE-2021-1875: Found by OSS-Fuzz

    Login Window Available for: macOS Big Sur Impact: A malicious application with root privileges may be able to access private information Description: This issue was addressed with improved entitlements. CVE-2021-1824: Wojciech Reguła (@_r3ggi) of SecuRing

    Notes Available for: macOS Big Sur Impact: Locked Notes content may have been unexpectedly unlocked Description: A logic issue was addressed with improved state management. CVE-2021-1859: Syed Ali Shuja (@SyedAliShuja) of Colour King Pvt. Ltd

    NSRemoteView Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-1876: Matthew Denton of Google Chrome

    Preferences Available for: macOS Big Sur Impact: A local user may be able to modify protected parts of the file system Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2021-1815: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) CVE-2021-1739: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) CVE-2021-1740: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)

    Safari Available for: macOS Big Sur Impact: A malicious website may be able to track users by setting state in a cache Description: An issue existed in determining cache occupancy. The issue was addressed through improved logic. CVE-2021-1861: Konstantinos Solomos of University of Illinois at Chicago

    Safari Available for: macOS Big Sur Impact: A malicious website may be able to force unnecessary network connections to fetch its favicon Description: A logic issue was addressed with improved state management. CVE-2021-1855: Håvard Mikkelsen Ottestad of HASMAC AS

    SampleAnalysis Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A logic issue was addressed with improved state management. CVE-2021-1868: Tim Michaud of Zoom Communications

    smbx Available for: macOS Big Sur Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An integer overflow was addressed with improved input validation. CVE-2021-1878: Aleksandar Nikolic of Cisco Talos (talosintelligence.com)

    System Preferences Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management. CVE-2021-30657: an anonymous researcher

    tcpdump Available for: macOS Big Sur Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2020-8037: an anonymous researcher

    Time Machine Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: The issue was addressed with improved permissions logic. CVE-2021-1839: Tim Michaud(@TimGMichaud) of Zoom Video Communications and Gary Nield of ECSC Group plc

    WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: An input validation issue was addressed with improved input validation. CVE-2021-1825: Alex Camboe of Aon’s Cyber Solutions

    WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2021-1817: an anonymous researcher

    WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved restrictions. CVE-2021-1826: an anonymous researcher

    WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1820: an anonymous researcher

    WebKit Storage Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A use after free issue was addressed with improved memory management. CVE-2021-30661: yangkang(@dnpushme) of 360 ATA

    WebRTC Available for: macOS Big Sur Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: A use after free issue was addressed with improved memory management. CVE-2020-7463: Megan2013678

    Wi-Fi Available for: macOS Big Sur Impact: An application may be able to cause unexpected system termination or write kernel memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1828: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab

    Wi-Fi Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2021-1829: Tielei Wang of Pangu Lab

    Wi-Fi Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with system privileges Description: The issue was addressed with improved permissions logic. CVE-2021-30655: Gary Nield of ECSC Group plc and Tim Michaud(@TimGMichaud) of Zoom Video Communications and Wojciech Reguła (@_r3ggi) of SecuRing

    Windows Server Available for: macOS Big Sur Impact: A malicious application may be able to unexpectedly leak a user's credentials from secure text fields Description: An API issue in Accessibility TCC permissions was addressed with improved state management. CVE-2021-1873: an anonymous researcher

    Installation note:

    This update may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/

    Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

    This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCHO0UACgkQZcsbuWJ6 jjA/XA/7BDDpbLo0btLbUrps6ELmcqFZhpvhuekw8Yd3jVeJihLcJGJpY38ZCcne srCJHuXPzlk3ex0bVkKNRrB04xF0vCA4TEBsJ495754PAKWrxmlx0Ce8zg4h+ey/ cMTaUgfB1sgOFO8kJCKJurCjhyQ3Xj5c5xa8/zxlKoAgI36PmhZsCoXC6KD+5mqn QCRF0kE/y0QSfsq13j4grLGMXLS4pkAJRMWvDiEliYDTw3pOul7ZDOwxLEyucVTv fE60H7ff7jfPbDcQ4yEgEbla40+YZYwl9Sv4zxIU2OBPva6HLbA+PXxk4F1QX7eA ECrfycMSIbQKZ2phryENZCcrX5DN4M/VcGIHq4ujF2CXBJymSWV0O5k5K0GzZ0Ko T2Zr2LOOunvHGrYy0okholNYb0iMA09dvwuDdEGr+vhLZhq1BBbmThhNEnArl7mE /fx2bvaS3o8TxGuh7mbeFK9q5Tafxe5Qhwgz9pnAtqBC8z1NgQoetk9pKPNDIsNY t3/7Xcix+fs28YOjmxPTpntud0EGSjxXm4g0bDbsU922iV1Z3ncgOvd//IzPXniS v4IqR/gPbhg+c2CGoaezD91sE5onLuMmFCogkUyftGHnN0EueKMjI+3fmyG4l4d1 0C3to6hKJNmTm56RgxwfVVOeVnsPF490s9LUYzO4ZUbaQHIuDfo= =9+Ju -----END PGP SIGNATURE-----

    . ========================================================================== Ubuntu Security Notice USN-4665-2 December 09, 2020

    curl vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 14.04 ESM
    • Ubuntu 12.04 ESM

    Summary:

    Several security issues were fixed in curl.

    Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries

    Details:

    USN-4665-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

    Original advisory details:

    Varnavas Papaioannou discovered that curl incorrectly handled FTP PASV responses. An attacker could possibly use this issue to trick curl into connecting to an arbitrary IP address and be used to perform port scanner and other information gathering. (CVE-2020-8284)

    It was discovered that curl incorrectly handled FTP wildcard matchins. (CVE-2020-8285)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 14.04 ESM: curl 7.35.0-1ubuntu2.20+esm6 libcurl3 7.35.0-1ubuntu2.20+esm6 libcurl3-gnutls 7.35.0-1ubuntu2.20+esm6 libcurl3-nss 7.35.0-1ubuntu2.20+esm6

    Ubuntu 12.04 ESM: curl 7.22.0-3ubuntu4.29 libcurl3 7.22.0-3ubuntu4.29 libcurl3-gnutls 7.22.0-3ubuntu4.29 libcurl3-nss 7.22.0-3ubuntu4.29

    In general, a standard system update will make all the necessary changes

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202012-1278",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "33"
          },
          {
            "model": "hci storage node",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "model": "libcurl",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.21.0"
          },
          {
            "model": "essbase",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "21.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "model": "m12-2s",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujitsu",
            "version": "xcp3110"
          },
          {
            "model": "clustered data ontap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "model": "universal forwarder",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "8.2.12"
          },
          {
            "model": "macos",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "11.3"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.15.7"
          },
          {
            "model": "communications billing and revenue management",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.0.0.3.0"
          },
          {
            "model": "sinec infrastructure network services",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "1.0.1.1"
          },
          {
            "model": "macos",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "11.0"
          },
          {
            "model": "m10-1",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujitsu",
            "version": "xcp3110"
          },
          {
            "model": "m10-4s",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujitsu",
            "version": "xcp3110"
          },
          {
            "model": "mac os x",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.15"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.14.6"
          },
          {
            "model": "m10-4",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujitsu",
            "version": "xcp2410"
          },
          {
            "model": "universal forwarder",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.1.0"
          },
          {
            "model": "libcurl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.74.0"
          },
          {
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "32"
          },
          {
            "model": "universal forwarder",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.0.6"
          },
          {
            "model": "solidfire",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.58"
          },
          {
            "model": "universal forwarder",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.0.0"
          },
          {
            "model": "m12-2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujitsu",
            "version": "xcp2410"
          },
          {
            "model": "universal forwarder",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "8.2.0"
          },
          {
            "model": "m12-1",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujitsu",
            "version": "xcp2410"
          },
          {
            "model": "mac os x",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.15.7"
          },
          {
            "model": "hci management node",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "model": "m10-4",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujitsu",
            "version": "xcp3110"
          },
          {
            "model": "mac os x",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.14.6"
          },
          {
            "model": "m12-2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujitsu",
            "version": "xcp3110"
          },
          {
            "model": "m12-2s",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujitsu",
            "version": "xcp2410"
          },
          {
            "model": "hci bootstrap os",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "model": "m12-1",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujitsu",
            "version": "xcp3110"
          },
          {
            "model": "m10-4s",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujitsu",
            "version": "xcp2410"
          },
          {
            "model": "m10-1",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujitsu",
            "version": "xcp2410"
          },
          {
            "model": "communications cloud native core policy",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "1.14.0"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "9.0"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-8285"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "163188"
          },
          {
            "db": "PACKETSTORM",
            "id": "163193"
          },
          {
            "db": "PACKETSTORM",
            "id": "163197"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-756"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2020-8285",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-8285",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-186410",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-8285",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-8285",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202012-756",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-186410",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-8285",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-186410"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-8285"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-756"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8285"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. HAXX libcurl is an open source client-side URL transfer library developed by Haxx (HAXX) in Sweden. The product supports protocols such as FTP, SFTP, TFTP and HTTP. A security vulnerability exists in libcurl that could be exploited by an attacker to trigger a fatal error via libcurl\u0027s FTP wildcards, thereby triggering a denial of service. A security issue was found in curl versions 7.21.0 up to and including 7.73.0. libcurl offers a wildcard matching functionality, which allows a callback (set with CURLOPT_CHUNK_BGN_FUNCTION) to return information back to libcurl on how to handle a specific entry in a directory when libcurl iterates over a list of all available entries. When this callback returns CURL_CHUNK_BGN_FUNC_SKIP, to tell libcurl to not deal with that file, the internal function in libcurl then calls itself recursively to handle the next directory entry. If there\u0027s a sufficient amount of file entries and if the callback returns \"skip\" enough number of times, libcurl runs out of stack space. The exact amount will of course vary with platforms, compilers and other environmental factors. The content of the remote directory is not kept on the stack, so it seems hard for the malicious user to control exactly what data that overwrites the stack - however it remains a Denial-Of-Service vector as a malicious user who controls a server that a libcurl-using application works with under these premises can trigger a crash. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.2.4 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability\nengineers face as they work across a range of public and private cloud\nenvironments. \nClusters and applications are all visible and managed from a single\nconsole\u2014with security policy built in. See\nthe following Release Notes documentation, which will be updated shortly\nfor\nthis release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana\ngement_for_kubernetes/2.2/html/release_notes/\n\nSecurity fixes:\n\n* redisgraph-tls: redis: integer overflow when configurable limit for\nmaximum supported bulk input size is too big on 32-bit platforms\n(CVE-2021-21309)\n\n* console-header-container: nodejs-netmask: improper input validation of\noctal input data (CVE-2021-28092)\n\n* console-container: nodejs-is-svg: ReDoS via malicious string\n(CVE-2021-28918)\n\nBug fixes: \n\n* RHACM 2.2.4 images (BZ# 1957254)\n\n* Enabling observability for OpenShift Container Storage with RHACM 2.2 on\nOCP 4.7 (BZ#1950832)\n\n* ACM Operator should support using the default route TLS (BZ# 1955270)\n\n* The scrolling bar for search filter does not work properly (BZ# 1956852)\n\n* Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426)\n\n* The proxy setup in install-config.yaml is not worked when IPI installing\nwith RHACM (BZ# 1960181)\n\n* Unable to make SSH connection to a Bitbucket server (BZ# 1966513)\n\n* Observability Thanos store shard crashing - cannot unmarshall DNS message\n(BZ# 1967890)\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms\n1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string\n1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data\n1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7\n1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory\n1954506 - [DDF] Table does not contain data about 20 clusters. Now it\u0027s difficult to estimate CPU usage with larger clusters\n1954535 - Reinstall Submariner - No endpoints found on one cluster\n1955270 - ACM Operator should support using the default route TLS\n1956852 - The scrolling bar for search filter does not work properly\n1957254 - RHACM 2.2.4 images\n1959426 - Limits on Length of MultiClusterObservability Resource Name\n1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. \n1963128 - [DDF] Please rename this to \"Amazon Elastic Kubernetes Service\"\n1966513 - Unable to make SSH connection to a Bitbucket server\n1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. \n1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP8 security update\nAdvisory ID:       RHSA-2021:2471-01\nProduct:           Red Hat JBoss Core Services\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2021:2471\nIssue date:        2021-06-17\nCVE Names:         CVE-2020-8169 CVE-2020-8284 CVE-2020-8285 \n                   CVE-2020-8286 CVE-2021-22876 CVE-2021-22890 \n                   CVE-2021-22901 CVE-2021-31618 \n=====================================================================\n\n1. Summary:\n\nRed Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 8 zip\nrelease for RHEL 7, RHEL 8 and Microsoft Windows is available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat JBoss Core Services is a set of supplementary software for Red Hat\nJBoss middleware products. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages\nthat are part of the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.37 Service Pack 7 and includes bug fixes and\nenhancements. Refer to the Release Notes for information on the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* curl: Use-after-free in TLS session handling when using OpenSSL TLS\nbackend (CVE-2021-22901)\n\n* httpd: NULL pointer dereference on specially crafted HTTP/2 request\n(CVE-2021-31618)\n\n* libcurl: partial password leak over DNS on HTTP redirect (CVE-2020-8169)\n\n* curl: FTP PASV command response can cause curl to connect to arbitrary\nhost (CVE-2020-8284)\n\n* curl: Malicious FTP server can trigger stack overflow when\nCURLOPT_CHUNK_BGN_FUNCTION is used (CVE-2020-8285)\n\n* curl: Inferior OCSP verification (CVE-2020-8286)\n\n* curl: Leak of authentication credentials in URL via automatic Referer\n(CVE-2021-22876)\n\n* curl: TLS 1.3 session ticket mix-up with HTTPS proxy host\n(CVE-2021-22890)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1847916 - CVE-2020-8169 libcurl: partial password leak over DNS on HTTP redirect\n1902667 - CVE-2020-8284 curl: FTP PASV command response can cause curl to connect to arbitrary host\n1902687 - CVE-2020-8285 curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used\n1906096 - CVE-2020-8286 curl: Inferior OCSP verification\n1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer\n1941965 - CVE-2021-22890 curl: TLS 1.3 session ticket mix-up with HTTPS proxy host\n1963146 - CVE-2021-22901 curl: Use-after-free in TLS session handling when using OpenSSL TLS backend\n1968013 - CVE-2021-31618 httpd: NULL pointer dereference on specially crafted HTTP/2 request\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-8169\nhttps://access.redhat.com/security/cve/CVE-2020-8284\nhttps://access.redhat.com/security/cve/CVE-2020-8285\nhttps://access.redhat.com/security/cve/CVE-2020-8286\nhttps://access.redhat.com/security/cve/CVE-2021-22876\nhttps://access.redhat.com/security/cve/CVE-2021-22890\nhttps://access.redhat.com/security/cve/CVE-2021-22901\nhttps://access.redhat.com/security/cve/CVE-2021-31618\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp\u0026downloadType=securityPatches\u0026version=2.4.37\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.openssl\u0026downloadType=securityPatches\u0026version=1.1.1g\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.37/\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYMszstzjgjWX9erEAQgW2Q//cZOMa4KOvz7KejR03sHk7m8aMHDRdPDe\nKi6PTe99phprmuXNPOCPGFuWDXbdpAlyEx3Elt3Ah+vmpV+K7ThwXGXJkGwb6mol\n2xAFvcwxxO6GNsCl8gYW+JTG+5HYLZ/U4q3lgHId9qfzmuRRg0zwOuwZC7y7R6kP\n3H1o1WRiIKEA1oHCh3f3OizTrkOcBZsWINsJ2ggW+ZqVeve4PJH55F3JwCJbIuhd\nkUhe1QQjiANWq4m/+QkTRtIYzahqK+lIubpoU5P+sFosc7ASUGe29ZPC9LsfY4hx\n61bSxXbxTv2wcBaUrg/TAxRplQdHRbZe8s8eWhMtDoNHRqujYOiKHUnBgdoY6oLd\n3gfAGI3w2NnWRDodGDGXfuDu6hncAukvxqOO/tOnRd2n7/R52ewGCsNKvsf/OHRG\n1X7UeD4DJvXiqBNOtPaqOjR3q7xdO5MhYtkvh/8mzvhx5X/CojUWRWmtSdJDhpvQ\nPOl+hJjFqEFTUJk/VGDJ7HsIs5OqeoV0pURP3VvYyBF75xp3aYI8Gfb1wLoqXmp2\niFhSTskqEc42iMvG/Ks5Rb1wQLrJ4RNgxunGofmNQusjgN406aAqvE79a6JUmt/z\n7Z6i8Tvy9PGgNtbnalyxbikpA8Qcoxoij2pbIcSNIJXW+mA74QtI3AC4+4m0V90H\nbutyhmDY1nQ=\n=gsJD\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. Applications using the APR libraries, such as httpd, must be\nrestarted for this update to take effect.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202012-14\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: Normal\n     Title: cURL: Multiple vulnerabilities\n      Date: December 23, 2020\n      Bugs: #737990, #759259\n        ID: 202012-14\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in cURL, the worst of which\ncould result in information disclosure or data loss. \n\nBackground\n==========\n\nA command line tool and library for transferring data with URLs. \n\nAffected packages\n=================\n\n     -------------------------------------------------------------------\n      Package              /     Vulnerable     /            Unaffected\n     -------------------------------------------------------------------\n   1  net-misc/curl                \u003c 7.74.0                  \u003e= 7.74.0\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in cURL. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll cURL users should upgrade to the latest version:\n\n   # emerge --sync\n   # emerge --ask --oneshot --verbose \"\u003e=net-misc/curl-7.74.0\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-8231\n       https://nvd.nist.gov/vuln/detail/CVE-2020-8231\n[ 2 ] CVE-2020-8284\n       https://nvd.nist.gov/vuln/detail/CVE-2020-8284\n[ 3 ] CVE-2020-8285\n       https://nvd.nist.gov/vuln/detail/CVE-2020-8285\n[ 4 ] CVE-2020-8286\n       https://nvd.nist.gov/vuln/detail/CVE-2020-8286\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  https://security.gentoo.org/glsa/202012-14\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-04-26-2 macOS Big Sur 11.3\n\nmacOS Big Sur 11.3 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT212325. \n\nAPFS\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to elevate their privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1853: Gary Nield of ECSC Group plc and Tim\nMichaud(@TimGMichaud) of Zoom Video Communications\n\nAppleMobileFileIntegrity\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2021-1849: Siguza\n\nApple Neural Engine\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-1867: Zuozhi Fan (@pattern_F_) and Wish Wu(\u5434\u6f4d\u6d60) of Ant Group\nTianqiong Security Lab\n\nArchive Utility\nAvailable for: macOS Big Sur\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1810: an anonymous researcher\n\nAudio\nAvailable for: macOS Big Sur\nImpact: An application may be able to read restricted memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1808: JunDong Xie of Ant Security Light-Year Lab\n\nCFNetwork\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2021-1857: an anonymous researcher\n\nCoreAudio\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted audio file may disclose\nrestricted memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-1846: JunDong Xie of Ant Security Light-Year Lab\n\nCoreAudio\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to read restricted memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1809: JunDong Xie of Ant Security Light-Year Lab\n\nCoreFoundation\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to leak sensitive user\ninformation\nDescription: A validation issue was addressed with improved logic. \nCVE-2021-30659: Thijs Alkemade of Computest\n\nCoreGraphics\nAvailable for: macOS Big Sur\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1847: Xuwei Liu of Purdue University\n\nCoreText\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted font may result in the\ndisclosure of process memory\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1811: Xingwei Lin of Ant Security Light-Year Lab\n\ncurl\nAvailable for: macOS Big Sur\nImpact: An attacker may provide a fraudulent OCSP response that would\nappear valid\nDescription: This issue was addressed with improved checks. \nCVE-2020-8286: an anonymous researcher\n\ncurl\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A buffer overflow was addressed with improved input\nvalidation. \nCVE-2020-8285: xnynx\n\nDiskArbitration\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to modify protected parts\nof the file system\nDescription: A permissions issue existed in DiskArbitration. This was\naddressed with additional ownership checks. \nCVE-2021-1784: Mikko Kentt\u00e4l\u00e4 (@Turmio_) of SensorFu, Csaba Fitzl\n(@theevilbit) of Offensive Security, and an anonymous researcher\n\nFaceTime\nAvailable for: macOS Big Sur\nImpact: Muting a CallKit call while ringing may not result in mute\nbeing enabled\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1872: Siraj Zaneer of Facebook\n\nFontParser\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-1881: an anonymous researcher, Xingwei Lin of Ant Security\nLight-Year Lab, Mickey Jin of Trend Micro, and Hou JingYi\n(@hjy79425575) of Qihoo 360\n\nFoundation\nAvailable for: macOS Big Sur\nImpact: An application may be able to gain elevated privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1882: Gabe Kirkpatrick (@gabe_k)\n\nFoundation\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to gain root privileges\nDescription: A validation issue was addressed with improved logic. \nCVE-2021-1813: Cees Elzinga\n\nHeimdal\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted server messages may lead to\nheap corruption\nDescription: This issue was addressed with improved checks. \nCVE-2021-1883: Gabe Kirkpatrick (@gabe_k)\n\nHeimdal\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A race condition was addressed with improved locking. \nCVE-2021-1884: Gabe Kirkpatrick (@gabe_k)\n\nImageIO\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-1880: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-30653: Ye Zhang of Baidu Security\nCVE-2021-1814: Ye Zhang of Baidu Security, Mickey Jin \u0026 Qi Sun of\nTrend Micro, and  Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-1843: Ye Zhang of Baidu Security\n\nImageIO\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-1885: CFF of Topsec Alpha Team\n\nImageIO\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2021-1858: Mickey Jin of Trend Micro\n\nInstaller\nAvailable for: macOS Big Sur\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: This issue was addressed with improved handling of file\nmetadata. \nCVE-2021-30658: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2021-1841: Jack Dates of RET2 Systems, Inc. \nCVE-2021-1834: ABC Research s.r.o. working with Trend Micro Zero Day\nInitiative\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to disclose kernel memory\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2021-1860: @0xalsr\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to elevate their privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1840: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong\nSecurity Lab\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1851: @0xalsr\n\nKernel\nAvailable for: macOS Big Sur\nImpact: Copied files may not have the expected file permissions\nDescription: The issue was addressed with improved permissions logic. \nCVE-2021-1832: an anonymous researcher\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to disclose kernel memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-30660: Alex Plaskett\n\nlibxpc\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to gain root privileges\nDescription: A race condition was addressed with additional\nvalidation. \nCVE-2021-30652: James Hutchins\n\nlibxslt\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted file may lead to heap\ncorruption\nDescription: A double free issue was addressed with improved memory\nmanagement. \nCVE-2021-1875: Found by OSS-Fuzz\n\nLogin Window\nAvailable for: macOS Big Sur\nImpact: A malicious application with root privileges may be able to\naccess private information\nDescription: This issue was addressed with improved entitlements. \nCVE-2021-1824: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nNotes\nAvailable for: macOS Big Sur\nImpact: Locked Notes content may have been unexpectedly unlocked\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1859: Syed Ali Shuja (@SyedAliShuja) of Colour King Pvt. Ltd\n\nNSRemoteView\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-1876: Matthew Denton of Google Chrome\n\nPreferences\nAvailable for: macOS Big Sur\nImpact: A local user may be able to modify protected parts of the\nfile system\nDescription: A parsing issue in the handling of directory paths was\naddressed with improved path validation. \nCVE-2021-1815: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\nCVE-2021-1739: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\nCVE-2021-1740: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nSafari\nAvailable for: macOS Big Sur\nImpact: A malicious website may be able to track users by setting\nstate in a cache\nDescription: An issue existed in determining cache occupancy. The\nissue was addressed through improved logic. \nCVE-2021-1861: Konstantinos Solomos of University of Illinois at\nChicago\n\nSafari\nAvailable for: macOS Big Sur\nImpact: A malicious website may be able to force unnecessary network\nconnections to fetch its favicon\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1855: H\u00e5vard Mikkelsen Ottestad of HASMAC AS\n\nSampleAnalysis\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to elevate their privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1868: Tim Michaud of Zoom Communications\n\nsmbx\nAvailable for: macOS Big Sur\nImpact: An attacker in a privileged network position may be able to\nleak sensitive user information\nDescription: An integer overflow was addressed with improved input\nvalidation. \nCVE-2021-1878: Aleksandar Nikolic of Cisco Talos\n(talosintelligence.com)\n\nSystem Preferences\nAvailable for: macOS Big Sur\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30657: an anonymous researcher\n\ntcpdump\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause a denial of service\nDescription: This issue was addressed with improved checks. \nCVE-2020-8037: an anonymous researcher\n\nTime Machine\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to elevate their privileges\nDescription: The issue was addressed with improved permissions logic. \nCVE-2021-1839: Tim Michaud(@TimGMichaud) of Zoom Video Communications\nand Gary Nield of ECSC Group plc\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to a\ncross site scripting attack\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2021-1825: Alex Camboe of Aon\u2019s Cyber Solutions\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-1817: an anonymous researcher\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2021-1826: an anonymous researcher\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may result in the\ndisclosure of process memory\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2021-1820: an anonymous researcher\n\nWebKit Storage\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution. Apple is aware of a report that this issue\nmay have been actively exploited. \nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-30661: yangkang(@dnpushme) of 360 ATA\n\nWebRTC\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2020-7463: Megan2013678\n\nWi-Fi\nAvailable for: macOS Big Sur\nImpact: An application may be able to cause unexpected system\ntermination or write kernel memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1828: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong\nSecurity Lab\n\nWi-Fi\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2021-1829: Tielei Wang of Pangu Lab\n\nWi-Fi\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: The issue was addressed with improved permissions logic. \nCVE-2021-30655: Gary Nield of ECSC Group plc and Tim\nMichaud(@TimGMichaud) of Zoom Video Communications and Wojciech\nRegu\u0142a (@_r3ggi) of SecuRing\n\nWindows Server\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to unexpectedly leak a\nuser\u0027s credentials from secure text fields\nDescription: An API issue in Accessibility TCC permissions was\naddressed with improved state management. \nCVE-2021-1873: an anonymous researcher\n\nInstallation note:\n\nThis update may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCHO0UACgkQZcsbuWJ6\njjA/XA/7BDDpbLo0btLbUrps6ELmcqFZhpvhuekw8Yd3jVeJihLcJGJpY38ZCcne\nsrCJHuXPzlk3ex0bVkKNRrB04xF0vCA4TEBsJ495754PAKWrxmlx0Ce8zg4h+ey/\ncMTaUgfB1sgOFO8kJCKJurCjhyQ3Xj5c5xa8/zxlKoAgI36PmhZsCoXC6KD+5mqn\nQCRF0kE/y0QSfsq13j4grLGMXLS4pkAJRMWvDiEliYDTw3pOul7ZDOwxLEyucVTv\nfE60H7ff7jfPbDcQ4yEgEbla40+YZYwl9Sv4zxIU2OBPva6HLbA+PXxk4F1QX7eA\nECrfycMSIbQKZ2phryENZCcrX5DN4M/VcGIHq4ujF2CXBJymSWV0O5k5K0GzZ0Ko\nT2Zr2LOOunvHGrYy0okholNYb0iMA09dvwuDdEGr+vhLZhq1BBbmThhNEnArl7mE\n/fx2bvaS3o8TxGuh7mbeFK9q5Tafxe5Qhwgz9pnAtqBC8z1NgQoetk9pKPNDIsNY\nt3/7Xcix+fs28YOjmxPTpntud0EGSjxXm4g0bDbsU922iV1Z3ncgOvd//IzPXniS\nv4IqR/gPbhg+c2CGoaezD91sE5onLuMmFCogkUyftGHnN0EueKMjI+3fmyG4l4d1\n0C3to6hKJNmTm56RgxwfVVOeVnsPF490s9LUYzO4ZUbaQHIuDfo=\n=9+Ju\n-----END PGP SIGNATURE-----\n\n\n. ==========================================================================\nUbuntu Security Notice USN-4665-2\nDecember 09, 2020\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 ESM\n- Ubuntu 12.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in curl. \n\nSoftware Description:\n- curl: HTTP, HTTPS, and FTP client and client libraries\n\nDetails:\n\nUSN-4665-1 fixed several vulnerabilities in curl. This update provides\nthe corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. \n\nOriginal advisory details:\n\n Varnavas Papaioannou discovered that curl incorrectly handled FTP PASV\n responses. An attacker could possibly use this issue to trick curl into\n connecting to an arbitrary IP address and be used to perform port scanner\n and other information gathering. (CVE-2020-8284)\n\n It was discovered that curl incorrectly handled FTP wildcard matchins. (CVE-2020-8285)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 ESM:\n  curl                            7.35.0-1ubuntu2.20+esm6\n  libcurl3                        7.35.0-1ubuntu2.20+esm6\n  libcurl3-gnutls                 7.35.0-1ubuntu2.20+esm6\n  libcurl3-nss                    7.35.0-1ubuntu2.20+esm6\n\nUbuntu 12.04 ESM:\n  curl                            7.22.0-3ubuntu4.29\n  libcurl3                        7.22.0-3ubuntu4.29\n  libcurl3-gnutls                 7.22.0-3ubuntu4.29\n  libcurl3-nss                    7.22.0-3ubuntu4.29\n\nIn general, a standard system update will make all the necessary changes",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-8285"
          },
          {
            "db": "VULHUB",
            "id": "VHN-186410"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-8285"
          },
          {
            "db": "PACKETSTORM",
            "id": "163188"
          },
          {
            "db": "PACKETSTORM",
            "id": "163193"
          },
          {
            "db": "PACKETSTORM",
            "id": "163197"
          },
          {
            "db": "PACKETSTORM",
            "id": "162360"
          },
          {
            "db": "PACKETSTORM",
            "id": "160706"
          },
          {
            "db": "PACKETSTORM",
            "id": "162358"
          },
          {
            "db": "PACKETSTORM",
            "id": "160436"
          }
        ],
        "trust": 1.71
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-186410",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-186410"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-8285",
            "trust": 2.5
          },
          {
            "db": "SIEMENS",
            "id": "SSA-389290",
            "trust": 1.7
          },
          {
            "db": "HACKERONE",
            "id": "1045844",
            "trust": 1.7
          },
          {
            "db": "PACKETSTORM",
            "id": "160706",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "162358",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "160436",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "163267",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "163496",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "160423",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "163276",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "162629",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2180",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.4343",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0319",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.4364",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.1700",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.4534",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.1866",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0634",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2471",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2657",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2365",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.1409.2",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3141",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2711",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.4506",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4058",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.3146",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.1841",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2228",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.1114",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021042704",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021071516",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021072050",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021051406",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021062315",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021092220",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021072112",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022031104",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021052026",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021062703",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "164192",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-756",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "163197",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "163193",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "162360",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "162362",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "163257",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-186410",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-8285",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "163188",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-186410"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-8285"
          },
          {
            "db": "PACKETSTORM",
            "id": "163188"
          },
          {
            "db": "PACKETSTORM",
            "id": "163193"
          },
          {
            "db": "PACKETSTORM",
            "id": "163197"
          },
          {
            "db": "PACKETSTORM",
            "id": "162360"
          },
          {
            "db": "PACKETSTORM",
            "id": "160706"
          },
          {
            "db": "PACKETSTORM",
            "id": "162358"
          },
          {
            "db": "PACKETSTORM",
            "id": "160436"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-756"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8285"
          }
        ]
      },
      "id": "VAR-202012-1278",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-186410"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2026-03-09T22:04:04.260000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Debian CVElist Bug Report Logs: curl: CVE-2020-8285: FTP wildcard stack overflow",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=f796e96235f578fd40fb69123bab0e97"
          },
          {
            "title": "Arch Linux Issues: ",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2020-8285 log"
          },
          {
            "title": "Amazon Linux 2: ALAS2-2021-1693",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1693"
          },
          {
            "title": "Debian Security Advisories: DSA-4881-1 curl -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a9706a30f62799ecc4d45bdb53c244eb"
          },
          {
            "title": "Siemens Security Advisories: Siemens Security Advisory",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=4a9822530e6b610875f83ffc10e02aba"
          },
          {
            "title": "Siemens Security Advisories: Siemens Security Advisory",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
          },
          {
            "title": "myapp-container-jaxrs",
            "trust": 0.1,
            "url": "https://github.com/akiraabe/myapp-container-jaxrs "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2020-8285"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-674",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-186410"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8285"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://security.gentoo.org/glsa/202012-14"
          },
          {
            "trust": 1.7,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
          },
          {
            "trust": 1.7,
            "url": "https://security.netapp.com/advisory/ntap-20210122-0007/"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/kb/ht212325"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/kb/ht212326"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/kb/ht212327"
          },
          {
            "trust": 1.7,
            "url": "https://www.debian.org/security/2021/dsa-4881"
          },
          {
            "trust": 1.7,
            "url": "http://seclists.org/fulldisclosure/2021/apr/51"
          },
          {
            "trust": 1.7,
            "url": "https://curl.se/docs/cve-2020-8285.html"
          },
          {
            "trust": 1.7,
            "url": "https://github.com/curl/curl/issues/6255"
          },
          {
            "trust": 1.7,
            "url": "https://hackerone.com/reports/1045844"
          },
          {
            "trust": 1.7,
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "trust": 1.7,
            "url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
          },
          {
            "trust": 1.7,
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "trust": 1.7,
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "trust": 1.7,
            "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html"
          },
          {
            "trust": 1.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8285"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3cissues.bookkeeper.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/nzuvsqhn2eshmjxnq2z7t2eelbb5hjxg/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/daehe2s2qlo4ao4meeyl75nb7sah5psl/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3cissues.bookkeeper.apache.org%3e"
          },
          {
            "trust": 0.9,
            "url": "https://access.redhat.com/security/cve/cve-2020-8285"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/daehe2s2qlo4ao4meeyl75nb7sah5psl/"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/nzuvsqhn2eshmjxnq2z7t2eelbb5hjxg/"
          },
          {
            "trust": 0.7,
            "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3cissues.bookkeeper.apache.org%3e"
          },
          {
            "trust": 0.7,
            "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3cissues.bookkeeper.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/164192/red-hat-security-advisory-2021-3556-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.1866"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0634"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.1700"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2657"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/libcurl-denial-of-service-via-ftp-wildcard-34067"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2711"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.1841"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021042704"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.4343/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0319/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.3146"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-curl-libcurl-vulnerabilites-impacting-aspera-high-speed-transfer-server-aspera-high-speed-transfer-endpoint-aspera-desktop-client-4-0-and-earlier-cve-2020-8284-cve-2020-8286-c/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.1409.2"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.1114"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2365"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-curl-affect-powersc-cve-2020-8284-cve-2020-8285-and-cve-2020-8286/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2180"
          },
          {
            "trust": 0.6,
            "url": "https://www.oracle.com/security-alerts/cpujul2021.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/162629/red-hat-security-advisory-2021-1610-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/163276/red-hat-security-advisory-2021-2543-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/162358/apple-security-advisory-2021-04-26-2.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021052026"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/160706/gentoo-linux-security-advisory-202012-14.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021072050"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/163496/red-hat-security-advisory-2021-2705-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2228"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021062703"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021092220"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.4534/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.4364/"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021072112"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/160436/ubuntu-security-notice-usn-4665-2.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/6520474"
          },
          {
            "trust": 0.6,
            "url": "https://support.apple.com/en-us/ht212327"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.4506/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/163267/red-hat-security-advisory-2021-2532-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2471"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021071516"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021062315"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4058"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/160423/ubuntu-security-notice-usn-4665-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-qradar-analyst-workflow-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021051406"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3141"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022031104"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8286"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8284"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2020-8286"
          },
          {
            "trust": 0.3,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.3,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2020-8284"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-22901"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22901"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22890"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-22876"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-22890"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8169"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-31618"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31618"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-8169"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
          },
          {
            "trust": 0.2,
            "url": "https://support.apple.com/kb/ht201222"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1813"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1840"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1739"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1828"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1809"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8037"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1784"
          },
          {
            "trust": 0.2,
            "url": "https://support.apple.com/downloads/"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1843"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1810"
          },
          {
            "trust": 0.2,
            "url": "https://www.apple.com/support/security/pgp/"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1811"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1839"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1824"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1834"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1740"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1808"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25039"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-28196"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-15358"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-21639"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12364"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-28165"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-28092"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-13434"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25037"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13776"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-25037"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-3842"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-13776"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-24977"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-12363"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-8231"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-27219"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-10878"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-29362"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24330"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-28935"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-28163"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2017-14502"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-25034"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-25035"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-9169"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-14866"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-26116"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-25038"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-26137"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-21309"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25040"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-21640"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-29361"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-28918"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-24330"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3543"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25042"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3501"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-25042"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-12362"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25648"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25038"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-25032"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-25041"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-8648"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-25036"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25032"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27619"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27170"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-25215"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3177"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-24331"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25692"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3326"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25036"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-25013"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25035"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-2708"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23336"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-2433"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-8927"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10543"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3347"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12362"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12363"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-29363"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-24332"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3114"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-28362"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3842"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-10543"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-25039"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-25040"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-12364"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-10228"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10878"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25041"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:2461"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25034"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27618"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=securitypatches\u0026version=2.4.37"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.openssl\u0026downloadtype=securitypatches\u0026version=1.1.1g"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.37/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:2471"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:2472"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1860"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1857"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1876"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1851"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/ht212326."
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1875"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1847"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27942"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3838"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1797"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1873"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1868"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8231"
          },
          {
            "trust": 0.1,
            "url": "https://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "https://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1814"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1820"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1815"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1817"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7463"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1846"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1841"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1825"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1826"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1832"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/ht212325."
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1829"
          },
          {
            "trust": 0.1,
            "url": "https://usn.ubuntu.com/4665-1"
          },
          {
            "trust": 0.1,
            "url": "https://usn.ubuntu.com/4665-2"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-186410"
          },
          {
            "db": "PACKETSTORM",
            "id": "163188"
          },
          {
            "db": "PACKETSTORM",
            "id": "163193"
          },
          {
            "db": "PACKETSTORM",
            "id": "163197"
          },
          {
            "db": "PACKETSTORM",
            "id": "162360"
          },
          {
            "db": "PACKETSTORM",
            "id": "160706"
          },
          {
            "db": "PACKETSTORM",
            "id": "162358"
          },
          {
            "db": "PACKETSTORM",
            "id": "160436"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-756"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8285"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-186410"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-8285"
          },
          {
            "db": "PACKETSTORM",
            "id": "163188"
          },
          {
            "db": "PACKETSTORM",
            "id": "163193"
          },
          {
            "db": "PACKETSTORM",
            "id": "163197"
          },
          {
            "db": "PACKETSTORM",
            "id": "162360"
          },
          {
            "db": "PACKETSTORM",
            "id": "160706"
          },
          {
            "db": "PACKETSTORM",
            "id": "162358"
          },
          {
            "db": "PACKETSTORM",
            "id": "160436"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-756"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8285"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-12-14T00:00:00",
            "db": "VULHUB",
            "id": "VHN-186410"
          },
          {
            "date": "2020-12-14T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-8285"
          },
          {
            "date": "2021-06-17T17:53:22",
            "db": "PACKETSTORM",
            "id": "163188"
          },
          {
            "date": "2021-06-17T18:01:23",
            "db": "PACKETSTORM",
            "id": "163193"
          },
          {
            "date": "2021-06-17T18:09:26",
            "db": "PACKETSTORM",
            "id": "163197"
          },
          {
            "date": "2021-04-28T14:58:36",
            "db": "PACKETSTORM",
            "id": "162360"
          },
          {
            "date": "2020-12-24T17:16:22",
            "db": "PACKETSTORM",
            "id": "160706"
          },
          {
            "date": "2021-04-28T14:55:56",
            "db": "PACKETSTORM",
            "id": "162358"
          },
          {
            "date": "2020-12-10T16:02:10",
            "db": "PACKETSTORM",
            "id": "160436"
          },
          {
            "date": "2020-12-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202012-756"
          },
          {
            "date": "2020-12-14T20:15:13.983000",
            "db": "NVD",
            "id": "CVE-2020-8285"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-05-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-186410"
          },
          {
            "date": "2023-11-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-8285"
          },
          {
            "date": "2023-06-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202012-756"
          },
          {
            "date": "2024-11-21T05:38:39.410000",
            "db": "NVD",
            "id": "CVE-2020-8285"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-756"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "HAXX libcurl Security hole",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-756"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202012-756"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202202-0906

    Vulnerability from variot - Updated: 2026-03-09 22:00

    valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202210-03


                                           https://security.gentoo.org/
    

    Severity: High Title: libxml2: Multiple Vulnerabilities Date: October 16, 2022 Bugs: #833809, #842261, #865727 ID: 202210-03


    Synopsis

    Multiple vulnerabilities have been discovered in libxml2, the worst of which could result in arbitrary code execution.

    Background

    libxml2 is the XML C parser and toolkit developed for the GNOME project.

    Affected packages

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
    

    1 dev-libs/libxml2 < 2.10.2 >= 2.10.2

    Description

    Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details.

    Impact

    Please review the referenced CVE identifiers for details.

    Workaround

    There is no known workaround at this time.

    Resolution

    All libxml2 users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.10.2"

    References

    [ 1 ] CVE-2022-23308 https://nvd.nist.gov/vuln/detail/CVE-2022-23308 [ 2 ] CVE-2022-29824 https://nvd.nist.gov/vuln/detail/CVE-2022-29824

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    https://security.gentoo.org/glsa/202210-03

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    APPLE-SA-2022-05-16-1 iOS 15.5 and iPadOS 15.5

    iOS 15.5 and iPadOS 15.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213258.

    AppleAVD Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-26702: an anonymous researcher

    AppleGraphicsControl Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative

    AVEVideoEncoder Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26736: an anonymous researcher CVE-2022-26737: an anonymous researcher CVE-2022-26738: an anonymous researcher CVE-2022-26739: an anonymous researcher CVE-2022-26740: an anonymous researcher

    DriverKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)

    GPU Drivers Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26744: an anonymous researcher

    ImageIO Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow issue was addressed with improved input validation. CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend Micro Zero Day Initiative

    IOKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab

    IOMobileFrameBuffer Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26768: an anonymous researcher

    IOSurfaceAccelerator Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26771: an anonymous researcher

    Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg)

    Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-26757: Ned Williamson of Google Project Zero

    Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations Description: A memory corruption issue was addressed with improved validation. CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)

    Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: A race condition was addressed with improved state handling. CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)

    LaunchServices Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions on third-party applications. CVE-2022-26706: Arsenii Kostromin (0x3c3e)

    libxml2 Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-23308

    Notes Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a large input may lead to a denial of service Description: This issue was addressed with improved checks. CVE-2022-22673: Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College Of Technology Bhopal

    Safari Private Browsing Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious website may be able to track users in Safari private browsing mode Description: A logic issue was addressed with improved state management. CVE-2022-26731: an anonymous researcher

    Security Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious app may be able to bypass signature validation Description: A certificate parsing issue was addressed with improved checks. CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)

    Shortcuts Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A person with physical access to an iOS device may be able to access photos from the lock screen Description: An authorization issue was addressed with improved state management. CVE-2022-26703: Salman Syed (@slmnsd551)

    WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 238178 CVE-2022-26700: ryuzaki

    WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 236950 CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab WebKit Bugzilla: 237475 CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab WebKit Bugzilla: 238171 CVE-2022-26717: Jeonghoon Shin of Theori

    WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 238183 CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab WebKit Bugzilla: 238699 CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech

    WebRTC Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Video self-preview in a webRTC call may be interrupted if the user answers a phone call Description: A logic issue in the handling of concurrent media was addressed with improved state handling. WebKit Bugzilla: 237524 CVE-2022-22677: an anonymous researcher

    Wi-Fi Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may disclose restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2022-26745: an anonymous researcher

    Wi-Fi Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26760: 08Tc3wBB of ZecOps Mobile EDR Team

    Wi-Fi Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2015-4142: Kostya Kortchinsky of Google Security Team

    Wi-Fi Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2022-26762: Wang Yu of Cyberserval

    Additional recognition

    AppleMobileFileIntegrity We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.

    FaceTime We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.

    WebKit We would like to acknowledge James Lee, an anonymous researcher for their assistance.

    Wi-Fi We would like to acknowledge 08Tc3wBB of ZecOps Mobile EDR Team for their assistance.

    This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 15.5 and iPadOS 15.5". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.

    This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TQACgkQeC9qKD1p rhh9PRAApeuHnWvZRxSW/QArItDF2fA1eXCu7n9BwPA6CoqrU7v7aR6H/NQ3wes6 xOjoRccHRCWRJ12RubM06ggC+WA/MLb96t2Wc4IUoFDkI3G6fp/I3aHpSONv4YMt EoHSGMpJ3qAb6Z60mIMcshsCtyv9k4LxpjOTnHKRLp/M4JLWG4CanOGpN2u/wPPV TpRY4jkZlAdvQK3qrPmA8aO5sWnbh5l//kUS6IL649seZQFUeZdz7QUyodjjqr2/ XWyqsQC4mqVphxwvWDWA5J6/Zf7C7hNdZ1BE+SPpLhjEZlU6IYBFY2PLrg9NDTv8 YMZpftlm5HQo3qmy/HLoiF8bIqgtdz+TpgNiT+TYz9+/pvP/hyGbX6xF9esKBVjj +1OUnd2GaLjSdY7o9WOtZgSJQxi1/R1X1+DjY1vI+d/TQZ+Sz58Me90R99aWc+Gc 1B8e6FhjwT48rHJiuIw75ZW1orpUX6OL5vqdge0H1aJXm7EEUhByZvm2E2DajKu2 mp2jr01UZyb3ro0qE1zpNitNORWAdvrlriIJxFVxtxW4MygMn8ThJ/Jz2LjquHvT EwvCyB9jaqPKja3b/dwzf/nowjw+aocxOjelW2Q/HcyR13YF2ZHd1+hNtG/7Isrx WIpI9nNAQQ2LCQIgL7/xCn6Yni9t3le3+eU+cdafoqJKTpETNbk= =OMfW -----END PGP SIGNATURE-----

    . Summary:

    An update for libxml2 is now available for Red Hat Enterprise Linux 8. Relevant releases/architectures:

    Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

    1. Description:

    The libxml2 library is a development toolbox providing the implementation of various XML standards.

    Security Fix(es):

    • libxml2: Use-after-free of ID and IDREF attributes (CVE-2022-23308)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    The desktop must be restarted (log out, then log back in) for this update to take effect. Package List:

    Red Hat Enterprise Linux AppStream (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. Description:

    Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):

    2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files 2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files 2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation

    1. Description:

    This release adds the new Apache HTTP Server 2.4.37 Service Pack 11 packages that are part of the JBoss Core Services offering.

    This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Bugs fixed (https://bugzilla.redhat.com/):

    1950515 - CVE-2021-3541 libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms 1954225 - CVE-2021-3516 libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c 1954232 - CVE-2021-3517 libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c 1954242 - CVE-2021-3518 libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c 1956522 - CVE-2021-3537 libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode 2056913 - CVE-2022-23308 libxml2: Use-after-free of ID and IDREF attributes 2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates 2064321 - CVE-2022-22720 httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling

    1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Moderate: Gatekeeper Operator v0.2 security updates and bug fixes Advisory ID: RHSA-2022:1081-01 Product: Red Hat ACM Advisory URL: https://access.redhat.com/errata/RHSA-2022:1081 Issue date: 2022-03-28 CVE Names: CVE-2019-5827 CVE-2019-13750 CVE-2019-13751 CVE-2019-17594 CVE-2019-17595 CVE-2019-18218 CVE-2019-19603 CVE-2019-20838 CVE-2020-12762 CVE-2020-13435 CVE-2020-14155 CVE-2020-16135 CVE-2020-24370 CVE-2021-3200 CVE-2021-3445 CVE-2021-3521 CVE-2021-3580 CVE-2021-3712 CVE-2021-3800 CVE-2021-3999 CVE-2021-20231 CVE-2021-20232 CVE-2021-22876 CVE-2021-22898 CVE-2021-22925 CVE-2021-23177 CVE-2021-28153 CVE-2021-31566 CVE-2021-33560 CVE-2021-36084 CVE-2021-36085 CVE-2021-36086 CVE-2021-36087 CVE-2021-42574 CVE-2021-43565 CVE-2022-23218 CVE-2022-23219 CVE-2022-23308 CVE-2022-23806 CVE-2022-24407 ==================================================================== 1. Summary:

    Gatekeeper Operator v0.2

    Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Description:

    Gatekeeper Operator v0.2

    Gatekeeper is an open source project that applies the OPA Constraint Framework to enforce policies on your Kubernetes clusters.

    This advisory contains the container images for Gatekeeper that include security updates, and container upgrades.

    Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    Note: Gatekeeper support from the Red Hat support team is limited cases where it is integrated and used with Red Hat Advanced Cluster Management for Kubernetes. For support options for any other use, see the Gatekeeper open source project website at: https://open-policy-agent.github.io/gatekeeper/website/docs/howto/.

    Security updates:

    • golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)

    • golang: crypto/elliptic IsOnCurve returns true for invalid field elements (CVE-2022-23806)

    The requirements to apply the upgraded images are different whether or not you used the operator. Complete the following steps, depending on your installation:

      • Upgrade gatekeeper operator: The gatekeeper operator that is installed by the gatekeeper operator policy has installPlanApproval set to Automatic. This setting means the operator will be upgraded automatically when there is a new version of the operator. No further action is required for upgrade. If you changed the setting for installPlanApproval to manual, then you must view each cluster to manually approve the upgrade to the operator.
      • Upgrade gatekeeper without the operator: The gatekeeper version is specified as part of the Gatekeeper CR in the gatekeeper operator policy. To upgrade the gatekeeper version: a) Determine the latest version of gatekeeper by visiting: https://catalog.redhat.com/software/containers/rhacm2/gatekeeper-rhel8/5fadb4a18d9a79d2f438a5d9. b) Click the tag dropdown, and find the latest static tag. An example tag is 'v3.3.0-1'. c) Edit the gatekeeper operator policy and update the image tag to use the latest static tag. For example, you might change this line to image: 'registry.redhat.io/rhacm2/gatekeeper-rhel8:v3.3.0-1'.

    Refer to https://open-policy-agent.github.io/gatekeeper/website/docs/howto/ for additional information.

    1. Bugs fixed (https://bugzilla.redhat.com/):

    2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2053429 - CVE-2022-23806 golang: crypto/elliptic IsOnCurve returns true for invalid field elements

    1. References:

    https://access.redhat.com/security/cve/CVE-2019-5827 https://access.redhat.com/security/cve/CVE-2019-13750 https://access.redhat.com/security/cve/CVE-2019-13751 https://access.redhat.com/security/cve/CVE-2019-17594 https://access.redhat.com/security/cve/CVE-2019-17595 https://access.redhat.com/security/cve/CVE-2019-18218 https://access.redhat.com/security/cve/CVE-2019-19603 https://access.redhat.com/security/cve/CVE-2019-20838 https://access.redhat.com/security/cve/CVE-2020-12762 https://access.redhat.com/security/cve/CVE-2020-13435 https://access.redhat.com/security/cve/CVE-2020-14155 https://access.redhat.com/security/cve/CVE-2020-16135 https://access.redhat.com/security/cve/CVE-2020-24370 https://access.redhat.com/security/cve/CVE-2021-3200 https://access.redhat.com/security/cve/CVE-2021-3445 https://access.redhat.com/security/cve/CVE-2021-3521 https://access.redhat.com/security/cve/CVE-2021-3580 https://access.redhat.com/security/cve/CVE-2021-3712 https://access.redhat.com/security/cve/CVE-2021-3800 https://access.redhat.com/security/cve/CVE-2021-3999 https://access.redhat.com/security/cve/CVE-2021-20231 https://access.redhat.com/security/cve/CVE-2021-20232 https://access.redhat.com/security/cve/CVE-2021-22876 https://access.redhat.com/security/cve/CVE-2021-22898 https://access.redhat.com/security/cve/CVE-2021-22925 https://access.redhat.com/security/cve/CVE-2021-23177 https://access.redhat.com/security/cve/CVE-2021-28153 https://access.redhat.com/security/cve/CVE-2021-31566 https://access.redhat.com/security/cve/CVE-2021-33560 https://access.redhat.com/security/cve/CVE-2021-36084 https://access.redhat.com/security/cve/CVE-2021-36085 https://access.redhat.com/security/cve/CVE-2021-36086 https://access.redhat.com/security/cve/CVE-2021-36087 https://access.redhat.com/security/cve/CVE-2021-42574 https://access.redhat.com/security/cve/CVE-2021-43565 https://access.redhat.com/security/cve/CVE-2022-23218 https://access.redhat.com/security/cve/CVE-2022-23219 https://access.redhat.com/security/cve/CVE-2022-23308 https://access.redhat.com/security/cve/CVE-2022-23806 https://access.redhat.com/security/cve/CVE-2022-24407 https://access.redhat.com/security/updates/classification/#moderate https://open-policy-agent.github.io/gatekeeper/website/docs/howto/

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2022 Red Hat, Inc. ========================================================================== Ubuntu Security Notice USN-5324-1 March 14, 2022

    libxml2 vulnerability

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 21.10
    • Ubuntu 20.04 LTS
    • Ubuntu 18.04 LTS

    Summary:

    libxml2 could be made to crash or run programs if it opened a specially crafted file. An attacker could use this issue to cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code.

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 21.10: libxml2 2.9.12+dfsg-4ubuntu0.1 libxml2-utils 2.9.12+dfsg-4ubuntu0.1

    Ubuntu 20.04 LTS: libxml2 2.9.10+dfsg-5ubuntu0.20.04.2 libxml2-utils 2.9.10+dfsg-5ubuntu0.20.04.2

    Ubuntu 18.04 LTS: libxml2 2.9.4+dfsg1-6.1ubuntu1.5 libxml2-utils 2.9.4+dfsg1-6.1ubuntu1.5

    In general, a standard system update will make all the necessary changes

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "macos",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "clustered data ontap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "manageability software development kit",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "bootstrap os",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "macos",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "12.4"
          },
          {
            "_id": null,
            "model": "h500s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "mac os x",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.15.7"
          },
          {
            "_id": null,
            "model": "solidfire \\\u0026 hci management node",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "libxml2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "xmlsoft",
            "version": "2.9.13"
          },
          {
            "_id": null,
            "model": "snapdrive",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.15.7"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "ipados",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "15.5"
          },
          {
            "_id": null,
            "model": "communications cloud native core binding support function",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "22.2.0"
          },
          {
            "_id": null,
            "model": "communications cloud native core network function cloud native environment",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "22.1.0"
          },
          {
            "_id": null,
            "model": "ontap select deploy administration utility",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "h300e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "34"
          },
          {
            "_id": null,
            "model": "communications cloud native core network slice selection function",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "22.1.1"
          },
          {
            "_id": null,
            "model": "communications cloud native core network repository function",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "22.1.2"
          },
          {
            "_id": null,
            "model": "h300s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "smi-s provider",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "macos",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "11.6.0"
          },
          {
            "_id": null,
            "model": "active iq unified manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "watchos",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "8.6"
          },
          {
            "_id": null,
            "model": "macos",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "11.6.6"
          },
          {
            "_id": null,
            "model": "tvos",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "15.5"
          },
          {
            "_id": null,
            "model": "h700s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "h700e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "mysql workbench",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.0.29"
          },
          {
            "_id": null,
            "model": "zfs storage appliance kit",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.8"
          },
          {
            "_id": null,
            "model": "iphone os",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "15.5"
          },
          {
            "_id": null,
            "model": "h500e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "mac os x",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.15.0"
          },
          {
            "_id": null,
            "model": "h410c",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "h410s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "communications cloud native core unified data repository",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "22.2.0"
          },
          {
            "_id": null,
            "model": "clustered data ontap antivirus connector",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "solidfire\\, enterprise sds \\\u0026 hci storage node",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "snapmanager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "communications cloud native core network repository function",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "22.2.0"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-23308"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "166327"
          },
          {
            "db": "PACKETSTORM",
            "id": "166437"
          },
          {
            "db": "PACKETSTORM",
            "id": "166805"
          },
          {
            "db": "PACKETSTORM",
            "id": "166489"
          }
        ],
        "trust": 0.4
      },
      "cve": "CVE-2022-23308",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2022-23308",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-412332",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-23308",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-23308",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-23308",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202202-1722",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-412332",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-23308",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-412332"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23308"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1722"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23308"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23308"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202210-03\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: libxml2: Multiple Vulnerabilities\n     Date: October 16, 2022\n     Bugs: #833809, #842261, #865727\n       ID: 202210-03\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been discovered in libxml2, the worst of\nwhich could result in arbitrary code execution. \n\nBackground\n==========\n\nlibxml2 is the XML C parser and toolkit developed for the GNOME project. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/libxml2           \u003c 2.10.2                    \u003e= 2.10.2\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in libxml2. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll libxml2 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/libxml2-2.10.2\"\n\nReferences\n==========\n\n[ 1 ] CVE-2022-23308\n      https://nvd.nist.gov/vuln/detail/CVE-2022-23308\n[ 2 ] CVE-2022-29824\n      https://nvd.nist.gov/vuln/detail/CVE-2022-29824\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202210-03\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-05-16-1 iOS 15.5 and iPadOS 15.5\n\niOS 15.5 and iPadOS 15.5 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213258. \n\nAppleAVD\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-26702: an anonymous researcher\n\nAppleGraphicsControl\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day\nInitiative\n\nAVEVideoEncoder\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-26736: an anonymous researcher\nCVE-2022-26737: an anonymous researcher\nCVE-2022-26738: an anonymous researcher\nCVE-2022-26739: an anonymous researcher\nCVE-2022-26740: an anonymous researcher\n\nDriverKit\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges\nDescription: An out-of-bounds access issue was addressed with\nimproved bounds checking. \nCVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)\n\nGPU Drivers\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-26744: an anonymous researcher\n\nImageIO\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: An integer overflow issue was addressed with improved\ninput validation. \nCVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend\nMicro Zero Day Initiative\n\nIOKit\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab\n\nIOMobileFrameBuffer\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-26768: an anonymous researcher\n\nIOSurfaceAccelerator\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-26771: an anonymous researcher\n\nKernel\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-26714: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng (@peternguyen14) of STAR Labs\n(@starlabs_sg)\n\nKernel\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-26757: Ned Williamson of Google Project Zero\n\nKernel\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An attacker that has already achieved kernel code execution\nmay be able to bypass kernel memory mitigations\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)\n\nKernel\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A malicious attacker with arbitrary read and write capability\nmay be able to bypass Pointer Authentication\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)\n\nLaunchServices\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with additional sandbox\nrestrictions on third-party applications. \nCVE-2022-26706: Arsenii Kostromin (0x3c3e)\n\nlibxml2\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-23308\n\nNotes\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing a large input may lead to a denial of service\nDescription: This issue was addressed with improved checks. \nCVE-2022-22673: Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain\nCollege Of Technology Bhopal\n\nSafari Private Browsing\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A malicious website may be able to track users in Safari\nprivate browsing mode\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-26731: an anonymous researcher\n\nSecurity\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A malicious app may be able to bypass signature validation\nDescription: A certificate parsing issue was addressed with improved\nchecks. \nCVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)\n\nShortcuts\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A person with physical access to an iOS device may be able to\naccess photos from the lock screen\nDescription: An authorization issue was addressed with improved state\nmanagement. \nCVE-2022-26703: Salman Syed (@slmnsd551)\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 238178\nCVE-2022-26700: ryuzaki\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 236950\nCVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua\nwingtecher lab\nWebKit Bugzilla: 237475\nCVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua\nwingtecher lab\nWebKit Bugzilla: 238171\nCVE-2022-26717: Jeonghoon Shin of Theori\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 238183\nCVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab\nWebKit Bugzilla: 238699\nCVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech\n\nWebRTC\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Video self-preview in a webRTC call may be interrupted if the\nuser answers a phone call\nDescription: A logic issue in the handling of concurrent media was\naddressed with improved state handling. \nWebKit Bugzilla: 237524\nCVE-2022-22677: an anonymous researcher\n\nWi-Fi\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A malicious application may disclose restricted memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-26745: an anonymous researcher\n\nWi-Fi\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A malicious application may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-26760: 08Tc3wBB of ZecOps Mobile EDR Team\n\nWi-Fi\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A remote attacker may be able to cause a denial of service\nDescription: This issue was addressed with improved checks. \nCVE-2015-4142: Kostya Kortchinsky of Google Security Team\n\nWi-Fi\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2022-26762: Wang Yu of Cyberserval\n\nAdditional recognition\n\nAppleMobileFileIntegrity\nWe would like to acknowledge Wojciech Regu\u0142a (@_r3ggi) of SecuRing\nfor their assistance. \n\nFaceTime\nWe would like to acknowledge Wojciech Regu\u0142a (@_r3ggi) of SecuRing\nfor their assistance. \n\nWebKit\nWe would like to acknowledge James Lee, an anonymous researcher for\ntheir assistance. \n\nWi-Fi\nWe would like to acknowledge 08Tc3wBB of ZecOps Mobile EDR Team for\ntheir assistance. \n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/  iTunes and Software Update on the\ndevice will automatically check Apple\u0027s update server on its weekly\nschedule. When an update is detected, it is downloaded and the option\nto be installed is presented to the user when the iOS device is\ndocked. We recommend applying the update immediately if possible. \nSelecting Don\u0027t Install will present the option the next time you\nconnect your iOS device.  The automatic update process may take up to\na week depending on the day that iTunes or the device checks for\nupdates. You may manually obtain the update via the Check for Updates\nbutton within iTunes, or the Software Update on your device.  To\ncheck that the iPhone, iPod touch, or iPad has been updated:  *\nNavigate to Settings * Select General * Select About. The version\nafter applying this update will be \"iOS 15.5 and iPadOS 15.5\". \nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TQACgkQeC9qKD1p\nrhh9PRAApeuHnWvZRxSW/QArItDF2fA1eXCu7n9BwPA6CoqrU7v7aR6H/NQ3wes6\nxOjoRccHRCWRJ12RubM06ggC+WA/MLb96t2Wc4IUoFDkI3G6fp/I3aHpSONv4YMt\nEoHSGMpJ3qAb6Z60mIMcshsCtyv9k4LxpjOTnHKRLp/M4JLWG4CanOGpN2u/wPPV\nTpRY4jkZlAdvQK3qrPmA8aO5sWnbh5l//kUS6IL649seZQFUeZdz7QUyodjjqr2/\nXWyqsQC4mqVphxwvWDWA5J6/Zf7C7hNdZ1BE+SPpLhjEZlU6IYBFY2PLrg9NDTv8\nYMZpftlm5HQo3qmy/HLoiF8bIqgtdz+TpgNiT+TYz9+/pvP/hyGbX6xF9esKBVjj\n+1OUnd2GaLjSdY7o9WOtZgSJQxi1/R1X1+DjY1vI+d/TQZ+Sz58Me90R99aWc+Gc\n1B8e6FhjwT48rHJiuIw75ZW1orpUX6OL5vqdge0H1aJXm7EEUhByZvm2E2DajKu2\nmp2jr01UZyb3ro0qE1zpNitNORWAdvrlriIJxFVxtxW4MygMn8ThJ/Jz2LjquHvT\nEwvCyB9jaqPKja3b/dwzf/nowjw+aocxOjelW2Q/HcyR13YF2ZHd1+hNtG/7Isrx\nWIpI9nNAQQ2LCQIgL7/xCn6Yni9t3le3+eU+cdafoqJKTpETNbk=\n=OMfW\n-----END PGP SIGNATURE-----\n\n\n. Summary:\n\nAn update for libxml2 is now available for Red Hat Enterprise Linux 8. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe libxml2 library is a development toolbox providing the implementation\nof various XML standards. \n\nSecurity Fix(es):\n\n* libxml2: Use-after-free of ID and IDREF attributes (CVE-2022-23308)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update\nto take effect. Package List:\n\nRed Hat Enterprise Linux AppStream (v.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Description:\n\nRed Hat Openshift GitOps is a declarative way to implement continuous\ndeployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):\n\n2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files\n2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files\n2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation\n\n5. Description:\n\nThis release adds the new Apache HTTP Server 2.4.37 Service Pack 11\npackages that are part of the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Apache\nHTTP Server 2.4.37 Service Pack 10 and includes bug fixes and enhancements. \nRefer to the Release Notes for information on the most significant bug\nfixes and enhancements included in this release. Bugs fixed (https://bugzilla.redhat.com/):\n\n1950515 - CVE-2021-3541 libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms\n1954225 - CVE-2021-3516 libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c\n1954232 - CVE-2021-3517 libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c\n1954242 - CVE-2021-3518 libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c\n1956522 - CVE-2021-3537 libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode\n2056913 - CVE-2022-23308 libxml2: Use-after-free of ID and IDREF attributes\n2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates\n2064321 - CVE-2022-22720 httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: Gatekeeper Operator v0.2 security updates and bug fixes\nAdvisory ID:       RHSA-2022:1081-01\nProduct:           Red Hat ACM\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:1081\nIssue date:        2022-03-28\nCVE Names:         CVE-2019-5827 CVE-2019-13750 CVE-2019-13751\n                   CVE-2019-17594 CVE-2019-17595 CVE-2019-18218\n                   CVE-2019-19603 CVE-2019-20838 CVE-2020-12762\n                   CVE-2020-13435 CVE-2020-14155 CVE-2020-16135\n                   CVE-2020-24370 CVE-2021-3200 CVE-2021-3445\n                   CVE-2021-3521 CVE-2021-3580 CVE-2021-3712\n                   CVE-2021-3800 CVE-2021-3999 CVE-2021-20231\n                   CVE-2021-20232 CVE-2021-22876 CVE-2021-22898\n                   CVE-2021-22925 CVE-2021-23177 CVE-2021-28153\n                   CVE-2021-31566 CVE-2021-33560 CVE-2021-36084\n                   CVE-2021-36085 CVE-2021-36086 CVE-2021-36087\n                   CVE-2021-42574 CVE-2021-43565 CVE-2022-23218\n                   CVE-2022-23219 CVE-2022-23308 CVE-2022-23806\n                   CVE-2022-24407\n====================================================================\n1. Summary:\n\nGatekeeper Operator v0.2\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nGatekeeper Operator v0.2\n\nGatekeeper is an open source project that applies the OPA Constraint\nFramework to enforce policies on your Kubernetes clusters. \n\nThis advisory contains the container images for Gatekeeper that include\nsecurity updates, and container upgrades. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\nNote: Gatekeeper support from the Red Hat support team is limited cases\nwhere it is integrated and used with Red Hat Advanced Cluster Management\nfor Kubernetes. For support options for any other use, see the Gatekeeper\nopen source project website at:\nhttps://open-policy-agent.github.io/gatekeeper/website/docs/howto/. \n\nSecurity updates:\n\n* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)\n\n* golang: crypto/elliptic IsOnCurve returns true for invalid field elements\n(CVE-2022-23806)\n\n3. \n\nThe requirements to apply the upgraded images are different whether or not\nyou\nused the operator. Complete the following steps, depending on your\ninstallation:\n\n- - Upgrade gatekeeper operator:\nThe gatekeeper operator that is installed by the gatekeeper operator policy\nhas\n`installPlanApproval` set to `Automatic`. This setting means the operator\nwill\nbe upgraded automatically when there is a new version of the operator. No\nfurther action is required for upgrade. If you changed the setting for\n`installPlanApproval` to `manual`, then you must view each cluster to\nmanually\napprove the upgrade to the operator. \n\n- - Upgrade gatekeeper without the operator:\nThe gatekeeper version is specified as part of the Gatekeeper CR in the\ngatekeeper operator policy. To upgrade the gatekeeper version:\na) Determine the latest version of gatekeeper by visiting:\nhttps://catalog.redhat.com/software/containers/rhacm2/gatekeeper-rhel8/5fadb4a18d9a79d2f438a5d9. \nb) Click the tag dropdown, and find the latest static tag. An example tag\nis\n\u0027v3.3.0-1\u0027. \nc) Edit the gatekeeper operator policy and update the image tag to use the\nlatest static tag. For example, you might change this line to image:\n\u0027registry.redhat.io/rhacm2/gatekeeper-rhel8:v3.3.0-1\u0027. \n\nRefer to https://open-policy-agent.github.io/gatekeeper/website/docs/howto/\nfor additional information. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic\n2053429 - CVE-2022-23806 golang: crypto/elliptic IsOnCurve returns true for invalid field elements\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-5827\nhttps://access.redhat.com/security/cve/CVE-2019-13750\nhttps://access.redhat.com/security/cve/CVE-2019-13751\nhttps://access.redhat.com/security/cve/CVE-2019-17594\nhttps://access.redhat.com/security/cve/CVE-2019-17595\nhttps://access.redhat.com/security/cve/CVE-2019-18218\nhttps://access.redhat.com/security/cve/CVE-2019-19603\nhttps://access.redhat.com/security/cve/CVE-2019-20838\nhttps://access.redhat.com/security/cve/CVE-2020-12762\nhttps://access.redhat.com/security/cve/CVE-2020-13435\nhttps://access.redhat.com/security/cve/CVE-2020-14155\nhttps://access.redhat.com/security/cve/CVE-2020-16135\nhttps://access.redhat.com/security/cve/CVE-2020-24370\nhttps://access.redhat.com/security/cve/CVE-2021-3200\nhttps://access.redhat.com/security/cve/CVE-2021-3445\nhttps://access.redhat.com/security/cve/CVE-2021-3521\nhttps://access.redhat.com/security/cve/CVE-2021-3580\nhttps://access.redhat.com/security/cve/CVE-2021-3712\nhttps://access.redhat.com/security/cve/CVE-2021-3800\nhttps://access.redhat.com/security/cve/CVE-2021-3999\nhttps://access.redhat.com/security/cve/CVE-2021-20231\nhttps://access.redhat.com/security/cve/CVE-2021-20232\nhttps://access.redhat.com/security/cve/CVE-2021-22876\nhttps://access.redhat.com/security/cve/CVE-2021-22898\nhttps://access.redhat.com/security/cve/CVE-2021-22925\nhttps://access.redhat.com/security/cve/CVE-2021-23177\nhttps://access.redhat.com/security/cve/CVE-2021-28153\nhttps://access.redhat.com/security/cve/CVE-2021-31566\nhttps://access.redhat.com/security/cve/CVE-2021-33560\nhttps://access.redhat.com/security/cve/CVE-2021-36084\nhttps://access.redhat.com/security/cve/CVE-2021-36085\nhttps://access.redhat.com/security/cve/CVE-2021-36086\nhttps://access.redhat.com/security/cve/CVE-2021-36087\nhttps://access.redhat.com/security/cve/CVE-2021-42574\nhttps://access.redhat.com/security/cve/CVE-2021-43565\nhttps://access.redhat.com/security/cve/CVE-2022-23218\nhttps://access.redhat.com/security/cve/CVE-2022-23219\nhttps://access.redhat.com/security/cve/CVE-2022-23308\nhttps://access.redhat.com/security/cve/CVE-2022-23806\nhttps://access.redhat.com/security/cve/CVE-2022-24407\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://open-policy-agent.github.io/gatekeeper/website/docs/howto/\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. ==========================================================================\nUbuntu Security Notice USN-5324-1\nMarch 14, 2022\n\nlibxml2 vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nlibxml2 could be made to crash or run programs if it opened a specially\ncrafted file. An\nattacker could use this issue to cause libxml2 to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.10:\n  libxml2                         2.9.12+dfsg-4ubuntu0.1\n  libxml2-utils                   2.9.12+dfsg-4ubuntu0.1\n\nUbuntu 20.04 LTS:\n  libxml2                         2.9.10+dfsg-5ubuntu0.20.04.2\n  libxml2-utils                   2.9.10+dfsg-5ubuntu0.20.04.2\n\nUbuntu 18.04 LTS:\n  libxml2                         2.9.4+dfsg1-6.1ubuntu1.5\n  libxml2-utils                   2.9.4+dfsg1-6.1ubuntu1.5\n\nIn general, a standard system update will make all the necessary changes",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-23308"
          },
          {
            "db": "VULHUB",
            "id": "VHN-412332"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23308"
          },
          {
            "db": "PACKETSTORM",
            "id": "168719"
          },
          {
            "db": "PACKETSTORM",
            "id": "167185"
          },
          {
            "db": "PACKETSTORM",
            "id": "166327"
          },
          {
            "db": "PACKETSTORM",
            "id": "166437"
          },
          {
            "db": "PACKETSTORM",
            "id": "166805"
          },
          {
            "db": "PACKETSTORM",
            "id": "166489"
          },
          {
            "db": "PACKETSTORM",
            "id": "166304"
          }
        ],
        "trust": 1.71
      },
      "exploit_availability": {
        "_id": null,
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-412332",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-412332"
          }
        ]
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-23308",
            "trust": 2.5
          },
          {
            "db": "PACKETSTORM",
            "id": "166437",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "168719",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "166304",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "166327",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "167008",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "167194",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.2569",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1263",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.3732",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1677",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0927",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1051",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.2411",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.4099",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1073",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.5782",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.3672",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "166803",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022051708",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022031503",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022051713",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022042138",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022072710",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022072053",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022032843",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022072640",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022041523",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022051839",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022051326",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022030110",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022031620",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022031525",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022032445",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022053128",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1722",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "167185",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "166431",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166433",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "167188",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "167189",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "167184",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "167193",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "167186",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-412332",
            "trust": 0.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-23-348-10",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23308",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166805",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166489",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-412332"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23308"
          },
          {
            "db": "PACKETSTORM",
            "id": "168719"
          },
          {
            "db": "PACKETSTORM",
            "id": "167185"
          },
          {
            "db": "PACKETSTORM",
            "id": "166327"
          },
          {
            "db": "PACKETSTORM",
            "id": "166437"
          },
          {
            "db": "PACKETSTORM",
            "id": "166805"
          },
          {
            "db": "PACKETSTORM",
            "id": "166489"
          },
          {
            "db": "PACKETSTORM",
            "id": "166304"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1722"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23308"
          }
        ]
      },
      "id": "VAR-202202-0906",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-412332"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2026-03-09T22:00:24.071000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "libxml2 Remediation of resource management error vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=184325"
          },
          {
            "title": "Debian CVElist Bug Report Logs: libxml2: CVE-2022-23308: Use-after-free of ID and IDREF attributes",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=9ebc8e6cd9474a4b501cffe479738815"
          },
          {
            "title": "Ubuntu Security Notice: USN-5422-1: libxml2 vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5422-1"
          },
          {
            "title": "Red Hat: Moderate: libxml2 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220899 - Security Advisory"
          },
          {
            "title": "Amazon Linux 2: ALAS2-2022-1826",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1826"
          },
          {
            "title": "Arch Linux Issues: ",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2022-23308"
          },
          {
            "title": "Google Chrome: Long Term Support Channel Update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=chrome_releases\u0026qid=d941b22c6938f31887f0b0d1ec5e74d8"
          },
          {
            "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP11 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221390 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP11 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221389 - Security Advisory"
          },
          {
            "title": "Amazon Linux 2022: ALAS2022-2022-198",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-198"
          },
          {
            "title": "Amazon Linux 2022: ALAS2022-2022-068",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-068"
          },
          {
            "title": "Google Chrome: Long Term Support  Channel Update for ChromeOS",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=chrome_releases\u0026qid=e0755e202be7c03d6f4e14fbc744c5b2"
          },
          {
            "title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221039 - Security Advisory"
          },
          {
            "title": "Amazon Linux AMI: ALAS-2023-1743",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2023-1743"
          },
          {
            "title": "Apple: watchOS 8.6",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=6bd411659b23f6a36cfd1c59cf69e092"
          },
          {
            "title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221041 - Security Advisory"
          },
          {
            "title": "Red Hat: Low: Release of OpenShift Serverless  Version 1.22.0",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221747 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221042 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.1 security and bug fix update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221734 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.3.8 security and container updates",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221083 - Security Advisory"
          },
          {
            "title": "Apple: iOS 15.5 and iPadOS 15.5",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=f66f27c9aed3f1df2b9271d627617604"
          },
          {
            "title": "Red Hat: Moderate: Gatekeeper Operator v0.2 security updates and bug fixes",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221081 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.4.3 security updates and bug fixes",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221476 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.5.4 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221396 - Security Advisory"
          },
          {
            "title": "Apple: macOS Monterey 12.4",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=73857ee26a600b1527481f1deacc0619"
          },
          {
            "title": "CVE-2022-XXXX",
            "trust": 0.1,
            "url": "https://github.com/AlphabugX/CVE-2022-23305 "
          },
          {
            "title": "CVE-2022-XXXX",
            "trust": 0.1,
            "url": "https://github.com/AlphabugX/CVE-2022-RCE "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-23308"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1722"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-416",
            "trust": 1.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-412332"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23308"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.9,
            "url": "https://security.gentoo.org/glsa/202210-03"
          },
          {
            "trust": 1.8,
            "url": "https://github.com/gnome/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e"
          },
          {
            "trust": 1.8,
            "url": "https://security.netapp.com/advisory/ntap-20220331-0008/"
          },
          {
            "trust": 1.8,
            "url": "https://support.apple.com/kb/ht213253"
          },
          {
            "trust": 1.8,
            "url": "https://support.apple.com/kb/ht213254"
          },
          {
            "trust": 1.8,
            "url": "https://support.apple.com/kb/ht213255"
          },
          {
            "trust": 1.8,
            "url": "https://support.apple.com/kb/ht213256"
          },
          {
            "trust": 1.8,
            "url": "https://support.apple.com/kb/ht213257"
          },
          {
            "trust": 1.8,
            "url": "https://support.apple.com/kb/ht213258"
          },
          {
            "trust": 1.8,
            "url": "http://seclists.org/fulldisclosure/2022/may/34"
          },
          {
            "trust": 1.8,
            "url": "http://seclists.org/fulldisclosure/2022/may/38"
          },
          {
            "trust": 1.8,
            "url": "http://seclists.org/fulldisclosure/2022/may/35"
          },
          {
            "trust": 1.8,
            "url": "http://seclists.org/fulldisclosure/2022/may/33"
          },
          {
            "trust": 1.8,
            "url": "http://seclists.org/fulldisclosure/2022/may/36"
          },
          {
            "trust": 1.8,
            "url": "http://seclists.org/fulldisclosure/2022/may/37"
          },
          {
            "trust": 1.8,
            "url": "https://gitlab.gnome.org/gnome/libxml2/-/blob/v2.9.13/news"
          },
          {
            "trust": 1.8,
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "trust": 1.8,
            "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html"
          },
          {
            "trust": 1.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
          },
          {
            "trust": 1.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/la3mwwayzadwj5f6joubx65uzamqb7rf/"
          },
          {
            "trust": 1.0,
            "url": "https://access.redhat.com/security/cve/cve-2022-23308"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/la3mwwayzadwj5f6joubx65uzamqb7rf/"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022051713"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.2569"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022072710"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022051839"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1051"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1073"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022072053"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.4099"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.5782"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166803/red-hat-security-advisory-2022-1390-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/libxml2-five-vulnerabilities-37614"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022032843"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166304/ubuntu-security-notice-usn-5324-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022053128"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/167194/apple-security-advisory-2022-05-16-6.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.2411"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022032445"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022051326"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-23308/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1263"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022072640"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022051708"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.3732"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022042138"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022041523"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168719/gentoo-linux-security-advisory-202210-03.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022030110"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0927"
          },
          {
            "trust": 0.6,
            "url": "https://support.apple.com/en-us/ht213254"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.3672"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022031503"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022031525"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/167008/red-hat-security-advisory-2022-1747-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166327/red-hat-security-advisory-2022-0899-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166437/red-hat-security-advisory-2022-1039-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022031620"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1677"
          },
          {
            "trust": 0.4,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.4,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-23219"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-23177"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-31566"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-23218"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-24407"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23177"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-3999"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31566"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/416.html"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006489"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-5422-1"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10"
          },
          {
            "trust": 0.1,
            "url": "https://alas.aws.amazon.com/al2/alas-2022-1826.html"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "https://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29824"
          },
          {
            "trust": 0.1,
            "url": "https://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26719"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26701"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26703"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26738"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26740"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22677"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26714"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26731"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22673"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26709"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26751"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26744"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26702"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/ht213258."
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26717"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26736"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26737"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4142"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26745"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26700"
          },
          {
            "trust": 0.1,
            "url": "https://www.apple.com/itunes/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26716"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26757"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26706"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26710"
          },
          {
            "trust": 0.1,
            "url": "https://www.apple.com/support/security/pgp/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26739"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26711"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/en-us/ht201222."
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:0899"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1025"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-25315"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22824"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25710"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22823"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23219"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25709"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22822"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23852"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22826"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24407"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25710"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22827"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24731"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23218"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3999"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25236"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24730"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22827"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25315"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-46143"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25709"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22825"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24731"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-25235"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25235"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-45960"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24730"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1039"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22826"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1025"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23852"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-25236"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1389"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3537"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0778"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3541"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22720"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3516"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3517"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22720"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3518"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3537"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3541"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3517"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3518"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3516"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3580"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36084"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-24370"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3712"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20231"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-22898"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14155"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3200"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33560"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1081"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33560"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3445"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36085"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20838"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-42574"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-13750"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36086"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-28153"
          },
          {
            "trust": 0.1,
            "url": "https://open-policy-agent.github.io/gatekeeper/website/docs/howto/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3200"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-17595"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19603"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-22925"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-28153"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-13751"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-17594"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-13435"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36084"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-16135"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3521"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3445"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
          },
          {
            "trust": 0.1,
            "url": "https://catalog.redhat.com/software/containers/rhacm2/gatekeeper-rhel8/5fadb4a18d9a79d2f438a5d9."
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20232"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-22876"
          },
          {
            "trust": 0.1,
            "url": "https://open-policy-agent.github.io/gatekeeper/website/docs/howto/."
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36087"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-43565"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20231"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20232"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-12762"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-18218"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3521"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3800"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-5827"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23806"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3580"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/libxml2/2.9.12+dfsg-4ubuntu0.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/libxml2/2.9.4+dfsg1-6.1ubuntu1.5"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-5324-1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/libxml2/2.9.10+dfsg-5ubuntu0.20.04.2"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-412332"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23308"
          },
          {
            "db": "PACKETSTORM",
            "id": "168719"
          },
          {
            "db": "PACKETSTORM",
            "id": "167185"
          },
          {
            "db": "PACKETSTORM",
            "id": "166327"
          },
          {
            "db": "PACKETSTORM",
            "id": "166437"
          },
          {
            "db": "PACKETSTORM",
            "id": "166805"
          },
          {
            "db": "PACKETSTORM",
            "id": "166489"
          },
          {
            "db": "PACKETSTORM",
            "id": "166304"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1722"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23308"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-412332",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23308",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "168719",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "167185",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166327",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166437",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166805",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166489",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166304",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1722",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23308",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-02-26T00:00:00",
            "db": "VULHUB",
            "id": "VHN-412332",
            "ident": null
          },
          {
            "date": "2022-02-26T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-23308",
            "ident": null
          },
          {
            "date": "2022-10-17T13:50:28",
            "db": "PACKETSTORM",
            "id": "168719",
            "ident": null
          },
          {
            "date": "2022-05-17T16:57:57",
            "db": "PACKETSTORM",
            "id": "167185",
            "ident": null
          },
          {
            "date": "2022-03-16T16:44:24",
            "db": "PACKETSTORM",
            "id": "166327",
            "ident": null
          },
          {
            "date": "2022-03-24T14:40:17",
            "db": "PACKETSTORM",
            "id": "166437",
            "ident": null
          },
          {
            "date": "2022-04-21T15:10:14",
            "db": "PACKETSTORM",
            "id": "166805",
            "ident": null
          },
          {
            "date": "2022-03-28T15:52:16",
            "db": "PACKETSTORM",
            "id": "166489",
            "ident": null
          },
          {
            "date": "2022-03-14T18:59:28",
            "db": "PACKETSTORM",
            "id": "166304",
            "ident": null
          },
          {
            "date": "2022-02-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202202-1722",
            "ident": null
          },
          {
            "date": "2022-02-26T05:15:08.280000",
            "db": "NVD",
            "id": "CVE-2022-23308",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-11-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-412332",
            "ident": null
          },
          {
            "date": "2023-11-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-23308",
            "ident": null
          },
          {
            "date": "2023-06-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202202-1722",
            "ident": null
          },
          {
            "date": "2025-05-05T17:17:56.523000",
            "db": "NVD",
            "id": "CVE-2022-23308",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1722"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "libxml2 Resource Management Error Vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1722"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "_id": null,
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1722"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202006-0222

    Vulnerability from variot - Updated: 2026-03-09 21:42

    libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. PCRE is an open source regular expression library written in C language by Philip Hazel software developer. An input validation error vulnerability exists in libpcre in versions prior to PCRE 8.44. An attacker could exploit this vulnerability to execute arbitrary code or cause an application to crash on the system with a large number of requests. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Important: OpenShift Container Platform 4.11.0 bug fix and security update Advisory ID: RHSA-2022:5069-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2022:5069 Issue date: 2022-08-10 CVE Names: CVE-2018-25009 CVE-2018-25010 CVE-2018-25012 CVE-2018-25013 CVE-2018-25014 CVE-2018-25032 CVE-2019-5827 CVE-2019-13750 CVE-2019-13751 CVE-2019-17594 CVE-2019-17595 CVE-2019-18218 CVE-2019-19603 CVE-2019-20838 CVE-2020-13435 CVE-2020-14155 CVE-2020-17541 CVE-2020-19131 CVE-2020-24370 CVE-2020-28493 CVE-2020-35492 CVE-2020-36330 CVE-2020-36331 CVE-2020-36332 CVE-2021-3481 CVE-2021-3580 CVE-2021-3634 CVE-2021-3672 CVE-2021-3695 CVE-2021-3696 CVE-2021-3697 CVE-2021-3737 CVE-2021-4115 CVE-2021-4156 CVE-2021-4189 CVE-2021-20095 CVE-2021-20231 CVE-2021-20232 CVE-2021-23177 CVE-2021-23566 CVE-2021-23648 CVE-2021-25219 CVE-2021-31535 CVE-2021-31566 CVE-2021-36084 CVE-2021-36085 CVE-2021-36086 CVE-2021-36087 CVE-2021-38185 CVE-2021-38593 CVE-2021-40528 CVE-2021-41190 CVE-2021-41617 CVE-2021-42771 CVE-2021-43527 CVE-2021-43818 CVE-2021-44225 CVE-2021-44906 CVE-2022-0235 CVE-2022-0778 CVE-2022-1012 CVE-2022-1215 CVE-2022-1271 CVE-2022-1292 CVE-2022-1586 CVE-2022-1621 CVE-2022-1629 CVE-2022-1706 CVE-2022-1729 CVE-2022-2068 CVE-2022-2097 CVE-2022-21698 CVE-2022-22576 CVE-2022-23772 CVE-2022-23773 CVE-2022-23806 CVE-2022-24407 CVE-2022-24675 CVE-2022-24903 CVE-2022-24921 CVE-2022-25313 CVE-2022-25314 CVE-2022-26691 CVE-2022-26945 CVE-2022-27191 CVE-2022-27774 CVE-2022-27776 CVE-2022-27782 CVE-2022-28327 CVE-2022-28733 CVE-2022-28734 CVE-2022-28735 CVE-2022-28736 CVE-2022-28737 CVE-2022-29162 CVE-2022-29810 CVE-2022-29824 CVE-2022-30321 CVE-2022-30322 CVE-2022-30323 CVE-2022-32250 ==================================================================== 1. Summary:

    Red Hat OpenShift Container Platform release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements.

    This release includes a security update for Red Hat OpenShift Container Platform 4.11.

    Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Description:

    Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

    This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.0. See the following advisory for the RPM packages for this release:

    https://access.redhat.com/errata/RHSA-2022:5068

    Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

    https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

    Security Fix(es):

    • go-getter: command injection vulnerability (CVE-2022-26945)
    • go-getter: unsafe download (issue 1 of 3) (CVE-2022-30321)
    • go-getter: unsafe download (issue 2 of 3) (CVE-2022-30322)
    • go-getter: unsafe download (issue 3 of 3) (CVE-2022-30323)
    • nanoid: Information disclosure via valueOf() function (CVE-2021-23566)
    • sanitize-url: XSS (CVE-2021-23648)
    • minimist: prototype pollution (CVE-2021-44906)
    • node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)
    • prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
    • golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
    • go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses (CVE-2022-29810)
    • opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    You may download the oc tool and use it to inspect release image metadata as follows:

    (For x86_64 architecture)

    $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.0-x86_64

    The image digest is sha256:300bce8246cf880e792e106607925de0a404484637627edf5f517375517d54a4

    (For aarch64 architecture)

    $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.0-aarch64

    The image digest is sha256:29fa8419da2afdb64b5475d2b43dad8cc9205e566db3968c5738e7a91cf96dfe

    (For s390x architecture)

    $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.0-s390x

    The image digest is sha256:015d6180238b4024d11dfef6751143619a0458eccfb589f2058ceb1a6359dd46

    (For ppc64le architecture)

    $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.0-ppc64le

    The image digest is sha256:5052f8d5597c6656ca9b6bfd3de521504c79917aa80feb915d3c8546241f86ca

    All OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

    1. Solution:

    For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

    https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

    Details on how to access this content are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1817075 - MCC & MCO don't free leader leases during shut down -> 10 minutes of leader election timeouts 1822752 - cluster-version operator stops applying manifests when blocked by a precondition check 1823143 - oc adm release extract --command, --tools doesn't pull from localregistry when given a localregistry/image 1858418 - [OCPonRHV] OpenShift installer fails when Blank template is missing in oVirt/RHV 1859153 - [AWS] An IAM error occurred occasionally during the installation phase: Invalid IAM Instance Profile name 1896181 - [ovirt] install fails: due to terraform error "Cannot run VM. VM is being updated" on vm resource 1898265 - [OCP 4.5][AWS] Installation failed: error updating LB Target Group 1902307 - [vSphere] cloud labels management via cloud provider makes nodes not ready 1905850 - oc adm policy who-can failed to check the operatorcondition/status resource 1916279 - [OCPonRHV] Sometimes terraform installation fails on -failed to fetch Cluster(another terraform bug) 1917898 - [ovirt] install fails: due to terraform error "Tag not matched: expect but got " on vm resource 1918005 - [vsphere] If there are multiple port groups with the same name installation fails 1918417 - IPv6 errors after exiting crictl 1918690 - Should update the KCM resource-graph timely with the latest configure 1919980 - oVirt installer fails due to terraform error "Failed to wait for Templte(...) to become ok" 1921182 - InspectFailed: kubelet Failed to inspect image: rpc error: code = DeadlineExceeded desc = context deadline exceeded 1923536 - Image pullthrough does not pass 429 errors back to capable clients 1926975 - [aws-c2s] kube-apiserver crashloops due to missing cloud config 1928932 - deploy/route_crd.yaml in openshift/router uses deprecated v1beta1 CRD API 1932812 - Installer uses the terraform-provider in the Installer's directory if it exists 1934304 - MemoryPressure Top Pod Consumers seems to be 2x expected value 1943937 - CatalogSource incorrect parsing validation 1944264 - [ovn] CNO should gracefully terminate OVN databases 1944851 - List of ingress routes not cleaned up when routers no longer exist - take 2 1945329 - In k8s 1.21 bump conntrack 'should drop INVALID conntrack entries' tests are disabled 1948556 - Cannot read property 'apiGroup' of undefined error viewing operator CSV 1949827 - Kubelet bound to incorrect IPs, referring to incorrect NICs in 4.5.x 1957012 - Deleting the KubeDescheduler CR does not remove the corresponding deployment or configmap 1957668 - oc login does not show link to console 1958198 - authentication operator takes too long to pick up a configuration change 1958512 - No 1.25 shown in REMOVEDINRELEASE for apis audited with k8s.io/removed-release 1.25 and k8s.io/deprecated true 1961233 - Add CI test coverage for DNS availability during upgrades 1961844 - baremetal ClusterOperator installed by CVO does not have relatedObjects 1965468 - [OSP] Delete volume snapshots based on cluster ID in their metadata 1965934 - can not get new result with "Refresh off" if click "Run queries" again 1965969 - [aws] the public hosted zone id is not correct in the destroy log, while destroying a cluster which is using BYO private hosted zone. 1968253 - GCP CSI driver can provision volume with access mode ROX 1969794 - [OSP] Document how to use image registry PVC backend with custom availability zones 1975543 - [OLM] Remove stale cruft installed by CVO in earlier releases 1976111 - [tracker] multipathd.socket is missing start conditions 1976782 - Openshift registry starts to segfault after S3 storage configuration 1977100 - Pod failed to start with message "set CPU load balancing: readdirent /proc/sys/kernel/sched_domain/cpu66/domain0: no such file or directory" 1978303 - KAS pod logs show: [SHOULD NOT HAPPEN] ...failed to convert new object...CertificateSigningRequest) to smd typed: .status.conditions: duplicate entries for key [type=\"Approved\"] 1978798 - [Network Operator] Upgrade: The configuration to enable network policy ACL logging is missing on the cluster upgraded from 4.7->4.8 1979671 - Warning annotation for pods with cpu requests or limits on single-node OpenShift cluster without workload partitioning 1982737 - OLM does not warn on invalid CSV 1983056 - IP conflict while recreating Pod with fixed name 1984785 - LSO CSV does not contain disconnected annotation 1989610 - Unsupported data types should not be rendered on operand details page 1990125 - co/image-registry is degrade because ImagePrunerDegraded: Job has reached the specified backoff limit 1990384 - 502 error on "Observe -> Alerting" UI after disabled local alertmanager 1992553 - all the alert rules' annotations "summary" and "description" should comply with the OpenShift alerting guidelines 1994117 - Some hardcodes are detected at the code level in orphaned code 1994820 - machine controller doesn't send vCPU quota failed messages to cluster install logs 1995953 - Ingresscontroller change the replicas to scaleup first time will be rolling update for all the ingress pods 1996544 - AWS region ap-northeast-3 is missing in installer prompt 1996638 - Helm operator manager container restart when CR is creating&deleting 1997120 - test_recreate_pod_in_namespace fails - Timed out waiting for namespace 1997142 - OperatorHub: Filtering the OperatorHub catalog is extremely slow 1997704 - [osp][octavia lb] given loadBalancerIP is ignored when creating a LoadBalancer type svc 1999325 - FailedMount MountVolume.SetUp failed for volume "kube-api-access" : object "openshift-kube-scheduler"/"kube-root-ca.crt" not registered 1999529 - Must gather fails to gather logs for all the namespace if server doesn't have volumesnapshotclasses resource 1999891 - must-gather collects backup data even when Pods fails to be created 2000653 - Add hypershift namespace to exclude namespaces list in descheduler configmap 2002009 - IPI Baremetal, qemu-convert takes to long to save image into drive on slow/large disks 2002602 - Storageclass creation page goes blank when "Enable encryption" is clicked if there is a syntax error in the configmap 2002868 - Node exporter not able to scrape OVS metrics 2005321 - Web Terminal is not opened on Stage of DevSandbox when terminal instance is not created yet 2005694 - Removing proxy object takes up to 10 minutes for the changes to propagate to the MCO 2006067 - Objects are not valid as a React child 2006201 - ovirt-csi-driver-node pods are crashing intermittently 2007246 - Openshift Container Platform - Ingress Controller does not set allowPrivilegeEscalation in the router deployment 2007340 - Accessibility issues on topology - list view 2007611 - TLS issues with the internal registry and AWS S3 bucket 2007647 - oc adm release info --changes-from does not show changes in repos that squash-merge 2008486 - Double scroll bar shows up on dragging the task quick search to the bottom 2009345 - Overview page does not load from openshift console for some set of users after upgrading to 4.7.19 2009352 - Add image-registry usage metrics to telemeter 2009845 - Respect overrides changes during installation 2010361 - OpenShift Alerting Rules Style-Guide Compliance 2010364 - OpenShift Alerting Rules Style-Guide Compliance 2010393 - [sig-arch][Late] clients should not use APIs that are removed in upcoming releases [Suite:openshift/conformance/parallel] 2011525 - Rate-limit incoming BFD to prevent ovn-controller DoS 2011895 - Details about cloud errors are missing from PV/PVC errors 2012111 - LSO still try to find localvolumeset which is already deleted 2012969 - need to figure out why osupdatedstart to reboot is zero seconds 2013144 - Developer catalog category links could not be open in a new tab (sharing and open a deep link works fine) 2013461 - Import deployment from Git with s2i expose always port 8080 (Service and Pod template, not Route) if another Route port is selected by the user 2013734 - unable to label downloads route in openshift-console namespace 2013822 - ensure that the container-tools content comes from the RHAOS plashets 2014161 - PipelineRun logs are delayed and stuck on a high log volume 2014240 - Image registry uses ICSPs only when source exactly matches image 2014420 - Topology page is crashed 2014640 - Cannot change storage class of boot disk when cloning from template 2015023 - Operator objects are re-created even after deleting it 2015042 - Adding a template from the catalog creates a secret that is not owned by the TemplateInstance 2015356 - Different status shows on VM list page and details page 2015375 - PVC creation for ODF/IBM Flashsystem shows incorrect types 2015459 - [azure][openstack]When image registry configure an invalid proxy, registry pods are CrashLoopBackOff 2015800 - [IBM]Shouldn't change status.storage.bucket and status.storage.resourceKeyCRN when update sepc.stroage,ibmcos with invalid value 2016425 - Adoption controller generating invalid metadata.Labels for an already adopted Subscription resource 2016534 - externalIP does not work when egressIP is also present 2017001 - Topology context menu for Serverless components always open downwards 2018188 - VRRP ID conflict between keepalived-ipfailover and cluster VIPs 2018517 - [sig-arch] events should not repeat pathologically expand_less failures - s390x CI 2019532 - Logger object in LSO does not log source location accurately 2019564 - User settings resources (ConfigMap, Role, RB) should be deleted when a user is deleted 2020483 - Parameter $auto_interval_period is in Period drop-down list 2020622 - e2e-aws-upi and e2e-azure-upi jobs are not working 2021041 - [vsphere] Not found TagCategory when destroying ipi cluster 2021446 - openshift-ingress-canary is not reporting DEGRADED state, even though the canary route is not available and accessible 2022253 - Web terminal view is broken 2022507 - Pods stuck in OutOfpods state after running cluster-density 2022611 - Remove BlockPools(no use case) and Object(redundat with Overview) tab on the storagesystem page for NooBaa only and remove BlockPools tab for External mode deployment 2022745 - Cluster reader is not able to list NodeNetwork objects 2023295 - Must-gather tool gathering data from custom namespaces. 2023691 - ClusterIP internalTrafficPolicy does not work for ovn-kubernetes 2024427 - oc completion zsh doesn't auto complete 2024708 - The form for creating operational CRs is badly rendering filed names ("obsoleteCPUs" -> "Obsolete CP Us" ) 2024821 - [Azure-File-CSI] need more clear info when requesting pvc with volumeMode Block 2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion 2025624 - Ingress router metrics endpoint serving old certificates after certificate rotation 2026356 - [IPI on Azure] The bootstrap machine type should be same as master 2026461 - Completed pods in Openshift cluster not releasing IP addresses and results in err: range is full unless manually deleted 2027603 - [UI] Dropdown doesn't close on it's own after arbiter zone selection on 'Capacity and nodes' page 2027613 - Users can't silence alerts from the dev console 2028493 - OVN-migration failed - ovnkube-node: error waiting for node readiness: timed out waiting for the condition 2028532 - noobaa-pg-db-0 pod stuck in Init:0/2 2028821 - Misspelled label in ODF management UI - MCG performance view 2029438 - Bootstrap node cannot resolve api-int because NetworkManager replaces resolv.conf 2029470 - Recover from suddenly appearing old operand revision WAS: kube-scheduler-operator test failure: Node's not achieving new revision 2029797 - Uncaught exception: ResizeObserver loop limit exceeded 2029835 - CSI migration for vSphere: Inline-volume tests failing 2030034 - prometheusrules.openshift.io: dial tcp: lookup prometheus-operator.openshift-monitoring.svc on 172.30.0.10:53: no such host 2030530 - VM created via customize wizard has single quotation marks surrounding its password 2030733 - wrong IP selected to connect to the nodes when ExternalCloudProvider enabled 2030776 - e2e-operator always uses quay master images during presubmit tests 2032559 - CNO allows migration to dual-stack in unsupported configurations 2032717 - Unable to download ignition after coreos-installer install --copy-network 2032924 - PVs are not being cleaned up after PVC deletion 2033482 - [vsphere] two variables in tf are undeclared and get warning message during installation 2033575 - monitoring targets are down after the cluster run for more than 1 day 2033711 - IBM VPC operator needs e2e csi tests for ibmcloud 2033862 - MachineSet is not scaling up due to an OpenStack error trying to create multiple ports with the same MAC address 2034147 - OpenShift VMware IPI Installation fails with Resource customization when corespersocket is unset and vCPU count is not a multiple of 4 2034296 - Kubelet and Crio fails to start during upgrde to 4.7.37 2034411 - [Egress Router] No NAT rules for ipv6 source and destination created in ip6tables-save 2034688 - Allow Prometheus/Thanos to return 401 or 403 when the request isn't authenticated 2034958 - [sig-network] Conntrack should be able to preserve UDP traffic when initial unready endpoints get ready 2035005 - MCD is not always removing in progress taint after a successful update 2035334 - [RFE] [OCPonRHV] Provision machines with preallocated disks 2035899 - Operator-sdk run bundle doesn't support arm64 env 2036202 - Bump podman to >= 3.3.0 so that setup of multiple credentials for a single registry which can be distinguished by their path will work 2036594 - [MAPO] Machine goes to failed state due to a momentary error of the cluster etcd 2036948 - SR-IOV Network Device Plugin should handle offloaded VF instead of supporting only PF 2037190 - dns operator status flaps between True/False/False and True/True/(False|True) after updating dnses.operator.openshift.io/default 2037447 - Ingress Operator is not closing TCP connections. 2037513 - I/O metrics from the Kubernetes/Compute Resources/Cluster Dashboard show as no datapoints found 2037542 - Pipeline Builder footer is not sticky and yaml tab doesn't use full height 2037610 - typo for the Terminated message from thanos-querier pod description info 2037620 - Upgrade playbook should quit directly when trying to upgrade RHEL-7 workers to 4.10 2037625 - AppliedClusterResourceQuotas can not be shown on project overview 2037626 - unable to fetch ignition file when scaleup rhel worker nodes on cluster enabled Tang disk encryption 2037628 - Add test id to kms flows for automation 2037721 - PodDisruptionBudgetAtLimit alert fired in SNO cluster 2037762 - Wrong ServiceMonitor definition is causing failure during Prometheus configuration reload and preventing changes from being applied 2037841 - [RFE] use /dev/ptp_hyperv on Azure/AzureStack 2038115 - Namespace and application bar is not sticky anymore 2038244 - Import from git ignore the given servername and could not validate On-Premises GitHub and BitBucket installations 2038405 - openshift-e2e-aws-workers-rhel-workflow in CI step registry broken 2038774 - IBM-Cloud OVN IPsec fails, IKE UDP ports and ESP protocol not in security group 2039135 - the error message is not clear when using "opm index prune" to prune a file-based index image 2039161 - Note about token for encrypted PVCs should be removed when only cluster wide encryption checkbox is selected 2039253 - ovnkube-node crashes on duplicate endpoints 2039256 - Domain validation fails when TLD contains a digit. 2039277 - Topology list view items are not highlighted on keyboard navigation 2039462 - Application tab in User Preferences dropdown menus are too wide. 2039477 - validation icon is missing from Import from git 2039589 - The toolbox command always ignores [command] the first time 2039647 - Some developer perspective links are not deep-linked causes developer to sometimes delete/modify resources in the wrong project 2040180 - Bug when adding a new table panel to a dashboard for OCP UI with only one value column 2040195 - Ignition fails to enable systemd units with backslash-escaped characters in their names 2040277 - ThanosRuleNoEvaluationFor10Intervals alert description is wrong 2040488 - OpenShift-Ansible BYOH Unit Tests are Broken 2040635 - CPU Utilisation is negative number for "Kubernetes / Compute Resources / Cluster" dashboard 2040654 - 'oc adm must-gather -- some_script' should exit with same non-zero code as the failed 'some_script' exits 2040779 - Nodeport svc not accessible when the backend pod is on a window node 2040933 - OCP 4.10 nightly build will fail to install if multiple NICs are defined on KVM nodes 2041133 - 'oc explain route.status.ingress.conditions' shows type 'Currently only Ready' but actually is 'Admitted' 2041454 - Garbage values accepted for --reference-policy in oc import-image without any error 2041616 - Ingress operator tries to manage DNS of additional ingresscontrollers that are not under clusters basedomain, which can't work 2041769 - Pipeline Metrics page not showing data for normal user 2041774 - Failing git detection should not recommend Devfiles as import strategy 2041814 - The KubeletConfigController wrongly process multiple confs for a pool 2041940 - Namespace pre-population not happening till a Pod is created 2042027 - Incorrect feedback for "oc label pods --all" 2042348 - Volume ID is missing in output message when expanding volume which is not mounted. 2042446 - CSIWithOldVSphereHWVersion alert recurring despite upgrade to vmx-15 2042501 - use lease for leader election 2042587 - ocm-operator: Improve reconciliation of CA ConfigMaps 2042652 - Unable to deploy hw-event-proxy operator 2042838 - The status of container is not consistent on Container details and pod details page 2042852 - Topology toolbars are unaligned to other toolbars 2042999 - A pod cannot reach kubernetes.default.svc.cluster.local cluster IP 2043035 - Wrong error code provided when request contains invalid argument 2043068 - available of text disappears in Utilization item if x is 0 2043080 - openshift-installer intermittent failure on AWS with Error: InvalidVpcID.NotFound: The vpc ID 'vpc-123456789' does not exist 2043094 - ovnkube-node not deleting stale conntrack entries when endpoints go away 2043118 - Host should transition through Preparing when HostFirmwareSettings changed 2043132 - Add a metric when vsphere csi storageclass creation fails 2043314 - oc debug node does not meet compliance requirement 2043336 - Creating multi SriovNetworkNodePolicy cause the worker always be draining 2043428 - Address Alibaba CSI driver operator review comments 2043533 - Update ironic, inspector, and ironic-python-agent to latest bugfix release 2043672 - [MAPO] root volumes not working 2044140 - When 'oc adm upgrade --to-image ...' rejects an update as not recommended, it should mention --allow-explicit-upgrade 2044207 - [KMS] The data in the text box does not get cleared on switching the authentication method 2044227 - Test Managed cluster should only include cluster daemonsets that have maxUnavailable update of 10 or 33 percent fails 2044412 - Topology list misses separator lines and hover effect let the list jump 1px 2044421 - Topology list does not allow selecting an application group anymore 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2044803 - Unify button text style on VM tabs 2044824 - Failing test in periodics: [sig-network] Services should respect internalTrafficPolicy=Local Pod and Node, to Pod (hostNetwork: true) [Feature:ServiceInternalTrafficPolicy] [Skipped:Network/OVNKubernetes] [Suite:openshift/conformance/parallel] [Suite:k8s] 2045065 - Scheduled pod has nodeName changed 2045073 - Bump golang and build images for local-storage-operator 2045087 - Failed to apply sriov policy on intel nics 2045551 - Remove enabled FeatureGates from TechPreviewNoUpgrade 2045559 - API_VIP moved when kube-api container on another master node was stopped 2045577 - [ocp 4.9 | ovn-kubernetes] ovsdb_idl|WARN|transaction error: {"details":"cannot delete Datapath_Binding row 29e48972-xxxx because of 2 remaining reference(s)","error":"referential integrity violation 2045872 - SNO: cluster-policy-controller failed to start due to missing serving-cert/tls.crt 2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter 2046133 - [MAPO]IPI proxy installation failed 2046156 - Network policy: preview of affected pods for non-admin shows empty popup 2046157 - Still uses pod-security.admission.config.k8s.io/v1alpha1 in admission plugin config 2046191 - Opeartor pod is missing correct qosClass and priorityClass 2046277 - openshift-installer intermittent failure on AWS with "Error: Provider produced inconsistent result after apply" when creating the module.vpc.aws_subnet.private_subnet[0] resource 2046319 - oc debug cronjob command failed with error "unable to extract pod template from type v1.CronJob". 2046435 - Better Devfile Import Strategy support in the 'Import from Git' flow 2046496 - Awkward wrapping of project toolbar on mobile 2046497 - Re-enable TestMetricsEndpoint test case in console operator e2e tests 2046498 - "All Projects" and "all applications" use different casing on topology page 2046591 - Auto-update boot source is not available while create new template from it 2046594 - "Requested template could not be found" while creating VM from user-created template 2046598 - Auto-update boot source size unit is byte on customize wizard 2046601 - Cannot create VM from template 2046618 - Start last run action should contain current user name in the started-by annotation of the PLR 2046662 - Should upgrade the go version to be 1.17 for example go operator memcached-operator 2047197 - Sould upgrade the operator_sdk.util version to "0.4.0" for the "osdk_metric" module 2047257 - [CP MIGRATION] Node drain failure during control plane node migration 2047277 - Storage status is missing from status card of virtualization overview 2047308 - Remove metrics and events for master port offsets 2047310 - Running VMs per template card needs empty state when no VMs exist 2047320 - New route annotation to show another URL or hide topology URL decorator doesn't work for Knative Services 2047335 - 'oc get project' caused 'Observed a panic: cannot deep copy core.NamespacePhase' when AllRequestBodies is used 2047362 - Removing prometheus UI access breaks origin test 2047445 - ovs-configure mis-detecting the ipv6 status on IPv4 only cluster causing Deployment failure 2047670 - Installer should pre-check that the hosted zone is not associated with the VPC and throw the error message. 2047702 - Issue described on bug #2013528 reproduced: mapi_current_pending_csr is always set to 1 on OpenShift Container Platform 4.8 2047710 - [OVN] ovn-dbchecker CrashLoopBackOff and sbdb jsonrpc unix socket receive error 2047732 - [IBM]Volume is not deleted after destroy cluster 2047741 - openshift-installer intermittent failure on AWS with "Error: Provider produced inconsistent result after apply" when creating the module.masters.aws_network_interface.master[1] resource 2047790 - [sig-network][Feature:Router] The HAProxy router should override the route host for overridden domains with a custom value [Skipped:Disconnected] [Suite:openshift/conformance/parallel] 2047799 - release-openshift-ocp-installer-e2e-aws-upi-4.9 2047870 - Prevent redundant queries of BIOS settings in HostFirmwareController 2047895 - Fix architecture naming in oc adm release mirror for aarch64 2047911 - e2e: Mock CSI tests fail on IBM ROKS clusters 2047913 - [sig-network][Feature:Router] The HAProxy router should override the route host for overridden domains with a custom value [Skipped:Disconnected] [Suite:openshift/conformance/parallel] 2047925 - [FJ OCP4.10 Bug]: IRONIC_KERNEL_PARAMS does not contain coreos_kernel_params during iPXE boot 2047935 - [4.11] Bootimage bump tracker 2047998 - [alicloud] CCM deploys alibaba-cloud-controller-manager from quay.io/openshift/origin- 2048059 - Service Level Agreement (SLA) always show 'Unknown' 2048067 - [IPI on Alibabacloud] "Platform Provisioning Check" tells '"ap-southeast-6": enhanced NAT gateway is not supported', which seems false 2048186 - Image registry operator panics when finalizes config deletion 2048214 - Can not push images to image-registry when enabling KMS encryption in AlibabaCloud 2048219 - MetalLB: User should not be allowed add same bgp advertisement twice in BGP address pool 2048221 - Capitalization of titles in the VM details page is inconsistent. 2048222 - [AWS GovCloud] Cluster can not be installed on AWS GovCloud regions via terminal interactive UI. 2048276 - Cypress E2E tests fail due to a typo in test-cypress.sh 2048333 - prometheus-adapter becomes inaccessible during rollout 2048352 - [OVN] node does not recover after NetworkManager restart, NotReady and unreachable 2048442 - [KMS] UI does not have option to specify kube auth path and namespace for cluster wide encryption 2048451 - Custom serviceEndpoints in install-config are reported to be unreachable when environment uses a proxy 2048538 - Network policies are not implemented or updated by OVN-Kubernetes 2048541 - incorrect rbac check for install operator quick starts 2048563 - Leader election conventions for cluster topology 2048575 - IP reconciler cron job failing on single node 2048686 - Check MAC address provided on the install-config.yaml file 2048687 - All bare metal jobs are failing now due to End of Life of centos 8 2048793 - Many Conformance tests are failing in OCP 4.10 with Kuryr 2048803 - CRI-O seccomp profile out of date 2048824 - [IBMCloud] ibm-vpc-block-csi-node does not specify an update strategy, only resource requests, or priority class 2048841 - [ovn] Missing lr-policy-list and snat rules for egressip when new pods are added 2048955 - Alibaba Disk CSI Driver does not have CI 2049073 - AWS EFS CSI driver should use the trusted CA bundle when cluster proxy is configured 2049078 - Bond CNI: Failed to attach Bond NAD to pod 2049108 - openshift-installer intermittent failure on AWS with 'Error: Error waiting for NAT Gateway (nat-xxxxx) to become available' 2049117 - e2e-metal-ipi-serial-ovn-ipv6 is failing frequently 2049133 - oc adm catalog mirror throws 'missing signature key' error when using file://local/index 2049142 - Missing "app" label 2049169 - oVirt CSI driver should use the trusted CA bundle when cluster proxy is configured 2049234 - ImagePull fails with error "unable to pull manifest from example.com/busy.box:v5 invalid reference format" 2049410 - external-dns-operator creates provider section, even when not requested 2049483 - Sidepanel for Connectors/workloads in topology shows invalid tabs 2049613 - MTU migration on SDN IPv4 causes API alerts 2049671 - system:serviceaccount:openshift-cluster-csi-drivers:aws-ebs-csi-driver-operator trying to GET and DELETE /api/v1/namespaces/openshift-cluster-csi-drivers/configmaps/kube-cloud-config which does not exist 2049687 - superfluous apirequestcount entries in audit log 2049775 - cloud-provider-config change not applied when ExternalCloudProvider enabled 2049787 - (dummy bug) ovn-kubernetes ExternalTrafficPolicy still SNATs 2049832 - ContainerCreateError when trying to launch large (>500) numbers of pods across nodes 2049872 - cluster storage operator AWS credentialsrequest lacks KMS privileges 2049889 - oc new-app --search nodejs warns about access to sample content on quay.io 2050005 - Plugin module IDs can clash with console module IDs causing runtime errors 2050011 - Observe > Metrics page: Timespan text input and dropdown do not align 2050120 - Missing metrics in kube-state-metrics 2050146 - Installation on PSI fails with: 'openstack platform does not have the required standard-attr-tag network extension' 2050173 - [aws-ebs-csi-driver] Merge upstream changes since v1.2.0 2050180 - [aws-efs-csi-driver] Merge upstream changes since v1.3.2 2050300 - panic in cluster-storage-operator while updating status 2050332 - Malformed ClusterClaim lifetimes cause the clusterclaims-controller to silently fail to reconcile all clusterclaims 2050335 - azure-disk failed to mount with error special device does not exist 2050345 - alert data for burn budget needs to be updated to prevent regression 2050407 - revert "force cert rotation every couple days for development" in 4.11 2050409 - ip-reconcile job is failing consistently 2050452 - Update osType and hardware version used by RHCOS OVA to indicate it is a RHEL 8 guest 2050466 - machine config update with invalid container runtime config should be more robust 2050637 - Blog Link not re-directing to the intented website in the last modal in the Dev Console Onboarding Tour 2050698 - After upgrading the cluster the console still show 0 of N, 0% progress for worker nodes 2050707 - up test for prometheus pod look to far in the past 2050767 - Vsphere upi tries to access vsphere during manifests generation phase 2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function 2050882 - Crio appears to be coredumping in some scenarios 2050902 - not all resources created during import have common labels 2050946 - Cluster-version operator fails to notice TechPreviewNoUpgrade featureSet change after initialization-lookup error 2051320 - Need to build ose-aws-efs-csi-driver-operator-bundle-container image for 4.11 2051333 - [aws] records in public hosted zone and BYO private hosted zone were not deleted. 2051377 - Unable to switch vfio-pci to netdevice in policy 2051378 - Template wizard is crashed when there are no templates existing 2051423 - migrate loadbalancers from amphora to ovn not working 2051457 - [RFE] PDB for cloud-controller-manager to avoid going too many replicas down 2051470 - prometheus: Add validations for relabel configs 2051558 - RoleBinding in project without subject is causing "Project access" page to fail 2051578 - Sort is broken for the Status and Version columns on the Cluster Settings > ClusterOperators page 2051583 - sriov must-gather image doesn't work 2051593 - Summary Interval Hardcoded in PTP Operator if Set in the Global Body Instead of Command Line 2051611 - Remove Check which enforces summary_interval must match logSyncInterval 2051642 - Remove "Tech-Preview" Label for the Web Terminal GA release 2051657 - Remove 'Tech preview' from minnimal deployment Storage System creation 2051718 - MetaLLB: Validation Webhook: BGPPeer hold time is allowed to be set to less than 3s 2051722 - MetalLB: BGPPeer object does not have ability to set ebgpMultiHop 2051881 - [vSphere CSI driver Operator] RWX volumes counts metrics vsphere_rwx_volumes_total not valid 2051954 - Allow changing of policyAuditConfig ratelimit post-deployment 2051969 - Need to build local-storage-operator-metadata-container image for 4.11 2051985 - An APIRequestCount without dots in the name can cause a panic 2052016 - MetalLB: Webhook Validation: Two BGPPeers instances can have different router ID set. 2052034 - Can't start correct debug pod using pod definition yaml in OCP 4.8 2052055 - Whereabouts should implement client-go 1.22+ 2052056 - Static pod installer should throttle creating new revisions 2052071 - local storage operator metrics target down after upgrade 2052095 - Infinite OAuth redirect loop post-upgrade to 4.10.0-rc.1 2052270 - FSyncControllerDegraded has "treshold" -> "threshold" typos 2052309 - [IBM Cloud] ibm-vpc-block-csi-controller does not specify an update strategy, priority class, or only resource requests 2052332 - Probe failures and pod restarts during 4.7 to 4.8 upgrade 2052393 - Failed to scaleup RHEL machine against OVN cluster due to jq tool is required by configure-ovs.sh 2052398 - 4.9 to 4.10 upgrade fails for ovnkube-masters 2052415 - Pod density test causing problems when using kube-burner 2052513 - Failing webhooks will block an upgrade to 4.10 mid-way through the upgrade. 2052578 - Create new app from a private git repository using 'oc new app' with basic auth does not work. 2052595 - Remove dev preview badge from IBM FlashSystem deployment windows 2052618 - Node reboot causes duplicate persistent volumes 2052671 - Add Sprint 214 translations 2052674 - Remove extra spaces 2052700 - kube-controller-manger should use configmap lease 2052701 - kube-scheduler should use configmap lease 2052814 - go fmt fails in OSM after migration to go 1.17 2052840 - IMAGE_BUILDER=docker make test-e2e-operator-ocp runs with podman instead of docker 2052953 - Observe dashboard always opens for last viewed workload instead of the selected one 2052956 - Installing virtualization operator duplicates the first action on workloads in topology 2052975 - High cpu load on Juniper Qfx5120 Network switches after upgrade to Openshift 4.8.26 2052986 - Console crashes when Mid cycle hook in Recreate strategy(edit deployment/deploymentConfig) selects Lifecycle strategy as "Tags the current image as an image stream tag if the deployment succeeds" 2053006 - [ibm]Operator storage PROGRESSING and DEGRADED is true during fresh install for ocp4.11 2053104 - [vSphere CSI driver Operator] hw_version_total metric update wrong value after upgrade nodes hardware version from vmx-13 to vmx-15 2053112 - nncp status is unknown when nnce is Progressing 2053118 - nncp Available condition reason should be exposed in oc get 2053168 - Ensure the core dynamic plugin SDK package has correct types and code 2053205 - ci-openshift-cluster-network-operator-master-e2e-agnostic-upgrade is failing most of the time 2053304 - Debug terminal no longer works in admin console 2053312 - requestheader IDP test doesn't wait for cleanup, causing high failure rates 2053334 - rhel worker scaleup playbook failed because missing some dependency of podman 2053343 - Cluster Autoscaler not scaling down nodes which seem to qualify for scale-down 2053491 - nmstate interprets interface names as float64 and subsequently crashes on state update 2053501 - Git import detection does not happen for private repositories 2053582 - inability to detect static lifecycle failure 2053596 - [IBM Cloud] Storage IOPS limitations and lack of IPI ETCD deployment options trigger leader election during cluster initialization 2053609 - LoadBalancer SCTP service leaves stale conntrack entry that causes issues if service is recreated 2053622 - PDB warning alert when CR replica count is set to zero 2053685 - Topology performance: Immutable .toJSON consumes a lot of CPU time when rendering a large topology graph (~100 nodes) 2053721 - When using RootDeviceHint rotational setting the host can fail to provision 2053922 - [OCP 4.8][OVN] pod interface: error while waiting on OVS.Interface.external-ids 2054095 - [release-4.11] Gather images.conifg.openshift.io cluster resource definiition 2054197 - The ProjectHelmChartRepositrory schema has merged but has not been initialized in the cluster yet 2054200 - Custom created services in openshift-ingress removed even though the services are not of type LoadBalancer 2054238 - console-master-e2e-gcp-console is broken 2054254 - vSphere test failure: [Serial] [sig-auth][Feature:OAuthServer] [RequestHeaders] [IdP] test RequestHeaders IdP [Suite:openshift/conformance/serial] 2054285 - Services other than knative service also shows as KSVC in add subscription/trigger modal 2054319 - must-gather | gather_metallb_logs can't detect metallb pod 2054351 - Rrestart of ptp4l/phc2sys on change of PTPConfig generates more than one times, socket error in event frame work 2054385 - redhat-operatori ndex image build failed with AMQ brew build - amq-interconnect-operator-metadata-container-1.10.13 2054564 - DPU network operator 4.10 branch need to sync with master 2054630 - cancel create silence from kebab menu of alerts page will navigated to the previous page 2054693 - Error deploying HorizontalPodAutoscaler with oc new-app command in OpenShift 4 2054701 - [MAPO] Events are not created for MAPO machines 2054705 - [tracker] nf_reinject calls nf_queue_entry_free on an already freed entry->state 2054735 - Bad link in CNV console 2054770 - IPI baremetal deployment metal3 pod crashes when using capital letters in hosts bootMACAddress 2054787 - SRO controller goes to CrashLoopBackOff status when the pull-secret does not have the correct permissions 2054950 - A large number is showing on disk size field 2055305 - Thanos Querier high CPU and memory usage till OOM 2055386 - MetalLB changes the shared external IP of a service upon updating the externalTrafficPolicy definition 2055433 - Unable to create br-ex as gateway is not found 2055470 - Ingresscontroller LB scope change behaviour differs for different values of aws-load-balancer-internal annotation 2055492 - The default YAML on vm wizard is not latest 2055601 - installer did not destroy .app dns recored in a IPI on ASH install 2055702 - Enable Serverless tests in CI 2055723 - CCM operator doesn't deploy resources after enabling TechPreviewNoUpgrade feature set. 2055729 - NodePerfCheck fires and stays active on momentary high latency 2055814 - Custom dynamic exntension point causes runtime and compile time error 2055861 - cronjob collect-profiles failed leads node reach to OutOfpods status 2055980 - [dynamic SDK][internal] console plugin SDK does not support table actions 2056454 - Implement preallocated disks for oVirt in the cluster API provider 2056460 - Implement preallocated disks for oVirt in the OCP installer 2056496 - If image does not exists for builder image then upload jar form crashes 2056519 - unable to install IPI PRIVATE OpenShift cluster in Azure due to organization policies 2056607 - Running kubernetes-nmstate handler e2e tests stuck on OVN clusters 2056752 - Better to named the oc-mirror version info with more information like the oc version --client 2056802 - "enforcedLabelLimit|enforcedLabelNameLengthLimit|enforcedLabelValueLengthLimit" do not take effect 2056841 - [UI] [DR] Web console update is available pop-up is seen multiple times on Hub cluster where ODF operator is not installed and unnecessarily it pop-up on the Managed cluster as well where ODF operator is installed 2056893 - incorrect warning for --to-image in oc adm upgrade help 2056967 - MetalLB: speaker metrics is not updated when deleting a service 2057025 - Resource requests for the init-config-reloader container of prometheus-k8s- pods are too high 2057054 - SDK: k8s methods resolves into Response instead of the Resource 2057079 - [cluster-csi-snapshot-controller-operator] CI failure: events should not repeat pathologically 2057101 - oc commands working with images print an incorrect and inappropriate warning 2057160 - configure-ovs selects wrong interface on reboot 2057183 - OperatorHub: Missing "valid subscriptions" filter 2057251 - response code for Pod count graph changed from 422 to 200 periodically for about 30 minutes if pod is rescheduled 2057358 - [Secondary Scheduler] - cannot build bundle index image using the secondary scheduler operator bundle 2057387 - [Secondary Scheduler] - olm.skiprange, com.redhat.openshift.versions is incorrect and no minkubeversion 2057403 - CMO logs show forbidden: User "system:serviceaccount:openshift-monitoring:cluster-monitoring-operator" cannot get resource "replicasets" in API group "apps" in the namespace "openshift-monitoring" 2057495 - Alibaba Disk CSI driver does not provision small PVCs 2057558 - Marketplace operator polls too frequently for cluster operator status changes 2057633 - oc rsync reports misleading error when container is not found 2057642 - ClusterOperator status.conditions[].reason "etcd disk metrics exceeded..." should be a CamelCase slug 2057644 - FSyncControllerDegraded latches True, even after fsync latency recovers on all members 2057696 - Removing console still blocks OCP install from completing 2057762 - ingress operator should report Upgradeable False to remind user before upgrade to 4.10 when Non-SAN certs are used 2057832 - expr for record rule: "cluster:telemetry_selected_series:count" is improper 2057967 - KubeJobCompletion does not account for possible job states 2057990 - Add extra debug information to image signature workflow test 2057994 - SRIOV-CNI failed to load netconf: LoadConf(): failed to get VF information 2058030 - On OCP 4.10+ using OVNK8s on BM IPI, nodes register as localhost.localdomain 2058217 - [vsphere-problem-detector-operator] 'vsphere_rwx_volumes_total' metric name make confused 2058225 - openshift_csi_share_ metrics are not found from telemeter server 2058282 - Websockets stop updating during cluster upgrades 2058291 - CI builds should have correct version of Kube without needing to push tags everytime 2058368 - Openshift OVN-K got restarted mutilple times with the error " ovsdb-server/memory-trim-on-compaction on'' failed: exit status 1 and " ovndbchecker.go:118] unable to turn on memory trimming for SB DB, stderr " , cluster unavailable 2058370 - e2e-aws-driver-toolkit CI job is failing 2058421 - 4.9.23-s390x-machine-os-content manifest invalid when mirroring content for disconnected install 2058424 - ConsolePlugin proxy always passes Authorization header even if authorize property is omitted or false 2058623 - Bootstrap server dropdown menu in Create Event Source- KafkaSource form is empty even if it's created 2058626 - Multiple Azure upstream kube fsgroupchangepolicy tests are permafailing expecting gid "1000" but geting "root" 2058671 - whereabouts IPAM CNI ip-reconciler cronjob specification requires hostnetwork, api-int lb usage & proper backoff 2058692 - [Secondary Scheduler] Creating secondaryscheduler instance fails with error "key failed with : secondaryschedulers.operator.openshift.io "secondary-scheduler" not found" 2059187 - [Secondary Scheduler] - key failed with : serviceaccounts "secondary-scheduler" is forbidden 2059212 - [tracker] Backport https://github.com/util-linux/util-linux/commit/eab90ef8d4f66394285e0cff1dfc0a27242c05aa 2059213 - ART cannot build installer images due to missing terraform binaries for some architectures 2059338 - A fully upgraded 4.10 cluster defaults to HW-13 hardware version even if HW-15 is default (and supported) 2059490 - The operator image in CSV file of the ART DPU network operator bundle is incorrect 2059567 - vMedia based IPI installation of OpenShift fails on Nokia servers due to issues with virtual media attachment and boot source override 2059586 - (release-4.11) Insights operator doesn't reconcile clusteroperator status condition messages 2059654 - Dynamic demo plugin proxy example out of date 2059674 - Demo plugin fails to build 2059716 - cloud-controller-manager flaps operator version during 4.9 -> 4.10 update 2059791 - [vSphere CSI driver Operator] didn't update 'vsphere_csi_driver_error' metric value when fixed the error manually 2059840 - [LSO]Could not gather logs for pod diskmaker-discovery and diskmaker-manager 2059943 - MetalLB: Move CI config files to metallb repo from dev-scripts repo 2060037 - Configure logging level of FRR containers 2060083 - CMO doesn't react to changes in clusteroperator console 2060091 - CMO produces invalid alertmanager statefulset if console cluster .status.consoleURL is unset 2060133 - [OVN RHEL upgrade] could not find IP addresses: failed to lookup link br-ex: Link not found 2060147 - RHEL8 Workers Need to Ensure libseccomp is up to date at install time 2060159 - LGW: External->Service of type ETP=Cluster doesn't go to the node 2060329 - Detect unsupported amount of workloads before rendering a lazy or crashing topology 2060334 - Azure VNET lookup fails when the NIC subnet is in a different resource group 2060361 - Unable to enumerate NICs due to missing the 'primary' field due to security restrictions 2060406 - Test 'operators should not create watch channels very often' fails 2060492 - Update PtpConfigSlave source-crs to use network_transport L2 instead of UDPv4 2060509 - Incorrect installation of ibmcloud vpc csi driver in IBM Cloud ROKS 4.10 2060532 - LSO e2e tests are run against default image and namespace 2060534 - openshift-apiserver pod in crashloop due to unable to reach kubernetes svc ip 2060549 - ErrorAddingLogicalPort: duplicate IP found in ECMP Pod route cache! 2060553 - service domain can't be resolved when networkpolicy is used in OCP 4.10-rc 2060583 - Remove Console internal-kubevirt plugin SDK package 2060605 - Broken access to public images: Unable to connect to the server: no basic auth credentials 2060617 - IBMCloud destroy DNS regex not strict enough 2060687 - Azure Ci: SubscriptionDoesNotSupportZone - does not support availability zones at location 'westus' 2060697 - [AWS] partitionNumber cannot work for specifying Partition number 2060714 - [DOCS] Change source_labels to sourceLabels in "Configuring remote write storage" section 2060837 - [oc-mirror] Catalog merging error when two or more bundles does not have a set Replace field 2060894 - Preceding/Trailing Whitespaces In Form Elements on the add page 2060924 - Console white-screens while using debug terminal 2060968 - Installation failing due to ironic-agent.service not starting properly 2060970 - Bump recommended FCOS to 35.20220213.3.0 2061002 - Conntrack entry is not removed for LoadBalancer IP 2061301 - Traffic Splitting Dialog is Confusing With Only One Revision 2061303 - Cachito request failure with vendor directory is out of sync with go.mod/go.sum 2061304 - workload info gatherer - don't serialize empty images map 2061333 - White screen for Pipeline builder page 2061447 - [GSS] local pv's are in terminating state 2061496 - etcd RecentBackup=Unknown ControllerStarted contains no message string 2061527 - [IBMCloud] infrastructure asset missing CloudProviderType 2061544 - AzureStack is hard-coded to use Standard_LRS for the disk type 2061549 - AzureStack install with internal publishing does not create api DNS record 2061611 - [upstream] The marker of KubeBuilder doesn't work if it is close to the code 2061732 - Cinder CSI crashes when API is not available 2061755 - Missing breadcrumb on the resource creation page 2061833 - A single worker can be assigned to multiple baremetal hosts 2061891 - [IPI on IBMCLOUD] missing ?br-sao? region in openshift installer 2061916 - mixed ingress and egress policies can result in half-isolated pods 2061918 - Topology Sidepanel style is broken 2061919 - Egress Ip entry stays on node's primary NIC post deletion from hostsubnet 2062007 - MCC bootstrap command lacks template flag 2062126 - IPfailover pod is crashing during creation showing keepalived_script doesn't exist 2062151 - Add RBAC for 'infrastructures' to operator bundle 2062355 - kubernetes-nmstate resources and logs not included in must-gathers 2062459 - Ingress pods scheduled on the same node 2062524 - [Kamelet Sink] Topology crashes on click of Event sink node if the resource is created source to Uri over ref 2062558 - Egress IP with openshift sdn in not functional on worker node. 2062568 - CVO does not trigger new upgrade again after fail to update to unavailable payload 2062645 - configure-ovs: don't restart networking if not necessary 2062713 - Special Resource Operator(SRO) - No sro_used_nodes metric 2062849 - hw event proxy is not binding on ipv6 local address 2062920 - Project selector is too tall with only a few projects 2062998 - AWS GovCloud regions are recognized as the unknown regions 2063047 - Configuring a full-path query log file in CMO breaks Prometheus with the latest version of the operator 2063115 - ose-aws-efs-csi-driver has invalid dependency in go.mod 2063164 - metal-ipi-ovn-ipv6 Job Permafailing and Blocking OpenShift 4.11 Payloads: insights operator is not available 2063183 - DefragDialTimeout is set to low for large scale OpenShift Container Platform - Cluster 2063194 - cluster-autoscaler-default will fail when automated etcd defrag is running on large scale OpenShift Container Platform 4 - Cluster 2063321 - [OVN]After reboot egress node, lr-policy-list was not correct, some duplicate records or missed internal IPs 2063324 - MCO template output directories created with wrong mode causing render failure in unprivileged container environments 2063375 - ptp operator upgrade from 4.9 to 4.10 stuck at pending due to service account requirements not met 2063414 - on OKD 4.10, when image-registry is enabled, the /etc/hosts entry is missing on some nodes 2063699 - Builds - Builds - Logs: i18n misses. 2063708 - Builds - Builds - Logs: translation correction needed. 2063720 - Metallb EBGP neighbor stuck in active until adding ebgp-multihop (directly connected neighbors) 2063732 - Workloads - StatefulSets : I18n misses 2063747 - When building a bundle, the push command fails because is passes a redundant "IMG=" on the the CLI 2063753 - User Preferences - Language - Language selection : Page refresh rquired to change the UI into selected Language. 2063756 - User Preferences - Applications - Insecure traffic : i18n misses 2063795 - Remove go-ovirt-client go.mod replace directive 2063829 - During an IPI install with the 4.10.4 installer on vSphere, getting "Check": platform.vsphere.network: Invalid value: "VLAN_3912": unable to find network provided" 2063831 - etcd quorum pods landing on same node 2063897 - Community tasks not shown in pipeline builder page 2063905 - PrometheusOperatorWatchErrors alert may fire shortly in case of transient errors from the API server 2063938 - sing the hard coded rest-mapper in library-go 2063955 - cannot download operator catalogs due to missing images 2063957 - User Management - Users : While Impersonating user, UI is not switching into user's set language 2064024 - SNO OCP upgrade with DU workload stuck at waiting for kube-apiserver static pod 2064170 - [Azure] Missing punctuation in the installconfig.controlPlane.platform.azure.osDisk explain 2064239 - Virtualization Overview page turns into blank page 2064256 - The Knative traffic distribution doesn't update percentage in sidebar 2064553 - UI should prefer to use the virtio-win configmap than v2v-vmware configmap for windows creation 2064596 - Fix the hubUrl docs link in pipeline quicksearch modal 2064607 - Pipeline builder makes too many (100+) API calls upfront 2064613 - [OCPonRHV]- after few days that cluster is alive we got error in storage operator 2064693 - [IPI][OSP] Openshift-install fails to find the shiftstack cloud defined in clouds.yaml in the current directory 2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server 2064705 - the alertmanagerconfig validation catches the wrong value for invalid field 2064744 - Errors trying to use the Debug Container feature 2064984 - Update error message for label limits 2065076 - Access monitoring Routes based on monitoring-shared-config creates wrong URL 2065160 - Possible leak of load balancer targets on AWS Machine API Provider 2065224 - Configuration for cloudFront in image-registry operator configuration is ignored & duration is corrupted 2065290 - CVE-2021-23648 sanitize-url: XSS 2065338 - VolumeSnapshot creation date sorting is broken 2065507 - oc adm upgrade should return ReleaseAccepted condition to show upgrade status. 2065510 - [AWS] failed to create cluster on ap-southeast-3 2065513 - Dev Perspective -> Project Dashboard shows Resource Quotas which are a bit misleading, and too many decimal places 2065547 - (release-4.11) Gather kube-controller-manager pod logs with garbage collector errors 2065552 - [AWS] Failed to install cluster on AWS ap-southeast-3 region due to image-registry panic error 2065577 - user with user-workload-monitoring-config-edit role can not create user-workload-monitoring-config configmap 2065597 - Cinder CSI is not configurable 2065682 - Remote write relabel config adds label __tmp_openshift_cluster_id to all metrics 2065689 - Internal Image registry with GCS backend does not redirect client 2065749 - Kubelet slowly leaking memory and pods eventually unable to start 2065785 - ip-reconciler job does not complete, halts node drain 2065804 - Console backend check for Web Terminal Operator incorrectly returns HTTP 204 2065806 - stop considering Mint mode as supported on Azure 2065840 - the cronjob object is created with a wrong api version batch/v1beta1 when created via the openshift console 2065893 - [4.11] Bootimage bump tracker 2066009 - CVE-2021-44906 minimist: prototype pollution 2066232 - e2e-aws-workers-rhel8 is failing on ansible check 2066418 - [4.11] Update channels information link is taking to a 404 error page 2066444 - The "ingress" clusteroperator's relatedObjects field has kind names instead of resource names 2066457 - Prometheus CI failure: 503 Service Unavailable 2066463 - [IBMCloud] failed to list DNS zones: Exactly one of ApiKey or RefreshToken must be specified 2066605 - coredns template block matches cluster API to loose 2066615 - Downstream OSDK still use upstream image for Hybird type operator 2066619 - The GitCommit of the oc-mirror version is not correct 2066665 - [ibm-vpc-block] Unable to change default storage class 2066700 - [node-tuning-operator] - Minimize wildcard/privilege Usage in Cluster and Local Roles 2066754 - Cypress reports for core tests are not captured 2066782 - Attached disk keeps in loading status when add disk to a power off VM by non-privileged user 2066865 - Flaky test: In-tree Volumes [Driver: azure-disk] [Testpattern: Dynamic PV (delayed binding)] topology should provision a volume and schedule a pod with AllowedTopologies 2066886 - openshift-apiserver pods never going NotReady 2066887 - Dependabot alert: Path traversal in github.com/valyala/fasthttp 2066889 - Dependabot alert: Path traversal in github.com/valyala/fasthttp 2066923 - No rule to make target 'docker-push' when building the SRO bundle 2066945 - SRO appends "arm64" instead of "aarch64" to the kernel name and it doesn't match the DTK 2067004 - CMO contains grafana image though grafana is removed 2067005 - Prometheus rule contains grafana though grafana is removed 2067062 - should update prometheus-operator resources version 2067064 - RoleBinding in Developer Console is dropping all subjects when editing 2067155 - Incorrect operator display name shown in pipelines quickstart in devconsole 2067180 - Missing i18n translations 2067298 - Console 4.10 operand form refresh 2067312 - PPT event source is lost when received by the consumer 2067384 - OCP 4.10 should be firing APIRemovedInNextEUSReleaseInUse for APIs removed in 1.25 2067456 - OCP 4.11 should be firing APIRemovedInNextEUSReleaseInUse and APIRemovedInNextReleaseInUse for APIs removed in 1.25 2067995 - Internal registries with a big number of images delay pod creation due to recursive SELinux file context relabeling 2068115 - resource tab extension fails to show up 2068148 - [4.11] /etc/redhat-release symlink is broken 2068180 - OCP UPI on AWS with STS enabled is breaking the Ingress operator 2068181 - Event source powered with kamelet type source doesn't show associated deployment in resources tab 2068490 - OLM descriptors integration test failing 2068538 - Crashloop back-off popover visual spacing defects 2068601 - Potential etcd inconsistent revision and data occurs 2068613 - ClusterRoleUpdated/ClusterRoleBindingUpdated Spamming Event Logs 2068908 - Manual blog link change needed 2069068 - reconciling Prometheus Operator Deployment failed while upgrading from 4.7.46 to 4.8.35 2069075 - [Alibaba 4.11.0-0.nightly] cluster storage component in Progressing state 2069181 - Disabling community tasks is not working 2069198 - Flaky CI test in e2e/pipeline-ci 2069307 - oc mirror hangs when processing the Red Hat 4.10 catalog 2069312 - extend rest mappings with 'job' definition 2069457 - Ingress operator has superfluous finalizer deletion logic for LoadBalancer-type services 2069577 - ConsolePlugin example proxy authorize is wrong 2069612 - Special Resource Operator (SRO) - Crash when nodeSelector does not match any nodes 2069632 - Not able to download previous container logs from console 2069643 - ConfigMaps leftovers while uninstalling SpecialResource with configmap 2069654 - Creating VMs with YAML on Openshift Virtualization UI is missing labels flavor, os and workload 2069685 - UI crashes on load if a pinned resource model does not exist 2069705 - prometheus target "serviceMonitor/openshift-metallb-system/monitor-metallb-controller/0" has a failure with "server returned HTTP status 502 Bad Gateway" 2069740 - On-prem loadbalancer ports conflict with kube node port range 2069760 - In developer perspective divider does not show up in navigation 2069904 - Sync upstream 1.18.1 downstream 2069914 - Application Launcher groupings are not case-sensitive 2069997 - [4.11] should add user containers in /etc/subuid and /etc/subgid to support run pods in user namespaces 2070000 - Add warning alerts for installing standalone k8s-nmstate 2070020 - InContext doesn't work for Event Sources 2070047 - Kuryr: Prometheus when installed on the cluster shouldn't report any alerts in firing state apart from Watchdog and AlertmanagerReceiversNotConfigured 2070160 - Copy-to-clipboard and

     elements cause display issues for ACM dynamic plugins
    2070172 - SRO uses the chart's name as Helm release, not the SpecialResource's
    2070181 - [MAPO] serverGroupName ignored
    2070457 - Image vulnerability Popover overflows from the visible area
    2070674 - [GCP] Routes get timed out and nonresponsive after creating 2K service routes
    2070703 - some ipv6 network policy tests consistently failing
    2070720 - [UI] Filter reset doesn't work on Pods/Secrets/etc pages and complete list disappears
    2070731 - details switch label is not clickable on add page
    2070791 - [GCP]Image registry are crash on cluster with GCP workload identity enabled
    2070792 - service "openshift-marketplace/marketplace-operator-metrics" is not annotated with capability
    2070805 - ClusterVersion: could not download the update
    2070854 - cv.status.capabilities.enabledCapabilities doesn?t show the day-2 enabled caps when there are errors on resources update
    2070887 - Cv condition ImplicitlyEnabledCapabilities doesn?t complain about the disabled capabilities which is previously enabled
    2070888 - Cannot bind driver vfio-pci when apply sriovnodenetworkpolicy with type vfio-pci
    2070929 - OVN-Kubernetes: EgressIP breaks access from a pod with EgressIP to other host networked pods on different nodes
    2071019 - rebase vsphere csi driver 2.5
    2071021 - vsphere driver has snapshot support missing
    2071033 - conditionally relabel volumes given annotation not working - SELinux context match is wrong
    2071139 - Ingress pods scheduled on the same node
    2071364 - All image building tests are broken with "            error: build error: attempting to convert BUILD_LOGLEVEL env var value "" to integer: strconv.Atoi: parsing "": invalid syntax
    2071578 - Monitoring navigation should not be shown if monitoring is not available (CRC)
    2071599 - RoleBidings are not getting updated for ClusterRole in OpenShift Web Console
    2071614 - Updating EgressNetworkPolicy rejecting with error UnsupportedMediaType
    2071617 - remove Kubevirt extensions in favour of dynamic plugin
    2071650 - ovn-k ovn_db_cluster metrics are not exposed for SNO
    2071691 - OCP Console global PatternFly overrides adds padding to breadcrumbs
    2071700 - v1 events show "Generated from" message without the source/reporting component
    2071715 - Shows 404 on Environment nav in Developer console
    2071719 - OCP Console global PatternFly overrides link button whitespace
    2071747 - Link to documentation from the overview page goes to a missing link
    2071761 - Translation Keys Are Not Namespaced
    2071799 - Multus CNI should exit cleanly on CNI DEL when the API server is unavailable
    2071859 - ovn-kube pods spec.dnsPolicy should be Default
    2071914 - cloud-network-config-controller 4.10.5:  Error building cloud provider client, err: %vfailed to initialize Azure environment: autorest/azure: There is no cloud environment matching the name ""
    2071998 - Cluster-version operator should share details of signature verification when it fails in 'Force: true' updates
    2072106 - cluster-ingress-operator tests do not build on go 1.18
    2072134 - Routes are not accessible within cluster from hostnet pods
    2072139 - vsphere driver has permissions to create/update PV objects
    2072154 - Secondary Scheduler operator panics
    2072171 - Test "[sig-network][Feature:EgressFirewall] EgressFirewall should have no impact outside its namespace [Suite:openshift/conformance/parallel]" fails
    2072195 - machine api doesn't issue client cert when AWS DNS suffix missing
    2072215 - Whereabouts ip-reconciler should be opt-in and not required
    2072389 - CVO exits upgrade immediately rather than waiting for etcd backup
    2072439 - openshift-cloud-network-config-controller reports wrong range of IP addresses for Azure worker nodes
    2072455 - make bundle overwrites supported-nic-ids_v1_configmap.yaml
    2072570 - The namespace titles for operator-install-single-namespace test keep changing
    2072710 - Perfscale - pods time out waiting for OVS port binding (ovn-installed)
    2072766 - Cluster Network Operator stuck in CrashLoopBackOff when scheduled to same master
    2072780 - OVN kube-master does not clear NetworkUnavailableCondition on GCP BYOH Windows node
    2072793 - Drop "Used Filesystem" from "Virtualization -> Overview"
    2072805 - Observe > Dashboards: $__range variables cause PromQL query errors
    2072807 - Observe > Dashboards: Missing panel.styles attribute for table panels causes JS error
    2072842 - (release-4.11) Gather namespace names with overlapping UID ranges
    2072883 - sometimes monitoring dashboards charts can not be loaded successfully
    2072891 - Update gcp-pd-csi-driver to 1.5.1;
    2072911 - panic observed in kubedescheduler operator
    2072924 - periodic-ci-openshift-release-master-ci-4.11-e2e-azure-techpreview-serial
    2072957 - ContainerCreateError loop leads to several thousand empty logfiles in the file system
    2072998 - update aws-efs-csi-driver to the latest version
    2072999 - Navigate from logs of selected Tekton task instead of last one
    2073021 - [vsphere] Failed to update OS on master nodes
    2073112 - Prometheus (uwm) externalLabels not showing always in alerts. 
    2073113 - Warning is logged to the console: W0407 Defaulting of registry auth file to "${HOME}/.docker/config.json" is deprecated. 
    2073176 - removing data in form does not remove data from yaml editor
    2073197 - Error in Spoke/SNO agent: Source image rejected: A signature was required, but no signature exists
    2073329 - Pipelines-plugin- Having different title for Pipeline Runs tab, on Pipeline Details page it's "PipelineRuns" and on Repository Details page it's "Pipeline Runs". 
    2073373 - Update azure-disk-csi-driver to 1.16.0
    2073378 - failed egressIP assignment - cloud-network-config-controller does not delete failed cloudprivateipconfig
    2073398 - machine-api-provider-openstack does not clean up OSP ports after failed server provisioning
    2073436 - Update azure-file-csi-driver to v1.14.0
    2073437 - Topology performance: Firehose/useK8sWatchResources cache can return unexpected data format if isList differs on multiple calls
    2073452 - [sig-network] pods should successfully create sandboxes by other - failed (add)
    2073473 - [OVN SCALE][ovn-northd] Unnecessary SB record no-op changes added to SB transaction. 
    2073522 - Update ibm-vpc-block-csi-driver to v4.2.0
    2073525 - Update vpc-node-label-updater to v4.1.2
    2073901 - Installation failed due to etcd operator Err:DefragControllerDegraded: failed to dial endpoint https://10.0.0.7:2379 with maintenance client: context canceled
    2073937 - Invalid retention time and invalid retention size should be validated at one place and have error log in one place for UMW
    2073938 - APIRemovedInNextEUSReleaseInUse alert for runtimeclasses
    2073945 - APIRemovedInNextEUSReleaseInUse alert for podsecuritypolicies
    2073972 - Invalid retention time and invalid retention size should be validated at one place and have error log in one place for platform monitoring
    2074009 - [OVN] ovn-northd doesn't clean Chassis_Private record after scale down to 0 a machineSet
    2074031 - Admins should be able to tune garbage collector aggressiveness (GOGC) for kube-apiserver if necessary
    2074062 - Node Tuning Operator(NTO) - Cloud provider profile rollback doesn't work well
    2074084 - CMO metrics not visible in the OCP webconsole UI
    2074100 - CRD filtering according to name broken
    2074210 - asia-south2, australia-southeast2, and southamerica-west1Missing from GCP regions
    2074237 - oc new-app --image-stream flag behavior is unclear
    2074243 - DefaultPlacement API allow empty enum value and remove default
    2074447 - cluster-dashboard: CPU Utilisation iowait and steal
    2074465 - PipelineRun fails in import from Git flow if "main" branch is default
    2074471 - Cannot delete namespace with a LB type svc and Kuryr when ExternalCloudProvider is enabled
    2074475 - [e2e][automation] kubevirt plugin cypress tests fail
    2074483 - coreos-installer doesnt work on Dell machines
    2074544 - e2e-metal-ipi-ovn-ipv6 failing due to recent CEO changes
    2074585 - MCG standalone deployment page goes blank when the KMS option is enabled
    2074606 - occm does not have permissions to annotate SVC objects
    2074612 - Operator fails to install due to service name lookup failure
    2074613 - nodeip-configuration container incorrectly attempts to relabel /etc/systemd/system
    2074635 - Unable to start Web Terminal after deleting existing instance
    2074659 - AWS installconfig ValidateForProvisioning always provides blank values to validate zone records
    2074706 - Custom EC2 endpoint is not considered by AWS EBS CSI driver
    2074710 - Transition to go-ovirt-client
    2074756 - Namespace column provide wrong data in ClusterRole Details -> Rolebindings tab
    2074767 - Metrics page show incorrect values due to metrics level config
    2074807 - NodeFilesystemSpaceFillingUp alert fires even before kubelet GC kicks in
    2074902 - oc debug node/nodename ? chroot /host somecommand should exit with non-zero when the sub-command failed
    2075015 - etcd-guard connection refused event repeating pathologically (payload blocking)
    2075024 - Metal upgrades permafailing on metal3 containers crash looping
    2075050 - oc-mirror fails to calculate between two channels with different prefixes for the same version of OCP
    2075091 - Symptom Detection.Undiagnosed panic detected in pod
    2075117 - Developer catalog: Order dropdown (A-Z, Z-A) is miss-aligned (in a separate row)
    2075149 - Trigger Translations When Extensions Are Updated
    2075189 - Imports from dynamic-plugin-sdk lead to failed module resolution errors
    2075459 - Set up cluster on aws with rootvolumn io2 failed due to no iops despite it being configured
    2075475 - OVN-Kubernetes: egress router pod (redirect mode), access from pod on different worker-node (redirect) doesn't work
    2075478 - Bump documentationBaseURL to 4.11
    2075491 - nmstate operator cannot be upgraded on SNO
    2075575 - Local Dev Env - Prometheus 404 Call errors spam the console
    2075584 - improve clarity of build failure messages when using csi shared resources but tech preview is not enabled
    2075592 - Regression - Top of the web terminal drawer is missing a stroke/dropshadow
    2075621 - Cluster upgrade.[sig-mco] Machine config pools complete upgrade
    2075647 - 'oc adm upgrade ...' POSTs ClusterVersion, clobbering any unrecognized spec properties
    2075671 - Cluster Ingress Operator K8S API cache contains duplicate objects
    2075778 - Fix failing TestGetRegistrySamples test
    2075873 - Bump recommended FCOS to 35.20220327.3.0
    2076193 - oc patch command for the liveness probe and readiness probe parameters of an OpenShift router deployment doesn't take effect
    2076270 - [OCPonRHV] MachineSet scale down operation fails to delete the worker VMs
    2076277 - [RFE] [OCPonRHV] Add storage domain ID valueto Compute/ControlPlain section in the machine object
    2076290 - PTP operator readme missing documentation on BC setup via PTP config
    2076297 - Router process ignores shutdown signal while starting up
    2076323 - OLM blocks all operator installs if an openshift-marketplace catalogsource is unavailable
    2076355 - The KubeletConfigController wrongly process multiple confs for a pool after having kubeletconfig in bootstrap
    2076393 - [VSphere] survey fails to list datacenters
    2076521 - Nodes in the same zone are not updated in the right order
    2076527 - Pipeline Builder: Make unnecessary tekton hub API calls when the user types 'too fast'
    2076544 - Whitespace (padding) is missing after an PatternFly update, already in 4.10
    2076553 - Project access view replace group ref with user ref when updating their Role
    2076614 - Missing Events component from the SDK API
    2076637 - Configure metrics for vsphere driver to be reported
    2076646 - openshift-install destroy unable to delete PVC disks in GCP if cluster identifier is longer than 22 characters
    2076793 - CVO exits upgrade immediately rather than waiting for etcd backup
    2076831 - [ocp4.11]Mem/cpu high utilization by apiserver/etcd for cluster stayed 10 hours
    2076877 - network operator tracker to switch to use flowcontrol.apiserver.k8s.io/v1beta2 instead v1beta1 to be deprecated in k8s 1.26
    2076880 - OKD: add cluster domain to the uploaded vm configs so that 30-local-dns-prepender can use it
    2076975 - Metric unset during static route conversion in configure-ovs.sh
    2076984 - TestConfigurableRouteNoConsumingUserNoRBAC fails in CI
    2077050 - OCP should default to pd-ssd disk type on GCP
    2077150 - Breadcrumbs on a few screens don't have correct top margin spacing
    2077160 - Update owners for openshift/cluster-etcd-operator
    2077357 - [release-4.11] 200ms packet delay with OVN controller turn on
    2077373 - Accessibility warning on developer perspective
    2077386 - Import page shows untranslated values for the route advanced routing>security options (devconsole~Edge)
    2077457 - failure in test case "[sig-network][Feature:Router] The HAProxy router should serve the correct routes when running with the haproxy config manager"
    2077497 - Rebase etcd to 3.5.3 or later
    2077597 - machine-api-controller is not taking the proxy configuration when it needs to reach the RHV API
    2077599 - OCP should alert users if they are on vsphere version <7.0.2
    2077662 - AWS Platform Provisioning Check incorrectly identifies record as part of domain of cluster
    2077797 - LSO pods don't have any resource requests
    2077851 - "make vendor" target is not working
    2077943 - If there is a service with multiple ports, and the route uses 8080, when editing the 8080 port isn't replaced, but a random port gets replaced and 8080 still stays
    2077994 - Publish RHEL CoreOS AMIs in AWS ap-southeast-3 region
    2078013 - drop multipathd.socket workaround
    2078375 - When using the wizard with template using data source the resulting vm use pvc source
    2078396 - [OVN AWS] EgressIP was not balanced to another egress node after original node was removed egress label
    2078431 - [OCPonRHV] - ERROR failed to instantiate provider "openshift/local/ovirt" to obtain schema:  ERROR fork/exec
    2078526 - Multicast breaks after master node reboot/sync
    2078573 - SDN CNI -Fail to create nncp when vxlan is up
    2078634 - CRI-O not killing Calico CNI stalled (zombie) processes. 
    2078698 - search box may not completely remove content
    2078769 - Different not translated filter group names (incl. Secret, Pipeline, PIpelineRun)
    2078778 - [4.11] oc get ValidatingWebhookConfiguration,MutatingWebhookConfiguration fails and caused ?apiserver panic'd...http2: panic serving xxx.xx.xxx.21:49748: cannot deep copy int? when AllRequestBodies audit-profile is used. 
    2078781 - PreflightValidation does not handle multiarch images
    2078866 - [BM][IPI] Installation with bonds fail - DaemonSet "openshift-ovn-kubernetes/ovnkube-node" rollout is not making progress
    2078875 - OpenShift Installer fail to remove Neutron ports
    2078895 - [OCPonRHV]-"cow" unsupported value in format field in install-config.yaml
    2078910 - CNO spitting out ".spec.groups[0].rules[4].runbook_url: field not declared in schema"
    2078945 - Ensure only one apiserver-watcher process is active on a node. 
    2078954 - network-metrics-daemon makes costly global pod list calls scaling per node
    2078969 - Avoid update races between old and new NTO operands during cluster upgrades
    2079012 - egressIP not migrated to correct workers after deleting machineset it was assigned
    2079062 - Test for console demo plugin toast notification needs to be increased for ci testing
    2079197 - [RFE] alert when more than one default storage class is detected
    2079216 - Partial cluster update reference doc link returns 404
    2079292 - containers prometheus-operator/kube-rbac-proxy violate PodSecurity
    2079315 - (release-4.11) Gather ODF config data with Insights
    2079422 - Deprecated 1.25 API call
    2079439 - OVN Pods Assigned Same IP Simultaneously
    2079468 - Enhance the waitForIngressControllerCondition for better CI results
    2079500 - okd-baremetal-install uses fcos for bootstrap but rhcos for cluster
    2079610 - Opeatorhub status shows errors
    2079663 - change default image features in RBD storageclass
    2079673 - Add flags to disable migrated code
    2079685 - Storageclass creation page with "Enable encryption" is not displaying saved KMS connection details when vaulttenantsa details are available in csi-kms-details config
    2079724 - cluster-etcd-operator - disable defrag-controller as there is unpredictable impact on large OpenShift Container Platform 4 - Cluster
    2079788 - Operator restarts while applying the acm-ice example
    2079789 - cluster drops ImplicitlyEnabledCapabilities during upgrade
    2079803 - Upgrade-triggered etcd backup will be skip during serial upgrade
    2079805 - Secondary scheduler operator should comply to restricted pod security level
    2079818 - Developer catalog installation overlay (modal?) shows a duplicated padding
    2079837 - [RFE] Hub/Spoke example with daemonset
    2079844 - EFS cluster csi driver status stuck in AWSEFSDriverCredentialsRequestControllerProgressing with sts installation
    2079845 - The Event Sinks catalog page now has a blank space on the left
    2079869 - Builds for multiple kernel versions should be ran in parallel when possible
    2079913 - [4.10] APIRemovedInNextEUSReleaseInUse alert for OVN endpointslices
    2079961 - The search results accordion has no spacing between it and the side navigation bar. 
    2079965 - [rebase v1.24]  [sig-node] PodOSRejection [NodeConformance] Kubelet should reject pod when the node OS doesn't match pod's OS [Suite:openshift/conformance/parallel] [Suite:k8s]
    2080054 - TAGS arg for installer-artifacts images is not propagated to build images
    2080153 - aws-load-balancer-operator-controller-manager pod stuck in ContainerCreating status
    2080197 - etcd leader changes produce test churn during early stage of test
    2080255 - EgressIP broken on AWS with OpenShiftSDN / latest nightly build
    2080267 - [Fresh Installation] Openshift-machine-config-operator namespace is flooded with events related to clusterrole, clusterrolebinding
    2080279 - CVE-2022-29810 go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses
    2080379 - Group all e2e tests as parallel or serial
    2080387 - Visual connector not appear between the node if a node get created using "move connector" to a different application
    2080416 - oc bash-completion problem
    2080429 - CVO must ensure non-upgrade related changes are saved when desired payload fails to load
    2080446 - Sync ironic images with latest bug fixes packages
    2080679 - [rebase v1.24] [sig-cli] test failure
    2080681 - [rebase v1.24]  [sig-cluster-lifecycle] CSRs from machines that are not recognized by the cloud provider are not approved [Suite:openshift/conformance/parallel]
    2080687 - [rebase v1.24]  [sig-network][Feature:Router] tests are failing
    2080873 - Topology graph crashes after update to 4.11 when Layout 2 (ColaForce) was selected previously
    2080964 - Cluster operator special-resource-operator is always in Failing state with reason: "Reconciling simple-kmod"
    2080976 - Avoid hooks config maps when hooks are empty
    2081012 - [rebase v1.24]  [sig-devex][Feature:OpenShiftControllerManager] TestAutomaticCreationOfPullSecrets [Suite:openshift/conformance/parallel]
    2081018 - [rebase v1.24] [sig-imageregistry][Feature:Image] oc tag should work when only imagestreams api is available
    2081021 - [rebase v1.24] [sig-api-machinery] API data in etcd should be stored at the correct location and version for all resources
    2081062 - Unrevert RHCOS back to 8.6
    2081067 - admin dev-console /settings/cluster should point out history may be excerpted
    2081069 - [sig-network] pods should successfully create sandboxes by adding pod to network
    2081081 - PreflightValidation "odd number of arguments passed as key-value pairs for logging" error
    2081084 - [rebase v1.24] [sig-instrumentation] Events API should ensure that an event can be fetched, patched, deleted, and listed
    2081087 - [rebase v1.24] [sig-auth] ServiceAccounts should allow opting out of API token automount
    2081119 - oc explain output of default overlaySize is outdated
    2081172 - MetallLB: YAML view in webconsole does not show all the available key value pairs of all the objects
    2081201 - cloud-init User check for Windows VM refuses to accept capitalized usernames
    2081447 - Ingress operator performs spurious updates in response to API's defaulting of router deployment's router container's ports' protocol field
    2081562 - lifecycle.posStart hook does not have network connectivity. 
    2081685 - Typo in NNCE Conditions
    2081743 - [e2e] tests failing
    2081788 - MetalLB: the crds are not validated until metallb is deployed
    2081821 - SpecialResourceModule CRD is not installed after deploying SRO operator using brew bundle image via OLM
    2081895 - Use the managed resource (and not the manifest) for resource health checks
    2081997 - disconnected insights operator remains degraded after editing pull secret
    2082075 - Removing huge amount of ports takes a lot of time. 
    2082235 - CNO exposes a generic apiserver that apparently does nothing
    2082283 - Transition to new oVirt Terraform provider
    2082360 - OCP 4.10.4, CNI: SDN; Whereabouts IPAM: Duplicate IP address with bond-cni
    2082380 - [4.10.z] customize wizard is crashed
    2082403 - [LSO] No new build local-storage-operator-metadata-container created
    2082428 - oc patch healthCheckInterval with invalid "5 s" to the ingress-controller successfully
    2082441 - [UPI] aws-load-balancer-operator-controller-manager failed to get VPC ID in UPI on AWS
    2082492 - [IPI IBM]Can't create image-registry-private-configuration secret with error "specified resource key credentials does not contain HMAC keys"
    2082535 - [OCPonRHV]-workers are cloned when "clone: false" is specified in install-config.yaml
    2082538 - apirequests limits of Cluster CAPI Operator are too low for GCP platform
    2082566 - OCP dashboard fails to load when the query to Prometheus takes more than 30s to return
    2082604 - [IBMCloud][x86_64] IBM VPC does not properly support RHCOS Custom Image tagging
    2082667 - No new machines provisioned while machineset controller drained old nodes for change to machineset
    2082687 - [IBM Cloud][x86_64][CCCMO] IBM x86_64 CCM using unsupported --port argument
    2082763 - Cluster install stuck on the applying for operatorhub "cluster"
    2083149 - "Update blocked" label incorrectly displays on new minor versions in the "Other available paths" modal
    2083153 - Unable to use application credentials for Manila PVC creation on OpenStack
    2083154 - Dynamic plugin sdk tsdoc generation does not render docs for parameters
    2083219 - DPU network operator doesn't deal with c1... inteface names
    2083237 - [vsphere-ipi] Machineset scale up process delay
    2083299 - SRO does not fetch mirrored DTK images in disconnected clusters
    2083445 - [FJ OCP4.11 Bug]: RAID setting during IPI cluster deployment fails if iRMC port number is specified
    2083451 - Update external serivces URLs to console.redhat.com
    2083459 - Make numvfs > totalvfs error message more verbose
    2083466 - Failed to create clusters on AWS C2S/SC2S due to image-registry MissingEndpoint error
    2083514 - Operator ignores managementState Removed
    2083641 - OpenShift Console Knative Eventing ContainerSource generates wrong api version when pointed to k8s Service
    2083756 - Linkify not upgradeable message on ClusterSettings page
    2083770 - Release image signature manifest filename extension is yaml
    2083919 - openshift4/ose-operator-registry:4.10.0 having security vulnerabilities
    2083942 - Learner promotion can temporarily fail with rpc not supported for learner errors
    2083964 - Sink resources dropdown is not persisted in form yaml switcher in event source creation form
    2083999 - "--prune-over-size-limit" is not working as expected
    2084079 - prometheus route is not updated to "path: /api" after upgrade from 4.10 to 4.11
    2084081 - nmstate-operator installed cluster on POWER shows issues while adding new dhcp interface
    2084124 - The Update cluster modal includes a broken link
    2084215 - Resource configmap "openshift-machine-api/kube-rbac-proxy" is defined by 2 manifests
    2084249 - panic in ovn pod from an e2e-aws-single-node-serial nightly run
    2084280 - GCP API Checks Fail if non-required APIs are not enabled
    2084288 - "alert/Watchdog must have no gaps or changes" failing after bump
    2084292 - Access to dashboard resources is needed in dynamic plugin SDK
    2084331 - Resource with multiple capabilities included unless all capabilities are disabled
    2084433 - Podsecurity violation error getting logged for ingresscontroller during deployment. 
    2084438 - Change Ping source spec.jsonData (deprecated) field  to spec.data
    2084441 - [IPI-Azure]fail to check the vm capabilities in install cluster
    2084459 - Topology list view crashes when switching from chart view after moving sink from knative service to uri
    2084463 - 5 control plane replica tests fail on ephemeral volumes
    2084539 - update azure arm templates to support customer provided vnet
    2084545 - [rebase v1.24] cluster-api-operator causes all techpreview tests to fail
    2084580 - [4.10] No cluster name sanity validation - cluster name with a dot (".") character
    2084615 - Add to navigation option on search page is not properly aligned
    2084635 - PipelineRun creation from the GUI for a Pipeline with 2 workspaces hardcode the PVC storageclass
    2084732 - A special resource that was created in OCP 4.9 can't be deleted after an upgrade to 4.10
    2085187 - installer-artifacts fails to build with go 1.18
    2085326 - kube-state-metrics is tripping APIRemovedInNextEUSReleaseInUse
    2085336 - [IPI-Azure] Fail to create the worker node which HyperVGenerations is V2 or V1 and vmNetworkingType is Accelerated
    2085380 - [IPI-Azure] Incorrect error prompt validate VM image and instance HyperV gen match when install cluster
    2085407 - There is no Edit link/icon for labels on Node details page
    2085721 - customization controller image name is wrong
    2086056 - Missing doc for OVS HW offload
    2086086 - Update Cluster Sample Operator dependencies and libraries for OCP 4.11
    2086092 - update kube to v.24
    2086143 - CNO uses too much memory
    2086198 - Cluster CAPI Operator creates unnecessary defaulting webhooks
    2086301 - kubernetes nmstate pods are not running after creating instance
    2086408 - Podsecurity violation error getting logged for  externalDNS operand pods during deployment
    2086417 - Pipeline created from add flow has GIT Revision as required field
    2086437 - EgressQoS CRD not available
    2086450 - aws-load-balancer-controller-cluster pod logged Podsecurity violation error during deployment
    2086459 - oc adm inspect fails when one of resources not exist
    2086461 - CNO probes MTU unnecessarily in Hypershift, making cluster startup take too long
    2086465 - External identity providers should log login attempts in the audit trail
    2086469 - No data about title 'API Request Duration by Verb - 99th Percentile' display on the dashboard 'API Performance'
    2086483 - baremetal-runtimecfg k8s dependencies should be on a par with 1.24 rebase
    2086505 - Update oauth-server images to be consistent with ART
    2086519 - workloads must comply to restricted security policy
    2086521 - Icons of Knative actions are not clearly visible on the context menu in the dark mode
    2086542 - Cannot create service binding through drag and drop
    2086544 - ovn-k master daemonset on hypershift shouldn't log token
    2086546 - Service binding connector is not visible in the dark mode
    2086718 - PowerVS destroy code does not work
    2086728 - [hypershift] Move drain to controller
    2086731 - Vertical pod autoscaler operator needs a 4.11 bump
    2086734 - Update csi driver images to be consistent with ART
    2086737 - cloud-provider-openstack rebase to kubernetes v1.24
    2086754 - Cluster resource override operator needs a 4.11 bump
    2086759 - [IPI] OCP-4.11 baremetal - boot partition is not mounted on temporary directory
    2086791 - Azure: Validate UltraSSD instances in multi-zone regions
    2086851 - pods with multiple external gateways may only be have ECMP routes for one gateway
    2086936 - vsphere ipi should use cores by default instead of sockets
    2086958 - flaky e2e in kube-controller-manager-operator TestPodDisruptionBudgetAtLimitAlert
    2086959 - flaky e2e in kube-controller-manager-operator TestLogLevel
    2086962 - oc-mirror publishes metadata with --dry-run when publishing to mirror
    2086964 - oc-mirror fails on differential run when mirroring a package with multiple channels specified
    2086972 - oc-mirror does not error invalid metadata is passed to the describe command
    2086974 - oc-mirror does not work with headsonly for operator 4.8
    2087024 - The oc-mirror result mapping.txt is not correct , can?t be used by oc image mirror command
    2087026 - DTK's imagestream is missing from OCP 4.11 payload
    2087037 - Cluster Autoscaler should use K8s 1.24 dependencies
    2087039 - Machine API components should use K8s 1.24 dependencies
    2087042 - Cloud providers components should use K8s 1.24 dependencies
    2087084 - remove unintentional nic support
    2087103 - "Updating to release image" from 'oc' should point out that the cluster-version operator hasn't accepted the update
    2087114 - Add simple-procfs-kmod in modprobe example in README.md
    2087213 - Spoke BMH stuck "inspecting" when deployed via ZTP in 4.11 OCP hub
    2087271 - oc-mirror does not check for existing workspace when performing mirror2mirror synchronization
    2087556 - Failed to render DPU ovnk manifests
    2087579 - --keep-manifest-list=true does not work for oc adm release new , only pick up the linux/amd64 manifest from the manifest list
    2087680 - [Descheduler] Sync with sigs.k8s.io/descheduler
    2087684 - KCMO should not be able to apply LowUpdateSlowReaction from Default WorkerLatencyProfile
    2087685 - KASO should not be able to apply LowUpdateSlowReaction from Default WorkerLatencyProfile
    2087687 - MCO does not generate event when user applies Default -> LowUpdateSlowReaction WorkerLatencyProfile
    2087764 - Rewrite the registry backend will hit error
    2087771 - [tracker] NetworkManager 1.36.0 loses DHCP lease and doesn't try again
    2087772 - Bindable badge causes some layout issues with the side panel of bindable operator backed services
    2087942 - CNO references images that are divergent from ART
    2087944 - KafkaSink Node visualized incorrectly
    2087983 - remove etcd_perf before restore
    2087993 - PreflightValidation many "msg":"TODO: preflight checks" in the operator log
    2088130 - oc-mirror init does not allow for automated testing
    2088161 - Match dockerfile image name with the name used in the release repo
    2088248 - Create HANA VM does not use values from customized HANA templates
    2088304 - ose-console: enable source containers for open source requirements
    2088428 - clusteroperator/baremetal stays in progressing: Applying metal3 resources state on a fresh install
    2088431 - AvoidBuggyIPs field of addresspool should be removed
    2088483 - oc adm catalog mirror returns 0 even if there are errors
    2088489 - Topology list does not allow selecting an application group anymore (again)
    2088533 - CRDs for openshift.io should have subresource.status failes on sharedconfigmaps.sharedresource and sharedsecrets.sharedresource
    2088535 - MetalLB: Enable debug log level for downstream CI
    2088541 - Default CatalogSources in openshift-marketplace namespace keeps throwing pod security admission warnings would violate PodSecurity "restricted:v1.24"
    2088561 - BMH unable to start inspection: File name too long
    2088634 - oc-mirror does not fail when catalog is invalid
    2088660 - Nutanix IPI installation inside container failed
    2088663 - Better to change the default value of --max-per-registry to 6
    2089163 - NMState CRD out of sync with code
    2089191 - should remove grafana from cluster-monitoring-config configmap in hypershift cluster
    2089224 - openshift-monitoring/cluster-monitoring-config configmap always revert to default setting
    2089254 - CAPI operator: Rotate token secret if its older than 30 minutes
    2089276 - origin tests for egressIP and azure fail
    2089295 - [Nutanix]machine stuck in Deleting phase when delete a machineset whose replicas>=2 and machine is Provisioning phase on Nutanix
    2089309 - [OCP 4.11] Ironic inspector image fails to clean disks that are part of a multipath setup if they are passive paths
    2089334 - All cloud providers should use service account credentials
    2089344 - Failed to deploy simple-kmod
    2089350 - Rebase sdn to 1.24
    2089387 - LSO not taking mpath. ignoring device
    2089392 - 120 node baremetal upgrade from 4.9.29 --> 4.10.13  crashloops on machine-approver
    2089396 - oc-mirror does not show pruned image plan
    2089405 - New topology package shows gray build icons instead of green/red icons for builds and pipelines
    2089419 - do not block 4.10 to 4.11 upgrades if an existing CSI driver is found. Instead, warn about presence of third party CSI driver
    2089488 - Special resources are missing the managementState field
    2089563 - Update Power VS MAPI to use api's from openshift/api repo
    2089574 - UWM prometheus-operator pod can't start up due to no master node in hypershift cluster
    2089675 - Could not move Serverless Service without Revision (or while starting?)
    2089681 - [Hypershift] EgressIP doesn't work in hypershift guest cluster
    2089682 - Installer expects all nutanix subnets to have a cluster reference which is not the case for e.g. overlay networks
    2089687 - alert message of MCDDrainError needs to be updated for new drain controller
    2089696 - CR reconciliation is stuck in daemonset lifecycle
    2089716 - [4.11][reliability]one worker node became NotReady on which ovnkube-node pod's memory increased sharply
    2089719 - acm-simple-kmod fails to build
    2089720 - [Hypershift] ICSP doesn't work for the guest cluster
    2089743 - acm-ice fails to deploy: helm chart does not appear to be a gzipped archive
    2089773 - Pipeline status filter and status colors doesn't work correctly with non-english languages
    2089775 - keepalived can keep ingress VIP on wrong node under certain circumstances
    2089805 - Config duration metrics aren't exposed
    2089827 - MetalLB CI - backward compatible tests are failing due to the order of delete
    2089909 - PTP e2e testing not working on SNO cluster
    2089918 - oc-mirror skip-missing still returns 404 errors when images do not exist
    2089930 - Bump OVN to 22.06
    2089933 - Pods do not post readiness status on termination
    2089968 - Multus CNI daemonset should use hostPath mounts with type: directory
    2089973 - bump libs to k8s 1.24 for OCP 4.11
    2089996 - Unnecessary yarn install runs in e2e tests
    2090017 - Enable source containers to meet open source requirements
    2090049 - destroying GCP cluster which has a compute node without infra id in name would fail to delete 2 k8s firewall-rules and VPC network
    2090092 - Will hit error if specify the channel not the latest
    2090151 - [RHEL scale up] increase the wait time so that the node has enough time to get ready
    2090178 - VM SSH command generated by UI points at api VIP
    2090182 - [Nutanix]Create a machineset with invalid image, machine stuck in "Provisioning" phase
    2090236 - Only reconcile annotations and status for clusters
    2090266 - oc adm release extract is failing on mutli arch image
    2090268 - [AWS EFS] Operator not getting installed successfully on Hypershift Guest cluster
    2090336 - Multus logging should be disabled prior to release
    2090343 - Multus debug logging should be enabled temporarily for debugging podsandbox creation failures. 
    2090358 - Initiating drain log message is displayed before the drain actually starts
    2090359 - Nutanix mapi-controller: misleading error message when the failure is caused by wrong credentials
    2090405 - [tracker] weird port mapping with asymmetric traffic [rhel-8.6.0.z]
    2090430 - gofmt code
    2090436 - It takes 30min-60min to update the machine count in custom MachineConfigPools (MCPs) when a node is removed from the pool
    2090437 - Bump CNO to k8s 1.24
    2090465 - golang version mismatch
    2090487 - Change default SNO Networking Type and disallow OpenShiftSDN a supported networking Type
    2090537 - failure in ovndb migration when db is not ready in HA mode
    2090549 - dpu-network-operator shall be able to run on amd64 arch platform
    2090621 - Metal3 plugin does not work properly with updated NodeMaintenance CRD
    2090627 - Git commit and branch are empty in MetalLB log
    2090692 - Bump to latest 1.24 k8s release
    2090730 - must-gather should include multus logs. 
    2090731 - nmstate deploys two instances of webhook on a single-node cluster
    2090751 - oc image mirror skip-missing flag does not skip images
    2090755 - MetalLB: BGPAdvertisement validation allows duplicate entries for ip pool selector, ip address pools, node selector and bgp peers
    2090774 - Add Readme to plugin directory
    2090794 - MachineConfigPool cannot apply a configuration after fixing the pods that caused a drain alert
    2090809 - gm.ClockClass  invalid syntax parse error in linux ptp daemon logs
    2090816 - OCP 4.8 Baremetal IPI installation failure: "Bootstrap failed to complete: timed out waiting for the condition"
    2090819 - oc-mirror does not catch invalid registry input when a namespace is specified
    2090827 - Rebase CoreDNS to 1.9.2 and k8s 1.24
    2090829 - Bump OpenShift router to k8s 1.24
    2090838 - Flaky test: ignore flapping host interface 'tunbr'
    2090843 - addLogicalPort() performance/scale optimizations
    2090895 - Dynamic plugin nav extension "startsWith" property does not work
    2090929 - [etcd] cluster-backup.sh script has a conflict to use the '/etc/kubernetes/static-pod-certs' folder if a custom API certificate is defined
    2090993 - [AI Day2] Worker node overview page crashes in Openshift console with TypeError
    2091029 - Cancel rollout action only appears when rollout is completed
    2091030 - Some BM may fail booting with default bootMode strategy
    2091033 - [Descheduler]: provide ability to override included/excluded namespaces
    2091087 - ODC Helm backend Owners file needs updates
    2091106 - Dependabot alert: Unhandled exception in gopkg.in/yaml.v3
    2091142 - Dependabot alert: Unhandled exception in gopkg.in/yaml.v3
    2091167 - IPsec runtime enabling not work in hypershift
    2091218 - Update Dev Console Helm backend to use helm 3.9.0
    2091433 - Update AWS instance types
    2091542 - Error Loading/404 not found page shown after clicking "Current namespace only"
    2091547 - Internet connection test with proxy permanently fails
    2091567 - oVirt CSI driver should use latest go-ovirt-client
    2091595 - Alertmanager configuration can't use OpsGenie's entity field when AlertmanagerConfig is enabled
    2091599 - PTP Dual Nic  | Extend Events 4.11 - Up/Down master interface affects all the other interface in the same NIC accoording the events and metric
    2091603 - WebSocket connection restarts when switching tabs in WebTerminal
    2091613 - simple-kmod fails to build due to missing KVC
    2091634 - OVS 2.15 stops handling traffic once ovs-dpctl(2.17.2) is used against it
    2091730 - MCO e2e tests are failing with "No token found in openshift-monitoring secrets"
    2091746 - "Oh no! Something went wrong" shown after user creates MCP without 'spec'
    2091770 - CVO gets stuck downloading an upgrade, with the version pod complaining about invalid options
    2091854 - clusteroperator status filter doesn't match all values in Status column
    2091901 - Log stream paused right after updating log lines in Web Console in OCP4.10
    2091902 - unable to retrieve the complete list of server APIs: metrics.k8s.io/v1beta1: the server has received too many requests and has asked us to try again later
    2091990 - wrong external-ids for ovn-controller lflow-cache-limit-kb
    2092003 - PR 3162 | BZ 2084450 - invalid URL schema for AWS causes tests to perma fail and break the cloud-network-config-controller
    2092041 - Bump cluster-dns-operator to k8s 1.24
    2092042 - Bump cluster-ingress-operator to k8s 1.24
    2092047 - Kube 1.24 rebase for cloud-network-config-controller
    2092137 - Search doesn't show all entries when name filter is cleared
    2092296 - Change Default MachineCIDR of Power VS Platform from 10.x to 192.168.0.0/16
    2092390 - [RDR] [UI] Multiple instances of Object Bucket, Object Bucket Claims and 'Overview' tab is present under Storage section on the Hub cluster when navigated back from the Managed cluster using the Hybrid console dropdown
    2092395 - etcdHighNumberOfFailedGRPCRequests alerts with wrong results
    2092408 - Wrong icon is used in the virtualization overview permissions card
    2092414 - In virtualization overview "running vm per templates" template list can be improved
    2092442 - Minimum time between drain retries is not the expected one
    2092464 - marketplace catalog defaults to v4.10
    2092473 - libovsdb performance backports
    2092495 - ovn: use up to 4 northd threads in non-SNO clusters
    2092502 - [azure-file-csi-driver] Stop shipping a NFS StorageClass
    2092509 - Invalid memory address error if non existing caBundle is configured in DNS-over-TLS using ForwardPlugins
    2092572 - acm-simple-kmod chart should create the namespace on the spoke cluster
    2092579 - Don't retry pod deletion if objects are not existing
    2092650 - [BM IPI with Provisioning Network] Worker nodes are not provisioned: ironic-agent is stuck before writing into disks
    2092703 - Incorrect mount propagation information in container status
    2092815 - can't delete the unwanted image from registry by oc-mirror
    2092851 - [Descheduler]: allow to customize the LowNodeUtilization strategy thresholds
    2092867 - make repository name unique in acm-ice/acm-simple-kmod examples
    2092880 - etcdHighNumberOfLeaderChanges returns incorrect number of leadership changes
    2092887 - oc-mirror list releases command uses filter-options flag instead of filter-by-os
    2092889 - Incorrect updating of EgressACLs using direction "from-lport"
    2092918 - CVE-2022-30321 go-getter: unsafe download (issue 1 of 3)
    2092923 - CVE-2022-30322 go-getter: unsafe download (issue 2 of 3)
    2092925 - CVE-2022-30323 go-getter: unsafe download (issue 3 of 3)
    2092928 - CVE-2022-26945 go-getter: command injection vulnerability
    2092937 - WebScale: OVN-k8s forwarding to external-gw over the secondary interfaces failing
    2092966 - [OCP 4.11] [azure] /etc/udev/rules.d/66-azure-storage.rules missing from initramfs
    2093044 - Azure machine-api-provider-azure Availability Set Name Length Limit
    2093047 - Dynamic Plugins: Generated API markdown duplicates checkAccess and useAccessReview doc
    2093126 - [4.11] Bootimage bump tracker
    2093236 - DNS operator stopped reconciling after 4.10 to 4.11 upgrade | 4.11 nightly to 4.11 nightly upgrade
    2093288 - Default catalogs fails liveness/readiness probes
    2093357 - Upgrading sno spoke with acm-ice, causes the sno to get unreachable
    2093368 - Installer orphans FIPs created for LoadBalancer Services on cluster destroy
    2093396 - Remove node-tainting for too-small MTU
    2093445 - ManagementState reconciliation breaks SR
    2093454 - Router proxy protocol doesn't work with dual-stack (IPv4 and IPv6) clusters
    2093462 - Ingress Operator isn't reconciling the ingress cluster operator object
    2093586 - Topology: Ctrl+space opens the quick search modal, but doesn't close it again
    2093593 - Import from Devfile shows configuration options that shoudn't be there
    2093597 - Import: Advanced option sentence is splited into two parts and headlines has no padding
    2093600 - Project access tab should apply new permissions before it delete old ones
    2093601 - Project access page doesn't allow the user to update the settings twice (without manually reload the content)
    2093783 - Should bump cluster-kube-descheduler-operator to kubernetes version V1.24
    2093797 - 'oc registry login' with serviceaccount function need update
    2093819 - An etcd member for a new machine was never added to the cluster
    2093930 - Gather console helm install  totals metric
    2093957 - Oc-mirror write dup metadata to registry backend
    2093986 - Podsecurity violation error getting logged for pod-identity-webhook
    2093992 - Cluster version operator acknowledges upgrade failing on periodic-ci-openshift-release-master-nightly-4.11-e2e-metal-ipi-upgrade-ovn-ipv6
    2094023 - Add Git Flow - Template Labels for Deployment show as DeploymentConfig
    2094024 - bump oauth-apiserver deps to include 1.23.1 k8s that fixes etcd blips
    2094039 - egressIP panics with nil pointer dereference
    2094055 - Bump coreos-installer for s390x Secure Execution
    2094071 - No runbook created for SouthboundStale alert
    2094088 - Columns in NBDB may never be updated by OVNK
    2094104 - Demo dynamic plugin image tests should be skipped when testing console-operator
    2094152 - Alerts in the virtualization overview status card aren't filtered
    2094196 - Add default and validating webhooks for Power VS MAPI
    2094227 - Topology: Create Service Binding should not be the last option (even under delete)
    2094239 - custom pool Nodes with 0 nodes are always populated in progress bar
    2094303 - If og is configured with sa, operator installation will be failed. 
    2094335 - [Nutanix] - debug logs are enabled by default in machine-controller
    2094342 - apirequests limits of Cluster CAPI Operator are too low for Azure platform
    2094438 - Make AWS URL parsing more lenient for GetNodeEgressIPConfiguration
    2094525 - Allow automatic upgrades for efs operator
    2094532 - ovn-windows CI jobs are broken
    2094675 - PTP Dual Nic  | Extend Events 4.11 - when kill the phc2sys We have notification for the ptp4l physical master moved to free run
    2094694 - [Nutanix] No cluster name sanity validation - cluster name with a dot (".") character
    2094704 - Verbose log activated on kube-rbac-proxy in deployment prometheus-k8s
    2094801 - Kuryr controller keep restarting when handling IPs with leading zeros
    2094806 - Machine API oVrit component should use K8s 1.24 dependencies
    2094816 - Kuryr controller restarts when over quota
    2094833 - Repository overview page does not show default PipelineRun template for developer user
    2094857 - CloudShellTerminal loops indefinitely if DevWorkspace CR goes into failed state
    2094864 - Rebase CAPG to latest changes
    2094866 - oc-mirror does not always delete all manifests associated with an image during pruning
    2094896 - Run 'openshift-install agent create image' has segfault exception if cluster-manifests directory missing
    2094902 - Fix installer cross-compiling
    2094932 - MGMT-10403 Ingress should enable single-node cluster expansion on upgraded clusters
    2095049 - managed-csi StorageClass does not create PVs
    2095071 - Backend tests fails after devfile registry update
    2095083 - Observe > Dashboards: Graphs may change a lot on automatic refresh
    2095110 - [ovn] northd container termination script must use bash
    2095113 - [ovnkube] bump to openvswitch2.17-2.17.0-22.el8fdp
    2095226 - Added changes to verify cloud connection and dhcpservices quota of a powervs instance
    2095229 - ingress-operator pod in CrashLoopBackOff in 4.11 after upgrade starting in 4.6 due to go panic
    2095231 - Kafka Sink sidebar in topology is empty
    2095247 - Event sink form doesn't show channel as sink until app is refreshed
    2095248 - [vSphere-CSI-Driver] does not report volume count limits correctly caused pod with multi volumes maybe schedule to not satisfied volume count node
    2095256 - Samples Owner needs to be Updated
    2095264 - ovs-configuration.service fails with Error: Failed to modify connection 'ovs-if-br-ex': failed to update connection: error writing to file '/etc/NetworkManager/systemConnectionsMerged/ovs-if-br-ex.nmconnection'
    2095362 - oVirt CSI driver operator should use latest go-ovirt-client
    2095574 - e2e-agnostic CI job fails
    2095687 - Debug Container shown for build logs and on click ui breaks
    2095703 - machinedeletionhooks doesn't work in vsphere cluster and BM cluster
    2095716 - New PSA component for Pod Security Standards enforcement is refusing openshift-operators ns
    2095756 - CNO panics with concurrent map read/write
    2095772 - Memory requests for ovnkube-master containers are over-sized
    2095917 - Nutanix set osDisk with diskSizeGB rather than diskSizeMiB
    2095941 - DNS Traffic not kept local to zone or node when Calico SDN utilized
    2096053 - Builder Image icons in Git Import flow are hard to see in Dark mode
    2096226 - crio fails to bind to tentative IP, causing service failure since RHOCS was rebased on RHEL 8.6
    2096315 - NodeClockNotSynchronising alert's severity should be critical
    2096350 - Web console doesn't display webhook errors for upgrades
    2096352 - Collect whole journal in gather
    2096380 - acm-simple-kmod references deprecated KVC example
    2096392 - Topology node icons are not properly visible in Dark mode
    2096394 - Add page Card items background color does not match with column background color in Dark mode
    2096413 - br-ex not created due to default bond interface having a different mac address than expected
    2096496 - FIPS issue on OCP SNO with RT Kernel via performance profile
    2096605 - [vsphere] no validation checking for diskType
    2096691 - [Alibaba 4.11] Specifying ResourceGroup id in install-config.yaml, New pv are still getting created to default ResourceGroups
    2096855 - oc adm release new failed with error when use  an existing  multi-arch release image as input
    2096905 - Openshift installer should not use the prism client embedded in nutanix terraform provider
    2096908 - Dark theme issue in pipeline builder, Helm rollback form, and Git import
    2097000 - KafkaConnections disappear from Topology after creating KafkaSink in Topology
    2097043 - No clean way to specify operand issues to KEDA OLM operator
    2097047 - MetalLB:  matchExpressions used in CR like L2Advertisement, BGPAdvertisement, BGPPeers allow duplicate entries
    2097067 - ClusterVersion history pruner does not always retain initial completed update entry
    2097153 - poor performance on API call to vCenter ListTags with thousands of tags
    2097186 - PSa autolabeling in 4.11 env upgraded from 4.10 does not work due to missing RBAC objects
    2097239 - Change Lower CPU limits for Power VS cloud
    2097246 - Kuryr: verify and unit jobs failing due to upstream OpenStack dropping py36 support
    2097260 - openshift-install create manifests failed for Power VS platform
    2097276 - MetalLB CI deploys the operator via manifests and not using the csv
    2097282 - chore: update external-provisioner to the latest upstream release
    2097283 - chore: update external-snapshotter to the latest upstream release
    2097284 - chore: update external-attacher to the latest upstream release
    2097286 - chore: update node-driver-registrar to the latest upstream release
    2097334 - oc plugin help shows 'kubectl'
    2097346 - Monitoring must-gather doesn't seem to be working anymore in 4.11
    2097400 - Shared Resource CSI Driver needs additional permissions for validation webhook
    2097454 - Placeholder bug for OCP 4.11.0 metadata release
    2097503 - chore: rebase against latest external-resizer
    2097555 - IngressControllersNotUpgradeable: load balancer service has been modified; changes must be reverted before upgrading
    2097607 - Add Power VS support to Webhooks tests in actuator e2e test
    2097685 - Ironic-agent can't restart because of existing container
    2097716 - settings under httpConfig is dropped with AlertmanagerConfig v1beta1
    2097810 - Required Network tools missing for Testing e2e PTP
    2097832 - clean up unused IPv6DualStackNoUpgrade feature gate
    2097940 - openshift-install destroy cluster traps if vpcRegion not specified
    2097954 - 4.11 installation failed at monitoring and network clusteroperators with error "conmon: option parsing failed: Unknown option --log-global-size-max" making all jobs failing
    2098172 - oc-mirror does not validatethe registry in the storage config
    2098175 - invalid license in python-dataclasses-0.8-2.el8 spec
    2098177 - python-pint-0.10.1-2.el8 has unused Patch0 in spec file
    2098242 - typo in SRO specialresourcemodule
    2098243 - Add error check to Platform create for Power VS
    2098392 - [OCP 4.11] Ironic cannot match "wwn" rootDeviceHint for a multipath device
    2098508 - Control-plane-machine-set-operator report panic
    2098610 - No need to check the push permission with ?manifests-only option
    2099293 - oVirt cluster API provider should use latest go-ovirt-client
    2099330 - Edit application grouping is shown to user with view only access in a cluster
    2099340 - CAPI e2e tests for AWS are missing
    2099357 - ovn-kubernetes needs explicit RBAC coordination leases for 1.24 bump
    2099358 - Dark mode+Topology update: Unexpected selected+hover border and background colors for app groups
    2099528 - Layout issue: No spacing in delete modals
    2099561 - Prometheus returns HTTP 500 error on /favicon.ico
    2099582 - Format and update Repository overview content
    2099611 - Failures on etcd-operator watch channels
    2099637 - Should print error when use --keep-manifest-list\xfalse for manifestlist image
    2099654 - Topology performance: Endless rerender loop when showing a Http EventSink (KameletBinding)
    2099668 - KubeControllerManager should degrade when GC stops working
    2099695 - Update CAPG after rebase
    2099751 - specialresourcemodule stacktrace while looping over build status
    2099755 - EgressIP node's mgmtIP reachability configuration option
    2099763 - Update icons for event sources and sinks in topology, Add page, and context menu
    2099811 - UDP Packet loss in OpenShift using IPv6 [upcall]
    2099821 - exporting a pointer for the loop variable
    2099875 - The speaker won't start if there's another component on the host listening on 8080
    2099899 - oc-mirror looks for layers in the wrong repository when searching for release images during publishing
    2099928 - [FJ OCP4.11 Bug]: Add unit tests to image_customization_test file
    2099968 - [Azure-File-CSI] failed to provisioning volume in ARO cluster
    2100001 - Sync upstream v1.22.0 downstream
    2100007 - Run bundle-upgrade failed from the traditional File-Based Catalog installed operator
    2100033 - OCP 4.11 IPI - Some csr remain "Pending" post deployment
    2100038 - failure to update special-resource-lifecycle table during update Event
    2100079 - SDN needs explicit RBAC coordination leases for 1.24 bump
    2100138 - release info --bugs has no differentiator between Jira and Bugzilla
    2100155 - kube-apiserver-operator should raise an alert when there is a Pod Security admission violation
    2100159 - Dark theme: Build icon for pending status is not inverted in topology sidebar
    2100323 - Sqlit-based catsrc cannot be ready due to "Error: open ./db-xxxx: permission denied"
    2100347 - KASO retains old config values when switching from Medium/Default to empty worker latency profile
    2100356 - Remove Condition tab and create option from console as it is deprecated in OSP-1.8
    2100439 - [gce-pd] GCE PD in-tree storage plugin tests not running
    2100496 - [OCPonRHV]-oVirt API returns affinity groups without a description field
    2100507 - Remove redundant log lines from obj_retry.go
    2100536 - Update API to allow EgressIP node reachability check
    2100601 - Update CNO to allow EgressIP node reachability check
    2100643 - [Migration] [GCP]OVN can not rollback to SDN
    2100644 - openshift-ansible FTBFS on RHEL8
    2100669 - Telemetry should not log the full path if it contains a username
    2100749 - [OCP 4.11] multipath support needs multipath modules
    2100825 - Update machine-api-powervs go modules to latest version
    2100841 - tiny openshift-install usability fix for setting KUBECONFIG
    2101460 - An etcd member for a new machine was never added to the cluster
    2101498 - Revert Bug 2082599: add upper bound to number of failed attempts
    2102086 - The base image is still 4.10 for operator-sdk 1.22
    2102302 - Dummy bug for 4.10 backports
    2102362 - Valid regions should be allowed in GCP install config
    2102500 - Kubernetes NMState pods can not evict due to PDB on an SNO cluster
    2102639 - Drain happens before other image-registry pod is ready to service requests, causing disruption
    2102782 - topolvm-controller get into CrashLoopBackOff few minutes after install
    2102834 - [cloud-credential-operator]container has runAsNonRoot and image will run as root
    2102947 - [VPA] recommender is logging errors for pods with init containers
    2103053 - [4.11] Backport Prow CI improvements from master
    2103075 - Listing secrets in all namespaces with a specific labelSelector does not work properly
    2103080 - br-ex not created due to default bond interface having a different mac address than expected
    2103177 - disabling ipv6 router advertisements using "all" does not disable it on secondary interfaces
    2103728 - Carry HAProxy patch 'BUG/MEDIUM: h2: match absolute-path not path-absolute for :path'
    2103749 - MachineConfigPool is not getting updated
    2104282 - heterogeneous arch: oc adm extract encodes arch specific release payload pullspec rather than the manifestlisted pullspec
    2104432 - [dpu-network-operator] Updating images to be consistent with ART
    2104552 - kube-controller-manager operator 4.11.0-rc.0 degraded on disabled monitoring stack
    2104561 - 4.10 to 4.11 update: Degraded node: unexpected on-disk state: mode mismatch for file: "/etc/crio/crio.conf.d/01-ctrcfg-pidsLimit"; expected: -rw-r--r--/420/0644; received: ----------/0/0
    2104589 - must-gather namespace should have ?privileged? warn and audit pod security labels besides enforce
    2104701 - In CI 4.10 HAProxy must-gather takes longer than 10 minutes
    2104717 - NetworkPolicies: ovnkube-master pods crashing due to panic: "invalid memory address or nil pointer dereference"
    2104727 - Bootstrap node should honor http proxy
    2104906 - Uninstall fails with Observed a panic: runtime.boundsError
    2104951 - Web console doesn't display webhook errors for upgrades
    2104991 - Completed pods may not be correctly cleaned up
    2105101 - NodeIP is used instead of EgressIP if egressPod is recreated within 60 seconds
    2105106 - co/node-tuning: Waiting for 15/72 Profiles to be applied
    2105146 - Degraded=True noise with: UpgradeBackupControllerDegraded: unable to retrieve cluster version, no completed update was found in cluster version status history
    2105167 - BuildConfig throws error when using a label with a / in it
    2105334 - vmware-vsphere-csi-driver-controller can't use host port error on e2e-vsphere-serial
    2105382 - Add a validation webhook for Nutanix machine provider spec in Machine API Operator
    2105468 - The ccoctl does not seem to know how to leverage the VMs service account to talk to GCP APIs. 
    2105937 - telemeter golangci-lint outdated blocking ART PRs that update to Go1.18
    2106051 - Unable to deploy acm-ice using latest SRO 4.11 build
    2106058 - vSphere defaults to SecureBoot on; breaks installation of out-of-tree drivers [4.11.0]
    2106062 - [4.11] Bootimage bump tracker
    2106116 - IngressController spec.tuningOptions.healthCheckInterval validation allows invalid values such as "0abc"
    2106163 - Samples ImageStreams vs. registry.redhat.io: unsupported: V2 schema 1 manifest digests are no longer supported for image pulls
    2106313 - bond-cni: backport bond-cni GA items to 4.11
    2106543 - Typo in must-gather release-4.10
    2106594 - crud/other-routes.spec.ts Cypress test failing at a high rate in CI
    2106723 - [4.11] Upgrade from 4.11.0-rc0 -> 4.11.0-rc.1 failed. rpm-ostree status shows No space left on device
    2106855 - [4.11.z] externalTrafficPolicy=Local is not working in local gateway mode if ovnkube-node is restarted
    2107493 - ReplicaSet prometheus-operator-admission-webhook has timed out progressing
    2107501 - metallb greenwave tests failure
    2107690 - Driver Container builds fail with "error determining starting point for build: no FROM statement found"
    2108175 - etcd backup seems to not be triggered in 4.10.18-->4.10.20 upgrade
    2108617 - [oc adm release] extraction of the installer against a manifestlisted payload referenced by tag leads to a bad release image reference
    2108686 - rpm-ostreed: start limit hit easily
    2110505 - [Upgrade]deployment openshift-machine-api/machine-api-operator has a replica failure FailedCreate
    2110715 - openshift-controller-manager(-operator) namespace should clear run-level annotations
    2111055 - dummy bug for 4.10.z bz2110938

    1. References:

    https://access.redhat.com/security/cve/CVE-2018-25009 https://access.redhat.com/security/cve/CVE-2018-25010 https://access.redhat.com/security/cve/CVE-2018-25012 https://access.redhat.com/security/cve/CVE-2018-25013 https://access.redhat.com/security/cve/CVE-2018-25014 https://access.redhat.com/security/cve/CVE-2018-25032 https://access.redhat.com/security/cve/CVE-2019-5827 https://access.redhat.com/security/cve/CVE-2019-13750 https://access.redhat.com/security/cve/CVE-2019-13751 https://access.redhat.com/security/cve/CVE-2019-17594 https://access.redhat.com/security/cve/CVE-2019-17595 https://access.redhat.com/security/cve/CVE-2019-18218 https://access.redhat.com/security/cve/CVE-2019-19603 https://access.redhat.com/security/cve/CVE-2019-20838 https://access.redhat.com/security/cve/CVE-2020-13435 https://access.redhat.com/security/cve/CVE-2020-14155 https://access.redhat.com/security/cve/CVE-2020-17541 https://access.redhat.com/security/cve/CVE-2020-19131 https://access.redhat.com/security/cve/CVE-2020-24370 https://access.redhat.com/security/cve/CVE-2020-28493 https://access.redhat.com/security/cve/CVE-2020-35492 https://access.redhat.com/security/cve/CVE-2020-36330 https://access.redhat.com/security/cve/CVE-2020-36331 https://access.redhat.com/security/cve/CVE-2020-36332 https://access.redhat.com/security/cve/CVE-2021-3481 https://access.redhat.com/security/cve/CVE-2021-3580 https://access.redhat.com/security/cve/CVE-2021-3634 https://access.redhat.com/security/cve/CVE-2021-3672 https://access.redhat.com/security/cve/CVE-2021-3695 https://access.redhat.com/security/cve/CVE-2021-3696 https://access.redhat.com/security/cve/CVE-2021-3697 https://access.redhat.com/security/cve/CVE-2021-3737 https://access.redhat.com/security/cve/CVE-2021-4115 https://access.redhat.com/security/cve/CVE-2021-4156 https://access.redhat.com/security/cve/CVE-2021-4189 https://access.redhat.com/security/cve/CVE-2021-20095 https://access.redhat.com/security/cve/CVE-2021-20231 https://access.redhat.com/security/cve/CVE-2021-20232 https://access.redhat.com/security/cve/CVE-2021-23177 https://access.redhat.com/security/cve/CVE-2021-23566 https://access.redhat.com/security/cve/CVE-2021-23648 https://access.redhat.com/security/cve/CVE-2021-25219 https://access.redhat.com/security/cve/CVE-2021-31535 https://access.redhat.com/security/cve/CVE-2021-31566 https://access.redhat.com/security/cve/CVE-2021-36084 https://access.redhat.com/security/cve/CVE-2021-36085 https://access.redhat.com/security/cve/CVE-2021-36086 https://access.redhat.com/security/cve/CVE-2021-36087 https://access.redhat.com/security/cve/CVE-2021-38185 https://access.redhat.com/security/cve/CVE-2021-38593 https://access.redhat.com/security/cve/CVE-2021-40528 https://access.redhat.com/security/cve/CVE-2021-41190 https://access.redhat.com/security/cve/CVE-2021-41617 https://access.redhat.com/security/cve/CVE-2021-42771 https://access.redhat.com/security/cve/CVE-2021-43527 https://access.redhat.com/security/cve/CVE-2021-43818 https://access.redhat.com/security/cve/CVE-2021-44225 https://access.redhat.com/security/cve/CVE-2021-44906 https://access.redhat.com/security/cve/CVE-2022-0235 https://access.redhat.com/security/cve/CVE-2022-0778 https://access.redhat.com/security/cve/CVE-2022-1012 https://access.redhat.com/security/cve/CVE-2022-1215 https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-1586 https://access.redhat.com/security/cve/CVE-2022-1621 https://access.redhat.com/security/cve/CVE-2022-1629 https://access.redhat.com/security/cve/CVE-2022-1706 https://access.redhat.com/security/cve/CVE-2022-1729 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/cve/CVE-2022-2097 https://access.redhat.com/security/cve/CVE-2022-21698 https://access.redhat.com/security/cve/CVE-2022-22576 https://access.redhat.com/security/cve/CVE-2022-23772 https://access.redhat.com/security/cve/CVE-2022-23773 https://access.redhat.com/security/cve/CVE-2022-23806 https://access.redhat.com/security/cve/CVE-2022-24407 https://access.redhat.com/security/cve/CVE-2022-24675 https://access.redhat.com/security/cve/CVE-2022-24903 https://access.redhat.com/security/cve/CVE-2022-24921 https://access.redhat.com/security/cve/CVE-2022-25313 https://access.redhat.com/security/cve/CVE-2022-25314 https://access.redhat.com/security/cve/CVE-2022-26691 https://access.redhat.com/security/cve/CVE-2022-26945 https://access.redhat.com/security/cve/CVE-2022-27191 https://access.redhat.com/security/cve/CVE-2022-27774 https://access.redhat.com/security/cve/CVE-2022-27776 https://access.redhat.com/security/cve/CVE-2022-27782 https://access.redhat.com/security/cve/CVE-2022-28327 https://access.redhat.com/security/cve/CVE-2022-28733 https://access.redhat.com/security/cve/CVE-2022-28734 https://access.redhat.com/security/cve/CVE-2022-28735 https://access.redhat.com/security/cve/CVE-2022-28736 https://access.redhat.com/security/cve/CVE-2022-28737 https://access.redhat.com/security/cve/CVE-2022-29162 https://access.redhat.com/security/cve/CVE-2022-29810 https://access.redhat.com/security/cve/CVE-2022-29824 https://access.redhat.com/security/cve/CVE-2022-30321 https://access.redhat.com/security/cve/CVE-2022-30322 https://access.redhat.com/security/cve/CVE-2022-30323 https://access.redhat.com/security/cve/CVE-2022-32250 https://access.redhat.com/security/updates/classification/#important

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBYvOfk9zjgjWX9erEAQhJ/w//UlbBGKBBFBAyfEmQf9Zu0yyv6MfZW0Zl iO1qXVIl9UQUFjTY5ejerx7cP8EBWLhKaiiqRRjbjtj+w+ENGB4LLj6TEUrSM5oA YEmhnX3M+GUKF7Px61J7rZfltIOGhYBvJ+qNZL2jvqz1NciVgI4/71cZWnvDbGpa 02w3Dn0JzhTSR9znNs9LKcV/anttJ3NtOYhqMXnN8EpKdtzQkKRazc7xkOTxfxyl jRiER2Z0TzKDE6dMoVijS2Sv5j/JF0LRwetkZl6+oh8ehKh5GRV3lPg3eVkhzDEo /gp0P9GdLMHi6cS6uqcREbod//waSAa7cssgULoycFwjzbDK3L2c+wMuWQIgXJca RYuP6wvrdGwiI1mgUi/226EzcZYeTeoKxnHkp7AsN9l96pJYafj0fnK1p9NM/8g3 jBE/W4K8jdDNVd5l1Z5O0Nyxk6g4P8MKMe10/w/HDXFPSgufiCYIGX4TKqb+ESIR SuYlSMjoGsB4mv1KMDEUJX6d8T05lpEwJT0RYNdZOouuObYMtcHLpRQHH9mkj86W pHdma5aGG/mTMvSMW6l6L05uT41Azm6fVimTv+E5WvViBni2480CVH+9RexKKSyL XcJX1gaLdo+72I/gZrtT+XE5tcJ3Sf5fmfsenQeY4KFum/cwzbM6y7RGn47xlEWB xBWKPzRxz0Q=9r0B -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Relevant releases/architectures:

    Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64

    1. Description:

    PCRE is a Perl-compatible regular expression library.

    Security Fix(es):

    • pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1 (CVE-2019-20838)

    • pcre: Integer overflow when parsing callout numeric arguments (CVE-2020-14155)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1848436 - CVE-2020-14155 pcre: Integer overflow when parsing callout numeric arguments 1848444 - CVE-2019-20838 pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1

    1. Package List:

    Red Hat Enterprise Linux BaseOS (v. 8):

    Source: pcre-8.42-6.el8.src.rpm

    aarch64: pcre-8.42-6.el8.aarch64.rpm pcre-cpp-8.42-6.el8.aarch64.rpm pcre-cpp-debuginfo-8.42-6.el8.aarch64.rpm pcre-debuginfo-8.42-6.el8.aarch64.rpm pcre-debugsource-8.42-6.el8.aarch64.rpm pcre-devel-8.42-6.el8.aarch64.rpm pcre-tools-debuginfo-8.42-6.el8.aarch64.rpm pcre-utf16-8.42-6.el8.aarch64.rpm pcre-utf16-debuginfo-8.42-6.el8.aarch64.rpm pcre-utf32-8.42-6.el8.aarch64.rpm pcre-utf32-debuginfo-8.42-6.el8.aarch64.rpm

    ppc64le: pcre-8.42-6.el8.ppc64le.rpm pcre-cpp-8.42-6.el8.ppc64le.rpm pcre-cpp-debuginfo-8.42-6.el8.ppc64le.rpm pcre-debuginfo-8.42-6.el8.ppc64le.rpm pcre-debugsource-8.42-6.el8.ppc64le.rpm pcre-devel-8.42-6.el8.ppc64le.rpm pcre-tools-debuginfo-8.42-6.el8.ppc64le.rpm pcre-utf16-8.42-6.el8.ppc64le.rpm pcre-utf16-debuginfo-8.42-6.el8.ppc64le.rpm pcre-utf32-8.42-6.el8.ppc64le.rpm pcre-utf32-debuginfo-8.42-6.el8.ppc64le.rpm

    s390x: pcre-8.42-6.el8.s390x.rpm pcre-cpp-8.42-6.el8.s390x.rpm pcre-cpp-debuginfo-8.42-6.el8.s390x.rpm pcre-debuginfo-8.42-6.el8.s390x.rpm pcre-debugsource-8.42-6.el8.s390x.rpm pcre-devel-8.42-6.el8.s390x.rpm pcre-tools-debuginfo-8.42-6.el8.s390x.rpm pcre-utf16-8.42-6.el8.s390x.rpm pcre-utf16-debuginfo-8.42-6.el8.s390x.rpm pcre-utf32-8.42-6.el8.s390x.rpm pcre-utf32-debuginfo-8.42-6.el8.s390x.rpm

    x86_64: pcre-8.42-6.el8.i686.rpm pcre-8.42-6.el8.x86_64.rpm pcre-cpp-8.42-6.el8.i686.rpm pcre-cpp-8.42-6.el8.x86_64.rpm pcre-cpp-debuginfo-8.42-6.el8.i686.rpm pcre-cpp-debuginfo-8.42-6.el8.x86_64.rpm pcre-debuginfo-8.42-6.el8.i686.rpm pcre-debuginfo-8.42-6.el8.x86_64.rpm pcre-debugsource-8.42-6.el8.i686.rpm pcre-debugsource-8.42-6.el8.x86_64.rpm pcre-devel-8.42-6.el8.i686.rpm pcre-devel-8.42-6.el8.x86_64.rpm pcre-tools-debuginfo-8.42-6.el8.i686.rpm pcre-tools-debuginfo-8.42-6.el8.x86_64.rpm pcre-utf16-8.42-6.el8.i686.rpm pcre-utf16-8.42-6.el8.x86_64.rpm pcre-utf16-debuginfo-8.42-6.el8.i686.rpm pcre-utf16-debuginfo-8.42-6.el8.x86_64.rpm pcre-utf32-8.42-6.el8.i686.rpm pcre-utf32-8.42-6.el8.x86_64.rpm pcre-utf32-debuginfo-8.42-6.el8.i686.rpm pcre-utf32-debuginfo-8.42-6.el8.x86_64.rpm

    Red Hat Enterprise Linux CRB (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. Summary:

    The Migration Toolkit for Containers (MTC) 1.6.3 is now available. Description:

    The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):

    2019088 - "MigrationController" CR displays syntax error when unquiescing applications 2021666 - Route name longer than 63 characters causes direct volume migration to fail 2021668 - "MigrationController" CR ignores the "cluster_subdomain" value for direct volume migration routes 2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) 2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image 2027196 - "migration-controller" pod goes into "CrashLoopBackoff" state if an invalid registry route is entered on the "Clusters" page of the web console 2027382 - "Copy oc describe/oc logs" window does not close automatically after timeout 2028841 - "rsync-client" container fails during direct volume migration with "Address family not supported by protocol" error 2031793 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "includedResources" resource 2039852 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "destMigClusterRef" or "srcMigClusterRef"

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet 1997017 - unprivileged client fails to get guest agent data 1998855 - Node drain: Sometimes source virt-launcher pod status is Failed and not Completed 2000251 - RoleBinding and ClusterRoleBinding brought in by kubevirt does not get reconciled when kind is ServiceAccount 2001270 - [VMIO] [Warm from Vmware] Snapshot files are not deleted after Successful Import 2001281 - [VMIO] [Warm from VMware] Source VM should not be turned ON if vmio import is removed 2001901 - [4.8.3] NNCP creation failures after nmstate-handler pod deletion 2007336 - 4.8.3 containers 2007776 - Failed to Migrate Windows VM with CDROM (readonly) 2008511 - [CNV-4.8.3] VMI is in LiveMigrate loop when Upgrading Cluster from 2.6.7/4.7.32 to OCP 4.8.13 2012890 - With descheduler during multiple VMIs migrations, some VMs are restarted 2025475 - [4.8.3] Upgrade from 2.6 to 4.x versions failed due to vlan-filtering issues 2026881 - [4.8.3] vlan-filtering is getting applied on veth ports

    1. Description:

    The release of RHACS 3.67 provides the following new features, bug fixes, security patches and system changes:

    OpenShift Dedicated support

    RHACS 3.67 is thoroughly tested and supported on OpenShift Dedicated on Amazon Web Services and Google Cloud Platform. Use OpenShift OAuth server as an identity provider If you are using RHACS with OpenShift, you can now configure the built-in OpenShift OAuth server as an identity provider for RHACS. Enhancements for CI outputs Red Hat has improved the usability of RHACS CI integrations. CI outputs now show additional detailed information about the vulnerabilities and the security policies responsible for broken builds. Runtime Class policy criteria Users can now use RHACS to define the container runtime configuration that may be used to run a pod’s containers using the Runtime Class policy criteria.

    Bug Fixes The release of RHACS 3.67 includes the following bug fixes:

    1. Previously, when using RHACS with the Compliance Operator integration, RHACS did not respect or populate Compliance Operator TailoredProfiles. This has been fixed. Previously, the Alpine Linux package manager (APK) in Image policy looked for the presence of apk package in the image rather than the apk-tools package. This issue has been fixed.

    System changes The release of RHACS 3.67 includes the following system changes:

    1. Scanner now identifies vulnerabilities in Ubuntu 21.10 images. The Port exposure method policy criteria now include route as an exposure method. The OpenShift: Kubeadmin Secret Accessed security policy now allows the OpenShift Compliance Operator to check for the existence of the Kubeadmin secret without creating a violation. The OpenShift Compliance Operator integration now supports using TailoredProfiles. The RHACS Jenkins plugin now provides additional security information. When you enable the environment variable ROX_NETWORK_ACCESS_LOG for Central, the logs contain the Request URI and X-Forwarded-For header values. The default uid:gid pair for the Scanner image is now 65534:65534. RHACS adds a new default Scope Manager role that includes minimum permissions to create and modify access scopes. In addition to manually uploading vulnerability definitions in offline mode, you can now upload definitions in online mode. You can now format the output of the following roxctl CLI commands in table, csv, or JSON format: image scan, image check & deployment check
    2. You can now use a regular expression for the deployment name while specifying policy exclusions

    3. Solution:

    To take advantage of these new features, fixes and changes, please upgrade Red Hat Advanced Cluster Security for Kubernetes to version 3.67. Bugs fixed (https://bugzilla.redhat.com/):

    1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe 1978144 - CVE-2021-32690 helm: information disclosure vulnerability 1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet 1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function 2005445 - CVE-2021-3801 nodejs-prismjs: ReDoS vulnerability 2006044 - CVE-2021-39293 golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196) 2016640 - CVE-2020-27304 civetweb: directory traversal when using the built-in example HTTP form-based file upload mechanism via the mg_handle_form_request API

    1. JIRA issues fixed (https://issues.jboss.org/):

    RHACS-65 - Release RHACS 3.67.0

    1. In addition to persistent storage, Red Hat OpenShift Container Storage provides a multicloud data management service with an S3 compatible API.

    Bug Fix(es):

    • Previously, when the namespace store target was deleted, no alert was sent to the namespace bucket because of an issue in calculating the namespace bucket health. With this update, the issue in calculating the namespace bucket health is fixed and alerts are triggered as expected. (BZ#1993873)

    • Previously, the Multicloud Object Gateway (MCG) components performed slowly and there was a lot of pressure on the MCG components due to non-optimized database queries. With this update the non-optimized database queries are fixed which reduces the compute resources and time taken for queries. Bugs fixed (https://bugzilla.redhat.com/):

    1993873 - [4.8.z clone] Alert NooBaaNamespaceBucketErrorState is not triggered when namespacestore's target bucket is deleted 2006958 - CVE-2020-26301 nodejs-ssh2: Command injection by calling vulnerable method with untrusted input

    1. Description:

    This release adds the new Apache HTTP Server 2.4.37 Service Pack 10 packages that are part of the JBoss Core Services offering. Solution:

    Before applying this update, make sure all previously released errata relevant to your system have been applied

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202006-0222",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "steelstore cloud integrated storage",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "model": "universal forwarder",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "8.2.0"
          },
          {
            "model": "gitlab",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "gitlab",
            "version": "13.1.0"
          },
          {
            "model": "gitlab",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "gitlab",
            "version": "12.10.13"
          },
          {
            "model": "clustered data ontap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "model": "universal forwarder",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "8.2.12"
          },
          {
            "model": "h300s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "model": "pcre",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "pcre",
            "version": "8.44"
          },
          {
            "model": "h500s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "model": "ontap select deploy administration utility",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "model": "h410c",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "model": "communications cloud native core policy",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "1.15.0"
          },
          {
            "model": "gitlab",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "gitlab",
            "version": "13.1.2"
          },
          {
            "model": "active iq unified manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "model": "cloud backup",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "model": "universal forwarder",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.1.0"
          },
          {
            "model": "gitlab",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "gitlab",
            "version": "13.0.8"
          },
          {
            "model": "gitlab",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "gitlab",
            "version": "13.0.0"
          },
          {
            "model": "universal forwarder",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.0.6"
          },
          {
            "model": "universal forwarder",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.0.0"
          },
          {
            "model": "h700s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "model": "h410s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "model": "macos",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "11.0.1"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-14155"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "168042"
          },
          {
            "db": "PACKETSTORM",
            "id": "164825"
          },
          {
            "db": "PACKETSTORM",
            "id": "165631"
          },
          {
            "db": "PACKETSTORM",
            "id": "165135"
          },
          {
            "db": "PACKETSTORM",
            "id": "165129"
          },
          {
            "db": "PACKETSTORM",
            "id": "165096"
          },
          {
            "db": "PACKETSTORM",
            "id": "164927"
          },
          {
            "db": "PACKETSTORM",
            "id": "165862"
          }
        ],
        "trust": 0.8
      },
      "cve": "CVE-2020-14155",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-14155",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-167005",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-14155",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-14155",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202006-1036",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-167005",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-167005"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1036"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-14155"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. PCRE is an open source regular expression library written in C language by Philip Hazel software developer. An input validation error vulnerability exists in libpcre in versions prior to PCRE 8.44. An attacker could exploit this vulnerability to execute arbitrary code or cause an application to crash on the system with a large number of requests. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: OpenShift Container Platform 4.11.0 bug fix and security update\nAdvisory ID:       RHSA-2022:5069-01\nProduct:           Red Hat OpenShift Enterprise\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:5069\nIssue date:        2022-08-10\nCVE Names:         CVE-2018-25009 CVE-2018-25010 CVE-2018-25012\n                   CVE-2018-25013 CVE-2018-25014 CVE-2018-25032\n                   CVE-2019-5827 CVE-2019-13750 CVE-2019-13751\n                   CVE-2019-17594 CVE-2019-17595 CVE-2019-18218\n                   CVE-2019-19603 CVE-2019-20838 CVE-2020-13435\n                   CVE-2020-14155 CVE-2020-17541 CVE-2020-19131\n                   CVE-2020-24370 CVE-2020-28493 CVE-2020-35492\n                   CVE-2020-36330 CVE-2020-36331 CVE-2020-36332\n                   CVE-2021-3481 CVE-2021-3580 CVE-2021-3634\n                   CVE-2021-3672 CVE-2021-3695 CVE-2021-3696\n                   CVE-2021-3697 CVE-2021-3737 CVE-2021-4115\n                   CVE-2021-4156 CVE-2021-4189 CVE-2021-20095\n                   CVE-2021-20231 CVE-2021-20232 CVE-2021-23177\n                   CVE-2021-23566 CVE-2021-23648 CVE-2021-25219\n                   CVE-2021-31535 CVE-2021-31566 CVE-2021-36084\n                   CVE-2021-36085 CVE-2021-36086 CVE-2021-36087\n                   CVE-2021-38185 CVE-2021-38593 CVE-2021-40528\n                   CVE-2021-41190 CVE-2021-41617 CVE-2021-42771\n                   CVE-2021-43527 CVE-2021-43818 CVE-2021-44225\n                   CVE-2021-44906 CVE-2022-0235 CVE-2022-0778\n                   CVE-2022-1012 CVE-2022-1215 CVE-2022-1271\n                   CVE-2022-1292 CVE-2022-1586 CVE-2022-1621\n                   CVE-2022-1629 CVE-2022-1706 CVE-2022-1729\n                   CVE-2022-2068 CVE-2022-2097 CVE-2022-21698\n                   CVE-2022-22576 CVE-2022-23772 CVE-2022-23773\n                   CVE-2022-23806 CVE-2022-24407 CVE-2022-24675\n                   CVE-2022-24903 CVE-2022-24921 CVE-2022-25313\n                   CVE-2022-25314 CVE-2022-26691 CVE-2022-26945\n                   CVE-2022-27191 CVE-2022-27774 CVE-2022-27776\n                   CVE-2022-27782 CVE-2022-28327 CVE-2022-28733\n                   CVE-2022-28734 CVE-2022-28735 CVE-2022-28736\n                   CVE-2022-28737 CVE-2022-29162 CVE-2022-29810\n                   CVE-2022-29824 CVE-2022-30321 CVE-2022-30322\n                   CVE-2022-30323 CVE-2022-32250\n====================================================================\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.11.0 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \n\nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.11. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.11.0. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2022:5068\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nSecurity Fix(es):\n\n* go-getter: command injection vulnerability (CVE-2022-26945)\n* go-getter: unsafe download (issue 1 of 3) (CVE-2022-30321)\n* go-getter: unsafe download (issue 2 of 3) (CVE-2022-30322)\n* go-getter: unsafe download (issue 3 of 3) (CVE-2022-30323)\n* nanoid: Information disclosure via valueOf() function (CVE-2021-23566)\n* sanitize-url: XSS (CVE-2021-23648)\n* minimist: prototype pollution (CVE-2021-44906)\n* node-fetch: exposure of sensitive information to an unauthorized actor\n(CVE-2022-0235)\n* prometheus/client_golang: Denial of service using\nInstrumentHandlerCounter (CVE-2022-21698)\n* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)\n* go-getter: writes SSH credentials into logfile, exposing sensitive\ncredentials to local uses (CVE-2022-29810)\n* opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n$ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.11.0-x86_64\n\nThe image digest is\nsha256:300bce8246cf880e792e106607925de0a404484637627edf5f517375517d54a4\n\n(For aarch64 architecture)\n\n$ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.11.0-aarch64\n\nThe image digest is\nsha256:29fa8419da2afdb64b5475d2b43dad8cc9205e566db3968c5738e7a91cf96dfe\n\n(For s390x architecture)\n\n$ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.11.0-s390x\n\nThe image digest is\nsha256:015d6180238b4024d11dfef6751143619a0458eccfb589f2058ceb1a6359dd46\n\n(For ppc64le architecture)\n\n$ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.11.0-ppc64le\n\nThe image digest is\nsha256:5052f8d5597c6656ca9b6bfd3de521504c79917aa80feb915d3c8546241f86ca\n\nAll OpenShift Container Platform 4.11 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html\n\n3. Solution:\n\nFor OpenShift Container Platform 4.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1817075 - MCC \u0026 MCO don\u0027t free leader leases during shut down -\u003e 10 minutes of leader election timeouts\n1822752 - cluster-version operator stops applying manifests when blocked by a precondition check\n1823143 - oc adm release extract --command, --tools doesn\u0027t pull from localregistry when given a localregistry/image\n1858418 - [OCPonRHV] OpenShift installer fails when Blank template is missing in oVirt/RHV\n1859153 - [AWS] An IAM error occurred occasionally during the installation phase: Invalid IAM Instance Profile name\n1896181 - [ovirt] install fails: due to terraform error \"Cannot run VM. VM is being updated\" on vm resource\n1898265 - [OCP 4.5][AWS] Installation failed: error updating LB Target Group\n1902307 - [vSphere] cloud labels management via cloud provider makes nodes not ready\n1905850 - `oc adm policy who-can` failed to check the `operatorcondition/status` resource\n1916279 - [OCPonRHV] Sometimes terraform installation fails on -failed to fetch Cluster(another terraform bug)\n1917898 - [ovirt] install fails: due to terraform error \"Tag not matched: expect \u003cfault\u003e but got \u003chtml\u003e\" on vm resource\n1918005 - [vsphere] If there are multiple port groups with the same name installation fails\n1918417 - IPv6 errors after exiting crictl\n1918690 - Should update the KCM resource-graph timely with the latest configure\n1919980 - oVirt installer fails due to terraform error \"Failed to wait for Templte(...) to become ok\"\n1921182 - InspectFailed: kubelet Failed to inspect image: rpc error: code = DeadlineExceeded desc = context deadline exceeded\n1923536 - Image pullthrough does not pass 429 errors back to capable clients\n1926975 - [aws-c2s] kube-apiserver crashloops due to missing cloud config\n1928932 - deploy/route_crd.yaml in openshift/router uses deprecated v1beta1 CRD API\n1932812 - Installer uses the terraform-provider in the Installer\u0027s directory if it exists\n1934304 - MemoryPressure Top Pod Consumers seems to be 2x expected value\n1943937 - CatalogSource incorrect parsing validation\n1944264 - [ovn] CNO should gracefully terminate OVN databases\n1944851 - List of ingress routes not cleaned up when routers no longer exist - take 2\n1945329 - In k8s 1.21 bump conntrack \u0027should drop INVALID conntrack entries\u0027 tests are disabled\n1948556 - Cannot read property \u0027apiGroup\u0027 of undefined error viewing operator CSV\n1949827 - Kubelet bound to incorrect IPs, referring to incorrect NICs in 4.5.x\n1957012 - Deleting the KubeDescheduler CR does not remove the corresponding deployment or configmap\n1957668 - oc login does not show link to console\n1958198 - authentication operator takes too long to pick up a configuration change\n1958512 - No 1.25 shown in REMOVEDINRELEASE for apis audited with k8s.io/removed-release 1.25 and k8s.io/deprecated true\n1961233 - Add CI test coverage for DNS availability during upgrades\n1961844 - baremetal ClusterOperator installed by CVO does not have relatedObjects\n1965468 - [OSP] Delete volume snapshots based on cluster ID in their metadata\n1965934 - can not get new result with \"Refresh off\" if click \"Run queries\" again\n1965969 - [aws] the public hosted zone id is not correct in the destroy log, while destroying a cluster which is using BYO private hosted zone. \n1968253 - GCP CSI driver can provision volume with access mode ROX\n1969794 - [OSP] Document how to use image registry PVC backend with custom availability zones\n1975543 - [OLM] Remove stale cruft installed by CVO in earlier releases\n1976111 - [tracker] multipathd.socket is missing start conditions\n1976782 - Openshift registry starts to segfault after S3 storage configuration\n1977100 - Pod failed to start with message \"set CPU load balancing: readdirent /proc/sys/kernel/sched_domain/cpu66/domain0: no such file or directory\"\n1978303 - KAS pod logs show: [SHOULD NOT HAPPEN] ...failed to convert new object...CertificateSigningRequest) to smd typed: .status.conditions: duplicate entries for key [type=\\\"Approved\\\"]\n1978798 - [Network Operator] Upgrade: The configuration to enable network policy ACL logging is missing on the cluster upgraded from 4.7-\u003e4.8\n1979671 - Warning annotation for pods with cpu requests or limits on single-node OpenShift cluster without workload partitioning\n1982737 - OLM does not warn on invalid CSV\n1983056 - IP conflict while recreating Pod with fixed name\n1984785 - LSO CSV does not contain disconnected annotation\n1989610 - Unsupported data types should not be rendered on operand details page\n1990125 - co/image-registry is degrade because ImagePrunerDegraded: Job has reached the specified backoff limit\n1990384 - 502 error on \"Observe -\u003e Alerting\" UI after disabled local alertmanager\n1992553 - all the alert rules\u0027 annotations \"summary\" and \"description\" should comply with the OpenShift alerting guidelines\n1994117 - Some hardcodes are detected at the code level in orphaned code\n1994820 - machine controller doesn\u0027t send vCPU quota failed messages to cluster install logs\n1995953 - Ingresscontroller change the replicas to scaleup first time will be rolling update for all the ingress pods\n1996544 - AWS region ap-northeast-3 is missing in installer prompt\n1996638 - Helm operator manager container restart when CR is creating\u0026deleting\n1997120 - test_recreate_pod_in_namespace fails - Timed out waiting for namespace\n1997142 - OperatorHub: Filtering the OperatorHub catalog is extremely slow\n1997704 - [osp][octavia lb] given loadBalancerIP is ignored when creating a LoadBalancer type svc\n1999325 - FailedMount MountVolume.SetUp failed for volume \"kube-api-access\" : object \"openshift-kube-scheduler\"/\"kube-root-ca.crt\" not registered\n1999529 - Must gather fails to gather logs for all the namespace if server doesn\u0027t have volumesnapshotclasses resource\n1999891 - must-gather collects backup data even when Pods fails to be created\n2000653 - Add hypershift namespace to exclude namespaces list in descheduler configmap\n2002009 - IPI Baremetal, qemu-convert takes to long to save image into drive on slow/large disks\n2002602 - Storageclass creation page goes blank when \"Enable encryption\" is clicked if there is a syntax error in the configmap\n2002868 - Node exporter not able to scrape OVS metrics\n2005321 - Web Terminal is not opened on Stage of DevSandbox when terminal instance is not created yet\n2005694 - Removing proxy object takes up to 10 minutes for the changes to propagate to the MCO\n2006067 - Objects are not valid as a React child\n2006201 - ovirt-csi-driver-node pods are crashing intermittently\n2007246 - Openshift Container Platform - Ingress Controller does not set allowPrivilegeEscalation in the router deployment\n2007340 - Accessibility issues on topology - list view\n2007611 - TLS issues with the internal registry and AWS S3 bucket\n2007647 - oc adm release info --changes-from does not show changes in repos that squash-merge\n2008486 - Double scroll bar shows up on dragging the task quick search to the bottom\n2009345 - Overview page does not load from openshift console for some set of users after upgrading to 4.7.19\n2009352 - Add image-registry usage metrics to telemeter\n2009845 - Respect overrides changes during installation\n2010361 - OpenShift Alerting Rules Style-Guide Compliance\n2010364 - OpenShift Alerting Rules Style-Guide Compliance\n2010393 - [sig-arch][Late] clients should not use APIs that are removed in upcoming releases [Suite:openshift/conformance/parallel]\n2011525 - Rate-limit incoming BFD to prevent ovn-controller DoS\n2011895 - Details about cloud errors are missing from PV/PVC errors\n2012111 - LSO still try to find localvolumeset which is already deleted\n2012969 - need to figure out why osupdatedstart to reboot is zero seconds\n2013144 - Developer catalog category links could not be open in a new tab (sharing and open a deep link works fine)\n2013461 - Import deployment from Git with s2i expose always port 8080 (Service and Pod template, not Route) if another Route port is selected by the user\n2013734 - unable to label downloads route in openshift-console namespace\n2013822 - ensure that the `container-tools` content comes from the RHAOS plashets\n2014161 - PipelineRun logs are delayed and stuck on a high log volume\n2014240 - Image registry uses ICSPs only when source exactly matches image\n2014420 - Topology page is crashed\n2014640 - Cannot change storage class of boot disk when cloning from template\n2015023 - Operator objects are re-created even after deleting it\n2015042 - Adding a template from the catalog creates a secret that is not owned by the TemplateInstance\n2015356 - Different status shows on VM list page and details page\n2015375 - PVC creation for ODF/IBM Flashsystem shows incorrect types\n2015459 - [azure][openstack]When image registry configure an invalid proxy, registry pods are CrashLoopBackOff\n2015800 - [IBM]Shouldn\u0027t change status.storage.bucket and status.storage.resourceKeyCRN when update sepc.stroage,ibmcos with invalid value\n2016425 - Adoption controller generating invalid metadata.Labels for an already adopted Subscription resource\n2016534 - externalIP does not work when egressIP is also present\n2017001 - Topology context menu for Serverless components always open downwards\n2018188 - VRRP ID conflict between keepalived-ipfailover and cluster VIPs\n2018517 - [sig-arch] events should not repeat pathologically expand_less failures -  s390x CI\n2019532 - Logger object in LSO does not log source location accurately\n2019564 - User settings resources (ConfigMap, Role, RB) should be deleted when a user is deleted\n2020483 - Parameter $__auto_interval_period is in Period drop-down list\n2020622 - e2e-aws-upi and e2e-azure-upi jobs are not working\n2021041 - [vsphere] Not found TagCategory when destroying ipi cluster\n2021446 - openshift-ingress-canary is not reporting DEGRADED state, even though the canary route is not available and accessible\n2022253 - Web terminal view is broken\n2022507 - Pods stuck in OutOfpods state after running cluster-density\n2022611 - Remove BlockPools(no use case) and Object(redundat with Overview) tab on the storagesystem page for NooBaa only and remove BlockPools tab for External mode deployment\n2022745 - Cluster reader is not able to list NodeNetwork* objects\n2023295 - Must-gather tool gathering data from custom namespaces. \n2023691 - ClusterIP internalTrafficPolicy does not work for ovn-kubernetes\n2024427 - oc completion zsh doesn\u0027t auto complete\n2024708 - The form for creating operational CRs is badly rendering filed names (\"obsoleteCPUs\" -\u003e \"Obsolete CP Us\" )\n2024821 - [Azure-File-CSI] need more clear info when requesting pvc with volumeMode Block\n2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion\n2025624 - Ingress router metrics endpoint serving old certificates after certificate rotation\n2026356 - [IPI on Azure] The bootstrap machine type should be same as master\n2026461 - Completed pods in Openshift cluster not releasing IP addresses and results in err: range is full unless manually deleted\n2027603 - [UI] Dropdown doesn\u0027t close on it\u0027s own after arbiter zone selection on \u0027Capacity and nodes\u0027 page\n2027613 - Users can\u0027t silence alerts from the dev console\n2028493 - OVN-migration failed - ovnkube-node: error waiting for node readiness: timed out waiting for the condition\n2028532 - noobaa-pg-db-0 pod stuck in Init:0/2\n2028821 - Misspelled label in ODF management UI - MCG performance view\n2029438 - Bootstrap node cannot resolve api-int because NetworkManager replaces resolv.conf\n2029470 - Recover from suddenly appearing old operand revision WAS: kube-scheduler-operator test failure: Node\u0027s not achieving new revision\n2029797 - Uncaught exception: ResizeObserver loop limit exceeded\n2029835 - CSI migration for vSphere: Inline-volume tests failing\n2030034 - prometheusrules.openshift.io: dial tcp: lookup prometheus-operator.openshift-monitoring.svc on 172.30.0.10:53: no such host\n2030530 - VM created via customize wizard has single quotation marks surrounding its password\n2030733 - wrong IP selected to connect to the nodes when ExternalCloudProvider enabled\n2030776 - e2e-operator always uses quay master images during presubmit tests\n2032559 - CNO allows migration to dual-stack in unsupported configurations\n2032717 - Unable to download ignition after coreos-installer install --copy-network\n2032924 - PVs are not being cleaned up after PVC deletion\n2033482 - [vsphere] two variables in tf are undeclared and get warning message during installation\n2033575 - monitoring targets are down after the cluster run for more than 1 day\n2033711 - IBM VPC operator needs e2e csi tests for ibmcloud\n2033862 - MachineSet is not scaling up due to an OpenStack error trying to create multiple ports with the same MAC address\n2034147 - OpenShift VMware IPI Installation fails with Resource customization when corespersocket is unset and vCPU count is not a multiple of 4\n2034296 - Kubelet and Crio fails to start during upgrde to 4.7.37\n2034411 - [Egress Router] No NAT rules for ipv6 source and destination created in ip6tables-save\n2034688 - Allow Prometheus/Thanos to return 401 or 403 when the request isn\u0027t authenticated\n2034958 - [sig-network] Conntrack should be able to preserve UDP traffic when initial unready endpoints get ready\n2035005 - MCD is not always removing in progress taint after a successful update\n2035334 - [RFE] [OCPonRHV] Provision machines with preallocated disks\n2035899 - Operator-sdk run bundle doesn\u0027t support arm64 env\n2036202 - Bump podman to \u003e= 3.3.0 so that  setup of multiple credentials for a single registry which can be distinguished by their path  will work\n2036594 - [MAPO] Machine goes to failed state due to a momentary error of the cluster etcd\n2036948 - SR-IOV Network Device Plugin should handle offloaded VF instead of supporting only PF\n2037190 - dns operator status flaps between True/False/False and True/True/(False|True) after updating dnses.operator.openshift.io/default\n2037447 - Ingress Operator is not closing TCP connections. \n2037513 - I/O metrics from the Kubernetes/Compute Resources/Cluster Dashboard show as no datapoints found\n2037542 - Pipeline Builder footer is not sticky and yaml tab doesn\u0027t use full height\n2037610 - typo for the Terminated message from thanos-querier pod description info\n2037620 - Upgrade playbook should quit directly when trying to upgrade RHEL-7 workers to 4.10\n2037625 - AppliedClusterResourceQuotas can not be shown on project overview\n2037626 - unable to fetch ignition file when scaleup rhel worker nodes on cluster enabled Tang disk encryption\n2037628 - Add test id to kms flows for automation\n2037721 - PodDisruptionBudgetAtLimit alert fired in SNO cluster\n2037762 - Wrong ServiceMonitor definition is causing failure during Prometheus configuration reload and preventing changes from being applied\n2037841 - [RFE] use /dev/ptp_hyperv on Azure/AzureStack\n2038115 - Namespace and application bar is not sticky anymore\n2038244 - Import from git ignore the given servername and could not validate On-Premises GitHub and BitBucket installations\n2038405 - openshift-e2e-aws-workers-rhel-workflow in CI step registry broken\n2038774 - IBM-Cloud OVN IPsec fails, IKE UDP ports and  ESP protocol not in security group\n2039135 - the error message is not clear when using \"opm index prune\" to prune a file-based index image\n2039161 - Note about token for encrypted PVCs should be removed when only cluster wide encryption checkbox is selected\n2039253 - ovnkube-node crashes on duplicate endpoints\n2039256 - Domain validation fails when TLD contains a digit. \n2039277 - Topology list view items are not highlighted on keyboard navigation\n2039462 - Application tab in User Preferences dropdown menus are too wide. \n2039477 - validation icon is missing from Import from git\n2039589 - The toolbox command always ignores [command] the first time\n2039647 - Some developer perspective links are not deep-linked causes developer to sometimes delete/modify resources in the wrong project\n2040180 - Bug when adding a new table panel to a dashboard for OCP UI with only one value column\n2040195 - Ignition fails to enable systemd units with backslash-escaped characters in their names\n2040277 - ThanosRuleNoEvaluationFor10Intervals alert description is wrong\n2040488 - OpenShift-Ansible BYOH Unit Tests are Broken\n2040635 - CPU Utilisation is negative number for \"Kubernetes / Compute Resources / Cluster\" dashboard\n2040654 - \u0027oc adm must-gather -- some_script\u0027 should exit with same non-zero code as the failed \u0027some_script\u0027 exits\n2040779 - Nodeport svc not accessible when the backend pod is on a window node\n2040933 - OCP 4.10 nightly build will fail to install if multiple NICs are defined on KVM nodes\n2041133 - \u0027oc explain route.status.ingress.conditions\u0027 shows type \u0027Currently only Ready\u0027 but actually is \u0027Admitted\u0027\n2041454 - Garbage values accepted for `--reference-policy` in `oc import-image` without any error\n2041616 - Ingress operator tries to manage DNS of additional ingresscontrollers that are not under clusters basedomain, which can\u0027t work\n2041769 - Pipeline Metrics page not showing data for normal user\n2041774 - Failing git detection should not recommend Devfiles as import strategy\n2041814 - The KubeletConfigController wrongly process multiple confs for a pool\n2041940 - Namespace pre-population not happening till a Pod is created\n2042027 - Incorrect feedback for \"oc label pods --all\"\n2042348 - Volume ID is missing in output message when expanding volume which is not mounted. \n2042446 - CSIWithOldVSphereHWVersion alert recurring despite upgrade to vmx-15\n2042501 - use lease for leader election\n2042587 - ocm-operator: Improve reconciliation of CA ConfigMaps\n2042652 - Unable to deploy hw-event-proxy operator\n2042838 - The status of container is not consistent on Container details and pod details page\n2042852 - Topology toolbars are unaligned to other toolbars\n2042999 - A pod cannot reach kubernetes.default.svc.cluster.local cluster IP\n2043035 - Wrong error code provided when request contains invalid argument\n2043068 - \u003cx\u003e available of \u003cy\u003e text disappears in Utilization item if x is 0\n2043080 - openshift-installer intermittent failure on AWS with Error: InvalidVpcID.NotFound: The vpc ID \u0027vpc-123456789\u0027 does not exist\n2043094 - ovnkube-node not deleting stale conntrack entries when endpoints go away\n2043118 - Host should transition through Preparing when HostFirmwareSettings changed\n2043132 - Add a metric when vsphere csi storageclass creation fails\n2043314 - `oc debug node` does not meet compliance requirement\n2043336 - Creating multi SriovNetworkNodePolicy cause the worker always be draining\n2043428 - Address Alibaba CSI driver operator review comments\n2043533 - Update ironic, inspector, and ironic-python-agent to latest bugfix release\n2043672 - [MAPO] root volumes not working\n2044140 - When \u0027oc adm upgrade --to-image ...\u0027 rejects an update as not recommended, it should mention --allow-explicit-upgrade\n2044207 - [KMS] The data in the text box does not get cleared on switching the authentication method\n2044227 - Test Managed cluster should only include cluster daemonsets that have maxUnavailable update of 10 or 33 percent fails\n2044412 - Topology list misses separator lines and hover effect let the list jump 1px\n2044421 - Topology list does not allow selecting an application group anymore\n2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor\n2044803 - Unify button text style on VM tabs\n2044824 - Failing test in periodics: [sig-network] Services should respect internalTrafficPolicy=Local Pod and Node, to Pod (hostNetwork: true) [Feature:ServiceInternalTrafficPolicy] [Skipped:Network/OVNKubernetes] [Suite:openshift/conformance/parallel] [Suite:k8s]\n2045065 - Scheduled pod has nodeName changed\n2045073 - Bump golang and build images for local-storage-operator\n2045087 - Failed to apply sriov policy on intel nics\n2045551 - Remove enabled FeatureGates from TechPreviewNoUpgrade\n2045559 - API_VIP moved when kube-api container on another master node was stopped\n2045577 - [ocp 4.9 | ovn-kubernetes] ovsdb_idl|WARN|transaction error: {\"details\":\"cannot delete Datapath_Binding row 29e48972-xxxx because of 2 remaining reference(s)\",\"error\":\"referential integrity violation\n2045872 - SNO: cluster-policy-controller failed to start due to missing serving-cert/tls.crt\n2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter\n2046133 - [MAPO]IPI proxy installation failed\n2046156 - Network policy: preview of affected pods for non-admin shows empty popup\n2046157 - Still uses pod-security.admission.config.k8s.io/v1alpha1 in admission plugin config\n2046191 - Opeartor pod is missing correct qosClass and priorityClass\n2046277 - openshift-installer intermittent failure on AWS with \"Error: Provider produced inconsistent result after apply\" when creating the module.vpc.aws_subnet.private_subnet[0] resource\n2046319 - oc debug cronjob command failed with error \"unable to extract pod template from type *v1.CronJob\". \n2046435 - Better Devfile Import Strategy support in the \u0027Import from Git\u0027 flow\n2046496 - Awkward wrapping of project toolbar on mobile\n2046497 - Re-enable TestMetricsEndpoint test case in console operator e2e tests\n2046498 - \"All Projects\" and \"all applications\" use different casing on topology page\n2046591 - Auto-update boot source is not available while create new template from it\n2046594 - \"Requested template could not be found\" while creating VM from user-created template\n2046598 - Auto-update boot source size unit is byte on customize wizard\n2046601 - Cannot create VM from template\n2046618 - Start last run action should contain current user name in the started-by annotation of the PLR\n2046662 - Should upgrade the go version to be 1.17 for example go operator memcached-operator\n2047197 - Sould upgrade the operator_sdk.util version to \"0.4.0\" for the \"osdk_metric\" module\n2047257 - [CP MIGRATION] Node drain failure during control plane node migration\n2047277 - Storage status is missing from status card of virtualization overview\n2047308 - Remove metrics and events for master port offsets\n2047310 - Running VMs per template card needs empty state when no VMs exist\n2047320 - New route annotation to show another URL or hide topology URL decorator doesn\u0027t work for Knative Services\n2047335 - \u0027oc get project\u0027 caused \u0027Observed a panic: cannot deep copy core.NamespacePhase\u0027 when AllRequestBodies is used\n2047362 - Removing prometheus UI access breaks origin test\n2047445 - ovs-configure mis-detecting the ipv6 status on IPv4 only cluster causing Deployment failure\n2047670 - Installer should pre-check that the hosted zone is not associated with the VPC and throw the error message. \n2047702 - Issue described on bug #2013528 reproduced: mapi_current_pending_csr is always set to 1 on OpenShift Container Platform 4.8\n2047710 - [OVN] ovn-dbchecker CrashLoopBackOff and sbdb jsonrpc unix socket receive error\n2047732 - [IBM]Volume is not deleted after destroy cluster\n2047741 - openshift-installer intermittent failure on AWS with \"Error: Provider produced inconsistent result after apply\" when creating the module.masters.aws_network_interface.master[1] resource\n2047790 - [sig-network][Feature:Router] The HAProxy router should override the route host for overridden domains with a custom value [Skipped:Disconnected] [Suite:openshift/conformance/parallel]\n2047799 - release-openshift-ocp-installer-e2e-aws-upi-4.9\n2047870 - Prevent redundant queries of BIOS settings in HostFirmwareController\n2047895 - Fix architecture naming in oc adm release mirror for aarch64\n2047911 - e2e: Mock CSI tests fail on IBM ROKS clusters\n2047913 - [sig-network][Feature:Router] The HAProxy router should override the route host for overridden domains with a custom value [Skipped:Disconnected] [Suite:openshift/conformance/parallel]\n2047925 - [FJ OCP4.10 Bug]: IRONIC_KERNEL_PARAMS does not contain coreos_kernel_params during iPXE boot\n2047935 - [4.11] Bootimage bump tracker\n2047998 - [alicloud] CCM deploys alibaba-cloud-controller-manager from quay.io/openshift/origin-*\n2048059 - Service Level Agreement (SLA) always show \u0027Unknown\u0027\n2048067 - [IPI on Alibabacloud] \"Platform Provisioning Check\" tells \u0027\"ap-southeast-6\": enhanced NAT gateway is not supported\u0027, which seems false\n2048186 - Image registry operator panics when finalizes config deletion\n2048214 - Can not push images to image-registry when enabling KMS encryption in AlibabaCloud\n2048219 - MetalLB: User should not be allowed add same bgp advertisement twice in BGP address pool\n2048221 - Capitalization of titles in the VM details page is inconsistent. \n2048222 - [AWS GovCloud] Cluster can not be installed on AWS GovCloud regions via terminal interactive UI. \n2048276 - Cypress E2E tests fail due to a typo in test-cypress.sh\n2048333 - prometheus-adapter becomes inaccessible during rollout\n2048352 - [OVN] node does not recover after NetworkManager restart, NotReady and unreachable\n2048442 - [KMS] UI does not have option to specify kube auth path and namespace for cluster wide encryption\n2048451 - Custom serviceEndpoints in install-config are reported to be unreachable when environment uses a proxy\n2048538 - Network policies are not implemented or updated by OVN-Kubernetes\n2048541 - incorrect rbac check for install operator quick starts\n2048563 - Leader election conventions for cluster topology\n2048575 - IP reconciler cron job failing on single node\n2048686 - Check MAC address provided on the install-config.yaml file\n2048687 - All bare metal jobs are failing now due to End of Life of centos 8\n2048793 - Many Conformance tests are failing in OCP 4.10 with Kuryr\n2048803 - CRI-O seccomp profile out of date\n2048824 - [IBMCloud] ibm-vpc-block-csi-node does not specify an update strategy, only resource requests, or priority class\n2048841 - [ovn] Missing lr-policy-list and snat rules for egressip when new pods are added\n2048955 - Alibaba Disk CSI Driver does not have CI\n2049073 - AWS EFS CSI driver should use the trusted CA bundle when cluster proxy is configured\n2049078 - Bond CNI: Failed to  attach Bond NAD to pod\n2049108 - openshift-installer intermittent failure on AWS with \u0027Error: Error waiting for NAT Gateway (nat-xxxxx) to become available\u0027\n2049117 - e2e-metal-ipi-serial-ovn-ipv6 is failing frequently\n2049133 - oc adm catalog mirror throws \u0027missing signature key\u0027 error when using file://local/index\n2049142 - Missing \"app\" label\n2049169 - oVirt CSI driver should use the trusted CA bundle when cluster proxy is configured\n2049234 - ImagePull fails with error  \"unable to pull manifest from example.com/busy.box:v5  invalid reference format\"\n2049410 - external-dns-operator creates provider section, even when not requested\n2049483 - Sidepanel for Connectors/workloads in topology shows invalid tabs\n2049613 - MTU migration on SDN IPv4 causes API alerts\n2049671 - system:serviceaccount:openshift-cluster-csi-drivers:aws-ebs-csi-driver-operator trying to GET and DELETE /api/v1/namespaces/openshift-cluster-csi-drivers/configmaps/kube-cloud-config which does not exist\n2049687 - superfluous apirequestcount entries in audit log\n2049775 - cloud-provider-config change not applied when ExternalCloudProvider enabled\n2049787 - (dummy bug) ovn-kubernetes ExternalTrafficPolicy still SNATs\n2049832 - ContainerCreateError when trying to launch large (\u003e500) numbers of pods across nodes\n2049872 - cluster storage operator AWS credentialsrequest lacks KMS privileges\n2049889 - oc new-app --search nodejs warns about access to sample content on quay.io\n2050005 - Plugin module IDs can clash with console module IDs causing runtime errors\n2050011 - Observe \u003e Metrics page: Timespan text input and dropdown do not align\n2050120 - Missing metrics in kube-state-metrics\n2050146 - Installation on PSI fails with: \u0027openstack platform does not have the required standard-attr-tag network extension\u0027\n2050173 - [aws-ebs-csi-driver] Merge upstream changes since v1.2.0\n2050180 - [aws-efs-csi-driver] Merge upstream changes since v1.3.2\n2050300 - panic in cluster-storage-operator while updating status\n2050332 - Malformed ClusterClaim lifetimes cause the clusterclaims-controller to silently fail to reconcile all clusterclaims\n2050335 - azure-disk failed to mount with error special device does not exist\n2050345 - alert data for burn budget needs to be updated to prevent regression\n2050407 - revert \"force cert rotation every couple days for development\" in 4.11\n2050409 - ip-reconcile job is failing consistently\n2050452 - Update osType and hardware version used by RHCOS OVA to indicate it is a RHEL 8 guest\n2050466 - machine config update with invalid container runtime config should be more robust\n2050637 - Blog Link not re-directing to the intented website in the last modal in the Dev Console Onboarding Tour\n2050698 - After upgrading the cluster the console still show 0 of N, 0% progress for worker nodes\n2050707 - up test for prometheus pod look to far in the past\n2050767 - Vsphere upi tries to access vsphere during manifests generation phase\n2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function\n2050882 - Crio appears to be coredumping in some scenarios\n2050902 - not all resources created during import have common labels\n2050946 - Cluster-version operator fails to notice TechPreviewNoUpgrade featureSet change after initialization-lookup error\n2051320 - Need to build ose-aws-efs-csi-driver-operator-bundle-container image for 4.11\n2051333 - [aws] records in public hosted zone and BYO private hosted zone were not deleted. \n2051377 - Unable to switch vfio-pci to netdevice in policy\n2051378 - Template wizard is crashed when there are no templates existing\n2051423 - migrate loadbalancers from amphora to ovn not working\n2051457 - [RFE] PDB for cloud-controller-manager to avoid going too many replicas down\n2051470 - prometheus: Add validations for relabel configs\n2051558 - RoleBinding in project without subject is causing \"Project access\" page to fail\n2051578 - Sort is broken for the Status and Version columns on the Cluster Settings \u003e ClusterOperators page\n2051583 - sriov must-gather image doesn\u0027t work\n2051593 - Summary Interval Hardcoded in PTP Operator if Set in the Global Body Instead of Command Line\n2051611 - Remove Check which enforces summary_interval must match logSyncInterval\n2051642 - Remove \"Tech-Preview\" Label for the Web Terminal GA release\n2051657 - Remove \u0027Tech preview\u0027 from minnimal deployment Storage System creation\n2051718 - MetaLLB: Validation Webhook: BGPPeer hold time is allowed to be set to less than 3s\n2051722 - MetalLB: BGPPeer object does not have ability to set ebgpMultiHop\n2051881 - [vSphere CSI driver Operator] RWX volumes counts metrics `vsphere_rwx_volumes_total` not valid\n2051954 - Allow changing of policyAuditConfig ratelimit post-deployment\n2051969 - Need to build local-storage-operator-metadata-container image for 4.11\n2051985 - An APIRequestCount without dots in the name can cause a panic\n2052016 - MetalLB: Webhook Validation: Two BGPPeers instances can have different router ID set. \n2052034 - Can\u0027t start correct debug pod using pod definition yaml in OCP 4.8\n2052055 - Whereabouts should implement client-go 1.22+\n2052056 - Static pod installer should throttle creating new revisions\n2052071 - local storage operator metrics target down after upgrade\n2052095 - Infinite OAuth redirect loop post-upgrade to 4.10.0-rc.1\n2052270 - FSyncControllerDegraded has \"treshold\" -\u003e \"threshold\" typos\n2052309 - [IBM Cloud] ibm-vpc-block-csi-controller does not specify an update strategy, priority class, or only resource requests\n2052332 - Probe failures and pod restarts during 4.7 to 4.8 upgrade\n2052393 - Failed to scaleup RHEL machine against OVN cluster due to jq tool is required by configure-ovs.sh\n2052398 - 4.9 to 4.10 upgrade fails for ovnkube-masters\n2052415 - Pod density test causing problems when using kube-burner\n2052513 - Failing webhooks will block an upgrade to 4.10 mid-way through the upgrade. \n2052578 - Create new app from a private git repository using \u0027oc new app\u0027 with basic auth does not work. \n2052595 - Remove dev preview badge from IBM FlashSystem deployment windows\n2052618 - Node reboot causes duplicate persistent volumes\n2052671 - Add Sprint 214 translations\n2052674 - Remove extra spaces\n2052700 - kube-controller-manger should use configmap lease\n2052701 - kube-scheduler should use configmap lease\n2052814 - go fmt fails in OSM after migration to go 1.17\n2052840 - IMAGE_BUILDER=docker make test-e2e-operator-ocp runs with podman instead of docker\n2052953 - Observe dashboard always opens for last viewed workload instead of the selected one\n2052956 - Installing virtualization operator duplicates the first action on workloads in topology\n2052975 - High cpu load on Juniper Qfx5120 Network switches after upgrade to Openshift 4.8.26\n2052986 - Console crashes when Mid cycle hook in Recreate strategy(edit deployment/deploymentConfig) selects Lifecycle strategy as \"Tags the current image as an image stream tag if the deployment succeeds\"\n2053006 - [ibm]Operator storage PROGRESSING and DEGRADED is true during fresh install for ocp4.11\n2053104 - [vSphere CSI driver Operator] hw_version_total metric update wrong value after upgrade nodes hardware version from `vmx-13` to  `vmx-15`\n2053112 - nncp status is unknown when nnce is Progressing\n2053118 - nncp Available condition reason should be exposed in `oc get`\n2053168 - Ensure the core dynamic plugin SDK package has correct types and code\n2053205 - ci-openshift-cluster-network-operator-master-e2e-agnostic-upgrade is failing most of the time\n2053304 - Debug terminal no longer works in admin console\n2053312 - requestheader IDP test doesn\u0027t wait for cleanup, causing high failure rates\n2053334 - rhel worker scaleup playbook failed because missing some dependency of podman\n2053343 - Cluster Autoscaler not scaling down nodes which seem to qualify for scale-down\n2053491 - nmstate interprets interface names as float64 and subsequently crashes on state update\n2053501 - Git import detection does not happen for private repositories\n2053582 - inability to detect static lifecycle failure\n2053596 - [IBM Cloud] Storage IOPS limitations and lack of IPI ETCD deployment options trigger leader election during cluster initialization\n2053609 - LoadBalancer SCTP service leaves stale conntrack entry that causes issues if service is recreated\n2053622 - PDB warning alert when CR replica count is set to zero\n2053685 - Topology performance: Immutable .toJSON consumes a lot of CPU time when rendering a large topology graph (~100 nodes)\n2053721 - When using RootDeviceHint rotational setting the host can fail to provision\n2053922 - [OCP 4.8][OVN] pod interface: error while waiting on OVS.Interface.external-ids\n2054095 - [release-4.11] Gather images.conifg.openshift.io cluster resource definiition\n2054197 - The ProjectHelmChartRepositrory schema has merged but has not been initialized in the cluster yet\n2054200 - Custom created services in openshift-ingress removed even though the services are not of type LoadBalancer\n2054238 - console-master-e2e-gcp-console is broken\n2054254 - vSphere test failure: [Serial] [sig-auth][Feature:OAuthServer] [RequestHeaders] [IdP] test RequestHeaders IdP [Suite:openshift/conformance/serial]\n2054285 - Services other than knative service also shows as KSVC in add subscription/trigger modal\n2054319 - must-gather | gather_metallb_logs can\u0027t detect metallb pod\n2054351 - Rrestart of ptp4l/phc2sys  on change of PTPConfig  generates more than one times, socket error in event frame work\n2054385 - redhat-operatori ndex image build failed with AMQ brew build - amq-interconnect-operator-metadata-container-1.10.13\n2054564 - DPU network operator 4.10 branch need to sync with master\n2054630 - cancel create silence from kebab menu of alerts page will navigated to the previous page\n2054693 - Error deploying HorizontalPodAutoscaler with oc new-app command in OpenShift 4\n2054701 - [MAPO] Events are not created for MAPO machines\n2054705 - [tracker] nf_reinject calls nf_queue_entry_free on an already freed entry-\u003estate\n2054735 - Bad link in CNV console\n2054770 - IPI baremetal deployment metal3 pod crashes when using capital letters in hosts bootMACAddress\n2054787 - SRO controller goes to CrashLoopBackOff status when the pull-secret does not have the correct permissions\n2054950 - A large number is showing on disk size field\n2055305 - Thanos Querier high CPU and memory usage till OOM\n2055386 - MetalLB changes the shared external IP of a service upon updating the externalTrafficPolicy definition\n2055433 - Unable to create br-ex as gateway is not found\n2055470 - Ingresscontroller LB scope change behaviour differs for different values of aws-load-balancer-internal annotation\n2055492 - The default YAML on vm wizard is not latest\n2055601 - installer did not destroy *.app dns recored in a IPI on ASH install\n2055702 - Enable Serverless tests in CI\n2055723 - CCM operator doesn\u0027t deploy resources after enabling TechPreviewNoUpgrade feature set. \n2055729 - NodePerfCheck fires and stays active on momentary high latency\n2055814 - Custom dynamic exntension point causes runtime and compile time error\n2055861 - cronjob collect-profiles failed leads node reach to OutOfpods status\n2055980 - [dynamic SDK][internal] console plugin SDK does not support table actions\n2056454 - Implement preallocated disks for oVirt in the cluster API provider\n2056460 - Implement preallocated disks for oVirt in the OCP installer\n2056496 - If image does not exists for builder image then upload jar form crashes\n2056519 - unable to install IPI PRIVATE OpenShift cluster in Azure due to organization policies\n2056607 - Running kubernetes-nmstate handler e2e tests stuck on OVN clusters\n2056752 - Better to named the oc-mirror version info with more information like the `oc version --client`\n2056802 - \"enforcedLabelLimit|enforcedLabelNameLengthLimit|enforcedLabelValueLengthLimit\" do not take effect\n2056841 - [UI] [DR] Web console update is available pop-up is seen multiple times on Hub cluster where ODF operator is not installed and unnecessarily it pop-up on the Managed cluster as well where ODF operator is installed\n2056893 - incorrect warning for --to-image in oc adm upgrade help\n2056967 - MetalLB: speaker metrics is not updated when deleting a service\n2057025 - Resource requests for the init-config-reloader container of prometheus-k8s-* pods are too high\n2057054 - SDK: k8s methods resolves into Response instead of the Resource\n2057079 - [cluster-csi-snapshot-controller-operator] CI failure: events should not repeat pathologically\n2057101 - oc commands working with images print an incorrect and inappropriate warning\n2057160 - configure-ovs selects wrong interface on reboot\n2057183 - OperatorHub: Missing \"valid subscriptions\" filter\n2057251 - response code for Pod count graph changed from 422 to 200 periodically for about 30 minutes if pod is rescheduled\n2057358 - [Secondary Scheduler] - cannot build bundle index image using the secondary scheduler operator bundle\n2057387 - [Secondary Scheduler] - olm.skiprange, com.redhat.openshift.versions is incorrect and no minkubeversion\n2057403 - CMO logs show forbidden: User \"system:serviceaccount:openshift-monitoring:cluster-monitoring-operator\" cannot get resource \"replicasets\" in API group \"apps\" in the namespace \"openshift-monitoring\"\n2057495 - Alibaba Disk CSI driver does not provision small PVCs\n2057558 - Marketplace operator polls too frequently for cluster operator status changes\n2057633 - oc rsync reports misleading error when container is not found\n2057642 - ClusterOperator status.conditions[].reason \"etcd disk metrics exceeded...\" should be a CamelCase slug\n2057644 - FSyncControllerDegraded latches True, even after fsync latency recovers on all members\n2057696 - Removing console still blocks OCP install from completing\n2057762 - ingress operator should report Upgradeable False to remind user before upgrade to 4.10 when Non-SAN certs are used\n2057832 - expr for record rule: \"cluster:telemetry_selected_series:count\" is improper\n2057967 - KubeJobCompletion does not account for possible job states\n2057990 - Add extra debug information to image signature workflow test\n2057994 - SRIOV-CNI failed to load netconf: LoadConf(): failed to get VF information\n2058030 - On OCP 4.10+ using OVNK8s on BM IPI, nodes register as localhost.localdomain\n2058217 - [vsphere-problem-detector-operator] \u0027vsphere_rwx_volumes_total\u0027 metric name make confused\n2058225 - openshift_csi_share_* metrics are not found from telemeter server\n2058282 - Websockets stop updating during cluster upgrades\n2058291 - CI builds should have correct version of Kube without needing to push tags everytime\n2058368 - Openshift OVN-K got restarted mutilple times with the error  \" ovsdb-server/memory-trim-on-compaction on\u0027\u0027 failed: exit status 1   and \" ovndbchecker.go:118] unable to turn on memory       trimming for SB DB, stderr \"  , cluster  unavailable\n2058370 - e2e-aws-driver-toolkit CI job is failing\n2058421 - 4.9.23-s390x-machine-os-content manifest invalid when mirroring content for disconnected install\n2058424 - ConsolePlugin proxy always passes Authorization header even if `authorize` property is omitted or false\n2058623 - Bootstrap server dropdown menu in Create Event Source- KafkaSource form is empty even if it\u0027s created\n2058626 - Multiple Azure upstream kube fsgroupchangepolicy tests are permafailing expecting gid \"1000\" but geting \"root\"\n2058671 - whereabouts IPAM CNI ip-reconciler cronjob specification requires hostnetwork, api-int lb usage \u0026 proper backoff\n2058692 - [Secondary Scheduler] Creating secondaryscheduler instance fails with error \"key failed with : secondaryschedulers.operator.openshift.io \"secondary-scheduler\" not found\"\n2059187 - [Secondary Scheduler] -  key failed with : serviceaccounts \"secondary-scheduler\" is forbidden\n2059212 - [tracker] Backport https://github.com/util-linux/util-linux/commit/eab90ef8d4f66394285e0cff1dfc0a27242c05aa\n2059213 - ART cannot build installer images due to missing terraform binaries for some architectures\n2059338 - A fully upgraded 4.10 cluster defaults to HW-13 hardware version even if HW-15 is default (and supported)\n2059490 - The operator image in CSV file of the ART DPU network operator bundle is incorrect\n2059567 - vMedia based IPI installation of OpenShift fails on Nokia servers due to issues with virtual media attachment and boot source override\n2059586 - (release-4.11) Insights operator doesn\u0027t reconcile clusteroperator status condition messages\n2059654 - Dynamic demo plugin proxy example out of date\n2059674 - Demo plugin fails to build\n2059716 - cloud-controller-manager flaps operator version during 4.9 -\u003e 4.10 update\n2059791 - [vSphere CSI driver Operator] didn\u0027t update \u0027vsphere_csi_driver_error\u0027 metric value when fixed the error manually\n2059840 - [LSO]Could not gather logs for pod diskmaker-discovery and diskmaker-manager\n2059943 - MetalLB: Move CI config files to metallb repo from dev-scripts repo\n2060037 - Configure logging level of FRR containers\n2060083 - CMO doesn\u0027t react to changes in clusteroperator console\n2060091 - CMO produces invalid alertmanager statefulset if console cluster .status.consoleURL is unset\n2060133 - [OVN RHEL upgrade] could not find IP addresses: failed to lookup link br-ex: Link not found\n2060147 - RHEL8 Workers Need to Ensure libseccomp is up to date at install time\n2060159 - LGW: External-\u003eService of type ETP=Cluster doesn\u0027t go to the node\n2060329 - Detect unsupported amount of workloads before rendering a lazy or crashing topology\n2060334 - Azure VNET lookup fails when the NIC subnet is in a different resource group\n2060361 - Unable to enumerate NICs due to missing the \u0027primary\u0027 field due to security restrictions\n2060406 - Test \u0027operators should not create watch channels very often\u0027 fails\n2060492 - Update PtpConfigSlave source-crs to use network_transport L2 instead of UDPv4\n2060509 - Incorrect installation of ibmcloud vpc csi driver in IBM Cloud ROKS 4.10\n2060532 - LSO e2e tests are run against default image and namespace\n2060534 - openshift-apiserver pod in crashloop due to unable to reach kubernetes svc ip\n2060549 - ErrorAddingLogicalPort: duplicate IP found in ECMP Pod route cache!\n2060553 - service domain can\u0027t be resolved when networkpolicy is used in OCP 4.10-rc\n2060583 - Remove Console internal-kubevirt plugin SDK package\n2060605 - Broken access to public images: Unable to connect to the server: no basic auth credentials\n2060617 - IBMCloud destroy DNS regex not strict enough\n2060687 - Azure Ci:  SubscriptionDoesNotSupportZone  - does not support availability zones at location \u0027westus\u0027\n2060697 - [AWS] partitionNumber cannot work for specifying Partition number\n2060714 - [DOCS] Change source_labels to sourceLabels in \"Configuring remote write storage\" section\n2060837 - [oc-mirror] Catalog merging error when two or more bundles does not have a set Replace field\n2060894 - Preceding/Trailing Whitespaces In Form Elements on the add page\n2060924 - Console white-screens while using debug terminal\n2060968 - Installation failing due to ironic-agent.service not starting properly\n2060970 - Bump recommended FCOS to 35.20220213.3.0\n2061002 - Conntrack entry is not removed for LoadBalancer IP\n2061301 - Traffic Splitting Dialog is Confusing With Only One Revision\n2061303 - Cachito request failure with vendor directory is out of sync with go.mod/go.sum\n2061304 - workload info gatherer - don\u0027t serialize empty images map\n2061333 - White screen for Pipeline builder page\n2061447 - [GSS] local pv\u0027s are in terminating state\n2061496 - etcd RecentBackup=Unknown ControllerStarted contains no message string\n2061527 - [IBMCloud] infrastructure asset missing CloudProviderType\n2061544 - AzureStack is hard-coded to use Standard_LRS for the disk type\n2061549 - AzureStack install with internal publishing does not create api DNS record\n2061611 - [upstream] The marker of KubeBuilder doesn\u0027t work if it is close to the code\n2061732 - Cinder CSI crashes when API is not available\n2061755 - Missing breadcrumb on the resource creation page\n2061833 - A single worker can be assigned to multiple baremetal hosts\n2061891 - [IPI on IBMCLOUD]  missing ?br-sao? region in openshift installer\n2061916 - mixed ingress and egress policies can result in half-isolated pods\n2061918 - Topology Sidepanel style is broken\n2061919 - Egress Ip entry stays on node\u0027s primary NIC post deletion from hostsubnet\n2062007 - MCC bootstrap command lacks template flag\n2062126 - IPfailover pod is crashing during creation showing keepalived_script doesn\u0027t exist\n2062151 - Add RBAC for \u0027infrastructures\u0027 to operator bundle\n2062355 - kubernetes-nmstate resources and logs not included in must-gathers\n2062459 - Ingress pods scheduled on the same node\n2062524 - [Kamelet Sink] Topology crashes on click of Event sink node if the resource is created source to Uri over ref\n2062558 - Egress IP with openshift sdn in not functional on worker node. \n2062568 - CVO does not trigger new upgrade again after fail to update to unavailable payload\n2062645 - configure-ovs: don\u0027t restart networking if not necessary\n2062713 - Special Resource Operator(SRO) - No sro_used_nodes metric\n2062849 - hw event proxy is not binding on ipv6 local address\n2062920 - Project selector is too tall with only a few projects\n2062998 - AWS GovCloud regions are recognized as the unknown regions\n2063047 - Configuring a full-path query log file in CMO breaks Prometheus with the latest version of the operator\n2063115 - ose-aws-efs-csi-driver has invalid dependency in go.mod\n2063164 - metal-ipi-ovn-ipv6 Job Permafailing and Blocking OpenShift 4.11 Payloads: insights operator is not available\n2063183 - DefragDialTimeout is set to low for large scale OpenShift Container Platform - Cluster\n2063194 - cluster-autoscaler-default will fail when automated etcd defrag is running on large scale OpenShift Container Platform 4 - Cluster\n2063321 - [OVN]After reboot egress node,  lr-policy-list was not correct, some duplicate records or missed internal IPs\n2063324 - MCO template output directories created with wrong mode causing render failure in unprivileged container environments\n2063375 - ptp operator upgrade from 4.9 to 4.10 stuck at pending due to service account requirements not met\n2063414 - on OKD 4.10, when image-registry is enabled, the /etc/hosts entry is missing on some nodes\n2063699 - Builds - Builds - Logs: i18n misses. \n2063708 - Builds - Builds - Logs: translation correction needed. \n2063720 - Metallb EBGP neighbor stuck in active until adding ebgp-multihop (directly connected neighbors)\n2063732 - Workloads - StatefulSets : I18n misses\n2063747 - When building a bundle, the push command fails because is passes a redundant \"IMG=\" on the the CLI\n2063753 - User Preferences - Language - Language selection : Page refresh rquired to change the UI into selected Language. \n2063756 - User Preferences - Applications - Insecure traffic : i18n misses\n2063795 - Remove go-ovirt-client go.mod replace directive\n2063829 - During an IPI install with the 4.10.4 installer on vSphere, getting \"Check\": platform.vsphere.network: Invalid value: \"VLAN_3912\": unable to find network provided\"\n2063831 - etcd quorum pods landing on same node\n2063897 - Community tasks not shown in pipeline builder page\n2063905 - PrometheusOperatorWatchErrors alert may fire shortly in case of transient errors from the API server\n2063938 - sing the hard coded rest-mapper in library-go\n2063955 - cannot download operator catalogs due to missing images\n2063957 - User Management - Users : While Impersonating user, UI is not switching into user\u0027s set language\n2064024 - SNO OCP upgrade with DU workload stuck at waiting for kube-apiserver static pod\n2064170 - [Azure] Missing punctuation in the  installconfig.controlPlane.platform.azure.osDisk explain\n2064239 - Virtualization Overview page turns into blank page\n2064256 - The Knative traffic distribution doesn\u0027t update percentage in sidebar\n2064553 - UI should prefer to use the virtio-win configmap than v2v-vmware configmap for windows creation\n2064596 - Fix the hubUrl docs link in pipeline quicksearch modal\n2064607 - Pipeline builder makes too many (100+) API calls upfront\n2064613 - [OCPonRHV]- after few days that cluster is alive we got error in storage operator\n2064693 - [IPI][OSP] Openshift-install fails to find the shiftstack cloud defined in clouds.yaml in the current directory\n2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server\n2064705 - the alertmanagerconfig validation catches the wrong value for invalid field\n2064744 - Errors trying to use the Debug Container feature\n2064984 - Update error message for label limits\n2065076 - Access monitoring Routes based on monitoring-shared-config creates wrong URL\n2065160 - Possible leak of load balancer targets on AWS Machine API Provider\n2065224 - Configuration for cloudFront in image-registry operator configuration is ignored \u0026 duration is corrupted\n2065290 - CVE-2021-23648 sanitize-url: XSS\n2065338 - VolumeSnapshot creation date sorting is broken\n2065507 - `oc adm upgrade` should return ReleaseAccepted condition to show upgrade status. \n2065510 - [AWS] failed to create cluster on ap-southeast-3\n2065513 - Dev Perspective -\u003e Project Dashboard shows Resource Quotas which are a bit misleading, and too many decimal places\n2065547 - (release-4.11) Gather kube-controller-manager pod logs with garbage collector errors\n2065552 - [AWS] Failed to install cluster on AWS ap-southeast-3 region due to image-registry panic error\n2065577 - user with user-workload-monitoring-config-edit role can not create user-workload-monitoring-config configmap\n2065597 - Cinder CSI is not configurable\n2065682 - Remote write relabel config adds label __tmp_openshift_cluster_id__ to all metrics\n2065689 - Internal Image registry with GCS backend does not redirect client\n2065749 - Kubelet slowly leaking memory and pods eventually unable to start\n2065785 - ip-reconciler job does not complete, halts node drain\n2065804 - Console backend check for Web Terminal Operator incorrectly returns HTTP 204\n2065806 - stop considering Mint mode as supported on Azure\n2065840 - the cronjob object is created  with a  wrong api version batch/v1beta1 when created  via the openshift console\n2065893 - [4.11] Bootimage bump tracker\n2066009 - CVE-2021-44906 minimist: prototype pollution\n2066232 - e2e-aws-workers-rhel8 is failing on ansible check\n2066418 - [4.11] Update channels information link is taking to a 404 error page\n2066444 - The \"ingress\" clusteroperator\u0027s relatedObjects field has kind names instead of resource names\n2066457 - Prometheus CI failure: 503 Service Unavailable\n2066463 - [IBMCloud] failed to list DNS zones: Exactly one of ApiKey or RefreshToken must be specified\n2066605 - coredns template block matches cluster API to loose\n2066615 - Downstream OSDK still use upstream image for Hybird type operator\n2066619 - The GitCommit of the `oc-mirror version` is not correct\n2066665 - [ibm-vpc-block] Unable to change default storage class\n2066700 - [node-tuning-operator] - Minimize wildcard/privilege Usage in Cluster and Local Roles\n2066754 - Cypress reports for core tests are not captured\n2066782 - Attached disk keeps in loading status when add disk to a power off VM by non-privileged user\n2066865 - Flaky test: In-tree Volumes [Driver: azure-disk] [Testpattern: Dynamic PV (delayed binding)] topology should provision a volume and schedule a pod with AllowedTopologies\n2066886 - openshift-apiserver pods never going NotReady\n2066887 - Dependabot alert: Path traversal in github.com/valyala/fasthttp\n2066889 - Dependabot alert: Path traversal in github.com/valyala/fasthttp\n2066923 - No rule to make target \u0027docker-push\u0027 when building the SRO bundle\n2066945 - SRO appends \"arm64\" instead of \"aarch64\" to the kernel name and it doesn\u0027t match the DTK\n2067004 - CMO contains grafana image though grafana is removed\n2067005 - Prometheus rule contains grafana though grafana is removed\n2067062 - should update prometheus-operator resources version\n2067064 - RoleBinding in Developer Console is dropping all subjects when editing\n2067155 - Incorrect operator display name shown in pipelines quickstart in devconsole\n2067180 - Missing i18n translations\n2067298 - Console 4.10 operand form refresh\n2067312 - PPT event source is lost when received by the consumer\n2067384 - OCP 4.10 should be firing APIRemovedInNextEUSReleaseInUse for APIs removed in 1.25\n2067456 - OCP 4.11 should be firing APIRemovedInNextEUSReleaseInUse and APIRemovedInNextReleaseInUse for APIs removed in 1.25\n2067995 - Internal registries with a big number of images delay pod creation due to recursive SELinux file context relabeling\n2068115 - resource tab extension fails to show up\n2068148 - [4.11] /etc/redhat-release symlink is broken\n2068180 - OCP UPI on AWS with STS enabled is breaking the Ingress operator\n2068181 - Event source powered with kamelet type source doesn\u0027t show associated deployment in resources tab\n2068490 - OLM descriptors integration test failing\n2068538 - Crashloop back-off popover visual spacing defects\n2068601 - Potential etcd inconsistent revision and data occurs\n2068613 - ClusterRoleUpdated/ClusterRoleBindingUpdated Spamming Event Logs\n2068908 - Manual blog link change needed\n2069068 - reconciling Prometheus Operator Deployment failed while upgrading from 4.7.46 to 4.8.35\n2069075 - [Alibaba 4.11.0-0.nightly] cluster storage component in Progressing state\n2069181 - Disabling community tasks is not working\n2069198 - Flaky CI test in e2e/pipeline-ci\n2069307 - oc mirror hangs when processing the Red Hat 4.10 catalog\n2069312 - extend rest mappings with \u0027job\u0027 definition\n2069457 - Ingress operator has superfluous finalizer deletion logic for LoadBalancer-type services\n2069577 - ConsolePlugin example proxy authorize is wrong\n2069612 - Special Resource Operator (SRO) - Crash when nodeSelector does not match any nodes\n2069632 - Not able to download previous container logs from console\n2069643 - ConfigMaps leftovers while uninstalling SpecialResource with configmap\n2069654 - Creating VMs with YAML on Openshift Virtualization UI is missing labels `flavor`, `os` and `workload`\n2069685 - UI crashes on load if a pinned resource model does not exist\n2069705 - prometheus target \"serviceMonitor/openshift-metallb-system/monitor-metallb-controller/0\" has a failure with \"server returned HTTP status 502 Bad Gateway\"\n2069740 - On-prem loadbalancer ports conflict with kube node port range\n2069760 - In developer perspective divider does not show up in navigation\n2069904 - Sync upstream 1.18.1 downstream\n2069914 - Application Launcher groupings are not case-sensitive\n2069997 - [4.11] should add user containers in /etc/subuid and /etc/subgid to support run pods in user namespaces\n2070000 - Add warning alerts for installing standalone k8s-nmstate\n2070020 - InContext doesn\u0027t work for Event Sources\n2070047 - Kuryr: Prometheus when installed on the cluster shouldn\u0027t report any alerts in firing state apart from Watchdog and AlertmanagerReceiversNotConfigured\n2070160 - Copy-to-clipboard and \u003cpre\u003e elements cause display issues for ACM dynamic plugins\n2070172 - SRO uses the chart\u0027s name as Helm release, not the SpecialResource\u0027s\n2070181 - [MAPO] serverGroupName ignored\n2070457 - Image vulnerability Popover overflows from the visible area\n2070674 - [GCP] Routes get timed out and nonresponsive after creating 2K service routes\n2070703 - some ipv6 network policy tests consistently failing\n2070720 - [UI] Filter reset doesn\u0027t work on Pods/Secrets/etc pages and complete list disappears\n2070731 - details switch label is not clickable on add page\n2070791 - [GCP]Image registry are crash on cluster with GCP workload identity enabled\n2070792 - service \"openshift-marketplace/marketplace-operator-metrics\" is not annotated with capability\n2070805 - ClusterVersion: could not download the update\n2070854 - cv.status.capabilities.enabledCapabilities doesn?t show the day-2 enabled caps when there are errors on resources update\n2070887 - Cv condition ImplicitlyEnabledCapabilities doesn?t complain about the disabled capabilities which is previously enabled\n2070888 - Cannot bind driver vfio-pci when apply sriovnodenetworkpolicy with type vfio-pci\n2070929 - OVN-Kubernetes: EgressIP breaks access from a pod with EgressIP to other host networked pods on different nodes\n2071019 - rebase vsphere csi driver 2.5\n2071021 - vsphere driver has snapshot support missing\n2071033 - conditionally relabel volumes given annotation not working - SELinux context match is wrong\n2071139 - Ingress pods scheduled on the same node\n2071364 - All image building tests are broken with \"            error: build error: attempting to convert BUILD_LOGLEVEL env var value \"\" to integer: strconv.Atoi: parsing \"\": invalid syntax\n2071578 - Monitoring navigation should not be shown if monitoring is not available (CRC)\n2071599 - RoleBidings are not getting updated for ClusterRole in OpenShift Web Console\n2071614 - Updating EgressNetworkPolicy rejecting with error UnsupportedMediaType\n2071617 - remove Kubevirt extensions in favour of dynamic plugin\n2071650 - ovn-k ovn_db_cluster metrics are not exposed for SNO\n2071691 - OCP Console global PatternFly overrides adds padding to breadcrumbs\n2071700 - v1 events show \"Generated from\" message without the source/reporting component\n2071715 - Shows 404 on Environment nav in Developer console\n2071719 - OCP Console global PatternFly overrides link button whitespace\n2071747 - Link to documentation from the overview page goes to a missing link\n2071761 - Translation Keys Are Not Namespaced\n2071799 - Multus CNI should exit cleanly on CNI DEL when the API server is unavailable\n2071859 - ovn-kube pods spec.dnsPolicy should be Default\n2071914 - cloud-network-config-controller 4.10.5:  Error building cloud provider client, err: %vfailed to initialize Azure environment: autorest/azure: There is no cloud environment matching the name \"\"\n2071998 - Cluster-version operator should share details of signature verification when it fails in \u0027Force: true\u0027 updates\n2072106 - cluster-ingress-operator tests do not build on go 1.18\n2072134 - Routes are not accessible within cluster from hostnet pods\n2072139 - vsphere driver has permissions to create/update PV objects\n2072154 - Secondary Scheduler operator panics\n2072171 - Test \"[sig-network][Feature:EgressFirewall] EgressFirewall should have no impact outside its namespace [Suite:openshift/conformance/parallel]\" fails\n2072195 - machine api doesn\u0027t issue client cert when AWS DNS suffix missing\n2072215 - Whereabouts ip-reconciler should be opt-in and not required\n2072389 - CVO exits upgrade immediately rather than waiting for etcd backup\n2072439 - openshift-cloud-network-config-controller reports wrong range of IP addresses for Azure worker nodes\n2072455 - make bundle overwrites supported-nic-ids_v1_configmap.yaml\n2072570 - The namespace titles for operator-install-single-namespace test keep changing\n2072710 - Perfscale - pods time out waiting for OVS port binding (ovn-installed)\n2072766 - Cluster Network Operator stuck in CrashLoopBackOff when scheduled to same master\n2072780 - OVN kube-master does not clear NetworkUnavailableCondition on GCP BYOH Windows node\n2072793 - Drop \"Used Filesystem\" from \"Virtualization -\u003e Overview\"\n2072805 - Observe \u003e Dashboards: $__range variables cause PromQL query errors\n2072807 - Observe \u003e Dashboards: Missing `panel.styles` attribute for table panels causes JS error\n2072842 - (release-4.11) Gather namespace names with overlapping UID ranges\n2072883 - sometimes monitoring dashboards charts can not be loaded successfully\n2072891 - Update gcp-pd-csi-driver to 1.5.1;\n2072911 - panic observed in kubedescheduler operator\n2072924 - periodic-ci-openshift-release-master-ci-4.11-e2e-azure-techpreview-serial\n2072957 - ContainerCreateError loop leads to several thousand empty logfiles in the file system\n2072998 - update aws-efs-csi-driver to the latest version\n2072999 - Navigate from logs of selected Tekton task instead of last one\n2073021 - [vsphere] Failed to update OS on master nodes\n2073112 - Prometheus (uwm) externalLabels not showing always in alerts. \n2073113 - Warning is logged to the console: W0407 Defaulting of registry auth file to \"${HOME}/.docker/config.json\" is deprecated. \n2073176 - removing data in form does not remove data from yaml editor\n2073197 - Error in Spoke/SNO agent: Source image rejected: A signature was required, but no signature exists\n2073329 - Pipelines-plugin- Having different title for Pipeline Runs tab, on Pipeline Details page it\u0027s \"PipelineRuns\" and on Repository Details page it\u0027s \"Pipeline Runs\". \n2073373 - Update azure-disk-csi-driver to 1.16.0\n2073378 - failed egressIP assignment - cloud-network-config-controller does not delete failed cloudprivateipconfig\n2073398 - machine-api-provider-openstack does not clean up OSP ports after failed server provisioning\n2073436 - Update azure-file-csi-driver to v1.14.0\n2073437 - Topology performance: Firehose/useK8sWatchResources cache can return unexpected data format if isList differs on multiple calls\n2073452 - [sig-network] pods should successfully create sandboxes by other - failed (add)\n2073473 - [OVN SCALE][ovn-northd] Unnecessary SB record no-op changes added to SB transaction. \n2073522 - Update ibm-vpc-block-csi-driver to v4.2.0\n2073525 - Update vpc-node-label-updater to v4.1.2\n2073901 - Installation failed due to etcd operator Err:DefragControllerDegraded: failed to dial endpoint https://10.0.0.7:2379 with maintenance client: context canceled\n2073937 - Invalid retention time and invalid retention size should be validated at one place and have error log in one place for UMW\n2073938 - APIRemovedInNextEUSReleaseInUse alert for runtimeclasses\n2073945 - APIRemovedInNextEUSReleaseInUse alert for podsecuritypolicies\n2073972 - Invalid retention time and invalid retention size should be validated at one place and have error log in one place for platform monitoring\n2074009 - [OVN] ovn-northd doesn\u0027t clean Chassis_Private record after scale down to 0 a machineSet\n2074031 - Admins should be able to tune garbage collector aggressiveness (GOGC) for kube-apiserver if necessary\n2074062 - Node Tuning Operator(NTO) - Cloud provider profile rollback doesn\u0027t work well\n2074084 - CMO metrics not visible in the OCP webconsole UI\n2074100 - CRD filtering according to name broken\n2074210 - asia-south2, australia-southeast2, and southamerica-west1Missing from GCP regions\n2074237 - oc new-app --image-stream flag behavior is unclear\n2074243 - DefaultPlacement API allow empty enum value and remove default\n2074447 - cluster-dashboard: CPU Utilisation iowait and steal\n2074465 - PipelineRun fails in import from Git flow if \"main\" branch is default\n2074471 - Cannot delete namespace with a LB type svc and Kuryr when ExternalCloudProvider is enabled\n2074475 - [e2e][automation] kubevirt plugin cypress tests fail\n2074483 - coreos-installer doesnt work on Dell machines\n2074544 - e2e-metal-ipi-ovn-ipv6 failing due to recent CEO changes\n2074585 - MCG standalone deployment page goes blank when the KMS option is enabled\n2074606 - occm does not have permissions to annotate SVC objects\n2074612 - Operator fails to install due to service name lookup failure\n2074613 - nodeip-configuration container incorrectly attempts to relabel /etc/systemd/system\n2074635 - Unable to start Web Terminal after deleting existing instance\n2074659 - AWS installconfig ValidateForProvisioning always provides blank values to validate zone records\n2074706 - Custom EC2 endpoint is not considered by AWS EBS CSI driver\n2074710 - Transition to go-ovirt-client\n2074756 - Namespace column provide wrong data in ClusterRole Details -\u003e Rolebindings tab\n2074767 - Metrics page show incorrect values due to metrics level config\n2074807 - NodeFilesystemSpaceFillingUp alert fires even before kubelet GC kicks in\n2074902 - `oc debug node/nodename ? chroot /host somecommand` should exit with non-zero when the sub-command failed\n2075015 - etcd-guard connection refused event repeating pathologically (payload blocking)\n2075024 - Metal upgrades permafailing on metal3 containers crash looping\n2075050 - oc-mirror fails to calculate between two channels with different prefixes for the same version of OCP\n2075091 - Symptom Detection.Undiagnosed panic detected in pod\n2075117 - Developer catalog: Order dropdown (A-Z, Z-A) is miss-aligned (in a separate row)\n2075149 - Trigger Translations When Extensions Are Updated\n2075189 - Imports from dynamic-plugin-sdk lead to failed module resolution errors\n2075459 - Set up cluster on aws with rootvolumn io2 failed due to no iops despite it being configured\n2075475 - OVN-Kubernetes: egress router pod (redirect mode), access from pod on different worker-node (redirect) doesn\u0027t work\n2075478 - Bump documentationBaseURL to 4.11\n2075491 - nmstate operator cannot be upgraded on SNO\n2075575 - Local Dev Env - Prometheus 404 Call errors spam the console\n2075584 - improve clarity of build failure messages when using csi shared resources but tech preview is not enabled\n2075592 - Regression - Top of the web terminal drawer is missing a stroke/dropshadow\n2075621 - Cluster upgrade.[sig-mco] Machine config pools complete upgrade\n2075647 - \u0027oc adm upgrade ...\u0027 POSTs ClusterVersion, clobbering any unrecognized spec properties\n2075671 - Cluster Ingress Operator K8S API cache contains duplicate objects\n2075778 - Fix failing TestGetRegistrySamples test\n2075873 - Bump recommended FCOS to 35.20220327.3.0\n2076193 - oc patch command for the liveness probe and readiness probe parameters of an OpenShift router deployment doesn\u0027t take effect\n2076270 - [OCPonRHV] MachineSet scale down operation fails to delete the worker VMs\n2076277 - [RFE] [OCPonRHV] Add storage domain ID valueto Compute/ControlPlain section in the machine object\n2076290 - PTP operator readme missing documentation on BC setup via PTP config\n2076297 - Router process ignores shutdown signal while starting up\n2076323 - OLM blocks all operator installs if an openshift-marketplace catalogsource is unavailable\n2076355 - The KubeletConfigController wrongly process multiple confs for a pool after having kubeletconfig in bootstrap\n2076393 - [VSphere] survey fails to list datacenters\n2076521 - Nodes in the same zone are not updated in the right order\n2076527 - Pipeline Builder: Make unnecessary tekton hub API calls when the user types \u0027too fast\u0027\n2076544 - Whitespace (padding) is missing after an PatternFly update, already in 4.10\n2076553 - Project access view replace group ref with user ref when updating their Role\n2076614 - Missing Events component from the SDK API\n2076637 - Configure metrics for vsphere driver to be reported\n2076646 - openshift-install destroy unable to delete PVC disks in GCP if cluster identifier is longer than 22 characters\n2076793 - CVO exits upgrade immediately rather than waiting for etcd backup\n2076831 - [ocp4.11]Mem/cpu high utilization by apiserver/etcd for cluster stayed 10 hours\n2076877 - network operator tracker to switch to use flowcontrol.apiserver.k8s.io/v1beta2 instead v1beta1 to be deprecated in k8s 1.26\n2076880 - OKD: add cluster domain to the uploaded vm configs so that 30-local-dns-prepender can use it\n2076975 - Metric unset during static route conversion in configure-ovs.sh\n2076984 - TestConfigurableRouteNoConsumingUserNoRBAC fails in CI\n2077050 - OCP should default to pd-ssd disk type on GCP\n2077150 - Breadcrumbs on a few screens don\u0027t have correct top margin spacing\n2077160 - Update owners for openshift/cluster-etcd-operator\n2077357 - [release-4.11] 200ms packet delay with OVN controller turn on\n2077373 - Accessibility warning on developer perspective\n2077386 - Import page shows untranslated values for the route advanced routing\u003esecurity options (devconsole~Edge)\n2077457 - failure in test case \"[sig-network][Feature:Router] The HAProxy router should serve the correct routes when running with the haproxy config manager\"\n2077497 - Rebase etcd to 3.5.3 or later\n2077597 - machine-api-controller is not taking the proxy configuration when it needs to reach the RHV API\n2077599 - OCP should alert users if they are on vsphere version \u003c7.0.2\n2077662 - AWS Platform Provisioning Check incorrectly identifies record as part of domain of cluster\n2077797 - LSO pods don\u0027t have any resource requests\n2077851 - \"make vendor\" target is not working\n2077943 - If there is a service with multiple ports, and the route uses 8080, when editing the 8080 port isn\u0027t replaced, but a random port gets replaced and 8080 still stays\n2077994 - Publish RHEL CoreOS AMIs in AWS ap-southeast-3 region\n2078013 - drop multipathd.socket workaround\n2078375 - When using the wizard with template using data source the resulting vm use pvc source\n2078396 - [OVN AWS] EgressIP was not balanced to another egress node after original node was removed egress label\n2078431 - [OCPonRHV] - ERROR failed to instantiate provider \"openshift/local/ovirt\" to obtain schema:  ERROR fork/exec\n2078526 - Multicast breaks after master node reboot/sync\n2078573 - SDN CNI -Fail to create nncp when vxlan is up\n2078634 - CRI-O not killing Calico CNI stalled (zombie) processes. \n2078698 - search box may not completely remove content\n2078769 - Different not translated filter group names (incl. Secret, Pipeline, PIpelineRun)\n2078778 - [4.11] oc get ValidatingWebhookConfiguration,MutatingWebhookConfiguration fails and caused ?apiserver panic\u0027d...http2: panic serving xxx.xx.xxx.21:49748: cannot deep copy int? when AllRequestBodies audit-profile is used. \n2078781 - PreflightValidation does not handle multiarch images\n2078866 - [BM][IPI] Installation with bonds fail - DaemonSet \"openshift-ovn-kubernetes/ovnkube-node\" rollout is not making progress\n2078875 - OpenShift Installer fail to remove Neutron ports\n2078895 - [OCPonRHV]-\"cow\" unsupported value in format field in install-config.yaml\n2078910 - CNO spitting out \".spec.groups[0].rules[4].runbook_url: field not declared in schema\"\n2078945 - Ensure only one apiserver-watcher process is active on a node. \n2078954 - network-metrics-daemon makes costly global pod list calls scaling per node\n2078969 - Avoid update races between old and new NTO operands during cluster upgrades\n2079012 - egressIP not migrated to correct workers after deleting machineset it was assigned\n2079062 - Test for console demo plugin toast notification needs to be increased for ci testing\n2079197 - [RFE] alert when more than one default storage class is detected\n2079216 - Partial cluster update reference doc link returns 404\n2079292 - containers prometheus-operator/kube-rbac-proxy violate PodSecurity\n2079315 - (release-4.11) Gather ODF config data with Insights\n2079422 - Deprecated 1.25 API call\n2079439 - OVN Pods Assigned Same IP Simultaneously\n2079468 - Enhance the waitForIngressControllerCondition for better CI results\n2079500 - okd-baremetal-install uses fcos for bootstrap but rhcos for cluster\n2079610 - Opeatorhub status shows errors\n2079663 - change default image features in RBD storageclass\n2079673 - Add flags to disable migrated code\n2079685 - Storageclass creation page with \"Enable encryption\" is not displaying saved KMS connection details when vaulttenantsa details are available in csi-kms-details config\n2079724 - cluster-etcd-operator - disable defrag-controller as there is unpredictable impact on large OpenShift Container Platform 4 - Cluster\n2079788 - Operator restarts while applying the acm-ice example\n2079789 - cluster drops ImplicitlyEnabledCapabilities during upgrade\n2079803 - Upgrade-triggered etcd backup will be skip during serial upgrade\n2079805 - Secondary scheduler operator should comply to restricted pod security level\n2079818 - Developer catalog installation overlay (modal?) shows a duplicated padding\n2079837 - [RFE] Hub/Spoke example with daemonset\n2079844 - EFS cluster csi driver status stuck in AWSEFSDriverCredentialsRequestControllerProgressing with sts installation\n2079845 - The Event Sinks catalog page now has a blank space on the left\n2079869 - Builds for multiple kernel versions should be ran in parallel when possible\n2079913 - [4.10] APIRemovedInNextEUSReleaseInUse alert for OVN endpointslices\n2079961 - The search results accordion has no spacing between it and the side navigation bar. \n2079965 - [rebase v1.24]  [sig-node] PodOSRejection [NodeConformance] Kubelet should reject pod when the node OS doesn\u0027t match pod\u0027s OS [Suite:openshift/conformance/parallel] [Suite:k8s]\n2080054 - TAGS arg for installer-artifacts images is not propagated to build images\n2080153 - aws-load-balancer-operator-controller-manager pod stuck in ContainerCreating status\n2080197 - etcd leader changes produce test churn during early stage of test\n2080255 - EgressIP broken on AWS with OpenShiftSDN / latest nightly build\n2080267 - [Fresh Installation] Openshift-machine-config-operator namespace is flooded with events related to clusterrole, clusterrolebinding\n2080279 - CVE-2022-29810 go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses\n2080379 - Group all e2e tests as parallel or serial\n2080387 - Visual connector not appear between the node if a node get created using \"move connector\" to a different application\n2080416 - oc bash-completion problem\n2080429 - CVO must ensure non-upgrade related changes are saved when desired payload fails to load\n2080446 - Sync ironic images with latest bug fixes packages\n2080679 - [rebase v1.24] [sig-cli] test failure\n2080681 - [rebase v1.24]  [sig-cluster-lifecycle] CSRs from machines that are not recognized by the cloud provider are not approved [Suite:openshift/conformance/parallel]\n2080687 - [rebase v1.24]  [sig-network][Feature:Router] tests are failing\n2080873 - Topology graph crashes after update to 4.11 when Layout 2 (ColaForce) was selected previously\n2080964 - Cluster operator special-resource-operator is always in Failing state with reason: \"Reconciling simple-kmod\"\n2080976 - Avoid hooks config maps when hooks are empty\n2081012 - [rebase v1.24]  [sig-devex][Feature:OpenShiftControllerManager] TestAutomaticCreationOfPullSecrets [Suite:openshift/conformance/parallel]\n2081018 - [rebase v1.24] [sig-imageregistry][Feature:Image] oc tag should work when only imagestreams api is available\n2081021 - [rebase v1.24] [sig-api-machinery] API data in etcd should be stored at the correct location and version for all resources\n2081062 - Unrevert RHCOS back to 8.6\n2081067 - admin dev-console /settings/cluster should point out history may be excerpted\n2081069 - [sig-network] pods should successfully create sandboxes by adding pod to network\n2081081 - PreflightValidation \"odd number of arguments passed as key-value pairs for logging\" error\n2081084 - [rebase v1.24] [sig-instrumentation] Events API should ensure that an event can be fetched, patched, deleted, and listed\n2081087 - [rebase v1.24] [sig-auth] ServiceAccounts should allow opting out of API token automount\n2081119 - `oc explain` output of default overlaySize is outdated\n2081172 - MetallLB: YAML view in webconsole does not show all the available key value pairs of all the objects\n2081201 - cloud-init User check for Windows VM refuses to accept capitalized usernames\n2081447 - Ingress operator performs spurious updates in response to API\u0027s defaulting of router deployment\u0027s router container\u0027s ports\u0027 protocol field\n2081562 - lifecycle.posStart hook does not have network connectivity. \n2081685 - Typo in NNCE Conditions\n2081743 - [e2e] tests failing\n2081788 - MetalLB: the crds are not validated until metallb is deployed\n2081821 - SpecialResourceModule CRD is not installed after deploying SRO operator using brew bundle image via OLM\n2081895 - Use the managed resource (and not the manifest) for resource health checks\n2081997 - disconnected insights operator remains degraded after editing pull secret\n2082075 - Removing huge amount of ports takes a lot of time. \n2082235 - CNO exposes a generic apiserver that apparently does nothing\n2082283 - Transition to new oVirt Terraform provider\n2082360 - OCP 4.10.4, CNI: SDN; Whereabouts IPAM: Duplicate IP address with bond-cni\n2082380 - [4.10.z] customize wizard is crashed\n2082403 - [LSO] No new build local-storage-operator-metadata-container created\n2082428 - oc patch healthCheckInterval with invalid \"5 s\" to the ingress-controller successfully\n2082441 - [UPI] aws-load-balancer-operator-controller-manager failed to get VPC ID in UPI on AWS\n2082492 - [IPI IBM]Can\u0027t create image-registry-private-configuration secret with error \"specified resource key credentials does not contain HMAC keys\"\n2082535 - [OCPonRHV]-workers are cloned when \"clone: false\" is specified in install-config.yaml\n2082538 - apirequests limits of Cluster CAPI Operator are too low for GCP platform\n2082566 - OCP dashboard fails to load when the query to Prometheus takes more than 30s to return\n2082604 - [IBMCloud][x86_64] IBM VPC does not properly support RHCOS Custom Image tagging\n2082667 - No new machines provisioned while machineset controller drained old nodes for change to machineset\n2082687 - [IBM Cloud][x86_64][CCCMO] IBM x86_64 CCM using unsupported --port argument\n2082763 - Cluster install stuck on the applying for operatorhub \"cluster\"\n2083149 - \"Update blocked\" label incorrectly displays on new minor versions in the \"Other available paths\" modal\n2083153 - Unable to use application credentials for Manila PVC creation on OpenStack\n2083154 - Dynamic plugin sdk tsdoc generation does not render docs for parameters\n2083219 - DPU network operator doesn\u0027t deal with c1... inteface names\n2083237 - [vsphere-ipi] Machineset scale up process delay\n2083299 - SRO does not fetch mirrored DTK images in disconnected clusters\n2083445 - [FJ OCP4.11 Bug]: RAID setting during IPI cluster deployment fails if iRMC port number is specified\n2083451 - Update external serivces URLs to console.redhat.com\n2083459 - Make numvfs \u003e totalvfs error message more verbose\n2083466 - Failed to create clusters on AWS C2S/SC2S due to image-registry MissingEndpoint error\n2083514 - Operator ignores managementState Removed\n2083641 - OpenShift Console Knative Eventing ContainerSource generates wrong api version when pointed to k8s Service\n2083756 - Linkify not upgradeable message on ClusterSettings page\n2083770 - Release image signature manifest filename extension is yaml\n2083919 - openshift4/ose-operator-registry:4.10.0 having security vulnerabilities\n2083942 - Learner promotion can temporarily fail with rpc not supported for learner errors\n2083964 - Sink resources dropdown is not persisted in form yaml switcher in event source creation form\n2083999 - \"--prune-over-size-limit\" is not working as expected\n2084079 - prometheus route is not updated to \"path: /api\" after upgrade from 4.10 to 4.11\n2084081 - nmstate-operator installed cluster on POWER shows issues while adding new dhcp interface\n2084124 - The Update cluster modal includes a broken link\n2084215 - Resource configmap \"openshift-machine-api/kube-rbac-proxy\" is defined by 2 manifests\n2084249 - panic in ovn pod from an e2e-aws-single-node-serial nightly run\n2084280 - GCP API Checks Fail if non-required APIs are not enabled\n2084288 - \"alert/Watchdog must have no gaps or changes\" failing after bump\n2084292 - Access to dashboard resources is needed in dynamic plugin SDK\n2084331 - Resource with multiple capabilities included unless all capabilities are disabled\n2084433 - Podsecurity violation error getting logged for ingresscontroller during deployment. \n2084438 - Change Ping source spec.jsonData (deprecated) field  to spec.data\n2084441 - [IPI-Azure]fail to check the vm capabilities in install cluster\n2084459 - Topology list view crashes when switching from chart view after moving sink from knative service to uri\n2084463 - 5 control plane replica tests fail on ephemeral volumes\n2084539 - update azure arm templates to support customer provided vnet\n2084545 - [rebase v1.24] cluster-api-operator causes all techpreview tests to fail\n2084580 - [4.10] No cluster name sanity validation - cluster name with a dot (\".\") character\n2084615 - Add to navigation option on search page is not properly aligned\n2084635 - PipelineRun creation from the GUI for a Pipeline with 2 workspaces hardcode the PVC storageclass\n2084732 - A special resource that was created in OCP 4.9 can\u0027t be deleted after an upgrade to 4.10\n2085187 - installer-artifacts fails to build with go 1.18\n2085326 - kube-state-metrics is tripping APIRemovedInNextEUSReleaseInUse\n2085336 - [IPI-Azure] Fail to create the worker node which HyperVGenerations is V2 or V1 and vmNetworkingType is Accelerated\n2085380 - [IPI-Azure] Incorrect error prompt validate VM image and instance HyperV gen match when install cluster\n2085407 - There is no Edit link/icon for labels on Node details page\n2085721 - customization controller image name is wrong\n2086056 - Missing doc for OVS HW offload\n2086086 - Update Cluster Sample Operator dependencies and libraries for OCP 4.11\n2086092 - update kube to v.24\n2086143 - CNO uses too much memory\n2086198 - Cluster CAPI Operator creates unnecessary defaulting webhooks\n2086301 - kubernetes nmstate pods are not running after creating instance\n2086408 - Podsecurity violation error getting logged for  externalDNS operand pods during deployment\n2086417 - Pipeline created from add flow has GIT Revision as required field\n2086437 - EgressQoS CRD not available\n2086450 - aws-load-balancer-controller-cluster pod logged Podsecurity violation error during deployment\n2086459 - oc adm inspect fails when one of resources not exist\n2086461 - CNO probes MTU unnecessarily in Hypershift, making cluster startup take too long\n2086465 - External identity providers should log login attempts in the audit trail\n2086469 - No data about title \u0027API Request Duration by Verb - 99th Percentile\u0027 display on the dashboard \u0027API Performance\u0027\n2086483 - baremetal-runtimecfg k8s dependencies should be on a par with 1.24 rebase\n2086505 - Update oauth-server images to be consistent with ART\n2086519 - workloads must comply to restricted security policy\n2086521 - Icons of Knative actions are not clearly visible on the context menu in the dark mode\n2086542 - Cannot create service binding through drag and drop\n2086544 - ovn-k master daemonset on hypershift shouldn\u0027t log token\n2086546 - Service binding connector is not visible in the dark mode\n2086718 - PowerVS destroy code does not work\n2086728 - [hypershift] Move drain to controller\n2086731 - Vertical pod autoscaler operator needs a 4.11 bump\n2086734 - Update csi driver images to be consistent with ART\n2086737 - cloud-provider-openstack rebase to kubernetes v1.24\n2086754 - Cluster resource override operator needs a 4.11 bump\n2086759 - [IPI] OCP-4.11 baremetal - boot partition is not mounted on temporary directory\n2086791 - Azure: Validate UltraSSD instances in multi-zone regions\n2086851 - pods with multiple external gateways may only be have ECMP routes for one gateway\n2086936 - vsphere ipi should use cores by default instead of sockets\n2086958 - flaky e2e in kube-controller-manager-operator TestPodDisruptionBudgetAtLimitAlert\n2086959 - flaky e2e in kube-controller-manager-operator TestLogLevel\n2086962 - oc-mirror publishes metadata with --dry-run when publishing to mirror\n2086964 - oc-mirror fails on differential run when mirroring a package with multiple channels specified\n2086972 - oc-mirror does not error invalid metadata is passed to the describe command\n2086974 - oc-mirror does not work with headsonly for operator 4.8\n2087024 - The oc-mirror result mapping.txt is not correct , can?t be used by `oc image mirror` command\n2087026 - DTK\u0027s imagestream is missing from OCP 4.11 payload\n2087037 - Cluster Autoscaler should use K8s 1.24 dependencies\n2087039 - Machine API components should use K8s 1.24 dependencies\n2087042 - Cloud providers components should use K8s 1.24 dependencies\n2087084 - remove unintentional nic support\n2087103 - \"Updating to release image\" from \u0027oc\u0027 should point out that the cluster-version operator hasn\u0027t accepted the update\n2087114 - Add simple-procfs-kmod in modprobe example in README.md\n2087213 - Spoke BMH stuck \"inspecting\" when deployed via ZTP in 4.11 OCP hub\n2087271 - oc-mirror does not check for existing workspace when performing mirror2mirror synchronization\n2087556 - Failed to render DPU ovnk manifests\n2087579 - ` --keep-manifest-list=true` does not work for `oc adm release new` , only pick up the linux/amd64 manifest from the manifest list\n2087680 - [Descheduler] Sync with sigs.k8s.io/descheduler\n2087684 - KCMO should not be able to apply LowUpdateSlowReaction from Default WorkerLatencyProfile\n2087685 - KASO should not be able to apply LowUpdateSlowReaction from Default WorkerLatencyProfile\n2087687 - MCO does not generate event when user applies Default -\u003e LowUpdateSlowReaction WorkerLatencyProfile\n2087764 - Rewrite the registry backend will hit error\n2087771 - [tracker] NetworkManager 1.36.0 loses DHCP lease and doesn\u0027t try again\n2087772 - Bindable badge causes some layout issues with the side panel of bindable operator backed services\n2087942 - CNO references images that are divergent from ART\n2087944 - KafkaSink Node visualized incorrectly\n2087983 - remove etcd_perf before restore\n2087993 - PreflightValidation many \"msg\":\"TODO: preflight checks\" in the operator log\n2088130 - oc-mirror init does not allow for automated testing\n2088161 - Match dockerfile image name with the name used in the release repo\n2088248 - Create HANA VM does not use values from customized HANA templates\n2088304 - ose-console: enable source containers for open source requirements\n2088428 - clusteroperator/baremetal stays in progressing: Applying metal3 resources state on a fresh install\n2088431 - AvoidBuggyIPs field of addresspool should be removed\n2088483 - oc adm catalog mirror returns 0 even if there are errors\n2088489 - Topology list does not allow selecting an application group anymore (again)\n2088533 - CRDs for openshift.io should have subresource.status failes on sharedconfigmaps.sharedresource and sharedsecrets.sharedresource\n2088535 - MetalLB: Enable debug log level for downstream CI\n2088541 - Default CatalogSources in openshift-marketplace namespace keeps throwing pod security admission warnings `would violate PodSecurity \"restricted:v1.24\"`\n2088561 - BMH unable to start inspection: File name too long\n2088634 - oc-mirror does not fail when catalog is invalid\n2088660 - Nutanix IPI installation inside container failed\n2088663 - Better to change the default value of --max-per-registry to 6\n2089163 - NMState CRD out of sync with code\n2089191 - should remove grafana from cluster-monitoring-config configmap in hypershift cluster\n2089224 - openshift-monitoring/cluster-monitoring-config configmap always revert to default setting\n2089254 - CAPI operator: Rotate token secret if its older than 30 minutes\n2089276 - origin tests for egressIP and azure fail\n2089295 - [Nutanix]machine stuck in Deleting phase when delete a machineset whose replicas\u003e=2 and machine is Provisioning phase on Nutanix\n2089309 - [OCP 4.11] Ironic inspector image fails to clean disks that are part of a multipath setup if they are passive paths\n2089334 - All cloud providers should use service account credentials\n2089344 - Failed to deploy simple-kmod\n2089350 - Rebase sdn to 1.24\n2089387 - LSO not taking mpath. ignoring device\n2089392 - 120 node baremetal upgrade from 4.9.29 --\u003e 4.10.13  crashloops on machine-approver\n2089396 - oc-mirror does not show pruned image plan\n2089405 - New topology package shows gray build icons instead of green/red icons for builds and pipelines\n2089419 - do not block 4.10 to 4.11 upgrades if an existing CSI driver is found. Instead, warn about presence of third party CSI driver\n2089488 - Special resources are missing the managementState field\n2089563 - Update Power VS MAPI to use api\u0027s from openshift/api repo\n2089574 - UWM prometheus-operator pod can\u0027t start up due to no master node in hypershift cluster\n2089675 - Could not move Serverless Service without Revision (or while starting?)\n2089681 - [Hypershift] EgressIP doesn\u0027t work in hypershift guest cluster\n2089682 - Installer expects all nutanix subnets to have a cluster reference which is not the case for e.g. overlay networks\n2089687 - alert message of MCDDrainError needs to be updated for new drain controller\n2089696 - CR reconciliation is stuck in daemonset lifecycle\n2089716 - [4.11][reliability]one worker node became NotReady on which ovnkube-node pod\u0027s memory increased sharply\n2089719 - acm-simple-kmod fails to build\n2089720 - [Hypershift] ICSP doesn\u0027t work for the guest cluster\n2089743 - acm-ice fails to deploy: helm chart does not appear to be a gzipped archive\n2089773 - Pipeline status filter and status colors doesn\u0027t work correctly with non-english languages\n2089775 - keepalived can keep ingress VIP on wrong node under certain circumstances\n2089805 - Config duration metrics aren\u0027t exposed\n2089827 - MetalLB CI - backward compatible tests are failing due to the order of delete\n2089909 - PTP e2e testing not working on SNO cluster\n2089918 - oc-mirror skip-missing still returns 404 errors when images do not exist\n2089930 - Bump OVN to 22.06\n2089933 - Pods do not post readiness status on termination\n2089968 - Multus CNI daemonset should use hostPath mounts with type: directory\n2089973 - bump libs to k8s 1.24 for OCP 4.11\n2089996 - Unnecessary yarn install runs in e2e tests\n2090017 - Enable source containers to meet open source requirements\n2090049 - destroying GCP cluster which has a compute node without infra id in name would fail to delete 2 k8s firewall-rules and VPC network\n2090092 - Will hit error if specify the channel not the latest\n2090151 - [RHEL scale up] increase the wait time so that the node has enough time to get ready\n2090178 - VM SSH command generated by UI points at api VIP\n2090182 - [Nutanix]Create a machineset with invalid image, machine stuck in \"Provisioning\" phase\n2090236 - Only reconcile annotations and status for clusters\n2090266 - oc adm release extract is failing on mutli arch image\n2090268 - [AWS EFS] Operator not getting installed successfully on Hypershift Guest cluster\n2090336 - Multus logging should be disabled prior to release\n2090343 - Multus debug logging should be enabled temporarily for debugging podsandbox creation failures. \n2090358 - Initiating drain log message is displayed before the drain actually starts\n2090359 - Nutanix mapi-controller: misleading error message when the failure is caused by wrong credentials\n2090405 - [tracker] weird port mapping with asymmetric traffic [rhel-8.6.0.z]\n2090430 - gofmt code\n2090436 - It takes 30min-60min to update the machine count in custom MachineConfigPools (MCPs) when a node is removed from the pool\n2090437 - Bump CNO to k8s 1.24\n2090465 - golang version mismatch\n2090487 - Change default SNO Networking Type and disallow OpenShiftSDN a supported networking Type\n2090537 - failure in ovndb migration when db is not ready in HA mode\n2090549 - dpu-network-operator shall be able to run on amd64 arch platform\n2090621 - Metal3 plugin does not work properly with updated NodeMaintenance CRD\n2090627 - Git commit and branch are empty in MetalLB log\n2090692 - Bump to latest 1.24 k8s release\n2090730 - must-gather should include multus logs. \n2090731 - nmstate deploys two instances of webhook on a single-node cluster\n2090751 - oc image mirror skip-missing flag does not skip images\n2090755 - MetalLB: BGPAdvertisement validation allows duplicate entries for ip pool selector, ip address pools, node selector and bgp peers\n2090774 - Add Readme to plugin directory\n2090794 - MachineConfigPool cannot apply a configuration after fixing the pods that caused a drain alert\n2090809 - gm.ClockClass  invalid syntax parse error in linux ptp daemon logs\n2090816 - OCP 4.8 Baremetal IPI installation failure: \"Bootstrap failed to complete: timed out waiting for the condition\"\n2090819 - oc-mirror does not catch invalid registry input when a namespace is specified\n2090827 - Rebase CoreDNS to 1.9.2 and k8s 1.24\n2090829 - Bump OpenShift router to k8s 1.24\n2090838 - Flaky test: ignore flapping host interface \u0027tunbr\u0027\n2090843 - addLogicalPort() performance/scale optimizations\n2090895 - Dynamic plugin nav extension \"startsWith\" property does not work\n2090929 - [etcd] cluster-backup.sh script has a conflict to use the \u0027/etc/kubernetes/static-pod-certs\u0027 folder if a custom API certificate is defined\n2090993 - [AI Day2] Worker node overview page crashes in Openshift console with TypeError\n2091029 - Cancel rollout action only appears when rollout is completed\n2091030 - Some BM may fail booting with default bootMode strategy\n2091033 - [Descheduler]: provide ability to override included/excluded namespaces\n2091087 - ODC Helm backend Owners file needs updates\n2091106 - Dependabot alert: Unhandled exception in gopkg.in/yaml.v3\n2091142 - Dependabot alert: Unhandled exception in gopkg.in/yaml.v3\n2091167 - IPsec runtime enabling not work in hypershift\n2091218 - Update Dev Console Helm backend to use helm 3.9.0\n2091433 - Update AWS instance types\n2091542 - Error Loading/404 not found page shown after clicking \"Current namespace only\"\n2091547 - Internet connection test with proxy permanently fails\n2091567 - oVirt CSI driver should use latest go-ovirt-client\n2091595 - Alertmanager configuration can\u0027t use OpsGenie\u0027s entity field when AlertmanagerConfig is enabled\n2091599 - PTP Dual Nic  | Extend Events 4.11 - Up/Down master interface affects all the other interface in the same NIC accoording the events and metric\n2091603 - WebSocket connection restarts when switching tabs in WebTerminal\n2091613 - simple-kmod fails to build due to missing KVC\n2091634 - OVS 2.15 stops handling traffic once ovs-dpctl(2.17.2) is used against it\n2091730 - MCO e2e tests are failing with \"No token found in openshift-monitoring secrets\"\n2091746 - \"Oh no! Something went wrong\" shown after user creates MCP without \u0027spec\u0027\n2091770 - CVO gets stuck downloading an upgrade, with the version pod complaining about invalid options\n2091854 - clusteroperator status filter doesn\u0027t match all values in Status column\n2091901 - Log stream paused right after updating log lines in Web Console in OCP4.10\n2091902 - unable to retrieve the complete list of server APIs: metrics.k8s.io/v1beta1: the server has received too many requests and has asked us to try again later\n2091990 - wrong external-ids for ovn-controller lflow-cache-limit-kb\n2092003 - PR 3162 | BZ 2084450 - invalid URL schema for AWS causes tests to perma fail and break the cloud-network-config-controller\n2092041 - Bump cluster-dns-operator to k8s 1.24\n2092042 - Bump cluster-ingress-operator to k8s 1.24\n2092047 - Kube 1.24 rebase for cloud-network-config-controller\n2092137 - Search doesn\u0027t show all entries when name filter is cleared\n2092296 - Change Default MachineCIDR of Power VS Platform from 10.x to 192.168.0.0/16\n2092390 - [RDR] [UI] Multiple instances of Object Bucket, Object Bucket Claims and \u0027Overview\u0027 tab is present under Storage section on the Hub cluster when navigated back from the Managed cluster using the Hybrid console dropdown\n2092395 - etcdHighNumberOfFailedGRPCRequests alerts with wrong results\n2092408 - Wrong icon is used in the virtualization overview permissions card\n2092414 - In virtualization overview \"running vm per templates\" template list can be improved\n2092442 - Minimum time between drain retries is not the expected one\n2092464 - marketplace catalog defaults to v4.10\n2092473 - libovsdb performance backports\n2092495 - ovn: use up to 4 northd threads in non-SNO clusters\n2092502 - [azure-file-csi-driver] Stop shipping a NFS StorageClass\n2092509 - Invalid memory address error if non existing caBundle is configured in DNS-over-TLS using ForwardPlugins\n2092572 - acm-simple-kmod chart should create the namespace on the spoke cluster\n2092579 - Don\u0027t retry pod deletion if objects are not existing\n2092650 - [BM IPI with Provisioning Network] Worker nodes are not provisioned: ironic-agent is stuck before writing into disks\n2092703 - Incorrect mount propagation information in container status\n2092815 - can\u0027t delete the unwanted image from registry by oc-mirror\n2092851 - [Descheduler]: allow to customize the LowNodeUtilization strategy thresholds\n2092867 - make repository name unique in acm-ice/acm-simple-kmod examples\n2092880 - etcdHighNumberOfLeaderChanges returns incorrect number of leadership changes\n2092887 - oc-mirror list releases command uses filter-options flag instead of filter-by-os\n2092889 - Incorrect updating of EgressACLs using direction \"from-lport\"\n2092918 - CVE-2022-30321 go-getter: unsafe download (issue 1 of 3)\n2092923 - CVE-2022-30322 go-getter: unsafe download (issue 2 of 3)\n2092925 - CVE-2022-30323 go-getter: unsafe download (issue 3 of 3)\n2092928 - CVE-2022-26945 go-getter: command injection vulnerability\n2092937 - WebScale: OVN-k8s forwarding to external-gw over the secondary interfaces failing\n2092966 - [OCP 4.11] [azure] /etc/udev/rules.d/66-azure-storage.rules missing from initramfs\n2093044 - Azure machine-api-provider-azure Availability Set Name Length Limit\n2093047 - Dynamic Plugins: Generated API markdown duplicates `checkAccess` and `useAccessReview` doc\n2093126 - [4.11] Bootimage bump tracker\n2093236 - DNS operator stopped reconciling after 4.10 to 4.11 upgrade | 4.11 nightly to 4.11 nightly upgrade\n2093288 - Default catalogs fails liveness/readiness probes\n2093357 - Upgrading sno spoke with acm-ice, causes the sno to get unreachable\n2093368 - Installer orphans FIPs created for LoadBalancer Services on `cluster destroy`\n2093396 - Remove node-tainting for too-small MTU\n2093445 - ManagementState reconciliation breaks SR\n2093454 - Router proxy protocol doesn\u0027t work with dual-stack (IPv4 and IPv6) clusters\n2093462 - Ingress Operator isn\u0027t reconciling the ingress cluster operator object\n2093586 - Topology: Ctrl+space opens the quick search modal, but doesn\u0027t close it again\n2093593 - Import from Devfile shows configuration options that shoudn\u0027t be there\n2093597 - Import: Advanced option sentence is splited into two parts and headlines has no padding\n2093600 - Project access tab should apply new permissions before it delete old ones\n2093601 - Project access page doesn\u0027t allow the user to update the settings twice (without manually reload the content)\n2093783 - Should bump cluster-kube-descheduler-operator to kubernetes version V1.24\n2093797 - \u0027oc registry login\u0027 with serviceaccount function need update\n2093819 - An etcd member for a new machine was never added to the cluster\n2093930 - Gather console helm install  totals metric\n2093957 - Oc-mirror write dup metadata to registry backend\n2093986 - Podsecurity violation error getting logged for pod-identity-webhook\n2093992 - Cluster version operator acknowledges upgrade failing on periodic-ci-openshift-release-master-nightly-4.11-e2e-metal-ipi-upgrade-ovn-ipv6\n2094023 - Add Git Flow - Template Labels for Deployment show as DeploymentConfig\n2094024 - bump oauth-apiserver deps to include 1.23.1 k8s that fixes etcd blips\n2094039 - egressIP panics with nil pointer dereference\n2094055 - Bump coreos-installer for s390x Secure Execution\n2094071 - No runbook created for SouthboundStale alert\n2094088 - Columns in NBDB may never be updated by OVNK\n2094104 - Demo dynamic plugin image tests should be skipped when testing console-operator\n2094152 - Alerts in the virtualization overview status card aren\u0027t filtered\n2094196 - Add default and validating webhooks for Power VS MAPI\n2094227 - Topology: Create Service Binding should not be the last option (even under delete)\n2094239 - custom pool Nodes with 0 nodes are always populated in progress bar\n2094303 - If og is configured with sa, operator installation will be failed. \n2094335 - [Nutanix] - debug logs are enabled by default in machine-controller\n2094342 - apirequests limits of Cluster CAPI Operator are too low for Azure platform\n2094438 - Make AWS URL parsing more lenient for GetNodeEgressIPConfiguration\n2094525 - Allow automatic upgrades for efs operator\n2094532 - ovn-windows CI jobs are broken\n2094675 - PTP Dual Nic  | Extend Events 4.11 - when kill the phc2sys We have notification for the ptp4l physical master moved to free run\n2094694 - [Nutanix] No cluster name sanity validation - cluster name with a dot (\".\") character\n2094704 - Verbose log activated on kube-rbac-proxy in deployment prometheus-k8s\n2094801 - Kuryr controller keep restarting when handling IPs with leading zeros\n2094806 - Machine API oVrit component should use K8s 1.24 dependencies\n2094816 - Kuryr controller restarts when over quota\n2094833 - Repository overview page does not show default PipelineRun template for developer user\n2094857 - CloudShellTerminal loops indefinitely if DevWorkspace CR goes into failed state\n2094864 - Rebase CAPG to latest changes\n2094866 - oc-mirror does not always delete all manifests associated with an image during pruning\n2094896 - Run \u0027openshift-install agent create image\u0027 has segfault exception if cluster-manifests directory missing\n2094902 - Fix installer cross-compiling\n2094932 - MGMT-10403 Ingress should enable single-node cluster expansion on upgraded clusters\n2095049 - managed-csi StorageClass does not create PVs\n2095071 - Backend tests fails after devfile registry update\n2095083 - Observe \u003e Dashboards: Graphs may change a lot on automatic refresh\n2095110 - [ovn] northd container termination script must use bash\n2095113 - [ovnkube] bump to openvswitch2.17-2.17.0-22.el8fdp\n2095226 - Added changes to verify cloud connection and dhcpservices quota of a powervs instance\n2095229 - ingress-operator pod in CrashLoopBackOff in 4.11 after upgrade starting in 4.6 due to go panic\n2095231 - Kafka Sink sidebar in topology is empty\n2095247 - Event sink form doesn\u0027t show channel as sink until app is refreshed\n2095248 - [vSphere-CSI-Driver] does not report volume count limits correctly caused pod with multi volumes maybe schedule to not satisfied volume count node\n2095256 - Samples Owner needs to be Updated\n2095264 - ovs-configuration.service fails with Error: Failed to modify connection \u0027ovs-if-br-ex\u0027: failed to update connection: error writing to file \u0027/etc/NetworkManager/systemConnectionsMerged/ovs-if-br-ex.nmconnection\u0027\n2095362 - oVirt CSI driver operator should use latest go-ovirt-client\n2095574 - e2e-agnostic CI job fails\n2095687 - Debug Container shown for build logs and on click ui breaks\n2095703 - machinedeletionhooks doesn\u0027t work in vsphere cluster and BM cluster\n2095716 - New PSA component for Pod Security Standards enforcement is refusing openshift-operators ns\n2095756 - CNO panics with concurrent map read/write\n2095772 - Memory requests for ovnkube-master containers are over-sized\n2095917 - Nutanix set osDisk with diskSizeGB rather than diskSizeMiB\n2095941 - DNS Traffic not kept local to zone or node when Calico SDN utilized\n2096053 - Builder Image icons in Git Import flow are hard to see in Dark mode\n2096226 - crio fails to bind to tentative IP, causing service failure since RHOCS was rebased on RHEL 8.6\n2096315 - NodeClockNotSynchronising alert\u0027s severity should be critical\n2096350 - Web console doesn\u0027t display webhook errors for upgrades\n2096352 - Collect whole journal in gather\n2096380 - acm-simple-kmod references deprecated KVC example\n2096392 - Topology node icons are not properly visible in Dark mode\n2096394 - Add page Card items background color does not match with column background color in Dark mode\n2096413 - br-ex not created due to default bond interface having a different mac address than expected\n2096496 - FIPS issue on OCP SNO with RT Kernel via performance profile\n2096605 - [vsphere] no validation checking for diskType\n2096691 - [Alibaba 4.11] Specifying ResourceGroup id in install-config.yaml, New pv are still getting created to default ResourceGroups\n2096855 - `oc adm release new` failed with error when use  an existing  multi-arch release image as input\n2096905 - Openshift installer should not use the prism client embedded in nutanix terraform provider\n2096908 - Dark theme issue in pipeline builder, Helm rollback form, and Git import\n2097000 - KafkaConnections disappear from Topology after creating KafkaSink in Topology\n2097043 - No clean way to specify operand issues to KEDA OLM operator\n2097047 - MetalLB:  matchExpressions used in CR like L2Advertisement, BGPAdvertisement, BGPPeers allow duplicate entries\n2097067 - ClusterVersion history pruner does not always retain initial completed update entry\n2097153 - poor performance on API call to vCenter ListTags with thousands of tags\n2097186 - PSa autolabeling in 4.11 env upgraded from 4.10 does not work due to missing RBAC objects\n2097239 - Change Lower CPU limits for Power VS cloud\n2097246 - Kuryr: verify and unit jobs failing due to upstream OpenStack dropping py36 support\n2097260 - openshift-install create manifests failed for Power VS platform\n2097276 - MetalLB CI deploys the operator via manifests and not using the csv\n2097282 - chore: update external-provisioner to the latest upstream release\n2097283 - chore: update external-snapshotter to the latest upstream release\n2097284 - chore: update external-attacher to the latest upstream release\n2097286 - chore: update node-driver-registrar to the latest upstream release\n2097334 - oc plugin help shows \u0027kubectl\u0027\n2097346 - Monitoring must-gather doesn\u0027t seem to be working anymore in 4.11\n2097400 - Shared Resource CSI Driver needs additional permissions for validation webhook\n2097454 - Placeholder bug for OCP 4.11.0 metadata release\n2097503 - chore: rebase against latest external-resizer\n2097555 - IngressControllersNotUpgradeable: load balancer service has been modified; changes must be reverted before upgrading\n2097607 - Add Power VS support to Webhooks tests in actuator e2e test\n2097685 - Ironic-agent can\u0027t restart because of existing container\n2097716 - settings under httpConfig is dropped with AlertmanagerConfig v1beta1\n2097810 - Required Network tools missing for Testing e2e PTP\n2097832 - clean up unused IPv6DualStackNoUpgrade feature gate\n2097940 - openshift-install destroy cluster traps if vpcRegion not specified\n2097954 - 4.11 installation failed at monitoring and network clusteroperators with error \"conmon: option parsing failed: Unknown option --log-global-size-max\" making all jobs failing\n2098172 - oc-mirror does not validatethe registry in the storage config\n2098175 - invalid license in python-dataclasses-0.8-2.el8 spec\n2098177 - python-pint-0.10.1-2.el8 has unused Patch0 in spec file\n2098242 - typo in SRO specialresourcemodule\n2098243 - Add error check to Platform create for Power VS\n2098392 - [OCP 4.11] Ironic cannot match \"wwn\" rootDeviceHint for a multipath device\n2098508 - Control-plane-machine-set-operator report panic\n2098610 - No need to check the push permission with ?manifests-only option\n2099293 - oVirt cluster API provider should use latest go-ovirt-client\n2099330 - Edit application grouping is shown to user with view only access in a cluster\n2099340 - CAPI e2e tests for AWS are missing\n2099357 - ovn-kubernetes needs explicit RBAC coordination leases for 1.24 bump\n2099358 - Dark mode+Topology update: Unexpected selected+hover border and background colors for app groups\n2099528 - Layout issue: No spacing in delete modals\n2099561 - Prometheus returns HTTP 500 error on /favicon.ico\n2099582 - Format and update Repository overview content\n2099611 - Failures on etcd-operator watch channels\n2099637 - Should print error when use --keep-manifest-list\\xfalse for manifestlist image\n2099654 - Topology performance: Endless rerender loop when showing a Http EventSink (KameletBinding)\n2099668 - KubeControllerManager should degrade when GC stops working\n2099695 - Update CAPG after rebase\n2099751 - specialresourcemodule stacktrace while looping over build status\n2099755 - EgressIP node\u0027s mgmtIP reachability configuration option\n2099763 - Update icons for event sources and sinks in topology, Add page, and context menu\n2099811 - UDP Packet loss in OpenShift using IPv6 [upcall]\n2099821 - exporting a pointer for the loop variable\n2099875 - The speaker won\u0027t start if there\u0027s another component on the host listening on 8080\n2099899 - oc-mirror looks for layers in the wrong repository when searching for release images during publishing\n2099928 - [FJ OCP4.11 Bug]: Add unit tests to image_customization_test file\n2099968 - [Azure-File-CSI] failed to provisioning volume in ARO cluster\n2100001 - Sync upstream v1.22.0 downstream\n2100007 - Run bundle-upgrade failed from the traditional File-Based Catalog installed operator\n2100033 - OCP 4.11 IPI - Some csr remain \"Pending\" post deployment\n2100038 - failure to update special-resource-lifecycle table during update Event\n2100079 - SDN needs explicit RBAC coordination leases for 1.24 bump\n2100138 - release info --bugs has no differentiator between Jira and Bugzilla\n2100155 - kube-apiserver-operator should raise an alert when there is a Pod Security admission violation\n2100159 - Dark theme: Build icon for pending status is not inverted in topology sidebar\n2100323 - Sqlit-based catsrc cannot be ready due to \"Error: open ./db-xxxx: permission denied\"\n2100347 - KASO retains old config values when switching from Medium/Default to empty worker latency profile\n2100356 - Remove Condition tab and create option from console as it is deprecated in OSP-1.8\n2100439 - [gce-pd] GCE PD in-tree storage plugin tests not running\n2100496 - [OCPonRHV]-oVirt API returns affinity groups without a description field\n2100507 - Remove redundant log lines from obj_retry.go\n2100536 - Update API to allow EgressIP node reachability check\n2100601 - Update CNO to allow EgressIP node reachability check\n2100643 - [Migration] [GCP]OVN can not rollback to SDN\n2100644 - openshift-ansible FTBFS on RHEL8\n2100669 - Telemetry should not log the full path if it contains a username\n2100749 - [OCP 4.11] multipath support needs multipath modules\n2100825 - Update machine-api-powervs go modules to latest version\n2100841 - tiny openshift-install usability fix for setting KUBECONFIG\n2101460 - An etcd member for a new machine was never added to the cluster\n2101498 - Revert Bug 2082599: add upper bound to number of failed attempts\n2102086 - The base image is still 4.10 for operator-sdk 1.22\n2102302 - Dummy bug for 4.10 backports\n2102362 - Valid regions should be allowed in GCP install config\n2102500 - Kubernetes NMState pods can not evict due to PDB on an SNO cluster\n2102639 - Drain happens before other image-registry pod is ready to service requests, causing disruption\n2102782 - topolvm-controller get into CrashLoopBackOff few minutes after install\n2102834 - [cloud-credential-operator]container has runAsNonRoot and image will run as root\n2102947 - [VPA] recommender is logging errors for pods with init containers\n2103053 - [4.11] Backport Prow CI improvements from master\n2103075 - Listing secrets in all namespaces with a specific labelSelector does not work properly\n2103080 - br-ex not created due to default bond interface having a different mac address than expected\n2103177 - disabling ipv6 router advertisements using \"all\" does not disable it on secondary interfaces\n2103728 - Carry HAProxy patch \u0027BUG/MEDIUM: h2: match absolute-path not path-absolute for :path\u0027\n2103749 - MachineConfigPool is not getting updated\n2104282 - heterogeneous arch: oc adm extract encodes arch specific release payload pullspec rather than the manifestlisted pullspec\n2104432 - [dpu-network-operator] Updating images to be consistent with ART\n2104552 - kube-controller-manager operator 4.11.0-rc.0 degraded on disabled monitoring stack\n2104561 - 4.10 to 4.11 update: Degraded node: unexpected on-disk state: mode mismatch for file: \"/etc/crio/crio.conf.d/01-ctrcfg-pidsLimit\"; expected: -rw-r--r--/420/0644; received: ----------/0/0\n2104589 - must-gather namespace should have ?privileged? warn and audit pod security labels besides enforce\n2104701 - In CI 4.10 HAProxy must-gather takes longer than 10 minutes\n2104717 - NetworkPolicies: ovnkube-master pods crashing due to panic: \"invalid memory address or nil pointer dereference\"\n2104727 - Bootstrap node should honor http proxy\n2104906 - Uninstall fails with Observed a panic: runtime.boundsError\n2104951 - Web console doesn\u0027t display webhook errors for upgrades\n2104991 - Completed pods may not be correctly cleaned up\n2105101 - NodeIP is used instead of EgressIP if egressPod is recreated within 60 seconds\n2105106 - co/node-tuning: Waiting for 15/72 Profiles to be applied\n2105146 - Degraded=True noise with: UpgradeBackupControllerDegraded: unable to retrieve cluster version, no completed update was found in cluster version status history\n2105167 - BuildConfig throws error when using a label with a / in it\n2105334 - vmware-vsphere-csi-driver-controller can\u0027t use host port error on e2e-vsphere-serial\n2105382 - Add a validation webhook for Nutanix machine provider spec in Machine API Operator\n2105468 - The ccoctl does not seem to know how to leverage the VMs service account to talk to GCP APIs. \n2105937 - telemeter golangci-lint outdated blocking ART PRs that update to Go1.18\n2106051 - Unable to deploy acm-ice using latest SRO 4.11 build\n2106058 - vSphere defaults to SecureBoot on; breaks installation of out-of-tree drivers [4.11.0]\n2106062 - [4.11] Bootimage bump tracker\n2106116 - IngressController spec.tuningOptions.healthCheckInterval validation allows invalid values such as \"0abc\"\n2106163 - Samples ImageStreams vs. registry.redhat.io: unsupported: V2 schema 1 manifest digests are no longer supported for image pulls\n2106313 - bond-cni: backport bond-cni GA items to 4.11\n2106543 - Typo in must-gather release-4.10\n2106594 - crud/other-routes.spec.ts Cypress test failing at a high rate in CI\n2106723 - [4.11] Upgrade from 4.11.0-rc0 -\u003e 4.11.0-rc.1 failed. rpm-ostree status shows No space left on device\n2106855 - [4.11.z] externalTrafficPolicy=Local is not working in local gateway mode if ovnkube-node is restarted\n2107493 - ReplicaSet prometheus-operator-admission-webhook has timed out progressing\n2107501 - metallb greenwave tests failure\n2107690 - Driver Container builds fail with \"error determining starting point for build: no FROM statement found\"\n2108175 - etcd backup seems to not be triggered in 4.10.18--\u003e4.10.20 upgrade\n2108617 - [oc adm release] extraction of the installer against a manifestlisted payload referenced by tag leads to a bad release image reference\n2108686 - rpm-ostreed: start limit hit easily\n2110505 - [Upgrade]deployment openshift-machine-api/machine-api-operator has a replica failure FailedCreate\n2110715 - openshift-controller-manager(-operator) namespace should clear run-level annotations\n2111055 - dummy bug for 4.10.z bz2110938\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-25009\nhttps://access.redhat.com/security/cve/CVE-2018-25010\nhttps://access.redhat.com/security/cve/CVE-2018-25012\nhttps://access.redhat.com/security/cve/CVE-2018-25013\nhttps://access.redhat.com/security/cve/CVE-2018-25014\nhttps://access.redhat.com/security/cve/CVE-2018-25032\nhttps://access.redhat.com/security/cve/CVE-2019-5827\nhttps://access.redhat.com/security/cve/CVE-2019-13750\nhttps://access.redhat.com/security/cve/CVE-2019-13751\nhttps://access.redhat.com/security/cve/CVE-2019-17594\nhttps://access.redhat.com/security/cve/CVE-2019-17595\nhttps://access.redhat.com/security/cve/CVE-2019-18218\nhttps://access.redhat.com/security/cve/CVE-2019-19603\nhttps://access.redhat.com/security/cve/CVE-2019-20838\nhttps://access.redhat.com/security/cve/CVE-2020-13435\nhttps://access.redhat.com/security/cve/CVE-2020-14155\nhttps://access.redhat.com/security/cve/CVE-2020-17541\nhttps://access.redhat.com/security/cve/CVE-2020-19131\nhttps://access.redhat.com/security/cve/CVE-2020-24370\nhttps://access.redhat.com/security/cve/CVE-2020-28493\nhttps://access.redhat.com/security/cve/CVE-2020-35492\nhttps://access.redhat.com/security/cve/CVE-2020-36330\nhttps://access.redhat.com/security/cve/CVE-2020-36331\nhttps://access.redhat.com/security/cve/CVE-2020-36332\nhttps://access.redhat.com/security/cve/CVE-2021-3481\nhttps://access.redhat.com/security/cve/CVE-2021-3580\nhttps://access.redhat.com/security/cve/CVE-2021-3634\nhttps://access.redhat.com/security/cve/CVE-2021-3672\nhttps://access.redhat.com/security/cve/CVE-2021-3695\nhttps://access.redhat.com/security/cve/CVE-2021-3696\nhttps://access.redhat.com/security/cve/CVE-2021-3697\nhttps://access.redhat.com/security/cve/CVE-2021-3737\nhttps://access.redhat.com/security/cve/CVE-2021-4115\nhttps://access.redhat.com/security/cve/CVE-2021-4156\nhttps://access.redhat.com/security/cve/CVE-2021-4189\nhttps://access.redhat.com/security/cve/CVE-2021-20095\nhttps://access.redhat.com/security/cve/CVE-2021-20231\nhttps://access.redhat.com/security/cve/CVE-2021-20232\nhttps://access.redhat.com/security/cve/CVE-2021-23177\nhttps://access.redhat.com/security/cve/CVE-2021-23566\nhttps://access.redhat.com/security/cve/CVE-2021-23648\nhttps://access.redhat.com/security/cve/CVE-2021-25219\nhttps://access.redhat.com/security/cve/CVE-2021-31535\nhttps://access.redhat.com/security/cve/CVE-2021-31566\nhttps://access.redhat.com/security/cve/CVE-2021-36084\nhttps://access.redhat.com/security/cve/CVE-2021-36085\nhttps://access.redhat.com/security/cve/CVE-2021-36086\nhttps://access.redhat.com/security/cve/CVE-2021-36087\nhttps://access.redhat.com/security/cve/CVE-2021-38185\nhttps://access.redhat.com/security/cve/CVE-2021-38593\nhttps://access.redhat.com/security/cve/CVE-2021-40528\nhttps://access.redhat.com/security/cve/CVE-2021-41190\nhttps://access.redhat.com/security/cve/CVE-2021-41617\nhttps://access.redhat.com/security/cve/CVE-2021-42771\nhttps://access.redhat.com/security/cve/CVE-2021-43527\nhttps://access.redhat.com/security/cve/CVE-2021-43818\nhttps://access.redhat.com/security/cve/CVE-2021-44225\nhttps://access.redhat.com/security/cve/CVE-2021-44906\nhttps://access.redhat.com/security/cve/CVE-2022-0235\nhttps://access.redhat.com/security/cve/CVE-2022-0778\nhttps://access.redhat.com/security/cve/CVE-2022-1012\nhttps://access.redhat.com/security/cve/CVE-2022-1215\nhttps://access.redhat.com/security/cve/CVE-2022-1271\nhttps://access.redhat.com/security/cve/CVE-2022-1292\nhttps://access.redhat.com/security/cve/CVE-2022-1586\nhttps://access.redhat.com/security/cve/CVE-2022-1621\nhttps://access.redhat.com/security/cve/CVE-2022-1629\nhttps://access.redhat.com/security/cve/CVE-2022-1706\nhttps://access.redhat.com/security/cve/CVE-2022-1729\nhttps://access.redhat.com/security/cve/CVE-2022-2068\nhttps://access.redhat.com/security/cve/CVE-2022-2097\nhttps://access.redhat.com/security/cve/CVE-2022-21698\nhttps://access.redhat.com/security/cve/CVE-2022-22576\nhttps://access.redhat.com/security/cve/CVE-2022-23772\nhttps://access.redhat.com/security/cve/CVE-2022-23773\nhttps://access.redhat.com/security/cve/CVE-2022-23806\nhttps://access.redhat.com/security/cve/CVE-2022-24407\nhttps://access.redhat.com/security/cve/CVE-2022-24675\nhttps://access.redhat.com/security/cve/CVE-2022-24903\nhttps://access.redhat.com/security/cve/CVE-2022-24921\nhttps://access.redhat.com/security/cve/CVE-2022-25313\nhttps://access.redhat.com/security/cve/CVE-2022-25314\nhttps://access.redhat.com/security/cve/CVE-2022-26691\nhttps://access.redhat.com/security/cve/CVE-2022-26945\nhttps://access.redhat.com/security/cve/CVE-2022-27191\nhttps://access.redhat.com/security/cve/CVE-2022-27774\nhttps://access.redhat.com/security/cve/CVE-2022-27776\nhttps://access.redhat.com/security/cve/CVE-2022-27782\nhttps://access.redhat.com/security/cve/CVE-2022-28327\nhttps://access.redhat.com/security/cve/CVE-2022-28733\nhttps://access.redhat.com/security/cve/CVE-2022-28734\nhttps://access.redhat.com/security/cve/CVE-2022-28735\nhttps://access.redhat.com/security/cve/CVE-2022-28736\nhttps://access.redhat.com/security/cve/CVE-2022-28737\nhttps://access.redhat.com/security/cve/CVE-2022-29162\nhttps://access.redhat.com/security/cve/CVE-2022-29810\nhttps://access.redhat.com/security/cve/CVE-2022-29824\nhttps://access.redhat.com/security/cve/CVE-2022-30321\nhttps://access.redhat.com/security/cve/CVE-2022-30322\nhttps://access.redhat.com/security/cve/CVE-2022-30323\nhttps://access.redhat.com/security/cve/CVE-2022-32250\nhttps://access.redhat.com/security/updates/classification/#important\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYvOfk9zjgjWX9erEAQhJ/w//UlbBGKBBFBAyfEmQf9Zu0yyv6MfZW0Zl\niO1qXVIl9UQUFjTY5ejerx7cP8EBWLhKaiiqRRjbjtj+w+ENGB4LLj6TEUrSM5oA\nYEmhnX3M+GUKF7Px61J7rZfltIOGhYBvJ+qNZL2jvqz1NciVgI4/71cZWnvDbGpa\n02w3Dn0JzhTSR9znNs9LKcV/anttJ3NtOYhqMXnN8EpKdtzQkKRazc7xkOTxfxyl\njRiER2Z0TzKDE6dMoVijS2Sv5j/JF0LRwetkZl6+oh8ehKh5GRV3lPg3eVkhzDEo\n/gp0P9GdLMHi6cS6uqcREbod//waSAa7cssgULoycFwjzbDK3L2c+wMuWQIgXJca\nRYuP6wvrdGwiI1mgUi/226EzcZYeTeoKxnHkp7AsN9l96pJYafj0fnK1p9NM/8g3\njBE/W4K8jdDNVd5l1Z5O0Nyxk6g4P8MKMe10/w/HDXFPSgufiCYIGX4TKqb+ESIR\nSuYlSMjoGsB4mv1KMDEUJX6d8T05lpEwJT0RYNdZOouuObYMtcHLpRQHH9mkj86W\npHdma5aGG/mTMvSMW6l6L05uT41Azm6fVimTv+E5WvViBni2480CVH+9RexKKSyL\nXcJX1gaLdo+72I/gZrtT+XE5tcJ3Sf5fmfsenQeY4KFum/cwzbM6y7RGn47xlEWB\nxBWKPzRxz0Q=9r0B\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Relevant releases/architectures:\n\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nPCRE is a Perl-compatible regular expression library. \n\nSecurity Fix(es):\n\n* pcre: Buffer over-read in JIT when UTF is disabled and \\X or \\R has fixed\nquantifier greater than 1 (CVE-2019-20838)\n\n* pcre: Integer overflow when parsing callout numeric arguments\n(CVE-2020-14155)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.5 Release Notes linked from the References section. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1848436 - CVE-2020-14155 pcre: Integer overflow when parsing callout numeric arguments\n1848444 - CVE-2019-20838 pcre: Buffer over-read in JIT when UTF is disabled and \\X or \\R has fixed quantifier greater than 1\n\n6. Package List:\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\npcre-8.42-6.el8.src.rpm\n\naarch64:\npcre-8.42-6.el8.aarch64.rpm\npcre-cpp-8.42-6.el8.aarch64.rpm\npcre-cpp-debuginfo-8.42-6.el8.aarch64.rpm\npcre-debuginfo-8.42-6.el8.aarch64.rpm\npcre-debugsource-8.42-6.el8.aarch64.rpm\npcre-devel-8.42-6.el8.aarch64.rpm\npcre-tools-debuginfo-8.42-6.el8.aarch64.rpm\npcre-utf16-8.42-6.el8.aarch64.rpm\npcre-utf16-debuginfo-8.42-6.el8.aarch64.rpm\npcre-utf32-8.42-6.el8.aarch64.rpm\npcre-utf32-debuginfo-8.42-6.el8.aarch64.rpm\n\nppc64le:\npcre-8.42-6.el8.ppc64le.rpm\npcre-cpp-8.42-6.el8.ppc64le.rpm\npcre-cpp-debuginfo-8.42-6.el8.ppc64le.rpm\npcre-debuginfo-8.42-6.el8.ppc64le.rpm\npcre-debugsource-8.42-6.el8.ppc64le.rpm\npcre-devel-8.42-6.el8.ppc64le.rpm\npcre-tools-debuginfo-8.42-6.el8.ppc64le.rpm\npcre-utf16-8.42-6.el8.ppc64le.rpm\npcre-utf16-debuginfo-8.42-6.el8.ppc64le.rpm\npcre-utf32-8.42-6.el8.ppc64le.rpm\npcre-utf32-debuginfo-8.42-6.el8.ppc64le.rpm\n\ns390x:\npcre-8.42-6.el8.s390x.rpm\npcre-cpp-8.42-6.el8.s390x.rpm\npcre-cpp-debuginfo-8.42-6.el8.s390x.rpm\npcre-debuginfo-8.42-6.el8.s390x.rpm\npcre-debugsource-8.42-6.el8.s390x.rpm\npcre-devel-8.42-6.el8.s390x.rpm\npcre-tools-debuginfo-8.42-6.el8.s390x.rpm\npcre-utf16-8.42-6.el8.s390x.rpm\npcre-utf16-debuginfo-8.42-6.el8.s390x.rpm\npcre-utf32-8.42-6.el8.s390x.rpm\npcre-utf32-debuginfo-8.42-6.el8.s390x.rpm\n\nx86_64:\npcre-8.42-6.el8.i686.rpm\npcre-8.42-6.el8.x86_64.rpm\npcre-cpp-8.42-6.el8.i686.rpm\npcre-cpp-8.42-6.el8.x86_64.rpm\npcre-cpp-debuginfo-8.42-6.el8.i686.rpm\npcre-cpp-debuginfo-8.42-6.el8.x86_64.rpm\npcre-debuginfo-8.42-6.el8.i686.rpm\npcre-debuginfo-8.42-6.el8.x86_64.rpm\npcre-debugsource-8.42-6.el8.i686.rpm\npcre-debugsource-8.42-6.el8.x86_64.rpm\npcre-devel-8.42-6.el8.i686.rpm\npcre-devel-8.42-6.el8.x86_64.rpm\npcre-tools-debuginfo-8.42-6.el8.i686.rpm\npcre-tools-debuginfo-8.42-6.el8.x86_64.rpm\npcre-utf16-8.42-6.el8.i686.rpm\npcre-utf16-8.42-6.el8.x86_64.rpm\npcre-utf16-debuginfo-8.42-6.el8.i686.rpm\npcre-utf16-debuginfo-8.42-6.el8.x86_64.rpm\npcre-utf32-8.42-6.el8.i686.rpm\npcre-utf32-8.42-6.el8.x86_64.rpm\npcre-utf32-debuginfo-8.42-6.el8.i686.rpm\npcre-utf32-debuginfo-8.42-6.el8.x86_64.rpm\n\nRed Hat Enterprise Linux CRB (v.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.6.3 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):\n\n2019088 - \"MigrationController\" CR displays syntax error when unquiescing applications\n2021666 - Route name longer than 63 characters causes direct volume migration to fail\n2021668 - \"MigrationController\" CR ignores the \"cluster_subdomain\" value for direct volume migration routes\n2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)\n2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image\n2027196 - \"migration-controller\" pod goes into \"CrashLoopBackoff\" state if an invalid registry route is entered on the \"Clusters\" page of the web console\n2027382 - \"Copy oc describe/oc logs\" window does not close automatically after timeout\n2028841 - \"rsync-client\" container fails during direct volume migration with \"Address family not supported by protocol\" error\n2031793 - \"migration-controller\" pod goes into \"CrashLoopBackOff\" state if \"MigPlan\" CR contains an invalid \"includedResources\" resource\n2039852 - \"migration-controller\" pod goes into \"CrashLoopBackOff\" state if \"MigPlan\" CR contains an invalid \"destMigClusterRef\" or \"srcMigClusterRef\"\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic\n1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet\n1997017 - unprivileged client fails to get guest agent data\n1998855 - Node drain: Sometimes source virt-launcher pod status is Failed and not Completed\n2000251 - RoleBinding and ClusterRoleBinding brought in by kubevirt does not get reconciled when kind is ServiceAccount\n2001270 - [VMIO] [Warm from Vmware] Snapshot files are not deleted after Successful Import\n2001281 - [VMIO] [Warm from VMware] Source VM should not be turned ON if  vmio import is  removed\n2001901 - [4.8.3] NNCP creation failures after nmstate-handler pod deletion\n2007336 - 4.8.3 containers\n2007776 - Failed to Migrate Windows VM with CDROM  (readonly)\n2008511 - [CNV-4.8.3] VMI is in LiveMigrate loop when Upgrading Cluster from 2.6.7/4.7.32 to OCP 4.8.13\n2012890 - With descheduler during multiple VMIs migrations, some VMs are restarted\n2025475 - [4.8.3] Upgrade from 2.6 to 4.x versions failed due to vlan-filtering issues\n2026881 - [4.8.3] vlan-filtering is getting applied on veth ports\n\n5. Description:\n\nThe release of RHACS 3.67 provides the following new features, bug fixes,\nsecurity patches and system changes:\n\nOpenShift Dedicated support\n\nRHACS 3.67 is thoroughly tested and supported on OpenShift Dedicated on\nAmazon Web Services and Google Cloud Platform. Use OpenShift OAuth server as an identity provider\nIf you are using RHACS with OpenShift, you can now configure the built-in\nOpenShift OAuth server as an identity provider for RHACS. Enhancements for CI outputs\nRed Hat has improved the usability of RHACS CI integrations. CI outputs now\nshow additional detailed information about the vulnerabilities and the\nsecurity policies responsible for broken builds. Runtime Class policy criteria\nUsers can now use RHACS to define the container runtime configuration that\nmay be used to run a pod\u2019s containers using the Runtime Class policy\ncriteria. \n\nBug Fixes\nThe release of RHACS 3.67 includes the following bug fixes:\n\n1. Previously, when using RHACS with the Compliance Operator integration,\nRHACS did not respect or populate Compliance Operator TailoredProfiles. \nThis has been fixed. Previously, the Alpine Linux package manager (APK) in Image policy\nlooked for the presence of apk package in the image rather than the\napk-tools package. This issue has been fixed. \n\nSystem changes\nThe release of RHACS 3.67 includes the following system changes:\n\n1. Scanner now identifies vulnerabilities in Ubuntu 21.10 images. The Port exposure method policy criteria now include route as an\nexposure method. The OpenShift: Kubeadmin Secret Accessed security policy now allows the\nOpenShift Compliance Operator to check for the existence of the Kubeadmin\nsecret without creating a violation. The OpenShift Compliance Operator integration now supports using\nTailoredProfiles. The RHACS Jenkins plugin now provides additional security information. When you enable the environment variable ROX_NETWORK_ACCESS_LOG for\nCentral, the logs contain the Request URI and X-Forwarded-For header\nvalues. The default uid:gid pair for the Scanner image is now 65534:65534. RHACS adds a new default Scope Manager role that includes minimum\npermissions to create and modify access scopes. In addition to manually uploading vulnerability definitions in offline\nmode, you can now upload definitions in online mode. You can now format the output of the following roxctl CLI commands in\ntable, csv, or JSON format: image scan, image check \u0026 deployment check\n12. You can now use a regular expression for the deployment name while\nspecifying policy exclusions\n\n3. Solution:\n\nTo take advantage of these new features, fixes and changes, please upgrade\nRed Hat Advanced Cluster Security for Kubernetes to version 3.67. Bugs fixed (https://bugzilla.redhat.com/):\n\n1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe\n1978144 - CVE-2021-32690 helm: information disclosure vulnerability\n1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet\n1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function\n2005445 - CVE-2021-3801 nodejs-prismjs: ReDoS vulnerability\n2006044 - CVE-2021-39293 golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196)\n2016640 - CVE-2020-27304 civetweb: directory traversal when using the built-in example HTTP form-based file upload mechanism via the mg_handle_form_request API\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nRHACS-65 - Release RHACS 3.67.0\n\n6. In addition to persistent storage, Red Hat\nOpenShift Container Storage provides a multicloud data management service\nwith an S3 compatible API. \n\nBug Fix(es):\n\n* Previously, when the namespace store target was deleted, no alert was\nsent to the namespace bucket because of an issue in calculating the\nnamespace bucket health. With this update, the issue in calculating the\nnamespace bucket health is fixed and alerts are triggered as expected. \n(BZ#1993873)\n\n* Previously, the Multicloud Object Gateway (MCG) components performed\nslowly and there was a lot of pressure on the MCG components due to\nnon-optimized database queries. With this update the non-optimized\ndatabase queries are fixed which reduces the compute resources and time\ntaken for queries. Bugs fixed (https://bugzilla.redhat.com/):\n\n1993873 - [4.8.z clone] Alert NooBaaNamespaceBucketErrorState is not triggered when namespacestore\u0027s target bucket is deleted\n2006958 - CVE-2020-26301 nodejs-ssh2: Command injection by calling vulnerable method with untrusted input\n\n5. Description:\n\nThis release adds the new Apache HTTP Server 2.4.37 Service Pack 10\npackages that are part of the JBoss Core Services offering. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-14155"
          },
          {
            "db": "VULHUB",
            "id": "VHN-167005"
          },
          {
            "db": "PACKETSTORM",
            "id": "168042"
          },
          {
            "db": "PACKETSTORM",
            "id": "164825"
          },
          {
            "db": "PACKETSTORM",
            "id": "165631"
          },
          {
            "db": "PACKETSTORM",
            "id": "165135"
          },
          {
            "db": "PACKETSTORM",
            "id": "165129"
          },
          {
            "db": "PACKETSTORM",
            "id": "165096"
          },
          {
            "db": "PACKETSTORM",
            "id": "164927"
          },
          {
            "db": "PACKETSTORM",
            "id": "165862"
          }
        ],
        "trust": 1.71
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-167005",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-167005"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-14155",
            "trust": 2.5
          },
          {
            "db": "PACKETSTORM",
            "id": "165135",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "165096",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "165862",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "165631",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "164927",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "165129",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "164825",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "161245",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "168352",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "165099",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "166051",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "167956",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "166308",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "165286",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "160545",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "168392",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "166489",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "164967",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "165002",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "165758",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "167206",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "168036",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "165209",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1036",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3905",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4019",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.4082",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.4060",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3935",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.3977",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1071",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.3732",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3781",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0394",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4172",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4059",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.3821",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1677",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2265",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3864",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0716",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4254",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4229",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.4601",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.1837",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0245",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0349",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0493",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.4568",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2722",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.4060.2",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4095",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.2430",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3586",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "166789",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022051846",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021111102",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022042257",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022051733",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "48066",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-53121",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "165296",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "164928",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "165287",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "165288",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166309",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-167005",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "168042",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-167005"
          },
          {
            "db": "PACKETSTORM",
            "id": "168042"
          },
          {
            "db": "PACKETSTORM",
            "id": "164825"
          },
          {
            "db": "PACKETSTORM",
            "id": "165631"
          },
          {
            "db": "PACKETSTORM",
            "id": "165135"
          },
          {
            "db": "PACKETSTORM",
            "id": "165129"
          },
          {
            "db": "PACKETSTORM",
            "id": "165096"
          },
          {
            "db": "PACKETSTORM",
            "id": "164927"
          },
          {
            "db": "PACKETSTORM",
            "id": "165862"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1036"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-14155"
          }
        ]
      },
      "id": "VAR-202006-0222",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-167005"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2026-03-09T21:42:24.486000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "PCRE Enter the fix for the verification error vulnerability",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=122998"
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1036"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-190",
            "trust": 1.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-167005"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-14155"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "trust": 1.7,
            "url": "https://security.netapp.com/advisory/ntap-20221028-0010/"
          },
          {
            "trust": 1.7,
            "url": "https://about.gitlab.com/releases/2020/07/01/security-release-13-1-2-release/"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/kb/ht211931"
          },
          {
            "trust": 1.7,
            "url": "https://support.apple.com/kb/ht212147"
          },
          {
            "trust": 1.7,
            "url": "http://seclists.org/fulldisclosure/2020/dec/32"
          },
          {
            "trust": 1.7,
            "url": "http://seclists.org/fulldisclosure/2021/feb/14"
          },
          {
            "trust": 1.7,
            "url": "https://bugs.gentoo.org/717920"
          },
          {
            "trust": 1.7,
            "url": "https://www.pcre.org/original/changelog.txt"
          },
          {
            "trust": 1.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3cdev.mina.apache.org%3e"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2019-20838"
          },
          {
            "trust": 0.8,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.8,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/cve/cve-2020-14155"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
          },
          {
            "trust": 0.7,
            "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3cdev.mina.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2021-36084"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2021-36085"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2019-5827"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2021-3580"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2020-24370"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2019-17594"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2019-19603"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2019-13750"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2021-36087"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2021-20231"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2019-13751"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2021-20232"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2019-17595"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2021-36086"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2019-18218"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2020-13435"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0245"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3905"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0349/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/165862/red-hat-security-advisory-2022-0434-05.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/165631/red-hat-security-advisory-2022-0202-04.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0716"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-wmlce-libpcre-in-pcre-before-8-44-allows-an-integer-overflow/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.2430"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/pcre-integer-overflow-via-large-number-after-substring-36752"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168352/red-hat-security-advisory-2022-6429-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166489/red-hat-security-advisory-2022-1081-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/164825/red-hat-security-advisory-2021-4373-04.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0394"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.4082"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/165286/red-hat-security-advisory-2021-5128-06.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022042257"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4059"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/160545/apple-security-advisory-2020-12-14-4.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166789/red-hat-security-advisory-2022-1396-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4254"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4095"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4172"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1837"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-pcre-affects-ibm-sql-extensions-toolkit-for-nps/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/167206/ubuntu-security-notice-usn-5425-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1677"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.3977"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/164927/red-hat-security-advisory-2021-4614-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/167956/red-hat-security-advisory-2022-5840-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.4060/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.1071"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4019"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2265/"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/apple-macos-11-multiple-vulnerabilities-33899"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2722/"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/48066"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/165135/red-hat-security-advisory-2021-4914-06.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.4060.2/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/165129/red-hat-security-advisory-2021-4902-06.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/165209/red-hat-security-advisory-2021-5038-04.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.3821"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022051846"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021111102"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/165096/red-hat-security-advisory-2021-4845-05.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0493"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3935"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.3732"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/161245/apple-security-advisory-2021-02-01-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://support.apple.com/en-us/ht212147"
          },
          {
            "trust": 0.6,
            "url": "https://support.apple.com/en-us/ht211931"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4229"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168392/red-hat-security-advisory-2022-6526-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/165002/red-hat-security-advisory-2021-4032-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/165099/red-hat-security-advisory-2021-4848-07.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166051/red-hat-security-advisory-2022-0580-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3781"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3864"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/168036/red-hat-security-advisory-2022-5070-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/165758/red-hat-security-advisory-2022-0318-06.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3586"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/166308/red-hat-security-advisory-2022-0842-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/164967/red-hat-security-advisory-2021-4627-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022051733"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.4568"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.4601"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2021-3200"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2021-27645"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2021-33574"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2021-35942"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2020-12762"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2021-22898"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2020-16135"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2021-3800"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2021-3445"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2021-22925"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2021-20266"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2021-22876"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2021-33560"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2021-28153"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-42574"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-23841"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20231"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-23840"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20266"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20232"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-3572"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-3778"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-3712"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-3426"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-3796"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-29923"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23841"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23840"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27645"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-41617"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-36331"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-20095"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2018-25014"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2018-25009"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-3481"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25013"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-36330"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25012"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2018-25010"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25009"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-42771"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-17541"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2018-25012"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25010"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-36332"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25014"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-43527"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2018-25013"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-31535"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-28493"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-37750"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-3733"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-33938"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-33929"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-33928"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-22946"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-33930"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-22947"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20673"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2018-20673"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-39293"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-28153"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-28327"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-44225"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0235"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-32250"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-27776"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1586"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-43818"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:5068"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-27774"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26945"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-4189"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-38593"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24407"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1271"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1629"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-2097"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3634"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-19131"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3696"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24921"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-38185"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23648"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/util-linux/util-linux/commit/eab90ef8d4f66394285e0cff1dfc0a27242c05aa"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-2068"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-4156"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:5069"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-25313"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-28733"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-27191"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-29162"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-35492"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3672"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-29824"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23772"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23177"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1621"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-27782"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3737"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-28736"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-30321"
          },
          {
            "trust": 0.1,
            "url": "https://10.0.0.7:2379"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-21698"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1292"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22576"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3697"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1706"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-28734"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-40528"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-28737"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-30322"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-25219"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-44906"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-31566"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3695"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-25314"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-28735"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1215"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23806"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1729"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-41190"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-29810"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26691"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24903"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-4115"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-1012"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23566"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-25032"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23773"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24675"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-30323"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0778"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#low"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:4373"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27823"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-35522"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-1870"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-35524"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3575"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-30758"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-13558"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-15389"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-5727"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14145"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5785"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-30665"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-12973"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-30689"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20847"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-30682"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10001"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14145"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-35521"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-18032"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-1801"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-1765"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-4658"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-20845"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-26927"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-20847"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27918"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-30749"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-30795"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-5785"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-1788"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5727"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-30744"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-21775"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-21806"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27814"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-36241"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-30797"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4658"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13558"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20321"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27842"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-1799"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-21779"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-10001"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-29623"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20271"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3948"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27828"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12973"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20845"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-1844"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-1871"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-29338"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-30734"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-35523"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-26926"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-30720"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-28650"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27843"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-24870"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27845"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-1789"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-30663"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-30799"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3272"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:0202"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15389"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27824"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25648"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-36385"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-34558"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-43267"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-0512"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-0512"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36385"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20317"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20317"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:4914"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25648"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36222"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3656"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-28950"
          },
          {
            "trust": 0.1,
            "url": "https://issues.jboss.org/):"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23343"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27304"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-32690"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3749"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:4902"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23343"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27304"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3801"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:4845"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-26301"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26301"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-28957"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-8037"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8037"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20095"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28493"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-26691"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13950"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-26690"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-17567"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35452"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-26691"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-26690"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:4614"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-30641"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30641"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17567"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-13950"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-35452"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3712"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3445"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:0434"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3580"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33574"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3200"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33560"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-29923"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-38297"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-167005"
          },
          {
            "db": "PACKETSTORM",
            "id": "168042"
          },
          {
            "db": "PACKETSTORM",
            "id": "164825"
          },
          {
            "db": "PACKETSTORM",
            "id": "165631"
          },
          {
            "db": "PACKETSTORM",
            "id": "165135"
          },
          {
            "db": "PACKETSTORM",
            "id": "165129"
          },
          {
            "db": "PACKETSTORM",
            "id": "165096"
          },
          {
            "db": "PACKETSTORM",
            "id": "164927"
          },
          {
            "db": "PACKETSTORM",
            "id": "165862"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1036"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-14155"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-167005"
          },
          {
            "db": "PACKETSTORM",
            "id": "168042"
          },
          {
            "db": "PACKETSTORM",
            "id": "164825"
          },
          {
            "db": "PACKETSTORM",
            "id": "165631"
          },
          {
            "db": "PACKETSTORM",
            "id": "165135"
          },
          {
            "db": "PACKETSTORM",
            "id": "165129"
          },
          {
            "db": "PACKETSTORM",
            "id": "165096"
          },
          {
            "db": "PACKETSTORM",
            "id": "164927"
          },
          {
            "db": "PACKETSTORM",
            "id": "165862"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1036"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-14155"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-06-15T00:00:00",
            "db": "VULHUB",
            "id": "VHN-167005"
          },
          {
            "date": "2022-08-10T15:56:22",
            "db": "PACKETSTORM",
            "id": "168042"
          },
          {
            "date": "2021-11-10T17:02:34",
            "db": "PACKETSTORM",
            "id": "164825"
          },
          {
            "date": "2022-01-20T17:48:29",
            "db": "PACKETSTORM",
            "id": "165631"
          },
          {
            "date": "2021-12-03T16:41:45",
            "db": "PACKETSTORM",
            "id": "165135"
          },
          {
            "date": "2021-12-02T16:06:16",
            "db": "PACKETSTORM",
            "id": "165129"
          },
          {
            "date": "2021-11-29T18:12:32",
            "db": "PACKETSTORM",
            "id": "165096"
          },
          {
            "date": "2021-11-11T14:53:11",
            "db": "PACKETSTORM",
            "id": "164927"
          },
          {
            "date": "2022-02-04T17:26:39",
            "db": "PACKETSTORM",
            "id": "165862"
          },
          {
            "date": "2020-06-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1036"
          },
          {
            "date": "2020-06-15T17:15:10.777000",
            "db": "NVD",
            "id": "CVE-2020-14155"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-12-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-167005"
          },
          {
            "date": "2023-07-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202006-1036"
          },
          {
            "date": "2024-11-21T05:02:45.440000",
            "db": "NVD",
            "id": "CVE-2020-14155"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "165129"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1036"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "PCRE Input validation error vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1036"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202006-1036"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202109-1789

    Vulnerability from variot - Updated: 2026-03-09 21:33

    When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got before the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server. A STARTTLS protocol injection flaw via man-in-the-middle was found in curl prior to 7.79.0. Such multiple "pipelined" responses are cached by curl. Over POP3 and IMAP an attacker can inject fake response data. Relevant releases/architectures:

    .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64

    1. Description:

    .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

    Security Fix(es):

    • curl: Leak of authentication credentials in URL via automatic Referer (CVE-2021-22876)

    • curl: Bad connection reuse due to flawed path name checks (CVE-2021-22924)

    • curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols (CVE-2021-22946)

    • curl: Server responses received before STARTTLS processed after TLS handshake (CVE-2021-22947)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    1. Package List:

    .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

    Source: rh-dotnet31-curl-7.61.1-22.el7_9.src.rpm

    x86_64: rh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm

    .NET Core on Red Hat Enterprise Linux Server (v. 7):

    Source: rh-dotnet31-curl-7.61.1-22.el7_9.src.rpm

    x86_64: rh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm

    .NET Core on Red Hat Enterprise Linux Workstation (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. Description:

    Red Hat Advanced Cluster Management for Kubernetes 2.2.10 images

    Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments.

    Clusters and applications are all visible and managed from a single console — with security policy built in. Bugs fixed (https://bugzilla.redhat.com/):

    2004944 - CVE-2021-23440 nodejs-set-value: type confusion allows bypass of CVE-2019-10747 2006009 - CVE-2021-3795 semver-regex: inefficient regular expression complexity 2013652 - RHACM 2.2.10 images

    1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ===================================================================== Red Hat Security Advisory

    Synopsis: Moderate: OpenShift Container Platform 4.10.3 security update Advisory ID: RHSA-2022:0056-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2022:0056 Issue date: 2022-03-10 CVE Names: CVE-2014-3577 CVE-2016-10228 CVE-2017-14502 CVE-2018-20843 CVE-2018-1000858 CVE-2019-8625 CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2019-9169 CVE-2019-13050 CVE-2019-13627 CVE-2019-14889 CVE-2019-15903 CVE-2019-19906 CVE-2019-20454 CVE-2019-20807 CVE-2019-25013 CVE-2020-1730 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-8927 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 CVE-2020-9952 CVE-2020-10018 CVE-2020-11793 CVE-2020-13434 CVE-2020-14391 CVE-2020-15358 CVE-2020-15503 CVE-2020-25660 CVE-2020-25677 CVE-2020-27618 CVE-2020-27781 CVE-2020-29361 CVE-2020-29362 CVE-2020-29363 CVE-2021-3121 CVE-2021-3326 CVE-2021-3449 CVE-2021-3450 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3520 CVE-2021-3521 CVE-2021-3537 CVE-2021-3541 CVE-2021-3733 CVE-2021-3749 CVE-2021-20305 CVE-2021-21684 CVE-2021-22946 CVE-2021-22947 CVE-2021-25215 CVE-2021-27218 CVE-2021-30666 CVE-2021-30761 CVE-2021-30762 CVE-2021-33928 CVE-2021-33929 CVE-2021-33930 CVE-2021-33938 CVE-2021-36222 CVE-2021-37750 CVE-2021-39226 CVE-2021-41190 CVE-2021-43813 CVE-2021-44716 CVE-2021-44717 CVE-2022-0532 CVE-2022-21673 CVE-2022-24407 =====================================================================

    1. Summary:

    Red Hat OpenShift Container Platform release 4.10.3 is now available with updates to packages and images that fix several bugs and add enhancements.

    Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Description:

    Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

    This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.3. See the following advisory for the RPM packages for this release:

    https://access.redhat.com/errata/RHSA-2022:0055

    Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

    https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html

    Security Fix(es):

    • gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
    • grafana: Snapshot authentication bypass (CVE-2021-39226)
    • golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)
    • nodejs-axios: Regular expression denial of service in trim function (CVE-2021-3749)
    • golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
    • grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673)
    • grafana: directory traversal vulnerability (CVE-2021-43813)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    You may download the oc tool and use it to inspect release image metadata as follows:

    (For x86_64 architecture)

    $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.3-x86_64

    The image digest is sha256:7ffe4cd612be27e355a640e5eec5cd8f923c1400d969fd590f806cffdaabcc56

    (For s390x architecture)

    $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.3-s390x

    The image digest is sha256:4cf21a9399da1ce8427246f251ae5dedacfc8c746d2345f9cfe039ed9eda3e69

    (For ppc64le architecture)

    $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.3-ppc64le

    The image digest is sha256:4ee571da1edf59dfee4473aa4604aba63c224bf8e6bcf57d048305babbbde93c

    All OpenShift Container Platform 4.10 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html

    1. Solution:

    For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly for this release, for moderate instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

    https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html

    Details on how to access this content are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1808240 - Always return metrics value for pods under the user's namespace 1815189 - feature flagged UI does not always become available after operator installation 1825034 - e2e: Mock CSI tests fail on IBM ROKS clusters 1826225 - edge terminated h2 (gRPC) connections need a haproxy template change to work correctly 1860774 - csr for vSphere egress nodes were not approved automatically during cert renewal 1878106 - token inactivity timeout is not shortened after oauthclient/oauth config values are lowered 1878925 - 'oc adm upgrade --to ...' rejects versions which occur only in history, while the cluster-version operator supports history fallback 1880738 - origin e2e test deletes original worker 1882983 - oVirt csi driver should refuse to provision RWX and ROX PV 1886450 - Keepalived router id check not documented for RHV/VMware IPI 1889488 - The metrics endpoint for the Scheduler is not protected by RBAC 1894431 - Router pods fail to boot if the SSL certificate applied is missing an empty line at the bottom 1896474 - Path based routing is broken for some combinations 1897431 - CIDR support for additional network attachment with the bridge CNI plug-in 1903408 - NodePort externalTrafficPolicy does not work for ovn-kubernetes 1907433 - Excessive logging in image operator 1909906 - The router fails with PANIC error when stats port already in use 1911173 - [MSTR-998] Many charts' legend names show {{}} instead of words 1914053 - pods assigned with Multus whereabouts IP get stuck in ContainerCreating state after node rebooting. 1916169 - a reboot while MCO is applying changes leaves the node in undesirable state and MCP looks fine (UPDATED=true) 1917893 - [ovirt] install fails: due to terraform error "Cannot attach Virtual Disk: Disk is locked" on vm resource 1921627 - GCP UPI installation failed due to exceeding gcp limitation of instance group name 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1926522 - oc adm catalog does not clean temporary files 1927478 - Default CatalogSources deployed by marketplace do not have toleration for tainted nodes. 1928141 - kube-storage-version-migrator constantly reporting type "Upgradeable" status Unknown 1928285 - [LSO][OCS][arbiter] OCP Console shows no results while in fact underlying setup of LSO localvolumeset and it's storageclass is not yet finished, confusing users 1931594 - [sig-cli] oc --request-timeout works as expected fails frequently on s390x 1933847 - Prometheus goes unavailable (both instances down) during 4.8 upgrade 1937085 - RHV UPI inventory playbook missing guarantee_memory 1937196 - [aws ebs csi driver] events for block volume expansion may cause confusion 1938236 - vsphere-problem-detector does not support overriding log levels via storage CR 1939401 - missed labels for CMO/openshift-state-metric/telemeter-client/thanos-querier pods 1939435 - Setting an IPv6 address in noProxy field causes error in openshift installer 1939552 - [sig-api-machinery] CustomResourcePublishOpenAPI [Privileged:ClusterAdmin] works for CRD preserving unknown fields in an embedded object [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s] 1942913 - ThanosSidecarUnhealthy isn't resilient to WAL replays. 1943363 - [ovn] CNO should gracefully terminate ovn-northd 1945274 - ostree-finalize-staged.service failed while upgrading a rhcos node to 4.6.17 1948080 - authentication should not set Available=False APIServices_Error with 503s 1949262 - Prometheus Statefulsets should have 2 replicas and hard affinity set 1949672 - [GCP] Update 4.8 UPI template to match ignition version: 3.2.0 1950827 - [LSO] localvolumediscoveryresult name is not friendly to customer 1952576 - csv_succeeded metric not present in olm-operator for all successful CSVs 1953264 - "remote error: tls: bad certificate" logs in prometheus-operator container 1955300 - Machine config operator reports unavailable for 23m during upgrade 1955489 - Alertmanager Statefulsets should have 2 replicas and hard affinity set 1955490 - Thanos ruler Statefulsets should have 2 replicas and hard affinity set 1955544 - [IPI][OSP] densed master-only installation with 0 workers fails due to missing worker security group on masters 1956496 - Needs SR-IOV Docs Upstream 1956739 - Permission for authorized_keys for core user changes from core user to root when changed the pull secret 1956776 - [vSphere] Installer should do pre-check to ensure user-provided network name is valid 1956964 - upload a boot-source to OpenShift virtualization using the console 1957547 - [RFE]VM name is not auto filled in dev console 1958349 - ovn-controller doesn't release the memory after cluster-density run 1959352 - [scale] failed to get pod annotation: timed out waiting for annotations 1960378 - icsp allows mirroring of registry root - install-config imageContentSources does not 1960674 - Broken test: [sig-imageregistry][Serial][Suite:openshift/registry/serial] Image signature workflow can push a signed image to openshift registry and verify it [Suite:openshift/conformance/serial] 1961317 - storage ClusterOperator does not declare ClusterRoleBindings in relatedObjects 1961391 - String updates 1961509 - DHCP daemon pod should have CPU and memory requests set but not limits 1962066 - Edit machine/machineset specs not working 1962206 - openshift-multus/dhcp-daemon set should meet platform requirements for update strategy that have maxUnavailable update of 10 or 33 percent 1963053 - oc whoami --show-console should show the web console URL, not the server api URL 1964112 - route SimpleAllocationPlugin: host name validation errors: spec.host: Invalid value: ... must be no more than 63 characters 1964327 - Support containers with name:tag@digest 1964789 - Send keys and disconnect does not work for VNC console 1965368 - ClusterQuotaAdmission received non-meta object - message constantly reported in OpenShift Container Platform 4.7 1966445 - Unmasking a service doesn't work if it masked using MCO 1966477 - Use GA version in KAS/OAS/OauthAS to avoid: "audit.k8s.io/v1beta1" is deprecated and will be removed in a future release, use "audit.k8s.io/v1" instead 1966521 - kube-proxy's userspace implementation consumes excessive CPU 1968364 - [Azure] when using ssh type ed25519 bootstrap fails to come up 1970021 - nmstate does not persist its configuration due to overlay systemd-connections-merged mount 1970218 - MCO writes incorrect file contents if compression field is specified 1970331 - [sig-auth][Feature:SCC][Early] should not have pod creation failures during install [Suite:openshift/conformance/parallel] 1970805 - Cannot create build when docker image url contains dir structure 1972033 - [azure] PV region node affinity is failure-domain.beta.kubernetes.io instead of topology.kubernetes.io 1972827 - image registry does not remain available during upgrade 1972962 - Should set the minimum value for the --max-icsp-size flag of oc adm catalog mirror 1973447 - ovn-dbchecker peak memory spikes to ~500MiB during cluster-density run 1975826 - ovn-kubernetes host directed traffic cannot be offloaded as CT zone 64000 is not established 1976301 - [ci] e2e-azure-upi is permafailing 1976399 - During the upgrade from OpenShift 4.5 to OpenShift 4.6 the election timers for the OVN north and south databases did not change. 1976674 - CCO didn't set Upgradeable to False when cco mode is configured to Manual on azure platform 1976894 - Unidling a StatefulSet does not work as expected 1977319 - [Hive] Remove stale cruft installed by CVO in earlier releases 1977414 - Build Config timed out waiting for condition 400: Bad Request 1977929 - [RFE] Display Network Attachment Definitions from openshift-multus namespace during OCS deployment via UI using Multus 1978528 - systemd-coredump started and failed intermittently for unknown reasons 1978581 - machine-config-operator: remove runlevel from mco namespace 1979562 - Cluster operators: don't show messages when neither progressing, degraded or unavailable 1979962 - AWS SDN Network Stress tests have not passed in 4.9 release-openshift-origin-installer-e2e-aws-sdn-network-stress-4.9 1979966 - OCP builds always fail when run on RHEL7 nodes 1981396 - Deleting pool inside pool page the pool stays in Ready phase in the heading 1981549 - Machine-config daemon does not recover from broken Proxy configuration 1981867 - [sig-cli] oc explain should contain proper fields description for special types [Suite:openshift/conformance/parallel] 1981941 - Terraform upgrade required in openshift-installer to resolve multiple issues 1982063 - 'Control Plane' is not translated in Simplified Chinese language in Home->Overview page 1982498 - Default registry credential path should be adjusted to use containers/auth.json for oc commands 1982662 - Workloads - DaemonSets - Add storage: i18n misses 1982726 - kube-apiserver audit logs show a lot of 404 errors for DELETE "/secrets/encryption-config" on single node clusters 1983758 - upgrades are failing on disruptive tests 1983964 - Need Device plugin configuration for the NIC "needVhostNet" & "isRdma" 1984592 - global pull secret not working in OCP4.7.4+ for additional private registries 1985073 - new-in-4.8 ExtremelyHighIndividualControlPlaneCPU fires on some GCP update jobs 1985486 - Cluster Proxy not used during installation on OSP with Kuryr 1985724 - VM Details Page missing translations 1985838 - [OVN] CNO exportNetworkFlows does not clear collectors when deleted 1985933 - Downstream image registry recommendation 1985965 - oVirt CSI driver does not report volume stats 1986216 - [scale] SNO: Slow Pod recovery due to "timed out waiting for OVS port binding" 1986237 - "MachineNotYetDeleted" in Pending state , alert not fired 1986239 - crictl create fails with "PID namespace requested, but sandbox infra container invalid" 1986302 - console continues to fetch prometheus alert and silences for normal user 1986314 - Current MTV installation for KubeVirt import flow creates unusable Forklift UI 1986338 - error creating list of resources in Import YAML 1986502 - yaml multi file dnd duplicates previous dragged files 1986819 - fix string typos for hot-plug disks 1987044 - [OCPV48] Shutoff VM is being shown as "Starting" in WebUI when using spec.runStrategy Manual/RerunOnFailure 1987136 - Declare operatorframework.io/arch. labels for all operators 1987257 - Go-http-client user-agent being used for oc adm mirror requests 1987263 - fsSpaceFillingUpWarningThreshold not aligned to Kubernetes Garbage Collection Threshold 1987445 - MetalLB integration: All gateway routers in the cluster answer ARP requests for LoadBalancer services IP 1988406 - SSH key dropped when selecting "Customize virtual machine" in UI 1988440 - Network operator changes ovnkube-config too early causing ovnkube-master pods to crashloop during cluster upgrade 1988483 - Azure drop ICMP need to frag FRAG when using OVN: openshift-apiserver becomes False after env runs some time due to communication between one master to pods on another master fails with "Unable to connect to the server" 1988879 - Virtual media based deployment fails on Dell servers due to pending Lifecycle Controller jobs 1989438 - expected replicas is wrong 1989502 - Developer Catalog is disappearing after short time 1989843 - 'More' and 'Show Less' functions are not translated on several page 1990014 - oc debug does not work for Windows pods 1990190 - e2e testing failed with basic manifest: reason/ExternalProvisioning waiting for a volume to be created 1990193 - 'more' and 'Show Less' is not being translated on Home -> Search page 1990255 - Partial or all of the Nodes/StorageClasses don't appear back on UI after text is removed from search bar 1990489 - etcdHighNumberOfFailedGRPCRequests fires only on metal env in CI 1990506 - Missing udev rules in initramfs for /dev/disk/by-id/scsi- symlinks 1990556 - get-resources.sh doesn't honor the no_proxy settings even with no_proxy var 1990625 - Ironic agent registers with SLAAC address with privacy-stable 1990635 - CVO does not recognize the channel change if desired version and channel changed at the same time 1991067 - github.com can not be resolved inside pods where cluster is running on openstack. 1991573 - Enable typescript strictNullCheck on network-policies files 1991641 - Baremetal Cluster Operator still Available After Delete Provisioning 1991770 - The logLevel and operatorLogLevel values do not work with Cloud Credential Operator 1991819 - Misspelled word "ocurred" in oc inspect cmd 1991942 - Alignment and spacing fixes 1992414 - Two rootdisks show on storage step if 'This is a CD-ROM boot source' is checked 1992453 - The configMap failed to save on VM environment tab 1992466 - The button 'Save' and 'Reload' are not translated on vm environment tab 1992475 - The button 'Open console in New Window' and 'Disconnect' are not translated on vm console tab 1992509 - Could not customize boot source due to source PVC not found 1992541 - all the alert rules' annotations "summary" and "description" should comply with the OpenShift alerting guidelines 1992580 - storageProfile should stay with the same value by check/uncheck the apply button 1992592 - list-type missing in oauth.config.openshift.io for identityProviders breaking Server Side Apply 1992777 - [IBMCLOUD] Default "ibm_iam_authorization_policy" is not working as expected in all scenarios 1993364 - cluster destruction fails to remove router in BYON with Kuryr as primary network (even after BZ 1940159 got fixed) 1993376 - periodic-ci-openshift-release-master-ci-4.6-upgrade-from-stable-4.5-e2e-azure-upgrade is permfailing 1994094 - Some hardcodes are detected at the code level in OpenShift console components 1994142 - Missing required cloud config fields for IBM Cloud 1994733 - MetalLB: IP address is not assigned to service if there is duplicate IP address in two address pools 1995021 - resolv.conf and corefile sync slows down/stops after keepalived container restart 1995335 - [SCALE] ovnkube CNI: remove ovs flows check 1995493 - Add Secret to workload button and Actions button are not aligned on secret details page 1995531 - Create RDO-based Ironic image to be promoted to OKD 1995545 - Project drop-down amalgamates inside main screen while creating storage system for odf-operator 1995887 - [OVN]After reboot egress node, lr-policy-list was not correct, some duplicate records or missed internal IPs 1995924 - CMO should report Upgradeable: false when HA workload is incorrectly spread 1996023 - kubernetes.io/hostname values are larger than filter when create localvolumeset from webconsole 1996108 - Allow backwards compatibility of shared gateway mode to inject host-based routes into OVN 1996624 - 100% of the cco-metrics/cco-metrics targets in openshift-cloud-credential-operator namespace are down 1996630 - Fail to delete the first Authorized SSH Key input box on Advanced page 1996647 - Provide more useful degraded message in auth operator on DNS errors 1996736 - Large number of 501 lr-policies in INCI2 env 1996886 - timedout waiting for flows during pod creation and ovn-controller pegged on worker nodes 1996916 - Special Resource Operator(SRO) - Fail to deploy simple-kmod on GCP 1996928 - Enable default operator indexes on ARM 1997028 - prometheus-operator update removes env var support for thanos-sidecar 1997059 - Failed to create cluster in AWS us-east-1 region due to a local zone is used 1997226 - Ingresscontroller reconcilations failing but not shown in operator logs or status of ingresscontroller. 1997245 - "Subscription already exists in openshift-storage namespace" error message is seen while installing odf-operator via UI 1997269 - Have to refresh console to install kube-descheduler 1997478 - Storage operator is not available after reboot cluster instances 1997509 - flake: [sig-cli] oc builds new-build [Skipped:Disconnected] [Suite:openshift/conformance/parallel] 1997967 - storageClass is not reserved from default wizard to customize wizard 1998035 - openstack IPI CI: custom var-lib-etcd.mount (ramdisk) unit is racing due to incomplete After/Before order 1998038 - [e2e][automation] add tests for UI for VM disk hot-plug 1998087 - Fix CephHealthCheck wrapping contents and add data-tests for HealthItem and SecondaryStatus 1998174 - Create storageclass gp3-csi after install ocp cluster on aws 1998183 - "r: Bad Gateway" info is improper 1998235 - Firefox warning: Cookie “csrf-token” will be soon rejected 1998377 - Filesystem table head is not full displayed in disk tab 1998378 - Virtual Machine is 'Not available' in Home -> Overview -> Cluster inventory 1998519 - Add fstype when create localvolumeset instance on web console 1998951 - Keepalived conf ingress peer on in Dual stack cluster contains both IPv6 and IPv4 addresses 1999076 - [UI] Page Not Found error when clicking on Storage link provided in Overview page 1999079 - creating pods before sriovnetworknodepolicy sync up succeed will cause node unschedulable 1999091 - Console update toast notification can appear multiple times 1999133 - removing and recreating static pod manifest leaves pod in error state 1999246 - .indexignore is not ingore when oc command load dc configuration 1999250 - ArgoCD in GitOps operator can't manage namespaces 1999255 - ovnkube-node always crashes out the first time it starts 1999261 - ovnkube-node log spam (and security token leak?) 1999309 - While installing odf-operator via UI, web console update pop-up navigates to OperatorHub -> Operator Installation page 1999314 - console-operator is slow to mark Degraded as False once console starts working 1999425 - kube-apiserver with "[SHOULD NOT HAPPEN] failed to update managedFields" err="failed to convert new object (machine.openshift.io/v1beta1, Kind=MachineHealthCheck) 1999556 - "master" pool should be updated before the CVO reports available at the new version occurred 1999578 - AWS EFS CSI tests are constantly failing 1999603 - Memory Manager allows Guaranteed QoS Pod with hugepages requested is exactly equal to the left over Hugepages 1999619 - cloudinit is malformatted if a user sets a password during VM creation flow 1999621 - Empty ssh_authorized_keys entry is added to VM's cloudinit if created from a customize flow 1999649 - MetalLB: Only one type of IP address can be assigned to service on dual stack cluster from a address pool that have both IPv4 and IPv6 addresses defined 1999668 - openshift-install destroy cluster panic's when given invalid credentials to cloud provider (Azure Stack Hub) 1999734 - IBM Cloud CIS Instance CRN missing in infrastructure manifest/resource 1999771 - revert "force cert rotation every couple days for development" in 4.10 1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function 1999796 - Openshift Console Helm tab is not showing helm releases in a namespace when there is high number of deployments in the same namespace. 1999836 - Admin web-console inconsistent status summary of sparse ClusterOperator conditions 1999903 - Click "This is a CD-ROM boot source" ticking "Use template size PVC" on pvc upload form 1999983 - No way to clear upload error from template boot source 2000081 - [IPI baremetal] The metal3 pod failed to restart when switching from Disabled to Managed provisioning without specifying provisioningInterface parameter 2000096 - Git URL is not re-validated on edit build-config form reload 2000216 - Successfully imported ImageStreams are not resolved in DeploymentConfig 2000236 - Confusing usage message from dynkeepalived CLI 2000268 - Mark cluster unupgradable if vcenter, esxi versions or HW versions are unsupported 2000430 - bump cluster-api-provider-ovirt version in installer 2000450 - 4.10: Enable static PV multi-az test 2000490 - All critical alerts shipped by CMO should have links to a runbook 2000521 - Kube-apiserver CO degraded due to failed conditional check (ConfigObservationDegraded) 2000573 - Incorrect StorageCluster CR created and ODF cluster getting installed with 2 Zone OCP cluster 2000628 - ibm-flashsystem-storage-storagesystem got created without any warning even when the attempt was cancelled 2000651 - ImageStreamTag alias results in wrong tag and invalid link in Web Console 2000754 - IPerf2 tests should be lower 2000846 - Structure logs in the entire codebase of Local Storage Operator 2000872 - [tracker] container is not able to list on some directories within the nfs after upgrade to 4.7.24 2000877 - OCP ignores STOPSIGNAL in Dockerfile and sends SIGTERM 2000938 - CVO does not respect changes to a Deployment strategy 2000963 - 'Inline-volume (default fs)] volumes should store data' tests are failing on OKD with updated selinux-policy 2001008 - [MachineSets] CloneMode defaults to linkedClone, but I don't have snapshot and should be fullClone 2001240 - Remove response headers for downloads of binaries from OpenShift WebConsole 2001295 - Remove openshift:kubevirt-machine-controllers decleration from machine-api 2001317 - OCP Platform Quota Check - Inaccurate MissingQuota error 2001337 - Details Card in ODF Dashboard mentions OCS 2001339 - fix text content hotplug 2001413 - [e2e][automation] add/delete nic and disk to template 2001441 - Test: oc adm must-gather runs successfully for audit logs - fail due to startup log 2001442 - Empty termination.log file for the kube-apiserver has too permissive mode 2001479 - IBM Cloud DNS unable to create/update records 2001566 - Enable alerts for prometheus operator in UWM 2001575 - Clicking on the perspective switcher shows a white page with loader 2001577 - Quick search placeholder is not displayed properly when the search string is removed 2001578 - [e2e][automation] add tests for vm dashboard tab 2001605 - PVs remain in Released state for a long time after the claim is deleted 2001617 - BucketClass Creation is restricted on 1st page but enabled using side navigation options 2001620 - Cluster becomes degraded if it can't talk to Manila 2001760 - While creating 'Backing Store', 'Bucket Class', 'Namespace Store' user is navigated to 'Installed Operators' page after clicking on ODF 2001761 - Unable to apply cluster operator storage for SNO on GCP platform. 2001765 - Some error message in the log of diskmaker-manager caused confusion 2001784 - show loading page before final results instead of showing a transient message No log files exist 2001804 - Reload feature on Environment section in Build Config form does not work properly 2001810 - cluster admin unable to view BuildConfigs in all namespaces 2001817 - Failed to load RoleBindings list that will lead to ‘Role name’ is not able to be selected on Create RoleBinding page as well 2001823 - OCM controller must update operator status 2001825 - [SNO]ingress/authentication clusteroperator degraded when enable ccm from start 2001835 - Could not select image tag version when create app from dev console 2001855 - Add capacity is disabled for ocs-storagecluster 2001856 - Repeating event: MissingVersion no image found for operand pod 2001959 - Side nav list borders don't extend to edges of container 2002007 - Layout issue on "Something went wrong" page 2002010 - ovn-kube may never attempt to retry a pod creation 2002012 - Cannot change volume mode when cloning a VM from a template 2002027 - Two instances of Dotnet helm chart show as one in topology 2002075 - opm render does not automatically pulling in the image(s) used in the deployments 2002121 - [OVN] upgrades failed for IPI OSP16 OVN IPSec cluster 2002125 - Network policy details page heading should be updated to Network Policy details 2002133 - [e2e][automation] add support/virtualization and improve deleteResource 2002134 - [e2e][automation] add test to verify vm details tab 2002215 - Multipath day1 not working on s390x 2002238 - Image stream tag is not persisted when switching from yaml to form editor 2002262 - [vSphere] Incorrect user agent in vCenter sessions list 2002266 - SinkBinding create form doesn't allow to use subject name, instead of label selector 2002276 - OLM fails to upgrade operators immediately 2002300 - Altering the Schedule Profile configurations doesn't affect the placement of the pods 2002354 - Missing DU configuration "Done" status reporting during ZTP flow 2002362 - Dynamic Plugin - ConsoleRemotePlugin for webpack doesn't use commonjs 2002368 - samples should not go degraded when image allowedRegistries blocks imagestream creation 2002372 - Pod creation failed due to mismatched pod IP address in CNI and OVN 2002397 - Resources search is inconsistent 2002434 - CRI-O leaks some children PIDs 2002443 - Getting undefined error on create local volume set page 2002461 - DNS operator performs spurious updates in response to API's defaulting of service's internalTrafficPolicy 2002504 - When the openshift-cluster-storage-operator is degraded because of "VSphereProblemDetectorController_SyncError", the insights operator is not sending the logs from all pods. 2002559 - User preference for topology list view does not follow when a new namespace is created 2002567 - Upstream SR-IOV worker doc has broken links 2002588 - Change text to be sentence case to align with PF 2002657 - ovn-kube egress IP monitoring is using a random port over the node network 2002713 - CNO: OVN logs should have millisecond resolution 2002748 - [ICNI2] 'ErrorAddingLogicalPort' failed to handle external GW check: timeout waiting for namespace event 2002759 - Custom profile should not allow not including at least one required HTTP2 ciphersuite 2002763 - Two storage systems getting created with external mode RHCS 2002808 - KCM does not use web identity credentials 2002834 - Cluster-version operator does not remove unrecognized volume mounts 2002896 - Incorrect result return when user filter data by name on search page 2002950 - Why spec.containers.command is not created with "oc create deploymentconfig --image= -- " 2003096 - [e2e][automation] check bootsource URL is displaying on review step 2003113 - OpenShift Baremetal IPI installer uses first three defined nodes under hosts in install-config for master nodes instead of filtering the hosts with the master role 2003120 - CI: Uncaught error with ResizeObserver on operand details page 2003145 - Duplicate operand tab titles causes "two children with the same key" warning 2003164 - OLM, fatal error: concurrent map writes 2003178 - [FLAKE][knative] The UI doesn't show updated traffic distribution after accepting the form 2003193 - Kubelet/crio leaks netns and veth ports in the host 2003195 - OVN CNI should ensure host veths are removed 2003204 - Jenkins all new container images (openshift4/ose-jenkins) not supporting '-e JENKINS_PASSWORD=password' ENV which was working for old container images 2003206 - Namespace stuck terminating: Failed to delete all resource types, 1 remaining: unexpected items still remain in namespace 2003239 - "[sig-builds][Feature:Builds][Slow] can use private repositories as build input" tests fail outside of CI 2003244 - Revert libovsdb client code 2003251 - Patternfly components with list element has list item bullet when they should not. 2003252 - "[sig-builds][Feature:Builds][Slow] starting a build using CLI start-build test context override environment BUILD_LOGLEVEL in buildconfig" tests do not work as expected outside of CI 2003269 - Rejected pods should be filtered from admission regression 2003357 - QE- Removing the epic tags for gherkin tags related to 4.9 Release 2003426 - [e2e][automation] add test for vm details bootorder 2003496 - [e2e][automation] add test for vm resources requirment settings 2003641 - All metal ipi jobs are failing in 4.10 2003651 - ODF4.9+LSO4.8 installation via UI, StorageCluster move to error state 2003655 - [IPI ON-PREM] Keepalived chk_default_ingress track script failed even though default router pod runs on node 2003683 - Samples operator is panicking in CI 2003711 - [UI] Empty file ceph-external-cluster-details-exporter.py downloaded from external cluster "Connection Details" page 2003715 - Error on creating local volume set after selection of the volume mode 2003743 - Remove workaround keeping /boot RW for kdump support 2003775 - etcd pod on CrashLoopBackOff after master replacement procedure 2003788 - CSR reconciler report error constantly when BYOH CSR approved by other Approver 2003792 - Monitoring metrics query graph flyover panel is useless 2003808 - Add Sprint 207 translations 2003845 - Project admin cannot access image vulnerabilities view 2003859 - sdn emits events with garbage messages 2003896 - (release-4.10) ApiRequestCounts conditional gatherer 2004009 - 4.10: Fix multi-az zone scheduling e2e for 5 control plane replicas 2004051 - CMO can report as being Degraded while node-exporter is deployed on all nodes 2004059 - [e2e][automation] fix current tests for downstream 2004060 - Trying to use basic spring boot sample causes crash on Firefox 2004101 - [UI] When creating storageSystem deployment type dropdown under advanced setting doesn't close after selection 2004127 - [flake] openshift-controller-manager event reason/SuccessfulDelete occurs too frequently 2004203 - build config's created prior to 4.8 with image change triggers can result in trigger storm in OCM/openshift-apiserver 2004313 - [RHOCP 4.9.0-rc.0] Failing to deploy Azure cluster from the macOS installer - ignition_bootstrap.ign: no such file or directory 2004449 - Boot option recovery menu prevents image boot 2004451 - The backup filename displayed in the RecentBackup message is incorrect 2004459 - QE - Modified the AddFlow gherkin scripts and automation scripts 2004508 - TuneD issues with the recent ConfigParser changes. 2004510 - openshift-gitops operator hooks gets unauthorized (401) errors during jobs executions 2004542 - [osp][octavia lb] cannot create LoadBalancer type svcs 2004578 - Monitoring and node labels missing for an external storage platform 2004585 - prometheus-k8s-0 cpu usage keeps increasing for the first 3 days 2004596 - [4.10] Bootimage bump tracker 2004597 - Duplicate ramdisk log containers running 2004600 - Duplicate ramdisk log containers running 2004609 - output of "crictl inspectp" is not complete 2004625 - BMC credentials could be logged if they change 2004632 - When LE takes a large amount of time, multiple whereabouts are seen 2004721 - ptp/worker custom threshold doesn't change ptp events threshold 2004736 - [knative] Create button on new Broker form is inactive despite form being filled 2004796 - [e2e][automation] add test for vm scheduling policy 2004814 - (release-4.10) OCM controller - change type of the etc-pki-entitlement secret to opaque 2004870 - [External Mode] Insufficient spacing along y-axis in RGW Latency Performance Card 2004901 - [e2e][automation] improve kubevirt devconsole tests 2004962 - Console frontend job consuming too much CPU in CI 2005014 - state of ODF StorageSystem is misreported during installation or uninstallation 2005052 - Adding a MachineSet selector matchLabel causes orphaned Machines 2005179 - pods status filter is not taking effect 2005182 - sync list of deprecated apis about to be removed 2005282 - Storage cluster name is given as title in StorageSystem details page 2005355 - setuptools 58 makes Kuryr CI fail 2005407 - ClusterNotUpgradeable Alert should be set to Severity Info 2005415 - PTP operator with sidecar api configured throws bind: address already in use 2005507 - SNO spoke cluster failing to reach coreos.live.rootfs_url is missing url in console 2005554 - The switch status of the button "Show default project" is not revealed correctly in code 2005581 - 4.8.12 to 4.9 upgrade hung due to cluster-version-operator pod CrashLoopBackOff: error creating clients: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable 2005761 - QE - Implementing crw-basic feature file 2005783 - Fix accessibility issues in the "Internal" and "Internal - Attached Mode" Installation Flow 2005811 - vSphere Problem Detector operator - ServerFaultCode: InvalidProperty 2005854 - SSH NodePort service is created for each VM 2005901 - KS, KCM and KA going Degraded during master nodes upgrade 2005902 - Current UI flow for MCG only deployment is confusing and doesn't reciprocate any message to the end-user 2005926 - PTP operator NodeOutOfPTPSync rule is using max offset from the master instead of openshift_ptp_clock_state metrics 2005971 - Change telemeter to report the Application Services product usage metrics 2005997 - SELinux domain container_logreader_t does not have a policy to follow sym links for log files 2006025 - Description to use an existing StorageClass while creating StorageSystem needs to be re-phrased 2006060 - ocs-storagecluster-storagesystem details are missing on UI for MCG Only and MCG only in LSO mode deployment types 2006101 - Power off fails for drivers that don't support Soft power off 2006243 - Metal IPI upgrade jobs are running out of disk space 2006291 - bootstrapProvisioningIP set incorrectly when provisioningNetworkCIDR doesn't use the 0th address 2006308 - Backing Store YAML tab on click displays a blank screen on UI 2006325 - Multicast is broken across nodes 2006329 - Console only allows Web Terminal Operator to be installed in OpenShift Operators 2006364 - IBM Cloud: Set resourceGroupId for resourceGroups, not simply resource 2006561 - [sig-instrumentation] Prometheus when installed on the cluster shouldn't have failing rules evaluation [Skipped:Disconnected] [Suite:openshift/conformance/parallel] 2006690 - OS boot failure "x64 Exception Type 06 - Invalid Opcode Exception" 2006714 - add retry for etcd errors in kube-apiserver 2006767 - KubePodCrashLooping may not fire 2006803 - Set CoreDNS cache entries for forwarded zones 2006861 - Add Sprint 207 part 2 translations 2006945 - race condition can cause crashlooping bootstrap kube-apiserver in cluster-bootstrap 2006947 - e2e-aws-proxy for 4.10 is permafailing with samples operator errors 2006975 - clusteroperator/etcd status condition should not change reasons frequently due to EtcdEndpointsDegraded 2007085 - Intermittent failure mounting /run/media/iso when booting live ISO from USB stick 2007136 - Creation of BackingStore, BucketClass, NamespaceStore fails 2007271 - CI Integration for Knative test cases 2007289 - kubevirt tests are failing in CI 2007322 - Devfile/Dockerfile import does not work for unsupported git host 2007328 - Updated patternfly to v4.125.3 and pf.quickstarts to v1.2.3. 2007379 - Events are not generated for master offset for ordinary clock 2007443 - [ICNI 2.0] Loadbalancer pods do not establish BFD sessions with all workers that host pods for the routed namespace 2007455 - cluster-etcd-operator: render command should fail if machineCidr contains reserved address 2007495 - Large label value for the metric kubelet_started_pods_errors_total with label message when there is a error 2007522 - No new local-storage-operator-metadata-container is build for 4.10 2007551 - No new ose-aws-efs-csi-driver-operator-bundle-container is build for 4.10 2007580 - Azure cilium installs are failing e2e tests 2007581 - Too many haproxy processes in default-router pod causing high load average after upgrade from v4.8.3 to v4.8.10 2007677 - Regression: core container io performance metrics are missing for pod, qos, and system slices on nodes 2007692 - 4.9 "old-rhcos" jobs are permafailing with storage test failures 2007710 - ci/prow/e2e-agnostic-cmd job is failing on prow 2007757 - must-gather extracts imagestreams in the "openshift" namespace, but not Templates 2007802 - AWS machine actuator get stuck if machine is completely missing 2008096 - TestAWSFinalizerDeleteS3Bucket sometimes fails to teardown operator 2008119 - The serviceAccountIssuer field on Authentication CR is reseted to “” when installation process 2008151 - Topology breaks on clicking in empty state 2008185 - Console operator go.mod should use go 1.16.version 2008201 - openstack-az job is failing on haproxy idle test 2008207 - vsphere CSI driver doesn't set resource limits 2008223 - gather_audit_logs: fix oc command line to get the current audit profile 2008235 - The Save button in the Edit DC form remains disabled 2008256 - Update Internationalization README with scope info 2008321 - Add correct documentation link for MON_DISK_LOW 2008462 - Disable PodSecurity feature gate for 4.10 2008490 - Backing store details page does not contain all the kebab actions. 2008521 - gcp-hostname service should correct invalid search entries in resolv.conf 2008532 - CreateContainerConfigError:: failed to prepare subPath for volumeMount 2008539 - Registry doesn't fall back to secondary ImageContentSourcePolicy Mirror 2008540 - HighlyAvailableWorkloadIncorrectlySpread always fires on upgrade on cluster with two workers 2008599 - Azure Stack UPI does not have Internal Load Balancer 2008612 - Plugin asset proxy does not pass through browser cache headers 2008712 - VPA webhook timeout prevents all pods from starting 2008733 - kube-scheduler: exposed /debug/pprof port 2008911 - Prometheus repeatedly scaling prometheus-operator replica set 2008926 - [sig-api-machinery] API data in etcd should be stored at the correct location and version for all resources [Serial] [Suite:openshift/conformance/serial] 2008987 - OpenShift SDN Hosted Egress IP's are not being scheduled to nodes after upgrade to 4.8.12 2009055 - Instances of OCS to be replaced with ODF on UI 2009078 - NetworkPodsCrashLooping alerts in upgrade CI jobs 2009083 - opm blocks pruning of existing bundles during add 2009111 - [IPI-on-GCP] 'Install a cluster with nested virtualization enabled' failed due to unable to launch compute instances 2009131 - [e2e][automation] add more test about vmi 2009148 - [e2e][automation] test vm nic presets and options 2009233 - ACM policy object generated by PolicyGen conflicting with OLM Operator 2009253 - [BM] [IPI] [DualStack] apiVIP and ingressVIP should be of the same primary IP family 2009298 - Service created for VM SSH access is not owned by the VM and thus is not deleted if the VM is deleted 2009384 - UI changes to support BindableKinds CRD changes 2009404 - ovnkube-node pod enters CrashLoopBackOff after OVN_IMAGE is swapped 2009424 - Deployment upgrade is failing availability check 2009454 - Change web terminal subscription permissions from get to list 2009465 - container-selinux should come from rhel8-appstream 2009514 - Bump OVS to 2.16-15 2009555 - Supermicro X11 system not booting from vMedia with AI 2009623 - Console: Observe > Metrics page: Table pagination menu shows bullet points 2009664 - Git Import: Edit of knative service doesn't work as expected for git import flow 2009699 - Failure to validate flavor RAM 2009754 - Footer is not sticky anymore in import forms 2009785 - CRI-O's version file should be pinned by MCO 2009791 - Installer: ibmcloud ignores install-config values 2009823 - [sig-arch] events should not repeat pathologically - reason/VSphereOlderVersionDetected Marking cluster un-upgradeable because one or more VMs are on hardware version vmx-13 2009840 - cannot build extensions on aarch64 because of unavailability of rhel-8-advanced-virt repo 2009859 - Large number of sessions created by vmware-vsphere-csi-driver-operator during e2e tests 2009873 - Stale Logical Router Policies and Annotations for a given node 2009879 - There should be test-suite coverage to ensure admin-acks work as expected 2009888 - SRO package name collision between official and community version 2010073 - uninstalling and then reinstalling sriov-network-operator is not working 2010174 - 2 PVs get created unexpectedly with different paths that actually refer to the same device on the node. 2010181 - Environment variables not getting reset on reload on deployment edit form 2010310 - [sig-instrumentation][Late] OpenShift alerting rules should have description and summary annotations [Skipped:Disconnected] [Suite:openshift/conformance/parallel] 2010341 - OpenShift Alerting Rules Style-Guide Compliance 2010342 - Local console builds can have out of memory errors 2010345 - OpenShift Alerting Rules Style-Guide Compliance 2010348 - Reverts PIE build mode for K8S components 2010352 - OpenShift Alerting Rules Style-Guide Compliance 2010354 - OpenShift Alerting Rules Style-Guide Compliance 2010359 - OpenShift Alerting Rules Style-Guide Compliance 2010368 - OpenShift Alerting Rules Style-Guide Compliance 2010376 - OpenShift Alerting Rules Style-Guide Compliance 2010662 - Cluster is unhealthy after image-registry-operator tests 2010663 - OpenShift Alerting Rules Style-Guide Compliance (ovn-kubernetes subcomponent) 2010665 - Bootkube tries to use oc after cluster bootstrap is done and there is no API 2010698 - [BM] [IPI] [Dual Stack] Installer must ensure ipv6 short forms too if clusterprovisioning IP is specified as ipv6 address 2010719 - etcdHighNumberOfFailedGRPCRequests runbook is missing 2010864 - Failure building EFS operator 2010910 - ptp worker events unable to identify interface for multiple interfaces 2010911 - RenderOperatingSystem() returns wrong OS version on OCP 4.7.24 2010921 - Azure Stack Hub does not handle additionalTrustBundle 2010931 - SRO CSV uses non default category "Drivers and plugins" 2010946 - concurrent CRD from ovirt-csi-driver-operator gets reconciled by CVO after deployment, changing CR as well. 2011038 - optional operator conditions are confusing 2011063 - CVE-2021-39226 grafana: Snapshot authentication bypass 2011171 - diskmaker-manager constantly redeployed by LSO when creating LV's 2011293 - Build pod are not pulling images if we are not explicitly giving the registry name with the image 2011368 - Tooltip in pipeline visualization shows misleading data 2011386 - [sig-arch] Check if alerts are firing during or after upgrade success --- alert KubePodNotReady fired for 60 seconds with labels 2011411 - Managed Service's Cluster overview page contains link to missing Storage dashboards 2011443 - Cypress tests assuming Admin Perspective could fail on shared/reference cluster 2011513 - Kubelet rejects pods that use resources that should be freed by completed pods 2011668 - Machine stuck in deleting phase in VMware "reconciler failed to Delete machine" 2011693 - (release-4.10) "insightsclient_request_recvreport_total" metric is always incremented 2011698 - After upgrading cluster to 4.8 the kube-state-metrics service doesn't export namespace labels anymore 2011733 - Repository README points to broken documentarion link 2011753 - Ironic resumes clean before raid configuration job is actually completed 2011809 - The nodes page in the openshift console doesn't work. You just get a blank page 2011822 - Obfuscation doesn't work at clusters with OVN 2011882 - SRO helm charts not synced with templates 2011893 - Validation: BMC driver ipmi is not supported for secure UEFI boot 2011896 - [4.10] ClusterVersion Upgradeable=False MultipleReasons should include all messages 2011903 - vsphere-problem-detector: session leak 2011927 - OLM should allow users to specify a proxy for GRPC connections 2011956 - [tracker] Kubelet rejects pods that use resources that should be freed by completed pods 2011960 - [tracker] Storage operator is not available after reboot cluster instances 2011971 - ICNI2 pods are stuck in ContainerCreating state 2011972 - Ingress operator not creating wildcard route for hypershift clusters 2011977 - SRO bundle references non-existent image 2012069 - Refactoring Status controller 2012177 - [OCP 4.9 + OCS 4.8.3] Overview tab is missing under Storage after successful deployment on UI 2012228 - ibmcloud: credentialsrequests invalid for machine-api-operator: resource-group 2012233 - [IBMCLOUD] IPI: "Exceeded limit of remote rules per security group (the limit is 5 remote rules per security group)" 2012235 - [IBMCLOUD] IPI: IBM cloud provider requires ResourceGroupName in cloudproviderconfig 2012317 - Dynamic Plugins: ListPageCreateDropdown items cut off 2012407 - [e2e][automation] improve vm tab console tests 2012426 - ThanosSidecarBucketOperationsFailed/ThanosSidecarUnhealthy alerts don't have namespace label 2012562 - migration condition is not detected in list view 2012770 - when using expression metric openshift_apps_deploymentconfigs_last_failed_rollout_time namespace label is re-written 2012780 - The port 50936 used by haproxy is occupied by kube-apiserver 2012838 - Setting the default maximum container root partition size for Overlay with CRI-O stop working 2012902 - Neutron Ports assigned to Completed Pods are not reused Edit 2012915 - kube_persistentvolumeclaim_labels and kube_persistentvolume_labels are missing in OCP 4.8 monitoring stack 2012971 - Disable operands deletes 2013034 - Cannot install to openshift-nmstate namespace 2013127 - OperatorHub links could not be opened in a new tabs (sharing and open a deep link works fine) 2013199 - post reboot of node SRIOV policy taking huge time 2013203 - UI breaks when trying to create block pool before storage cluster/system creation 2013222 - Full breakage for nightly payload promotion 2013273 - Nil pointer exception when phc2sys options are missing 2013321 - TuneD: high CPU utilization of the TuneD daemon. 2013416 - Multiple assets emit different content to the same filename 2013431 - Application selector dropdown has incorrect font-size and positioning 2013528 - mapi_current_pending_csr is always set to 1 on OpenShift Container Platform 4.8 2013545 - Service binding created outside topology is not visible 2013599 - Scorecard support storage is not included in ocp4.9 2013632 - Correction/Changes in Quick Start Guides for ODF 4.9 (Install ODF guide) 2013646 - fsync controller will show false positive if gaps in metrics are observed. 2013710 - ZTP Operator subscriptions for 4.9 release branch should point to 4.9 by default 2013751 - Service details page is showing wrong in-cluster hostname 2013787 - There are two tittle 'Network Attachment Definition Details' on NAD details page 2013871 - Resource table headings are not aligned with their column data 2013895 - Cannot enable accelerated network via MachineSets on Azure 2013920 - "--collector.filesystem.ignored-mount-points is DEPRECATED and will be removed in 2.0.0, use --collector.filesystem.mount-points-exclude" 2013930 - Create Buttons enabled for Bucket Class, Backingstore and Namespace Store in the absence of Storagesystem(or MCG) 2013969 - oVIrt CSI driver fails on creating PVCs on hosted engine storage domain 2013990 - Observe dashboard crashs on reload when perspective has changed (in another tab) 2013996 - Project detail page: Action "Delete Project" does nothing for the default project 2014071 - Payload imagestream new tags not properly updated during cluster upgrade 2014153 - SRIOV exclusive pooling 2014202 - [OCP-4.8.10] OVN-Kubernetes: service IP is not responding when egressIP set to the namespace 2014238 - AWS console test is failing on importing duplicate YAML definitions 2014245 - Several aria-labels, external links, and labels aren't internationalized 2014248 - Several files aren't internationalized 2014352 - Could not filter out machine by using node name on machines page 2014464 - Unexpected spacing/padding below navigation groups in developer perspective 2014471 - Helm Release notes tab is not automatically open after installing a chart for other languages 2014486 - Integration Tests: OLM single namespace operator tests failing 2014488 - Custom operator cannot change orders of condition tables 2014497 - Regex slows down different forms and creates too much recursion errors in the log 2014538 - Kuryr controller crash looping on self._get_vip_port(loadbalancer).id 'NoneType' object has no attribute 'id' 2014614 - Metrics scraping requests should be assigned to exempt priority level 2014710 - TestIngressStatus test is broken on Azure 2014954 - The prometheus-k8s-{0,1} pods are CrashLoopBackoff repeatedly 2014995 - oc adm must-gather cannot gather audit logs with 'None' audit profile 2015115 - [RFE] PCI passthrough 2015133 - [IBMCLOUD] ServiceID API key credentials seems to be insufficient for ccoctl '--resource-group-name' parameter 2015154 - Support ports defined networks and primarySubnet 2015274 - Yarn dev fails after updates to dynamic plugin JSON schema logic 2015337 - 4.9.0 GA MetalLB operator image references need to be adjusted to match production 2015386 - Possibility to add labels to the built-in OCP alerts 2015395 - Table head on Affinity Rules modal is not fully expanded 2015416 - CI implementation for Topology plugin 2015418 - Project Filesystem query returns No datapoints found 2015420 - No vm resource in project view's inventory 2015422 - No conflict checking on snapshot name 2015472 - Form and YAML view switch button should have distinguishable status 2015481 - [4.10] sriov-network-operator daemon pods are failing to start 2015493 - Cloud Controller Manager Operator does not respect 'additionalTrustBundle' setting 2015496 - Storage - PersistentVolumes : Claim colum value 'No Claim' in English 2015498 - [UI] Add capacity when not applicable (for MCG only deployment and External mode cluster) fails to pass any info. to user and tries to just load a blank screen on 'Add Capacity' button click 2015506 - Home - Search - Resources - APIRequestCount : hard to select an item from ellipsis menu 2015515 - Kubelet checks all providers even if one is configured: NoCredentialProviders: no valid providers in chain. 2015535 - Administration - ResourceQuotas - ResourceQuota details: Inside Pie chart 'x% used' is in English 2015549 - Observe - Metrics: Column heading and pagination text is in English 2015557 - Workloads - DeploymentConfigs : Error message is in English 2015568 - Compute - Nodes : CPU column's values are in English 2015635 - Storage operator fails causing installation to fail on ASH 2015660 - "Finishing boot source customization" screen should not use term "patched" 2015793 - [hypershift] The collect-profiles job's pods should run on the control-plane node 2015806 - Metrics view in Deployment reports "Forbidden" when not cluster-admin 2015819 - Conmon sandbox processes run on non-reserved CPUs with workload partitioning 2015837 - OS_CLOUD overwrites install-config's platform.openstack.cloud 2015950 - update from 4.7.22 to 4.8.11 is failing due to large amount of secrets to watch 2015952 - RH CodeReady Workspaces Operator in e2e testing will soon fail 2016004 - [RFE] RHCOS: help determining whether a user-provided image was already booted (Ignition provisioning already performed) 2016008 - [4.10] Bootimage bump tracker 2016052 - No e2e CI presubmit configured for release component azure-file-csi-driver 2016053 - No e2e CI presubmit configured for release component azure-file-csi-driver-operator 2016054 - No e2e CI presubmit configured for release component cluster-autoscaler 2016055 - No e2e CI presubmit configured for release component console 2016058 - openshift-sync does not synchronise in "ose-jenkins:v4.8" 2016064 - No e2e CI presubmit configured for release component ibm-cloud-controller-manager 2016065 - No e2e CI presubmit configured for release component ibmcloud-machine-controllers 2016175 - Pods get stuck in ContainerCreating state when attaching volumes fails on SNO clusters. 2016179 - Add Sprint 208 translations 2016228 - Collect Profiles pprof secret is hardcoded to openshift-operator-lifecycle-manager 2016235 - should update to 7.5.11 for grafana resources version label 2016296 - Openshift virtualization : Create Windows Server 2019 VM using template : Fails 2016334 - shiftstack: SRIOV nic reported as not supported 2016352 - Some pods start before CA resources are present 2016367 - Empty task box is getting created for a pipeline without finally task 2016435 - Duplicate AlertmanagerClusterFailedToSendAlerts alerts 2016438 - Feature flag gating is missing in few extensions contributed via knative plugin 2016442 - OCPonRHV: pvc should be in Bound state and without error when choosing default sc 2016446 - [OVN-Kubernetes] Egress Networkpolicy is failing Intermittently for statefulsets 2016453 - Complete i18n for GaugeChart defaults 2016479 - iface-id-ver is not getting updated for existing lsp 2016925 - Dashboards with All filter, change to a specific value and change back to All, data will disappear 2016951 - dynamic actions list is not disabling "open console" for stopped vms 2016955 - m5.large instance type for bootstrap node is hardcoded causing deployments to fail if instance type is not available 2016988 - NTO does not set io_timeout and max_retries for AWS Nitro instances 2017016 - [REF] Virtualization menu 2017036 - [sig-network-edge][Feature:Idling] Unidling should handle many TCP connections fails in periodic-ci-openshift-release-master-ci-4.9-e2e-openstack-ovn 2017050 - Dynamic Plugins: Shared modules loaded multiple times, breaking use of PatternFly 2017130 - t is not a function error navigating to details page 2017141 - Project dropdown has a dynamic inline width added which can cause min-width issue 2017244 - ovirt csi operator static files creation is in the wrong order 2017276 - [4.10] Volume mounts not created with the correct security context 2017327 - When run opm index prune failed with error removing operator package cic-operator FOREIGN KEY constraint failed. 2017427 - NTO does not restart TuneD daemon when profile application is taking too long 2017535 - Broken Argo CD link image on GitOps Details Page 2017547 - Siteconfig application sync fails with The AgentClusterInstall is invalid: spec.provisionRequirements.controlPlaneAgents: Required value when updating images references 2017564 - On-prem prepender dispatcher script overwrites DNS search settings 2017565 - CCMO does not handle additionalTrustBundle on Azure Stack 2017566 - MetalLB: Web Console -Create Address pool form shows address pool name twice 2017606 - [e2e][automation] add test to verify send key for VNC console 2017650 - [OVN]EgressFirewall cannot be applied correctly if cluster has windows nodes 2017656 - VM IP address is "undefined" under VM details -> ssh field 2017663 - SSH password authentication is disabled when public key is not supplied 2017680 - [gcp] Couldn’t enable support for instances with GPUs on GCP 2017732 - [KMS] Prevent creation of encryption enabled storageclass without KMS connection set 2017752 - (release-4.10) obfuscate identity provider attributes in collected authentication.operator.openshift.io resource 2017756 - overlaySize setting on containerruntimeconfig is ignored due to cri-o defaults 2017761 - [e2e][automation] dummy bug for 4.9 test dependency 2017872 - Add Sprint 209 translations 2017874 - The installer is incorrectly checking the quota for X instances instead of G and VT instances 2017879 - Add Chinese translation for "alternate" 2017882 - multus: add handling of pod UIDs passed from runtime 2017909 - [ICNI 2.0] ovnkube-masters stop processing add/del events for pods 2018042 - HorizontalPodAutoscaler CPU averageValue did not show up in HPA metrics GUI 2018093 - Managed cluster should ensure control plane pods do not run in best-effort QoS 2018094 - the tooltip length is limited 2018152 - CNI pod is not restarted when It cannot start servers due to ports being used 2018208 - e2e-metal-ipi-ovn-ipv6 are failing 75% of the time 2018234 - user settings are saved in local storage instead of on cluster 2018264 - Delete Export button doesn't work in topology sidebar (general issue with unknown CSV?) 2018272 - Deployment managed by link and topology sidebar links to invalid resource page (at least for Exports) 2018275 - Topology graph doesn't show context menu for Export CSV 2018279 - Edit and Delete confirmation modals for managed resource should close when the managed resource is clicked 2018380 - Migrate docs links to access.redhat.com 2018413 - Error: context deadline exceeded, OCP 4.8.9 2018428 - PVC is deleted along with VM even with "Delete Disks" unchecked 2018445 - [e2e][automation] enhance tests for downstream 2018446 - [e2e][automation] move tests to different level 2018449 - [e2e][automation] add test about create/delete network attachment definition 2018490 - [4.10] Image provisioning fails with file name too long 2018495 - Fix typo in internationalization README 2018542 - Kernel upgrade does not reconcile DaemonSet 2018880 - Get 'No datapoints found.' when query metrics about alert rule KubeCPUQuotaOvercommit and KubeMemoryQuotaOvercommit 2018884 - QE - Adapt crw-basic feature file to OCP 4.9/4.10 changes 2018935 - go.sum not updated, that ART extracts version string from, WAS: Missing backport from 4.9 for Kube bump PR#950 2018965 - e2e-metal-ipi-upgrade is permafailing in 4.10 2018985 - The rootdisk size is 15Gi of windows VM in customize wizard 2019001 - AWS: Operator degraded (CredentialsFailing): 1 of 6 credentials requests are failing to sync. 2019096 - Update SRO leader election timeout to support SNO 2019129 - SRO in operator hub points to wrong repo for README 2019181 - Performance profile does not apply 2019198 - ptp offset metrics are not named according to the log output 2019219 - [IBMCLOUD]: cloud-provider-ibm missing IAM permissions in CCCMO CredentialRequest 2019284 - Stop action should not in the action list while VMI is not running 2019346 - zombie processes accumulation and Argument list too long 2019360 - [RFE] Virtualization Overview page 2019452 - Logger object in LSO appends to existing logger recursively 2019591 - Operator install modal body that scrolls has incorrect padding causing shadow position to be incorrect 2019634 - Pause and migration is enabled in action list for a user who has view only permission 2019636 - Actions in VM tabs should be disabled when user has view only permission 2019639 - "Take snapshot" should be disabled while VM image is still been importing 2019645 - Create button is not removed on "Virtual Machines" page for view only user 2019646 - Permission error should pop-up immediately while clicking "Create VM" button on template page for view only user 2019647 - "Remove favorite" and "Create new Template" should be disabled in template action list for view only user 2019717 - cant delete VM with un-owned pvc attached 2019722 - The shared-resource-csi-driver-node pod runs as “BestEffort” qosClass 2019739 - The shared-resource-csi-driver-node uses imagePullPolicy as "Always" 2019744 - [RFE] Suggest users to download newest RHEL 8 version 2019809 - [OVN][Upgrade] After upgrade to 4.7.34 ovnkube-master pods are in CrashLoopBackOff/ContainerCreating and other multiple issues at OVS/OVN level 2019827 - Display issue with top-level menu items running demo plugin 2019832 - 4.10 Nightlies blocked: Failed to upgrade authentication, operator was degraded 2019886 - Kuryr unable to finish ports recovery upon controller restart 2019948 - [RFE] Restructring Virtualization links 2019972 - The Nodes section doesn't display the csr of the nodes that are trying to join the cluster 2019977 - Installer doesn't validate region causing binary to hang with a 60 minute timeout 2019986 - Dynamic demo plugin fails to build 2019992 - instance:node_memory_utilisation:ratio metric is incorrect 2020001 - Update dockerfile for demo dynamic plugin to reflect dir change 2020003 - MCD does not regard "dangling" symlinks as a files, attempts to write through them on next backup, resulting in "not writing through dangling symlink" error and degradation. 2020107 - cluster-version-operator: remove runlevel from CVO namespace 2020153 - Creation of Windows high performance VM fails 2020216 - installer: Azure storage container blob where is stored bootstrap.ign file shouldn't be public 2020250 - Replacing deprecated ioutil 2020257 - Dynamic plugin with multiple webpack compilation passes may fail to build 2020275 - ClusterOperators link in console returns blank page during upgrades 2020377 - permissions error while using tcpdump option with must-gather 2020489 - coredns_dns metrics don't include the custom zone metrics data due to CoreDNS prometheus plugin is not defined 2020498 - "Show PromQL" button is disabled 2020625 - [AUTH-52] User fails to login from web console with keycloak OpenID IDP after enable group membership sync feature 2020638 - [4.7] CI conformance test failures related to CustomResourcePublishOpenAPI 2020664 - DOWN subports are not cleaned up 2020904 - When trying to create a connection from the Developer view between VMs, it fails 2021016 - 'Prometheus Stats' of dashboard 'Prometheus Overview' miss data on console compared with Grafana 2021017 - 404 page not found error on knative eventing page 2021031 - QE - Fix the topology CI scripts 2021048 - [RFE] Added MAC Spoof check 2021053 - Metallb operator presented as community operator 2021067 - Extensive number of requests from storage version operator in cluster 2021081 - Missing PolicyGenTemplate for configuring Local Storage Operator LocalVolumes 2021135 - [azure-file-csi-driver] "make unit-test" returns non-zero code, but tests pass 2021141 - Cluster should allow a fast rollout of kube-apiserver is failing on single node 2021151 - Sometimes the DU node does not get the performance profile configuration applied and MachineConfigPool stays stuck in Updating 2021152 - imagePullPolicy is "Always" for ptp operator images 2021191 - Project admins should be able to list available network attachment defintions 2021205 - Invalid URL in git import form causes validation to not happen on URL change 2021322 - cluster-api-provider-azure should populate purchase plan information 2021337 - Dynamic Plugins: ResourceLink doesn't render when passed a groupVersionKind 2021364 - Installer requires invalid AWS permission s3:GetBucketReplication 2021400 - Bump documentationBaseURL to 4.10 2021405 - [e2e][automation] VM creation wizard Cloud Init editor 2021433 - "[sig-builds][Feature:Builds][pullsearch] docker build where the registry is not specified" test fail permanently on disconnected 2021466 - [e2e][automation] Windows guest tool mount 2021544 - OCP 4.6.44 - Ingress VIP assigned as secondary IP in ovs-if-br-ex and added to resolv.conf as nameserver 2021551 - Build is not recognizing the USER group from an s2i image 2021607 - Unable to run openshift-install with a vcenter hostname that begins with a numeric character 2021629 - api request counts for current hour are incorrect 2021632 - [UI] Clicking on odf-operator breadcrumb from StorageCluster details page displays empty page 2021693 - Modals assigned modal-lg class are no longer the correct width 2021724 - Observe > Dashboards: Graph lines are not visible when obscured by other lines 2021731 - CCO occasionally down, reporting networksecurity.googleapis.com API as disabled 2021936 - Kubelet version in RPMs should be using Dockerfile label instead of git tags 2022050 - [BM][IPI] Failed during bootstrap - unable to read client-key /var/lib/kubelet/pki/kubelet-client-current.pem 2022053 - dpdk application with vhost-net is not able to start 2022114 - Console logging every proxy request 2022144 - 1 of 3 ovnkube-master pods stuck in clbo after ipi bm deployment - dualstack (Intermittent) 2022251 - wait interval in case of a failed upload due to 403 is unnecessarily long 2022399 - MON_DISK_LOW troubleshooting guide link when clicked, gives 404 error . 2022447 - ServiceAccount in manifests conflicts with OLM 2022502 - Patternfly tables with a checkbox column are not displaying correctly because of conflicting css rules. 2022509 - getOverrideForManifest does not check manifest.GVK.Group 2022536 - WebScale: duplicate ecmp next hop error caused by multiple of the same gateway IPs in ovnkube cache 2022612 - no namespace field for "Kubernetes / Compute Resources / Namespace (Pods)" admin console dashboard 2022627 - Machine object not picking up external FIP added to an openstack vm 2022646 - configure-ovs.sh failure - Error: unknown connection 'WARN:' 2022707 - Observe / monitoring dashboard shows forbidden errors on Dev Sandbox 2022801 - Add Sprint 210 translations 2022811 - Fix kubelet log rotation file handle leak 2022812 - [SCALE] ovn-kube service controller executes unnecessary load balancer operations 2022824 - Large number of sessions created by vmware-vsphere-csi-driver-operator during e2e tests 2022880 - Pipeline renders with minor visual artifact with certain task dependencies 2022886 - Incorrect URL in operator description 2023042 - CRI-O filters custom runtime allowed annotation when both custom workload and custom runtime sections specified under the config 2023060 - [e2e][automation] Windows VM with CDROM migration 2023077 - [e2e][automation] Home Overview Virtualization status 2023090 - [e2e][automation] Examples of Import URL for VM templates 2023102 - [e2e][automation] Cloudinit disk of VM from custom template 2023216 - ACL for a deleted egressfirewall still present on node join switch 2023228 - Remove Tech preview badge on Trigger components 1.6 OSP on OCP 4.9 2023238 - [sig-devex][Feature:ImageEcosystem][python][Slow] hot deploy for openshift python image Django example should work with hot deploy 2023342 - SCC admission should take ephemeralContainers into account 2023356 - Devfiles can't be loaded in Safari on macOS (403 - Forbidden) 2023434 - Update Azure Machine Spec API to accept Marketplace Images 2023500 - Latency experienced while waiting for volumes to attach to node 2023522 - can't remove package from index: database is locked 2023560 - "Network Attachment Definitions" has no project field on the top in the list view 2023592 - [e2e][automation] add mac spoof check for nad 2023604 - ACL violation when deleting a provisioning-configuration resource 2023607 - console returns blank page when normal user without any projects visit Installed Operators page 2023638 - Downgrade support level for extended control plane integration to Dev Preview 2023657 - inconsistent behaviours of adding ssh key on rhel node between 4.9 and 4.10 2023675 - Changing CNV Namespace 2023779 - Fix Patch 104847 in 4.9 2023781 - initial hardware devices is not loading in wizard 2023832 - CCO updates lastTransitionTime for non-Status changes 2023839 - Bump recommended FCOS to 34.20211031.3.0 2023865 - Console css overrides prevent dynamic plug-in PatternFly tables from displaying correctly 2023950 - make test-e2e-operator on kubernetes-nmstate results in failure to pull image from "registry:5000" repository 2023985 - [4.10] OVN idle service cannot be accessed after upgrade from 4.8 2024055 - External DNS added extra prefix for the TXT record 2024108 - Occasionally node remains in SchedulingDisabled state even after update has been completed sucessfully 2024190 - e2e-metal UPI is permafailing with inability to find rhcos.json 2024199 - 400 Bad Request error for some queries for the non admin user 2024220 - Cluster monitoring checkbox flickers when installing Operator in all-namespace mode 2024262 - Sample catalog is not displayed when one API call to the backend fails 2024309 - cluster-etcd-operator: defrag controller needs to provide proper observability 2024316 - modal about support displays wrong annotation 2024328 - [oVirt / RHV] PV disks are lost when machine deleted while node is disconnected 2024399 - Extra space is in the translated text of "Add/Remove alternate service" on Create Route page 2024448 - When ssh_authorized_keys is empty in form view it should not appear in yaml view 2024493 - Observe > Alerting > Alerting rules page throws error trying to destructure undefined 2024515 - test-blocker: Ceph-storage-plugin tests failing 2024535 - hotplug disk missing OwnerReference 2024537 - WINDOWS_IMAGE_LINK does not refer to windows cloud image 2024547 - Detail page is breaking for namespace store , backing store and bucket class. 2024551 - KMS resources not getting created for IBM FlashSystem storage 2024586 - Special Resource Operator(SRO) - Empty image in BuildConfig when using RT kernel 2024613 - pod-identity-webhook starts without tls 2024617 - vSphere CSI tests constantly failing with Rollout of the monitoring stack failed and is degraded 2024665 - Bindable services are not shown on topology 2024731 - linuxptp container: unnecessary checking of interfaces 2024750 - i18n some remaining OLM items 2024804 - gcp-pd-csi-driver does not use trusted-ca-bundle when cluster proxy configured 2024826 - [RHOS/IPI] Masters are not joining a clusters when installing on OpenStack 2024841 - test Keycloak with latest tag 2024859 - Not able to deploy an existing image from private image registry using developer console 2024880 - Egress IP breaks when network policies are applied 2024900 - Operator upgrade kube-apiserver 2024932 - console throws "Unauthorized" error after logging out 2024933 - openshift-sync plugin does not sync existing secrets/configMaps on start up 2025093 - Installer does not honour diskformat specified in storage policy and defaults to zeroedthick 2025230 - ClusterAutoscalerUnschedulablePods should not be a warning 2025266 - CreateResource route has exact prop which need to be removed 2025301 - [e2e][automation] VM actions availability in different VM states 2025304 - overwrite storage section of the DV spec instead of the pvc section 2025431 - [RFE]Provide specific windows source link 2025458 - [IPI-AWS] cluster-baremetal-operator pod in a crashloop state after patching from 4.7.21 to 4.7.36 2025464 - [aws] openshift-install gather bootstrap collects logs for bootstrap and only one master node 2025467 - [OVN-K][ETP=local] Host to service backed by ovn pods doesn't work for ExternalTrafficPolicy=local 2025481 - Update VM Snapshots UI 2025488 - [DOCS] Update the doc for nmstate operator installation 2025592 - ODC 4.9 supports invalid devfiles only 2025765 - It should not try to load from storageProfile after unchecking"Apply optimized StorageProfile settings" 2025767 - VMs orphaned during machineset scaleup 2025770 - [e2e] non-priv seems looking for v2v-vmware configMap in ns "kubevirt-hyperconverged" while using customize wizard 2025788 - [IPI on azure]Pre-check on IPI Azure, should check VM Size’s vCPUsAvailable instead of vCPUs for the sku. 2025821 - Make "Network Attachment Definitions" available to regular user 2025823 - The console nav bar ignores plugin separator in existing sections 2025830 - CentOS capitalizaion is wrong 2025837 - Warn users that the RHEL URL expire 2025884 - External CCM deploys openstack-cloud-controller-manager from quay.io/openshift/origin- 2025903 - [UI] RoleBindings tab doesn't show correct rolebindings 2026104 - [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them [Skipped:Disconnected] [Suite:openshift/conformance/parallel] 2026178 - OpenShift Alerting Rules Style-Guide Compliance 2026209 - Updation of task is getting failed (tekton hub integration) 2026223 - Internal error occurred: failed calling webhook "ptpconfigvalidationwebhook.openshift.io" 2026321 - [UPI on Azure] Shall we remove allowedValue about VMSize in ARM templates 2026343 - [upgrade from 4.5 to 4.6] .status.connectionState.address of catsrc community-operators is not correct 2026352 - Kube-Scheduler revision-pruner fail during install of new cluster 2026374 - aws-pod-identity-webhook go.mod version out of sync with build environment 2026383 - Error when rendering custom Grafana dashboard through ConfigMap 2026387 - node tuning operator metrics endpoint serving old certificates after certificate rotation 2026396 - Cachito Issues: sriov-network-operator Image build failure 2026488 - openshift-controller-manager - delete event is repeating pathologically 2026489 - ThanosRuleRuleEvaluationLatencyHigh alerts when a big quantity of alerts defined. 2026560 - Cluster-version operator does not remove unrecognized volume mounts 2026699 - fixed a bug with missing metadata 2026813 - add Mellanox CX-6 Lx DeviceID 101f NIC support in SR-IOV Operator 2026898 - Description/details are missing for Local Storage Operator 2027132 - Use the specific icon for Fedora and CentOS template 2027238 - "Node Exporter / USE Method / Cluster" CPU utilization graph shows incorrect legend 2027272 - KubeMemoryOvercommit alert should be human readable 2027281 - [Azure] External-DNS cannot find the private DNS zone in the resource group 2027288 - Devfile samples can't be loaded after fixing it on Safari (redirect caching issue) 2027299 - The status of checkbox component is not revealed correctly in code 2027311 - K8s watch hooks do not work when fetching core resources 2027342 - Alert ClusterVersionOperatorDown is firing on OpenShift Container Platform after ca certificate rotation 2027363 - The azure-file-csi-driver and azure-file-csi-driver-operator don't use the downstream images 2027387 - [IBMCLOUD] Terraform ibmcloud-provider buffers entirely the qcow2 image causing spikes of 5GB of RAM during installation 2027498 - [IBMCloud] SG Name character length limitation 2027501 - [4.10] Bootimage bump tracker 2027524 - Delete Application doesn't delete Channels or Brokers 2027563 - e2e/add-flow-ci.feature fix accessibility violations 2027585 - CVO crashes when changing spec.upstream to a cincinnati graph which includes invalid conditional edges 2027629 - Gather ValidatingWebhookConfiguration and MutatingWebhookConfiguration resource definitions 2027685 - openshift-cluster-csi-drivers pods crashing on PSI 2027745 - default samplesRegistry prevents the creation of imagestreams when registrySources.allowedRegistries is enforced 2027824 - ovnkube-master CrashLoopBackoff: panic: Expected slice or struct but got string 2027917 - No settings in hostfirmwaresettings and schema objects for masters 2027927 - sandbox creation fails due to obsolete option in /etc/containers/storage.conf 2027982 - nncp stucked at ConfigurationProgressing 2028019 - Max pending serving CSRs allowed in cluster machine approver is not right for UPI clusters 2028024 - After deleting a SpecialResource, the node is still tagged although the driver is removed 2028030 - Panic detected in cluster-image-registry-operator pod 2028042 - Desktop viewer for Windows VM shows "no Service for the RDP (Remote Desktop Protocol) can be found" 2028054 - Cloud controller manager operator can't get leader lease when upgrading from 4.8 up to 4.9 2028106 - [RFE] Use dynamic plugin actions for kubevirt plugin 2028141 - Console tests doesn't pass on Node.js 15 and 16 2028160 - Remove i18nKey in network-policy-peer-selectors.tsx 2028162 - Add Sprint 210 translations 2028170 - Remove leading and trailing whitespace 2028174 - Add Sprint 210 part 2 translations 2028187 - Console build doesn't pass on Node.js 16 because node-sass doesn't support it 2028217 - Cluster-version operator does not default Deployment replicas to one 2028240 - Multiple CatalogSources causing higher CPU use than necessary 2028268 - Password parameters are listed in FirmwareSchema in spite that cannot and shouldn't be set in HostFirmwareSettings 2028325 - disableDrain should be set automatically on SNO 2028484 - AWS EBS CSI driver's livenessprobe does not respect operator's loglevel 2028531 - Missing netFilter to the list of parameters when platform is OpenStack 2028610 - Installer doesn't retry on GCP rate limiting 2028685 - LSO repeatedly reports errors while diskmaker-discovery pod is starting 2028695 - destroy cluster does not prune bootstrap instance profile 2028731 - The containerruntimeconfig controller has wrong assumption regarding the number of containerruntimeconfigs 2028802 - CRI-O panic due to invalid memory address or nil pointer dereference 2028816 - VLAN IDs not released on failures 2028881 - Override not working for the PerformanceProfile template 2028885 - Console should show an error context if it logs an error object 2028949 - Masthead dropdown item hover text color is incorrect 2028963 - Whereabouts should reconcile stranded IP addresses 2029034 - enabling ExternalCloudProvider leads to inoperative cluster 2029178 - Create VM with wizard - page is not displayed 2029181 - Missing CR from PGT 2029273 - wizard is not able to use if project field is "All Projects" 2029369 - Cypress tests github rate limit errors 2029371 - patch pipeline--worker nodes unexpectedly reboot during scale out 2029394 - missing empty text for hardware devices at wizard review 2029414 - Alibaba Disk snapshots with XFS filesystem cannot be used 2029416 - Alibaba Disk CSI driver does not use credentials provided by CCO / ccoctl 2029521 - EFS CSI driver cannot delete volumes under load 2029570 - Azure Stack Hub: CSI Driver does not use user-ca-bundle 2029579 - Clicking on an Application which has a Helm Release in it causes an error 2029644 - New resource FirmwareSchema - reset_required exists for Dell machines and doesn't for HPE 2029645 - Sync upstream 1.15.0 downstream 2029671 - VM action "pause" and "clone" should be disabled while VM disk is still being importing 2029742 - [ovn] Stale lr-policy-list and snat rules left for egressip 2029750 - cvo keep restart due to it fail to get feature gate value during the initial start stage 2029785 - CVO panic when an edge is included in both edges and conditionaledges 2029843 - Downstream ztp-site-generate-rhel8 4.10 container image missing content(/home/ztp) 2030003 - HFS CRD: Attempt to set Integer parameter to not-numeric string value - no error 2030029 - [4.10][goroutine]Namespace stuck terminating: Failed to delete all resource types, 1 remaining: unexpected items still remain in namespace 2030228 - Fix StorageSpec resources field to use correct API 2030229 - Mirroring status card reflect wrong data 2030240 - Hide overview page for non-privileged user 2030305 - Export App job do not completes 2030347 - kube-state-metrics exposes metrics about resource annotations 2030364 - Shared resource CSI driver monitoring is not setup correctly 2030488 - Numerous Azure CI jobs are Failing with Partially Rendered machinesets 2030534 - Node selector/tolerations rules are evaluated too early 2030539 - Prometheus is not highly available 2030556 - Don't display Description or Message fields for alerting rules if those annotations are missing 2030568 - Operator installation fails to parse operatorframework.io/initialization-resource annotation 2030574 - console service uses older "service.alpha.openshift.io" for the service serving certificates. 2030677 - BOND CNI: There is no option to configure MTU on a Bond interface 2030692 - NPE in PipelineJobListener.upsertWorkflowJob 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error 2030847 - PerformanceProfile API version should be v2 2030961 - Customizing the OAuth server URL does not apply to upgraded cluster 2031006 - Application name input field is not autofocused when user selects "Create application" 2031012 - Services of type loadbalancer do not work if the traffic reaches the node from an interface different from br-ex 2031040 - Error screen when open topology sidebar for a Serverless / knative service which couldn't be started 2031049 - [vsphere upi] pod machine-config-operator cannot be started due to panic issue 2031057 - Topology sidebar for Knative services shows a small pod ring with "0 undefined" as tooltip 2031060 - Failing CSR Unit test due to expired test certificate 2031085 - ovs-vswitchd running more threads than expected 2031141 - Some pods not able to reach k8s api svc IP 198.223.0.1 2031228 - CVE-2021-43813 grafana: directory traversal vulnerability 2031502 - [RFE] New common templates crash the ui 2031685 - Duplicated forward upstreams should be removed from the dns operator 2031699 - The displayed ipv6 address of a dns upstream should be case sensitive 2031797 - [RFE] Order and text of Boot source type input are wrong 2031826 - CI tests needed to confirm driver-toolkit image contents 2031831 - OCP Console - Global CSS overrides affecting dynamic plugins 2031839 - Starting from Go 1.17 invalid certificates will render a cluster dysfunctional 2031858 - GCP beta-level Role (was: CCO occasionally down, reporting networksecurity.googleapis.com API as disabled) 2031875 - [RFE]: Provide online documentation for the SRO CRD (via oc explain) 2031926 - [ipv6dualstack] After SVC conversion from single stack only to RequireDualStack, cannot curl NodePort from the node itself 2032006 - openshift-gitops-application-controller-0 failed to schedule with sufficient node allocatable resource 2032111 - arm64 cluster, create project and deploy the example deployment, pod is CrashLoopBackOff due to the image is built on linux+amd64 2032141 - open the alertrule link in new tab, got empty page 2032179 - [PROXY] external dns pod cannot reach to cloud API in the cluster behind a proxy 2032296 - Cannot create machine with ephemeral disk on Azure 2032407 - UI will show the default openshift template wizard for HANA template 2032415 - Templates page - remove "support level" badge and add "support level" column which should not be hard coded 2032421 - [RFE] UI integration with automatic updated images 2032516 - Not able to import git repo with .devfile.yaml 2032521 - openshift-installer intermittent failure on AWS with "Error: Provider produced inconsistent result after apply" when creating the aws_vpc_dhcp_options_association resource 2032547 - hardware devices table have filter when table is empty 2032565 - Deploying compressed files with a MachineConfig resource degrades the MachineConfigPool 2032566 - Cluster-ingress-router does not support Azure Stack 2032573 - Adopting enforces deploy_kernel/ramdisk which does not work with deploy_iso 2032589 - DeploymentConfigs ignore resolve-names annotation 2032732 - Fix styling conflicts due to recent console-wide CSS changes 2032831 - Knative Services and Revisions are not shown when Service has no ownerReference 2032851 - Networking is "not available" in Virtualization Overview 2032926 - Machine API components should use K8s 1.23 dependencies 2032994 - AddressPool IP is not allocated to service external IP wtih aggregationLength 24 2032998 - Can not achieve 250 pods/node with OVNKubernetes in a multiple worker node cluster 2033013 - Project dropdown in user preferences page is broken 2033044 - Unable to change import strategy if devfile is invalid 2033098 - Conjunction in ProgressiveListFooter.tsx is not translatable 2033111 - IBM VPC operator library bump removed global CLI args 2033138 - "No model registered for Templates" shows on customize wizard 2033215 - Flaky CI: crud/other-routes.spec.ts fails sometimes with an cypress ace/a11y AssertionError: 1 accessibility violation was detected 2033239 - [IPI on Alibabacloud] 'openshift-install' gets the wrong region (‘cn-hangzhou’) selected 2033257 - unable to use configmap for helm charts 2033271 - [IPI on Alibabacloud] destroying cluster succeeded, but the resource group deletion wasn’t triggered 2033290 - Product builds for console are failing 2033382 - MAPO is missing machine annotations 2033391 - csi-driver-shared-resource-operator sets unused CVO-manifest annotations 2033403 - Devfile catalog does not show provider information 2033404 - Cloud event schema is missing source type and resource field is using wrong value 2033407 - Secure route data is not pre-filled in edit flow form 2033422 - CNO not allowing LGW conversion from SGW in runtime 2033434 - Offer darwin/arm64 oc in clidownloads 2033489 - CCM operator failing on baremetal platform 2033518 - [aws-efs-csi-driver]Should not accept invalid FSType in sc for AWS EFS driver 2033524 - [IPI on Alibabacloud] interactive installer cannot list existing base domains 2033536 - [IPI on Alibabacloud] bootstrap complains invalid value for alibabaCloud.resourceGroupID when updating "cluster-infrastructure-02-config.yml" status, which leads to bootstrap failed and all master nodes NotReady 2033538 - Gather Cost Management Metrics Custom Resource 2033579 - SRO cannot update the special-resource-lifecycle ConfigMap if the data field is undefined 2033587 - Flaky CI test project-dashboard.scenario.ts: Resource Quotas Card was not found on project detail page 2033634 - list-style-type: disc is applied to the modal dropdowns 2033720 - Update samples in 4.10 2033728 - Bump OVS to 2.16.0-33 2033729 - remove runtime request timeout restriction for azure 2033745 - Cluster-version operator makes upstream update service / Cincinnati requests more frequently than intended 2033749 - Azure Stack Terraform fails without Local Provider 2033750 - Local volume should pull multi-arch image for kube-rbac-proxy 2033751 - Bump kubernetes to 1.23 2033752 - make verify fails due to missing yaml-patch 2033784 - set kube-apiserver degraded=true if webhook matches a virtual resource 2034004 - [e2e][automation] add tests for VM snapshot improvements 2034068 - [e2e][automation] Enhance tests for 4.10 downstream 2034087 - [OVN] EgressIP was assigned to the node which is not egress node anymore 2034097 - [OVN] After edit EgressIP object, the status is not correct 2034102 - [OVN] Recreate the deleted EgressIP object got InvalidEgressIP warning 2034129 - blank page returned when clicking 'Get started' button 2034144 - [OVN AWS] ovn-kube egress IP monitoring cannot detect the failure on ovn-k8s-mp0 2034153 - CNO does not verify MTU migration for OpenShiftSDN 2034155 - [OVN-K] [Multiple External Gateways] Per pod SNAT is disabled 2034170 - Use function.knative.dev for Knative Functions related labels 2034190 - unable to add new VirtIO disks to VMs 2034192 - Prometheus fails to insert reporting metrics when the sample limit is met 2034243 - regular user cant load template list 2034245 - installing a cluster on aws, gcp always fails with "Error: Incompatible provider version" 2034248 - GPU/Host device modal is too small 2034257 - regular user Create VM missing permissions alert 2034285 - [sig-api-machinery] API data in etcd should be stored at the correct location and version for all resources [Serial] [Suite:openshift/conformance/serial] 2034287 - do not block upgrades if we can't create storageclass in 4.10 in vsphere 2034300 - Du validator policy is NonCompliant after DU configuration completed 2034319 - Negation constraint is not validating packages 2034322 - CNO doesn't pick up settings required when ExternalControlPlane topology 2034350 - The CNO should implement the Whereabouts IP reconciliation cron job 2034362 - update description of disk interface 2034398 - The Whereabouts IPPools CRD should include the podref field 2034409 - Default CatalogSources should be pointing to 4.10 index images 2034410 - Metallb BGP, BFD: prometheus is not scraping the frr metrics 2034413 - cloud-network-config-controller fails to init with secret "cloud-credentials" not found in manual credential mode 2034460 - Summary: cloud-network-config-controller does not account for different environment 2034474 - Template's boot source is "Unknown source" before and after set enableCommonBootImageImport to true 2034477 - [OVN] Multiple EgressIP objects configured, EgressIPs weren't working properly 2034493 - Change cluster version operator log level 2034513 - [OVN] After update one EgressIP in EgressIP object, one internal IP lost from lr-policy-list 2034527 - IPI deployment fails 'timeout reached while inspecting the node' when provisioning network ipv6 2034528 - [IBM VPC] volumeBindingMode should be WaitForFirstConsumer 2034534 - Update ose-machine-api-provider-openstack images to be consistent with ART 2034537 - Update team 2034559 - KubeAPIErrorBudgetBurn firing outside recommended latency thresholds 2034563 - [Azure] create machine with wrong ephemeralStorageLocation value success 2034577 - Current OVN gateway mode should be reflected on node annotation as well 2034621 - context menu not popping up for application group 2034622 - Allow volume expansion by default in vsphere CSI storageclass 4.10 2034624 - Warn about unsupported CSI driver in vsphere operator 2034647 - missing volumes list in snapshot modal 2034648 - Rebase openshift-controller-manager to 1.23 2034650 - Rebase openshift/builder to 1.23 2034705 - vSphere: storage e2e tests logging configuration data 2034743 - EgressIP: assigning the same egress IP to a second EgressIP object after a ovnkube-master restart does not fail. 2034766 - Special Resource Operator(SRO) - no cert-manager pod created in dual stack environment 2034785 - ptpconfig with summary_interval cannot be applied 2034823 - RHEL9 should be starred in template list 2034838 - An external router can inject routes if no service is added 2034839 - Jenkins sync plugin does not synchronize ConfigMap having label role=jenkins-agent 2034879 - Lifecycle hook's name and owner shouldn't be allowed to be empty 2034881 - Cloud providers components should use K8s 1.23 dependencies 2034884 - ART cannot build the image because it tries to download controller-gen 2034889 - oc adm prune deployments does not work 2034898 - Regression in recently added Events feature 2034957 - update openshift-apiserver to kube 1.23.1 2035015 - ClusterLogForwarding CR remains stuck remediating forever 2035093 - openshift-cloud-network-config-controller never runs on Hypershift cluster 2035141 - [RFE] Show GPU/Host devices in template's details tab 2035146 - "kubevirt-plugin~PVC cannot be empty" shows on add-disk modal while adding existing PVC 2035167 - [cloud-network-config-controller] unable to deleted cloudprivateipconfig when deleting 2035199 - IPv6 support in mtu-migration-dispatcher.yaml 2035239 - e2e-metal-ipi-virtualmedia tests are permanently failing 2035250 - Peering with ebgp peer over multi-hops doesn't work 2035264 - [RFE] Provide a proper message for nonpriv user who not able to add PCI devices 2035315 - invalid test cases for AWS passthrough mode 2035318 - Upgrade management workflow needs to allow custom upgrade graph path for disconnected env 2035321 - Add Sprint 211 translations 2035326 - [ExternalCloudProvider] installation with additional network on workers fails 2035328 - Ccoctl does not ignore credentials request manifest marked for deletion 2035333 - Kuryr orphans ports on 504 errors from Neutron 2035348 - Fix two grammar issues in kubevirt-plugin.json strings 2035393 - oc set data --dry-run=server makes persistent changes to configmaps and secrets 2035409 - OLM E2E test depends on operator package that's no longer published 2035439 - SDN Automatic assignment EgressIP on GCP returned node IP adress not egressIP address 2035453 - [IPI on Alibabacloud] 2 worker machines stuck in Failed phase due to connection to 'ecs-cn-hangzhou.aliyuncs.com' timeout, although the specified region is 'us-east-1' 2035454 - [IPI on Alibabacloud] the OSS bucket created during installation for image registry is not deleted after destroying the cluster 2035467 - UI: Queried metrics can't be ordered on Oberve->Metrics page 2035494 - [SDN Migration]ovnkube-node pods CrashLoopBackOff after sdn migrated to ovn for RHEL workers 2035515 - [IBMCLOUD] allowVolumeExpansion should be true in storage class 2035602 - [e2e][automation] add tests for Virtualization Overview page cards 2035703 - Roles -> RoleBindings tab doesn't show RoleBindings correctly 2035704 - RoleBindings list page filter doesn't apply 2035705 - Azure 'Destroy cluster' get stuck when the cluster resource group is already not existing. 2035757 - [IPI on Alibabacloud] one master node turned NotReady which leads to installation failed 2035772 - AccessMode and VolumeMode is not reserved for customize wizard 2035847 - Two dashes in the Cronjob / Job pod name 2035859 - the output of opm render doesn't contain olm.constraint which is defined in dependencies.yaml 2035882 - [BIOS setting values] Create events for all invalid settings in spec 2035903 - One redundant capi-operator credential requests in “oc adm extract --credentials-requests” 2035910 - [UI] Manual approval options are missing after ODF 4.10 installation starts when Manual Update approval is chosen 2035927 - Cannot enable HighNodeUtilization scheduler profile 2035933 - volume mode and access mode are empty in customize wizard review tab 2035969 - "ip a " shows "Error: Peer netns reference is invalid" after create test pods 2035986 - Some pods under kube-scheduler/kube-controller-manager are using the deprecated annotation 2036006 - [BIOS setting values] Attempt to set Integer parameter results in preparation error 2036029 - New added cloud-network-config operator doesn’t supported aws sts format credential 2036096 - [azure-file-csi-driver] there are no e2e tests for NFS backend 2036113 - cluster scaling new nodes ovs-configuration fails on all new nodes 2036567 - [csi-driver-nfs] Upstream merge: Bump k8s libraries to 1.23 2036569 - [cloud-provider-openstack] Upstream merge: Bump k8s libraries to 1.23 2036577 - OCP 4.10 nightly builds from 4.10.0-0.nightly-s390x-2021-12-18-034912 to 4.10.0-0.nightly-s390x-2022-01-11-233015 fail to upgrade from OCP 4.9.11 and 4.9.12 for network type OVNKubernetes for zVM hypervisor environments 2036622 - sdn-controller crashes when restarted while a previous egress IP assignment exists 2036717 - Valid AlertmanagerConfig custom resource with valid a mute time interval definition is rejected 2036826 - oc adm prune deployments can prune the RC/RS 2036827 - The ccoctl still accepts CredentialsRequests without ServiceAccounts on GCP platform 2036861 - kube-apiserver is degraded while enable multitenant 2036937 - Command line tools page shows wrong download ODO link 2036940 - oc registry login fails if the file is empty or stdout 2036951 - [cluster-csi-snapshot-controller-operator] proxy settings is being injected in container 2036989 - Route URL copy to clipboard button wraps to a separate line by itself 2036990 - ZTP "DU Done inform policy" never becomes compliant on multi-node clusters 2036993 - Machine API components should use Go lang version 1.17 2037036 - The tuned profile goes into degraded status and ksm.service is displayed in the log. 2037061 - aws and gcp CredentialsRequest manifests missing ServiceAccountNames list for cluster-api 2037073 - Alertmanager container fails to start because of startup probe never being successful 2037075 - Builds do not support CSI volumes 2037167 - Some log level in ibm-vpc-block-csi-controller are hard code 2037168 - IBM-specific Deployment manifest for package-server-manager should be excluded on non-IBM cluster-profiles 2037182 - PingSource badge color is not matched with knativeEventing color 2037203 - "Running VMs" card is too small in Virtualization Overview 2037209 - [IPI on Alibabacloud] worker nodes are put in the default resource group unexpectedly 2037237 - Add "This is a CD-ROM boot source" to customize wizard 2037241 - default TTL for noobaa cache buckets should be 0 2037246 - Cannot customize auto-update boot source 2037276 - [IBMCLOUD] vpc-node-label-updater may fail to label nodes appropriately 2037288 - Remove stale image reference 2037331 - Ensure the ccoctl behaviors are similar between aws and gcp on the existing resources 2037483 - Rbacs for Pods within the CBO should be more restrictive 2037484 - Bump dependencies to k8s 1.23 2037554 - Mismatched wave number error message should include the wave numbers that are in conflict 2037622 - [4.10-Alibaba CSI driver][Restore size for volumesnapshot/volumesnapshotcontent is showing as 0 in Snapshot feature for Alibaba platform] 2037635 - impossible to configure custom certs for default console route in ingress config 2037637 - configure custom certificate for default console route doesn't take effect for OCP >= 4.8 2037638 - Builds do not support CSI volumes as volume sources 2037664 - text formatting issue in Installed Operators list table 2037680 - [IPI on Alibabacloud] sometimes operator 'cloud-controller-manager' tells empty VERSION, due to conflicts on listening tcp :8080 2037689 - [IPI on Alibabacloud] sometimes operator 'cloud-controller-manager' tells empty VERSION, due to conflicts on listening tcp :8080 2037801 - Serverless installation is failing on CI jobs for e2e tests 2037813 - Metal Day 1 Networking - networkConfig Field Only Accepts String Format 2037856 - use lease for leader election 2037891 - 403 Forbidden error shows for all the graphs in each grafana dashboard after upgrade from 4.9 to 4.10 2037903 - Alibaba Cloud: delete-ram-user requires the credentials-requests 2037904 - upgrade operator deployment failed due to memory limit too low for manager container 2038021 - [4.10-Alibaba CSI driver][Default volumesnapshot class is not added/present after successful cluster installation] 2038034 - non-privileged user cannot see auto-update boot source 2038053 - Bump dependencies to k8s 1.23 2038088 - Remove ipa-downloader references 2038160 - The default project missed the annotation : openshift.io/node-selector: "" 2038166 - Starting from Go 1.17 invalid certificates will render a cluster non-functional 2038196 - must-gather is missing collecting some metal3 resources 2038240 - Error when configuring a file using permissions bigger than decimal 511 (octal 0777) 2038253 - Validator Policies are long lived 2038272 - Failures to build a PreprovisioningImage are not reported 2038384 - Azure Default Instance Types are Incorrect 2038389 - Failing test: [sig-arch] events should not repeat pathologically 2038412 - Import page calls the git file list unnecessarily twice from GitHub/GitLab/Bitbucket 2038465 - Upgrade chromedriver to 90.x to support Mac M1 chips 2038481 - kube-controller-manager-guard and openshift-kube-scheduler-guard pods being deleted and restarted on a cordoned node when drained 2038596 - Auto egressIP for OVN cluster on GCP: After egressIP object is deleted, egressIP still takes effect 2038663 - update kubevirt-plugin OWNERS 2038691 - [AUTH-8] Panic on user login when the user belongs to a group in the IdP side and the group already exists via "oc adm groups new" 2038705 - Update ptp reviewers 2038761 - Open Observe->Targets page, wait for a while, page become blank 2038768 - All the filters on the Observe->Targets page can't work 2038772 - Some monitors failed to display on Observe->Targets page 2038793 - [SDN EgressIP] After reboot egress node, the egressip was lost from egress node 2038827 - should add user containers in /etc/subuid and /etc/subgid to support run pods in user namespaces 2038832 - New templates for centos stream8 are missing registry suggestions in create vm wizard 2038840 - [SDN EgressIP]cloud-network-config-controller pod was CrashLoopBackOff after some operation 2038864 - E2E tests fail because multi-hop-net was not created 2038879 - All Builds are getting listed in DeploymentConfig under workloads on OpenShift Console 2038934 - CSI driver operators should use the trusted CA bundle when cluster proxy is configured 2038968 - Move feature gates from a carry patch to openshift/api 2039056 - Layout issue with breadcrumbs on API explorer page 2039057 - Kind column is not wide enough in API explorer page 2039064 - Bulk Import e2e test flaking at a high rate 2039065 - Diagnose and fix Bulk Import e2e test that was previously disabled 2039085 - Cloud credential operator configuration failing to apply in hypershift/ROKS clusters 2039099 - [OVN EgressIP GCP] After reboot egress node, egressip that was previously assigned got lost 2039109 - [FJ OCP4.10 Bug]: startironic.sh failed to pull the image of image-customization container when behind a proxy 2039119 - CVO hotloops on Service openshift-monitoring/cluster-monitoring-operator 2039170 - [upgrade]Error shown on registry operator "missing the cloud-provider-config configmap" after upgrade 2039227 - Improve image customization server parameter passing during installation 2039241 - Improve image customization server parameter passing during installation 2039244 - Helm Release revision history page crashes the UI 2039294 - SDN controller metrics cannot be consumed correctly by prometheus 2039311 - oc Does Not Describe Build CSI Volumes 2039315 - Helm release list page should only fetch secrets for deployed charts 2039321 - SDN controller metrics are not being consumed by prometheus 2039330 - Create NMState button doesn't work in OperatorHub web console 2039339 - cluster-ingress-operator should report Unupgradeable if user has modified the aws resources annotations 2039345 - CNO does not verify the minimum MTU value for IPv6/dual-stack clusters. 2039359 - oc adm prune deployments can't prune the RS where the associated Deployment no longer exists 2039382 - gather_metallb_logs does not have execution permission 2039406 - logout from rest session after vsphere operator sync is finished 2039408 - Add GCP region northamerica-northeast2 to allowed regions 2039414 - Cannot see the weights increased for NodeAffinity, InterPodAffinity, TaintandToleration 2039425 - No need to set KlusterletAddonConfig CR applicationManager->enabled: true in RAN ztp deployment 2039491 - oc - git:// protocol used in unit tests 2039516 - Bump OVN to ovn21.12-21.12.0-25 2039529 - Project Dashboard Resource Quotas Card empty state test flaking at a high rate 2039534 - Diagnose and fix Project Dashboard Resource Quotas Card test that was previously disabled 2039541 - Resolv-prepender script duplicating entries 2039586 - [e2e] update centos8 to centos stream8 2039618 - VM created from SAP HANA template leads to 404 page if leave one network parameter empty 2039619 - [AWS] In tree provisioner storageclass aws disk type should contain 'gp3' and csi provisioner storageclass default aws disk type should be 'gp3' 2039670 - Create PDBs for control plane components 2039678 - Page goes blank when create image pull secret 2039689 - [IPI on Alibabacloud] Pay-by-specification NAT is no longer supported 2039743 - React missing key warning when open operator hub detail page (and maybe others as well) 2039756 - React missing key warning when open KnativeServing details 2039770 - Observe dashboard doesn't react on time-range changes after browser reload when perspective is changed in another tab 2039776 - Observe dashboard shows nothing if the URL links to an non existing dashboard 2039781 - [GSS] OBC is not visible by admin of a Project on Console 2039798 - Contextual binding with Operator backed service creates visual connector instead of Service binding connector 2039868 - Insights Advisor widget is not in the disabled state when the Insights Operator is disabled 2039880 - Log level too low for control plane metrics 2039919 - Add E2E test for router compression feature 2039981 - ZTP for standard clusters installs stalld on master nodes 2040132 - Flag --port has been deprecated, This flag has no effect now and will be removed in v1.24. You can use --secure-port instead 2040136 - external-dns-operator pod keeps restarting and reports error: timed out waiting for cache to be synced 2040143 - [IPI on Alibabacloud] suggest to remove region "cn-nanjing" or provide better error message 2040150 - Update ConfigMap keys for IBM HPCS 2040160 - [IPI on Alibabacloud] installation fails when region does not support pay-by-bandwidth 2040285 - Bump build-machinery-go for console-operator to pickup change in yaml-patch repository 2040357 - bump OVN to ovn-2021-21.12.0-11.el8fdp 2040376 - "unknown instance type" error for supported m6i.xlarge instance 2040394 - Controller: enqueue the failed configmap till services update 2040467 - Cannot build ztp-site-generator container image 2040504 - Change AWS EBS GP3 IOPS in MachineSet doesn't take affect in OpenShift 4 2040521 - RouterCertsDegraded certificate could not validate route hostname v4-0-config-system-custom-router-certs.apps 2040535 - Auto-update boot source is not available in customize wizard 2040540 - ovs hardware offload: ovsargs format error when adding vf netdev name 2040603 - rhel worker scaleup playbook failed because missing some dependency of podman 2040616 - rolebindings page doesn't load for normal users 2040620 - [MAPO] Error pulling MAPO image on installation 2040653 - Topology sidebar warns that another component is updated while rendering 2040655 - User settings update fails when selecting application in topology sidebar 2040661 - Different react warnings about updating state on unmounted components when leaving topology 2040670 - Permafailing CI job: periodic-ci-openshift-release-master-nightly-4.10-e2e-gcp-libvirt-cert-rotation 2040671 - [Feature:IPv6DualStack] most tests are failing in dualstack ipi 2040694 - Three upstream HTTPClientConfig struct fields missing in the operator 2040705 - Du policy for standard cluster runs the PTP daemon on masters and workers 2040710 - cluster-baremetal-operator cannot update BMC subscription CR 2040741 - Add CI test(s) to ensure that metal3 components are deployed in vSphere, OpenStack and None platforms 2040782 - Import YAML page blocks input with more then one generateName attribute 2040783 - The Import from YAML summary page doesn't show the resource name if created via generateName attribute 2040791 - Default PGT policies must be 'inform' to integrate with the Lifecycle Operator 2040793 - Fix snapshot e2e failures 2040880 - do not block upgrades if we can't connect to vcenter 2041087 - MetalLB: MetalLB CR is not upgraded automatically from 4.9 to 4.10 2041093 - autounattend.xml missing 2041204 - link to templates in virtualization-cluster-overview inventory card is to all templates 2041319 - [IPI on Alibabacloud] installation in region "cn-shanghai" failed, due to "Resource alicloud_vswitch CreateVSwitch Failed...InvalidCidrBlock.Overlapped" 2041326 - Should bump cluster-kube-descheduler-operator to kubernetes version V1.23 2041329 - aws and gcp CredentialsRequest manifests missing ServiceAccountNames list for cloud-network-config-controller 2041361 - [IPI on Alibabacloud] Disable session persistence and removebBandwidth peak of listener 2041441 - Provision volume with size 3000Gi even if sizeRange: '[10-2000]GiB' in storageclass on IBM cloud 2041466 - Kubedescheduler version is missing from the operator logs 2041475 - React components should have a (mostly) unique name in react dev tools to simplify code analyses 2041483 - MetallB: quay.io/openshift/origin-kube-rbac-proxy:4.10 deploy Metallb CR is missing (controller and speaker pods) 2041492 - Spacing between resources in inventory card is too small 2041509 - GCP Cloud provider components should use K8s 1.23 dependencies 2041510 - cluster-baremetal-operator doesn't run baremetal-operator's subscription webhook 2041541 - audit: ManagedFields are dropped using API not annotation 2041546 - ovnkube: set election timer at RAFT cluster creation time 2041554 - use lease for leader election 2041581 - KubeDescheduler operator log shows "Use of insecure cipher detected" 2041583 - etcd and api server cpu mask interferes with a guaranteed workload 2041598 - Including CA bundle in Azure Stack cloud config causes MCO failure 2041605 - Dynamic Plugins: discrepancy in proxy alias documentation/implementation 2041620 - bundle CSV alm-examples does not parse 2041641 - Fix inotify leak and kubelet retaining memory 2041671 - Delete templates leads to 404 page 2041694 - [IPI on Alibabacloud] installation fails when region does not support the cloud_essd disk category 2041734 - ovs hwol: VFs are unbind when switchdev mode is enabled 2041750 - [IPI on Alibabacloud] trying "create install-config" with region "cn-wulanchabu (China (Ulanqab))" (or "ap-southeast-6 (Philippines (Manila))", "cn-guangzhou (China (Guangzhou))") failed due to invalid endpoint 2041763 - The Observe > Alerting pages no longer have their default sort order applied 2041830 - CI: ovn-kubernetes-master-e2e-aws-ovn-windows is broken 2041854 - Communities / Local prefs are applied to all the services regardless of the pool, and only one community is applied 2041882 - cloud-network-config operator can't work normal on GCP workload identity cluster 2041888 - Intermittent incorrect build to run correlation, leading to run status updates applied to wrong build, builds stuck in non-terminal phases 2041926 - [IPI on Alibabacloud] Installer ignores public zone when it does not exist 2041971 - [vsphere] Reconciliation of mutating webhooks didn't happen 2041989 - CredentialsRequest manifests being installed for ibm-cloud-managed profile 2041999 - [PROXY] external dns pod cannot recognize custom proxy CA 2042001 - unexpectedly found multiple load balancers 2042029 - kubedescheduler fails to install completely 2042036 - [IBMCLOUD] "openshift-install explain installconfig.platform.ibmcloud" contains not yet supported custom vpc parameters 2042049 - Seeing warning related to unrecognized feature gate in kubescheduler & KCM logs 2042059 - update discovery burst to reflect lots of CRDs on openshift clusters 2042069 - Revert toolbox to rhcos-toolbox 2042169 - Can not delete egressnetworkpolicy in Foreground propagation 2042181 - MetalLB: User should not be allowed add same bgp advertisement twice in BGP address pool 2042265 - [IBM]"--scale-down-utilization-threshold" doesn't work on IBMCloud 2042274 - Storage API should be used when creating a PVC 2042315 - Baremetal IPI deployment with IPv6 control plane and disabled provisioning network fails as the nodes do not pass introspection 2042366 - Lifecycle hooks should be independently managed 2042370 - [IPI on Alibabacloud] installer panics when the zone does not have an enhanced NAT gateway 2042382 - [e2e][automation] CI takes more then 2 hours to run 2042395 - Add prerequisites for active health checks test 2042438 - Missing rpms in openstack-installer image 2042466 - Selection does not happen when switching from Topology Graph to List View 2042493 - No way to verify if IPs with leading zeros are still valid in the apiserver 2042567 - insufficient info on CodeReady Containers configuration 2042600 - Alone, the io.kubernetes.cri-o.Devices option poses a security risk 2042619 - Overview page of the console is broken for hypershift clusters 2042655 - [IPI on Alibabacloud] cluster becomes unusable if there is only one kube-apiserver pod running 2042711 - [IBMCloud] Machine Deletion Hook cannot work on IBMCloud 2042715 - [AliCloud] Machine Deletion Hook cannot work on AliCloud 2042770 - [IPI on Alibabacloud] with vpcID & vswitchIDs specified, the installer would still try creating NAT gateway unexpectedly 2042829 - Topology performance: HPA was fetched for each Deployment (Pod Ring) 2042851 - Create template from SAP HANA template flow - VM is created instead of a new template 2042906 - Edit machineset with same machine deletion hook name succeed 2042960 - azure-file CI fails with "gid(0) in storageClass and pod fsgroup(1000) are not equal" 2043003 - [IPI on Alibabacloud] 'destroy cluster' of a failed installation (bug2041694) stuck after 'stage=Nat gateways' 2043042 - [Serial] [sig-auth][Feature:OAuthServer] [RequestHeaders] [IdP] test RequestHeaders IdP [Suite:openshift/conformance/serial] 2043043 - Cluster Autoscaler should use K8s 1.23 dependencies 2043064 - Topology performance: Unnecessary rerenderings in topology nodes (unchanged mobx props) 2043078 - Favorite system projects not visible in the project selector after toggling "Show default projects". 2043117 - Recommended operators links are erroneously treated as external 2043130 - Update CSI sidecars to the latest release for 4.10 2043234 - Missing validation when creating several BGPPeers with the same peerAddress 2043240 - Sync openshift/descheduler with sigs.k8s.io/descheduler 2043254 - crio does not bind the security profiles directory 2043296 - Ignition fails when reusing existing statically-keyed LUKS volume 2043297 - [4.10] Bootimage bump tracker 2043316 - RHCOS VM fails to boot on Nutanix AOS 2043446 - Rebase aws-efs-utils to the latest upstream version. 2043556 - Add proper ci-operator configuration to ironic and ironic-agent images 2043577 - DPU network operator 2043651 - Fix bug with exp. backoff working correcly when setting nextCheck in vsphere operator 2043675 - Too many machines deleted by cluster autoscaler when scaling down 2043683 - Revert bug 2039344 Ignoring IPv6 addresses against etcd cert validation 2043709 - Logging flags no longer being bound to command line 2043721 - Installer bootstrap hosts using outdated kubelet containing bugs 2043731 - [IBMCloud] terraform outputs missing for ibmcloud bootstrap and worker ips for must-gather 2043759 - Bump cluster-ingress-operator to k8s.io/api 1.23 2043780 - Bump router to k8s.io/api 1.23 2043787 - Bump cluster-dns-operator to k8s.io/api 1.23 2043801 - Bump CoreDNS to k8s.io/api 1.23 2043802 - EgressIP stopped working after single egressIP for a netnamespace is switched to the other node of HA pair after the first egress node is shutdown 2043961 - [OVN-K] If pod creation fails, retry doesn't work as expected. 2044201 - Templates golden image parameters names should be supported 2044244 - Builds are failing after upgrading the cluster with builder image [jboss-webserver-5/jws56-openjdk8-openshift-rhel8] 2044248 - [IBMCloud][vpc.block.csi.ibm.io]Cluster common user use the storageclass without parameter “csi.storage.k8s.io/fstype” create pvc,pod successfully but write data to the pod's volume failed of "Permission denied" 2044303 - [ovn][cloud-network-config-controller] cloudprivateipconfigs ips were left after deleting egressip objects 2044347 - Bump to kubernetes 1.23.3 2044481 - collect sharedresource cluster scoped instances with must-gather 2044496 - Unable to create hardware events subscription - failed to add finalizers 2044628 - CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources 2044680 - Additional libovsdb performance and resource consumption fixes 2044704 - Observe > Alerting pages should not show runbook links in 4.10 2044717 - [e2e] improve tests for upstream test environment 2044724 - Remove namespace column on VM list page when a project is selected 2044745 - Upgrading cluster from 4.9 to 4.10 on Azure (ARO) causes the cloud-network-config-controller pod to CrashLoopBackOff 2044808 - machine-config-daemon-pull.service: use cp instead of cat when extracting MCD in OKD 2045024 - CustomNoUpgrade alerts should be ignored 2045112 - vsphere-problem-detector has missing rbac rules for leases 2045199 - SnapShot with Disk Hot-plug hangs 2045561 - Cluster Autoscaler should use the same default Group value as Cluster API 2045591 - Reconciliation of aws pod identity mutating webhook did not happen 2045849 - Add Sprint 212 translations 2045866 - MCO Operator pod spam "Error creating event" warning messages in 4.10 2045878 - Sync upstream 1.16.0 downstream; includes hybrid helm plugin 2045916 - [IBMCloud] Default machine profile in installer is unreliable 2045927 - [FJ OCP4.10 Bug]: Podman failed to pull the IPA image due to the loss of proxy environment 2046025 - [IPI on Alibabacloud] pre-configured alicloud DNS private zone is deleted after destroying cluster, please clarify 2046137 - oc output for unknown commands is not human readable 2046296 - When creating multiple consecutive egressIPs on GCP not all of them get assigned to the instance 2046297 - Bump DB reconnect timeout 2046517 - In Notification drawer, the "Recommendations" header shows when there isn't any recommendations 2046597 - Observe > Targets page may show the wrong service monitor is multiple monitors have the same namespace & label selectors 2046626 - Allow setting custom metrics for Ansible-based Operators 2046683 - [AliCloud]"--scale-down-utilization-threshold" doesn't work on AliCloud 2047025 - Installation fails because of Alibaba CSI driver operator is degraded 2047190 - Bump Alibaba CSI driver for 4.10 2047238 - When using communities and localpreferences together, only localpreference gets applied 2047255 - alibaba: resourceGroupID not found 2047258 - [aws-usgov] fatal error occurred if AMI is not provided for AWS GovCloud regions 2047317 - Update HELM OWNERS files under Dev Console 2047455 - [IBM Cloud] Update custom image os type 2047496 - Add image digest feature 2047779 - do not degrade cluster if storagepolicy creation fails 2047927 - 'oc get project' caused 'Observed a panic: cannot deep copy core.NamespacePhase' when AllRequestBodies is used 2047929 - use lease for leader election 2047975 - [sig-network][Feature:Router] The HAProxy router should override the route host for overridden domains with a custom value [Skipped:Disconnected] [Suite:openshift/conformance/parallel] 2048046 - New route annotation to show another URL or hide topology URL decorator doesn't work for Knative Services 2048048 - Application tab in User Preferences dropdown menus are too wide. 2048050 - Topology list view items are not highlighted on keyboard navigation 2048117 - [IBM]Shouldn't change status.storage.bucket and status.storage.resourceKeyCRN when update sepc.stroage,ibmcos with invalid value 2048413 - Bond CNI: Failed to attach Bond NAD to pod 2048443 - Image registry operator panics when finalizes config deletion 2048478 - [alicloud] CCM deploys alibaba-cloud-controller-manager from quay.io/openshift/origin-* 2048484 - SNO: cluster-policy-controller failed to start due to missing serving-cert/tls.crt 2048598 - Web terminal view is broken 2048836 - ovs-configure mis-detecting the ipv6 status on IPv4 only cluster causing Deployment failure 2048891 - Topology page is crashed 2049003 - 4.10: [IBMCloud] ibm-vpc-block-csi-node does not specify an update strategy, only resource requests, or priority class 2049043 - Cannot create VM from template 2049156 - 'oc get project' caused 'Observed a panic: cannot deep copy core.NamespacePhase' when AllRequestBodies is used 2049886 - Placeholder bug for OCP 4.10.0 metadata release 2049890 - Warning annotation for pods with cpu requests or limits on single-node OpenShift cluster without workload partitioning 2050189 - [aws-efs-csi-driver] Merge upstream changes since v1.3.2 2050190 - [aws-ebs-csi-driver] Merge upstream changes since v1.2.0 2050227 - Installation on PSI fails with: 'openstack platform does not have the required standard-attr-tag network extension' 2050247 - Failing test in periodics: [sig-network] Services should respect internalTrafficPolicy=Local Pod and Node, to Pod (hostNetwork: true) [Feature:ServiceInternalTrafficPolicy] [Skipped:Network/OVNKubernetes] [Suite:openshift/conformance/parallel] [Suite:k8s] 2050250 - Install fails to bootstrap, complaining about DefragControllerDegraded and sad members 2050310 - ContainerCreateError when trying to launch large (>500) numbers of pods across nodes 2050370 - alert data for burn budget needs to be updated to prevent regression 2050393 - ZTP missing support for local image registry and custom machine config 2050557 - Can not push images to image-registry when enabling KMS encryption in AlibabaCloud 2050737 - Remove metrics and events for master port offsets 2050801 - Vsphere upi tries to access vsphere during manifests generation phase 2050883 - Logger object in LSO does not log source location accurately 2051692 - co/image-registry is degrade because ImagePrunerDegraded: Job has reached the specified backoff limit 2052062 - Whereabouts should implement client-go 1.22+ 2052125 - [4.10] Crio appears to be coredumping in some scenarios 2052210 - [aws-c2s] kube-apiserver crashloops due to missing cloud config 2052339 - Failing webhooks will block an upgrade to 4.10 mid-way through the upgrade. 2052458 - [IBM Cloud] ibm-vpc-block-csi-controller does not specify an update strategy, priority class, or only resource requests 2052598 - kube-scheduler should use configmap lease 2052599 - kube-controller-manger should use configmap lease 2052600 - Failed to scaleup RHEL machine against OVN cluster due to jq tool is required by configure-ovs.sh 2052609 - [vSphere CSI driver Operator] RWX volumes counts metrics vsphere_rwx_volumes_total not valid 2052611 - MetalLB: BGPPeer object does not have ability to set ebgpMultiHop 2052612 - MetalLB: Webhook Validation: Two BGPPeers instances can have different router ID set. 2052644 - Infinite OAuth redirect loop post-upgrade to 4.10.0-rc.1 2052666 - [4.10.z] change gitmodules to rhcos-4.10 branch 2052756 - [4.10] PVs are not being cleaned up after PVC deletion 2053175 - oc adm catalog mirror throws 'missing signature key' error when using file://local/index 2053218 - ImagePull fails with error "unable to pull manifest from example.com/busy.box:v5 invalid reference format" 2053252 - Sidepanel for Connectors/workloads in topology shows invalid tabs 2053268 - inability to detect static lifecycle failure 2053314 - requestheader IDP test doesn't wait for cleanup, causing high failure rates 2053323 - OpenShift-Ansible BYOH Unit Tests are Broken 2053339 - Remove dev preview badge from IBM FlashSystem deployment windows 2053751 - ztp-site-generate container is missing convenience entrypoint 2053945 - [4.10] Failed to apply sriov policy on intel nics 2054109 - Missing "app" label 2054154 - RoleBinding in project without subject is causing "Project access" page to fail 2054244 - Latest pipeline run should be listed on the top of the pipeline run list 2054288 - console-master-e2e-gcp-console is broken 2054562 - DPU network operator 4.10 branch need to sync with master 2054897 - Unable to deploy hw-event-proxy operator 2055193 - e2e-metal-ipi-serial-ovn-ipv6 is failing frequently 2055358 - Summary Interval Hardcoded in PTP Operator if Set in the Global Body Instead of Command Line 2055371 - Remove Check which enforces summary_interval must match logSyncInterval 2055689 - [ibm]Operator storage PROGRESSING and DEGRADED is true during fresh install for ocp4.11 2055894 - CCO mint mode will not work for Azure after sunsetting of Active Directory Graph API 2056441 - AWS EFS CSI driver should use the trusted CA bundle when cluster proxy is configured 2056479 - ovirt-csi-driver-node pods are crashing intermittently 2056572 - reconcilePrecaching error: cannot list resource "clusterserviceversions" in API group "operators.coreos.com" at the cluster scope" 2056629 - [4.10] EFS CSI driver can't unmount volumes with "wait: no child processes" 2056878 - (dummy bug) ovn-kubernetes ExternalTrafficPolicy still SNATs 2056928 - Ingresscontroller LB scope change behaviour differs for different values of aws-load-balancer-internal annotation 2056948 - post 1.23 rebase: regression in service-load balancer reliability 2057438 - Service Level Agreement (SLA) always show 'Unknown' 2057721 - Fix Proxy support in RHACM 2.4.2 2057724 - Image creation fails when NMstateConfig CR is empty 2058641 - [4.10] Pod density test causing problems when using kube-burner 2059761 - 4.9.23-s390x-machine-os-content manifest invalid when mirroring content for disconnected install 2060610 - Broken access to public images: Unable to connect to the server: no basic auth credentials 2060956 - service domain can't be resolved when networkpolicy is used in OCP 4.10-rc

    1. References:

    https://access.redhat.com/security/cve/CVE-2014-3577 https://access.redhat.com/security/cve/CVE-2016-10228 https://access.redhat.com/security/cve/CVE-2017-14502 https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2018-1000858 https://access.redhat.com/security/cve/CVE-2019-8625 https://access.redhat.com/security/cve/CVE-2019-8710 https://access.redhat.com/security/cve/CVE-2019-8720 https://access.redhat.com/security/cve/CVE-2019-8743 https://access.redhat.com/security/cve/CVE-2019-8764 https://access.redhat.com/security/cve/CVE-2019-8766 https://access.redhat.com/security/cve/CVE-2019-8769 https://access.redhat.com/security/cve/CVE-2019-8771 https://access.redhat.com/security/cve/CVE-2019-8782 https://access.redhat.com/security/cve/CVE-2019-8783 https://access.redhat.com/security/cve/CVE-2019-8808 https://access.redhat.com/security/cve/CVE-2019-8811 https://access.redhat.com/security/cve/CVE-2019-8812 https://access.redhat.com/security/cve/CVE-2019-8813 https://access.redhat.com/security/cve/CVE-2019-8814 https://access.redhat.com/security/cve/CVE-2019-8815 https://access.redhat.com/security/cve/CVE-2019-8816 https://access.redhat.com/security/cve/CVE-2019-8819 https://access.redhat.com/security/cve/CVE-2019-8820 https://access.redhat.com/security/cve/CVE-2019-8823 https://access.redhat.com/security/cve/CVE-2019-8835 https://access.redhat.com/security/cve/CVE-2019-8844 https://access.redhat.com/security/cve/CVE-2019-8846 https://access.redhat.com/security/cve/CVE-2019-9169 https://access.redhat.com/security/cve/CVE-2019-13050 https://access.redhat.com/security/cve/CVE-2019-13627 https://access.redhat.com/security/cve/CVE-2019-14889 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-19906 https://access.redhat.com/security/cve/CVE-2019-20454 https://access.redhat.com/security/cve/CVE-2019-20807 https://access.redhat.com/security/cve/CVE-2019-25013 https://access.redhat.com/security/cve/CVE-2020-1730 https://access.redhat.com/security/cve/CVE-2020-3862 https://access.redhat.com/security/cve/CVE-2020-3864 https://access.redhat.com/security/cve/CVE-2020-3865 https://access.redhat.com/security/cve/CVE-2020-3867 https://access.redhat.com/security/cve/CVE-2020-3868 https://access.redhat.com/security/cve/CVE-2020-3885 https://access.redhat.com/security/cve/CVE-2020-3894 https://access.redhat.com/security/cve/CVE-2020-3895 https://access.redhat.com/security/cve/CVE-2020-3897 https://access.redhat.com/security/cve/CVE-2020-3899 https://access.redhat.com/security/cve/CVE-2020-3900 https://access.redhat.com/security/cve/CVE-2020-3901 https://access.redhat.com/security/cve/CVE-2020-3902 https://access.redhat.com/security/cve/CVE-2020-8927 https://access.redhat.com/security/cve/CVE-2020-9802 https://access.redhat.com/security/cve/CVE-2020-9803 https://access.redhat.com/security/cve/CVE-2020-9805 https://access.redhat.com/security/cve/CVE-2020-9806 https://access.redhat.com/security/cve/CVE-2020-9807 https://access.redhat.com/security/cve/CVE-2020-9843 https://access.redhat.com/security/cve/CVE-2020-9850 https://access.redhat.com/security/cve/CVE-2020-9862 https://access.redhat.com/security/cve/CVE-2020-9893 https://access.redhat.com/security/cve/CVE-2020-9894 https://access.redhat.com/security/cve/CVE-2020-9895 https://access.redhat.com/security/cve/CVE-2020-9915 https://access.redhat.com/security/cve/CVE-2020-9925 https://access.redhat.com/security/cve/CVE-2020-9952 https://access.redhat.com/security/cve/CVE-2020-10018 https://access.redhat.com/security/cve/CVE-2020-11793 https://access.redhat.com/security/cve/CVE-2020-13434 https://access.redhat.com/security/cve/CVE-2020-14391 https://access.redhat.com/security/cve/CVE-2020-15358 https://access.redhat.com/security/cve/CVE-2020-15503 https://access.redhat.com/security/cve/CVE-2020-25660 https://access.redhat.com/security/cve/CVE-2020-25677 https://access.redhat.com/security/cve/CVE-2020-27618 https://access.redhat.com/security/cve/CVE-2020-27781 https://access.redhat.com/security/cve/CVE-2020-29361 https://access.redhat.com/security/cve/CVE-2020-29362 https://access.redhat.com/security/cve/CVE-2020-29363 https://access.redhat.com/security/cve/CVE-2021-3121 https://access.redhat.com/security/cve/CVE-2021-3326 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/cve/CVE-2021-3516 https://access.redhat.com/security/cve/CVE-2021-3517 https://access.redhat.com/security/cve/CVE-2021-3518 https://access.redhat.com/security/cve/CVE-2021-3520 https://access.redhat.com/security/cve/CVE-2021-3521 https://access.redhat.com/security/cve/CVE-2021-3537 https://access.redhat.com/security/cve/CVE-2021-3541 https://access.redhat.com/security/cve/CVE-2021-3733 https://access.redhat.com/security/cve/CVE-2021-3749 https://access.redhat.com/security/cve/CVE-2021-20305 https://access.redhat.com/security/cve/CVE-2021-21684 https://access.redhat.com/security/cve/CVE-2021-22946 https://access.redhat.com/security/cve/CVE-2021-22947 https://access.redhat.com/security/cve/CVE-2021-25215 https://access.redhat.com/security/cve/CVE-2021-27218 https://access.redhat.com/security/cve/CVE-2021-30666 https://access.redhat.com/security/cve/CVE-2021-30761 https://access.redhat.com/security/cve/CVE-2021-30762 https://access.redhat.com/security/cve/CVE-2021-33928 https://access.redhat.com/security/cve/CVE-2021-33929 https://access.redhat.com/security/cve/CVE-2021-33930 https://access.redhat.com/security/cve/CVE-2021-33938 https://access.redhat.com/security/cve/CVE-2021-36222 https://access.redhat.com/security/cve/CVE-2021-37750 https://access.redhat.com/security/cve/CVE-2021-39226 https://access.redhat.com/security/cve/CVE-2021-41190 https://access.redhat.com/security/cve/CVE-2021-43813 https://access.redhat.com/security/cve/CVE-2021-44716 https://access.redhat.com/security/cve/CVE-2021-44717 https://access.redhat.com/security/cve/CVE-2022-0532 https://access.redhat.com/security/cve/CVE-2022-21673 https://access.redhat.com/security/cve/CVE-2022-24407 https://access.redhat.com/security/updates/classification/#moderate

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBYipqONzjgjWX9erEAQjQcBAAgWTjA6Q2NgqfVf63ZpJF1jPurZLPqxDL 0in/5+/wqWaiQ6yk7wM3YBZgviyKnAMCVdrLsaR7R77BvfJcTE3W/fzogxpp6Rne eGT1PTgQRecrSIn+WG4gGSteavTULWOIoPvUiNpiy3Y7fFgjFdah+Nyx3Xd+xehM CEswylOd6Hr03KZ1tS3XL3kGL2botha48Yls7FzDFbNcy6TBAuycmQZifKu8mHaF aDAupVJinDnnVgACeS6CnZTAD+Vrx5W7NIisteXv4x5Hy+jBIUHr8Yge3oxYoFnC Y/XmuOw2KilLZuqFe+KHig45qT+FmNU8E1egcGpNWvmS8hGZfiG1jEQAqDPbZHxp sQAQZLQyz3TvXa29vp4QcsUuMxndIOi+QaK75JmqE06MqMIlFDYpr6eQOIgIZvFO RDZU/qvBjh56ypInoqInBf8KOQMy6eO+r6nFbMGcAfucXmz0EVcSP1oFHAoA1nWN rs1Qz/SO4CvdPERxcr1MLuBLggZ6iqGmHKk5IN0SwcndBHaVJ3j/LBv9m7wBYVry bSvojBDYx5ricbTwB5sGzu7oH5yVl813FA9cjkFpEhBiMtTfI+DKC8ssoRYNHd5Z 7gLW6KWPUIDuCIiiioPZAJMyvJ0IMrNDoQ0lhqPeV7PFdlRhT95M/DagUZOpPVuT b5PUYUBIZLc= =GUDA -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-5079-1 September 15, 2021

    curl vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 21.04
    • Ubuntu 20.04 LTS
    • Ubuntu 18.04 LTS

    Summary:

    Several security issues were fixed in curl.

    Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries

    Details:

    It was discovered that curl incorrect handled memory when sending data to an MQTT server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-22945)

    Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. (CVE-2021-22946)

    Patrick Monnerat discovered that curl incorrectly handled responses received before STARTTLS. A remote attacker could possibly use this issue to inject responses and intercept communications. (CVE-2021-22947)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 21.04: curl 7.74.0-1ubuntu2.3 libcurl3-gnutls 7.74.0-1ubuntu2.3 libcurl3-nss 7.74.0-1ubuntu2.3 libcurl4 7.74.0-1ubuntu2.3

    Ubuntu 20.04 LTS: curl 7.68.0-1ubuntu2.7 libcurl3-gnutls 7.68.0-1ubuntu2.7 libcurl3-nss 7.68.0-1ubuntu2.7 libcurl4 7.68.0-1ubuntu2.7

    Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.15 libcurl3-gnutls 7.58.0-2ubuntu3.15 libcurl3-nss 7.58.0-2ubuntu3.15 libcurl4 7.58.0-2ubuntu3.15

    In general, a standard system update will make all the necessary changes. Bugs fixed (https://bugzilla.redhat.com/):

    1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet 1997017 - unprivileged client fails to get guest agent data 1998855 - Node drain: Sometimes source virt-launcher pod status is Failed and not Completed 2000251 - RoleBinding and ClusterRoleBinding brought in by kubevirt does not get reconciled when kind is ServiceAccount 2001270 - [VMIO] [Warm from Vmware] Snapshot files are not deleted after Successful Import 2001281 - [VMIO] [Warm from VMware] Source VM should not be turned ON if vmio import is removed 2001901 - [4.8.3] NNCP creation failures after nmstate-handler pod deletion 2007336 - 4.8.3 containers 2007776 - Failed to Migrate Windows VM with CDROM (readonly) 2008511 - [CNV-4.8.3] VMI is in LiveMigrate loop when Upgrading Cluster from 2.6.7/4.7.32 to OCP 4.8.13 2012890 - With descheduler during multiple VMIs migrations, some VMs are restarted 2025475 - [4.8.3] Upgrade from 2.6 to 4.x versions failed due to vlan-filtering issues 2026881 - [4.8.3] vlan-filtering is getting applied on veth ports

    1. Summary:

    The Migration Toolkit for Containers (MTC) 1.5.2 is now available. Description:

    The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):

    2000734 - CVE-2021-3757 nodejs-immer: prototype pollution may lead to DoS or remote code execution 2005438 - Combining Rsync and Stunnel in a single pod can degrade performance (1.5 backport) 2006842 - MigCluster CR remains in "unready" state and source registry is inaccessible after temporary shutdown of source cluster 2007429 - "oc describe" and "oc log" commands on "Migration resources" tree cannot be copied after failed migration 2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)

    1. Description:

    Red Hat OpenShift Serverless release of the OpenShift Serverless Operator.

    Security Fix(es):

    • golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):

    1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic 2016256 - Release of OpenShift Serverless Eventing 1.19.0 2016258 - Release of OpenShift Serverless Serving 1.19.0

    5

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "h300s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "h410s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "communications cloud native core binding support function",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "22.1.3"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.1.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "h700s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "communications cloud native core console",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "22.2.0"
          },
          {
            "_id": null,
            "model": "communications cloud native core service communication proxy",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "1.15.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.0.6"
          },
          {
            "_id": null,
            "model": "sinec infrastructure network services",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "1.0.1.1"
          },
          {
            "_id": null,
            "model": "communications cloud native core network function cloud native environment",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "1.10.0"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.0.0"
          },
          {
            "_id": null,
            "model": "communications cloud native core network repository function",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "22.2.0"
          },
          {
            "_id": null,
            "model": "mysql server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.0.26"
          },
          {
            "_id": null,
            "model": "communications cloud native core security edge protection proxy",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "22.1.1"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "33"
          },
          {
            "_id": null,
            "model": "mysql server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "5.7.0"
          },
          {
            "_id": null,
            "model": "communications cloud native core network slice selection function",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "1.8.0"
          },
          {
            "_id": null,
            "model": "macos",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "12.3"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "8.2.0"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.20.0"
          },
          {
            "_id": null,
            "model": "mysql server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.0.0"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "8.2.12"
          },
          {
            "_id": null,
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.58"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "35"
          },
          {
            "_id": null,
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.57"
          },
          {
            "_id": null,
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.59"
          },
          {
            "_id": null,
            "model": "communications cloud native core binding support function",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "1.11.0"
          },
          {
            "_id": null,
            "model": "communications cloud native core network repository function",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "22.1.2"
          },
          {
            "_id": null,
            "model": "solidfire baseboard management controller",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "h500e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "h700e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.79.0"
          },
          {
            "_id": null,
            "model": "h300e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "mysql server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "5.7.35"
          },
          {
            "_id": null,
            "model": "cloud backup",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "communications cloud native core network repository function",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "1.15.0"
          },
          {
            "_id": null,
            "model": "clustered data ontap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "h500s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "communications cloud native core network repository function",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "1.15.1"
          },
          {
            "_id": null,
            "model": "commerce guided search",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "11.3.2"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-22947"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "165631"
          },
          {
            "db": "PACKETSTORM",
            "id": "166714"
          },
          {
            "db": "PACKETSTORM",
            "id": "165209"
          },
          {
            "db": "PACKETSTORM",
            "id": "166279"
          },
          {
            "db": "PACKETSTORM",
            "id": "165135"
          },
          {
            "db": "PACKETSTORM",
            "id": "165099"
          },
          {
            "db": "PACKETSTORM",
            "id": "165053"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2021-22947",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2021-22947",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-381421",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.2,
                "id": "CVE-2021-22947",
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-22947",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-381421",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381421"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22947"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "When curl \u003e= 7.20.0 and \u003c= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker\u0027s injected data comes from the TLS-protected server. A STARTTLS protocol injection flaw via man-in-the-middle was found in curl prior to 7.79.0. Such multiple \"pipelined\" responses are cached by curl. \nOver POP3 and IMAP an attacker can inject fake response data. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET Core is a managed-software framework. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nSecurity Fix(es):\n\n* curl: Leak of authentication credentials in URL via automatic Referer\n(CVE-2021-22876)\n\n* curl: Bad connection reuse due to flawed path name checks\n(CVE-2021-22924)\n\n* curl: Requirement to use TLS not properly enforced for IMAP, POP3, and\nFTP protocols (CVE-2021-22946)\n\n* curl: Server responses received before STARTTLS processed after TLS\nhandshake (CVE-2021-22947)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet31-curl-7.61.1-22.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet31-curl-7.61.1-22.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.2.10 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. \n\nClusters and applications are all visible and managed from a single console\n\u2014 with security policy built in. Bugs fixed (https://bugzilla.redhat.com/):\n\n2004944 - CVE-2021-23440 nodejs-set-value: type confusion allows bypass of CVE-2019-10747\n2006009 - CVE-2021-3795 semver-regex: inefficient regular expression complexity\n2013652 - RHACM 2.2.10 images\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: OpenShift Container Platform 4.10.3 security update\nAdvisory ID:       RHSA-2022:0056-01\nProduct:           Red Hat OpenShift Enterprise\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:0056\nIssue date:        2022-03-10\nCVE Names:         CVE-2014-3577 CVE-2016-10228 CVE-2017-14502 \n                   CVE-2018-20843 CVE-2018-1000858 CVE-2019-8625 \n                   CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 \n                   CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 \n                   CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 \n                   CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 \n                   CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 \n                   CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 \n                   CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 \n                   CVE-2019-8846 CVE-2019-9169 CVE-2019-13050 \n                   CVE-2019-13627 CVE-2019-14889 CVE-2019-15903 \n                   CVE-2019-19906 CVE-2019-20454 CVE-2019-20807 \n                   CVE-2019-25013 CVE-2020-1730 CVE-2020-3862 \n                   CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 \n                   CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 \n                   CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 \n                   CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 \n                   CVE-2020-8927 CVE-2020-9802 CVE-2020-9803 \n                   CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 \n                   CVE-2020-9843 CVE-2020-9850 CVE-2020-9862 \n                   CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 \n                   CVE-2020-9915 CVE-2020-9925 CVE-2020-9952 \n                   CVE-2020-10018 CVE-2020-11793 CVE-2020-13434 \n                   CVE-2020-14391 CVE-2020-15358 CVE-2020-15503 \n                   CVE-2020-25660 CVE-2020-25677 CVE-2020-27618 \n                   CVE-2020-27781 CVE-2020-29361 CVE-2020-29362 \n                   CVE-2020-29363 CVE-2021-3121 CVE-2021-3326 \n                   CVE-2021-3449 CVE-2021-3450 CVE-2021-3516 \n                   CVE-2021-3517 CVE-2021-3518 CVE-2021-3520 \n                   CVE-2021-3521 CVE-2021-3537 CVE-2021-3541 \n                   CVE-2021-3733 CVE-2021-3749 CVE-2021-20305 \n                   CVE-2021-21684 CVE-2021-22946 CVE-2021-22947 \n                   CVE-2021-25215 CVE-2021-27218 CVE-2021-30666 \n                   CVE-2021-30761 CVE-2021-30762 CVE-2021-33928 \n                   CVE-2021-33929 CVE-2021-33930 CVE-2021-33938 \n                   CVE-2021-36222 CVE-2021-37750 CVE-2021-39226 \n                   CVE-2021-41190 CVE-2021-43813 CVE-2021-44716 \n                   CVE-2021-44717 CVE-2022-0532 CVE-2022-21673 \n                   CVE-2022-24407 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.10.3 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.10.3. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2022:0055\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index\nvalidation (CVE-2021-3121)\n* grafana: Snapshot authentication bypass (CVE-2021-39226)\n* golang: net/http: limit growth of header canonicalization cache\n(CVE-2021-44716)\n* nodejs-axios: Regular expression denial of service in trim function\n(CVE-2021-3749)\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n* grafana: Forward OAuth Identity Token can allow users to access some data\nsources (CVE-2022-21673)\n* grafana: directory traversal vulnerability (CVE-2021-43813)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n$ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.10.3-x86_64\n\nThe image digest is\nsha256:7ffe4cd612be27e355a640e5eec5cd8f923c1400d969fd590f806cffdaabcc56\n\n(For s390x architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.10.3-s390x\n\nThe image digest is\nsha256:4cf21a9399da1ce8427246f251ae5dedacfc8c746d2345f9cfe039ed9eda3e69\n\n(For ppc64le architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.10.3-ppc64le\n\nThe image digest is\nsha256:4ee571da1edf59dfee4473aa4604aba63c224bf8e6bcf57d048305babbbde93c\n\nAll OpenShift Container Platform 4.10 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html\n\n3. Solution:\n\nFor OpenShift Container Platform 4.10 see the following documentation,\nwhich will be updated shortly for this release, for moderate instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1808240 - Always return metrics value for pods under the user\u0027s namespace\n1815189 - feature flagged UI does not always become available after operator installation\n1825034 - e2e: Mock CSI tests fail on IBM ROKS clusters\n1826225 - edge terminated h2 (gRPC) connections need a haproxy template change to work correctly\n1860774 - csr for vSphere egress nodes were not approved automatically during cert renewal\n1878106 - token inactivity timeout is not shortened after oauthclient/oauth config values are lowered\n1878925 - \u0027oc adm upgrade --to ...\u0027 rejects versions which occur only in history, while the cluster-version operator supports history fallback\n1880738 - origin e2e test deletes original worker\n1882983 - oVirt csi driver should refuse to provision RWX and ROX PV\n1886450 - Keepalived router id check not documented for RHV/VMware IPI\n1889488 - The metrics endpoint for the Scheduler is not protected by RBAC\n1894431 - Router pods fail to boot if the SSL certificate applied is missing an empty line at the bottom\n1896474 - Path based routing is broken for some combinations\n1897431 - CIDR support for  additional network attachment with the bridge CNI plug-in\n1903408 - NodePort externalTrafficPolicy does not work for ovn-kubernetes\n1907433 - Excessive logging in image operator\n1909906 - The router fails with PANIC error when stats port already in use\n1911173 - [MSTR-998] Many charts\u0027 legend names show {{}} instead of words\n1914053 - pods assigned with Multus whereabouts IP get stuck in ContainerCreating state after node rebooting. \n1916169 - a reboot while MCO is applying changes leaves the node in undesirable state and MCP looks fine (UPDATED=true)\n1917893 - [ovirt] install fails: due to terraform error \"Cannot attach Virtual Disk: Disk is locked\" on vm resource\n1921627 - GCP UPI installation failed due to exceeding gcp limitation of instance group name\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1926522 - oc adm catalog does not clean temporary files\n1927478 - Default CatalogSources deployed by marketplace do not have toleration for tainted nodes. \n1928141 - kube-storage-version-migrator constantly reporting type \"Upgradeable\" status Unknown\n1928285 - [LSO][OCS][arbiter] OCP Console shows no results while in fact underlying setup of LSO localvolumeset and it\u0027s storageclass is not yet finished, confusing users\n1931594 - [sig-cli] oc --request-timeout works as expected fails frequently on s390x\n1933847 - Prometheus goes unavailable (both instances down) during 4.8 upgrade\n1937085 - RHV UPI inventory playbook missing guarantee_memory\n1937196 - [aws ebs csi driver] events for block volume expansion may cause confusion\n1938236 - vsphere-problem-detector does not support overriding log levels via storage CR\n1939401 - missed labels for CMO/openshift-state-metric/telemeter-client/thanos-querier pods\n1939435 - Setting an IPv6 address in noProxy field causes error in openshift installer\n1939552 - [sig-api-machinery] CustomResourcePublishOpenAPI [Privileged:ClusterAdmin] works for CRD preserving unknown fields in an embedded object [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]\n1942913 - ThanosSidecarUnhealthy isn\u0027t resilient to WAL replays. \n1943363 - [ovn] CNO should gracefully terminate ovn-northd\n1945274 - ostree-finalize-staged.service failed while upgrading a rhcos node to 4.6.17\n1948080 - authentication should not set Available=False APIServices_Error with 503s\n1949262 - Prometheus Statefulsets should have 2 replicas and hard affinity set\n1949672 - [GCP] Update 4.8 UPI template to match ignition version: 3.2.0\n1950827 - [LSO] localvolumediscoveryresult name is not friendly to customer\n1952576 - csv_succeeded metric not present in olm-operator for all successful CSVs\n1953264 - \"remote error: tls: bad certificate\" logs in prometheus-operator container\n1955300 - Machine config operator reports unavailable for 23m during upgrade\n1955489 - Alertmanager Statefulsets should have 2 replicas and hard affinity set\n1955490 - Thanos ruler Statefulsets should have 2 replicas and hard affinity set\n1955544 - [IPI][OSP] densed master-only installation with 0 workers fails due to missing worker security group on masters\n1956496 - Needs SR-IOV Docs Upstream\n1956739 - Permission for authorized_keys for core user changes from core user to root when changed the pull secret\n1956776 - [vSphere] Installer should do pre-check to ensure user-provided network name is valid\n1956964 - upload a boot-source to OpenShift virtualization using the console\n1957547 - [RFE]VM name is not auto filled in dev console\n1958349 - ovn-controller doesn\u0027t release the memory after cluster-density run\n1959352 - [scale] failed to get pod annotation: timed out waiting for annotations\n1960378 - icsp allows mirroring of registry root - install-config imageContentSources does not\n1960674 - Broken test: [sig-imageregistry][Serial][Suite:openshift/registry/serial] Image signature workflow can push a signed image to openshift registry and verify it [Suite:openshift/conformance/serial]\n1961317 - storage ClusterOperator does not declare ClusterRoleBindings in relatedObjects\n1961391 - String updates\n1961509 - DHCP daemon pod should have CPU and memory requests set but not limits\n1962066 - Edit machine/machineset specs not working\n1962206 - openshift-multus/dhcp-daemon set should meet platform requirements for update strategy that have maxUnavailable update of 10 or 33 percent\n1963053 - `oc whoami --show-console` should show the web console URL, not the server api URL\n1964112 - route SimpleAllocationPlugin: host name validation errors: spec.host: Invalid value: ... must be no more than 63 characters\n1964327 - Support containers with name:tag@digest\n1964789 - Send keys and disconnect does not work for VNC console\n1965368 - ClusterQuotaAdmission received non-meta object - message constantly reported in OpenShift Container Platform 4.7\n1966445 - Unmasking a service doesn\u0027t work if it masked using MCO\n1966477 - Use GA version in KAS/OAS/OauthAS to avoid: \"audit.k8s.io/v1beta1\" is deprecated and will be removed in a future release, use \"audit.k8s.io/v1\" instead\n1966521 - kube-proxy\u0027s userspace implementation consumes excessive CPU\n1968364 - [Azure] when using ssh type ed25519 bootstrap fails to come up\n1970021 - nmstate does not persist its configuration due to overlay systemd-connections-merged mount\n1970218 - MCO writes incorrect file contents if compression field is specified\n1970331 - [sig-auth][Feature:SCC][Early] should not have pod creation failures during install [Suite:openshift/conformance/parallel]\n1970805 - Cannot create build when docker image url contains dir structure\n1972033 - [azure] PV region node affinity is failure-domain.beta.kubernetes.io instead of topology.kubernetes.io\n1972827 - image registry does not remain available during upgrade\n1972962 - Should set the minimum value for the `--max-icsp-size` flag of `oc adm catalog mirror`\n1973447 - ovn-dbchecker peak memory spikes to ~500MiB during cluster-density run\n1975826 - ovn-kubernetes host directed traffic cannot be offloaded as CT zone 64000 is not established\n1976301 - [ci] e2e-azure-upi is permafailing\n1976399 - During the upgrade from OpenShift 4.5 to OpenShift 4.6 the election timers for the OVN north and south databases did not change. \n1976674 - CCO didn\u0027t set Upgradeable to False when cco mode is configured to Manual on azure platform\n1976894 - Unidling a StatefulSet does not work as expected\n1977319 - [Hive] Remove stale cruft installed by CVO in earlier releases\n1977414 - Build Config timed out waiting for condition 400: Bad Request\n1977929 - [RFE] Display Network Attachment Definitions from openshift-multus namespace during OCS deployment via UI using Multus\n1978528 - systemd-coredump started and failed intermittently for unknown reasons\n1978581 - machine-config-operator: remove runlevel from mco namespace\n1979562 - Cluster operators: don\u0027t show messages when neither progressing, degraded or unavailable\n1979962 - AWS SDN Network Stress tests have not passed in 4.9 release-openshift-origin-installer-e2e-aws-sdn-network-stress-4.9\n1979966 - OCP builds always fail when run on RHEL7 nodes\n1981396 - Deleting pool inside pool page the pool stays in Ready phase in the heading\n1981549 - Machine-config daemon does not recover from broken Proxy configuration\n1981867 - [sig-cli] oc explain should contain proper fields description for special types [Suite:openshift/conformance/parallel]\n1981941 - Terraform upgrade required in openshift-installer to resolve multiple issues\n1982063 - \u0027Control Plane\u0027  is not translated in Simplified Chinese language in Home-\u003eOverview page\n1982498 - Default registry credential path should be adjusted to use containers/auth.json for oc commands\n1982662 - Workloads - DaemonSets - Add storage: i18n misses\n1982726 - kube-apiserver audit logs show a lot of 404 errors for DELETE \"*/secrets/encryption-config\" on single node clusters\n1983758 - upgrades are failing on disruptive tests\n1983964 - Need Device plugin configuration for the NIC \"needVhostNet\" \u0026 \"isRdma\"\n1984592 - global pull secret not working in OCP4.7.4+ for additional private registries\n1985073 - new-in-4.8 ExtremelyHighIndividualControlPlaneCPU fires on some GCP update jobs\n1985486 - Cluster Proxy not used during installation on OSP with Kuryr\n1985724 - VM Details Page missing translations\n1985838 - [OVN] CNO exportNetworkFlows does not clear collectors when deleted\n1985933 - Downstream image registry recommendation\n1985965 - oVirt CSI driver does not report volume stats\n1986216 - [scale] SNO: Slow Pod recovery due to \"timed out waiting for OVS port binding\"\n1986237 - \"MachineNotYetDeleted\" in Pending state , alert not fired\n1986239 - crictl create fails with \"PID namespace requested, but sandbox infra container invalid\"\n1986302 - console continues to fetch prometheus alert and silences for normal user\n1986314 - Current MTV installation for KubeVirt import flow creates unusable Forklift UI\n1986338 - error creating list of resources in Import YAML\n1986502 - yaml multi file dnd duplicates previous dragged files\n1986819 - fix string typos for hot-plug disks\n1987044 - [OCPV48] Shutoff VM is being shown as \"Starting\" in WebUI when using spec.runStrategy Manual/RerunOnFailure\n1987136 - Declare operatorframework.io/arch.* labels for all operators\n1987257 - Go-http-client user-agent being used for oc adm mirror requests\n1987263 - fsSpaceFillingUpWarningThreshold not aligned to Kubernetes Garbage Collection Threshold\n1987445 - MetalLB integration: All gateway routers in the cluster answer ARP requests for LoadBalancer services IP\n1988406 - SSH key dropped when selecting \"Customize virtual machine\" in UI\n1988440 - Network operator changes ovnkube-config too early causing ovnkube-master pods to crashloop during cluster upgrade\n1988483 - Azure drop ICMP need to frag FRAG when using OVN: openshift-apiserver becomes False after env runs some time due to communication between one master to pods on another master fails with \"Unable to connect to the server\"\n1988879 - Virtual media based deployment fails on Dell servers due to pending Lifecycle Controller jobs\n1989438 - expected replicas is wrong\n1989502 - Developer Catalog is disappearing after short time\n1989843 - \u0027More\u0027 and \u0027Show Less\u0027 functions are not translated on several page\n1990014 - oc debug \u003cpod-name\u003e does not work for Windows pods\n1990190 - e2e testing failed with basic manifest: reason/ExternalProvisioning waiting for a volume to be created\n1990193 - \u0027more\u0027 and \u0027Show Less\u0027  is not being translated on Home -\u003e Search page\n1990255 - Partial or all of the Nodes/StorageClasses don\u0027t appear back on UI after text is removed from search bar\n1990489 - etcdHighNumberOfFailedGRPCRequests fires only on metal env in CI\n1990506 - Missing udev rules in initramfs for /dev/disk/by-id/scsi-* symlinks\n1990556 - get-resources.sh doesn\u0027t honor the no_proxy settings even with no_proxy var\n1990625 - Ironic agent registers with SLAAC address with privacy-stable\n1990635 - CVO does not recognize the channel change if desired version and channel changed at the same time\n1991067 - github.com can not be resolved inside pods where cluster is running on openstack. \n1991573 - Enable typescript strictNullCheck on network-policies files\n1991641 - Baremetal Cluster Operator still Available After Delete Provisioning\n1991770 - The logLevel and operatorLogLevel values do not work with Cloud Credential Operator\n1991819 - Misspelled word \"ocurred\"  in oc inspect cmd\n1991942 - Alignment and spacing fixes\n1992414 - Two rootdisks show on storage step if \u0027This is a CD-ROM boot source\u0027  is checked\n1992453 - The configMap failed to save on VM environment tab\n1992466 - The button \u0027Save\u0027 and \u0027Reload\u0027 are not translated on vm environment tab\n1992475 - The button \u0027Open console in New Window\u0027 and \u0027Disconnect\u0027 are not translated on vm console tab\n1992509 - Could not customize boot source due to source PVC not found\n1992541 - all the alert rules\u0027 annotations \"summary\" and \"description\" should comply with the OpenShift alerting guidelines\n1992580 - storageProfile should stay with the same value by check/uncheck the apply button\n1992592 - list-type missing in oauth.config.openshift.io for identityProviders breaking Server Side Apply\n1992777 - [IBMCLOUD] Default \"ibm_iam_authorization_policy\" is not working as expected in all scenarios\n1993364 - cluster destruction fails to remove router in BYON with Kuryr as primary network (even after BZ 1940159 got fixed)\n1993376 - periodic-ci-openshift-release-master-ci-4.6-upgrade-from-stable-4.5-e2e-azure-upgrade is permfailing\n1994094 - Some hardcodes are detected at the code level in OpenShift console components\n1994142 - Missing required cloud config fields for IBM Cloud\n1994733 - MetalLB: IP address is not assigned to service if there is duplicate IP address in two address pools\n1995021 - resolv.conf and corefile sync slows down/stops after keepalived container restart\n1995335 - [SCALE] ovnkube CNI: remove ovs flows check\n1995493 - Add Secret to workload button and Actions button are not aligned on secret details page\n1995531 - Create RDO-based Ironic image to be promoted to OKD\n1995545 - Project drop-down amalgamates inside main screen while creating storage system for odf-operator\n1995887 - [OVN]After reboot egress node,  lr-policy-list was not correct, some duplicate records or missed internal IPs\n1995924 - CMO should report `Upgradeable: false` when HA workload is incorrectly spread\n1996023 - kubernetes.io/hostname values are larger than filter when create localvolumeset from webconsole\n1996108 - Allow backwards compatibility of shared gateway mode to inject host-based routes into OVN\n1996624 - 100% of the cco-metrics/cco-metrics targets in openshift-cloud-credential-operator namespace are down\n1996630 - Fail to delete the first Authorized SSH Key input box on Advanced page\n1996647 - Provide more useful degraded message in auth operator on DNS errors\n1996736 - Large number of 501 lr-policies in INCI2 env\n1996886 - timedout waiting for flows during pod creation and ovn-controller pegged on worker nodes\n1996916 - Special Resource Operator(SRO) - Fail to deploy simple-kmod on GCP\n1996928 - Enable default operator indexes on ARM\n1997028 - prometheus-operator update removes env var support for thanos-sidecar\n1997059 - Failed to create cluster in AWS us-east-1 region due to a local zone is used\n1997226 - Ingresscontroller reconcilations failing but not shown in operator logs or status of ingresscontroller. \n1997245 - \"Subscription already exists in openshift-storage namespace\" error message is seen while installing odf-operator via UI\n1997269 - Have to refresh console to install kube-descheduler\n1997478 - Storage operator is not available after reboot cluster instances\n1997509 - flake: [sig-cli] oc builds new-build [Skipped:Disconnected] [Suite:openshift/conformance/parallel]\n1997967 - storageClass is not reserved from default wizard to customize wizard\n1998035 - openstack IPI CI: custom var-lib-etcd.mount (ramdisk) unit is racing due to incomplete After/Before order\n1998038 - [e2e][automation] add tests for UI for VM disk hot-plug\n1998087 - Fix CephHealthCheck wrapping contents and add data-tests for HealthItem and SecondaryStatus\n1998174 - Create storageclass gp3-csi  after install ocp cluster on aws\n1998183 - \"r: Bad Gateway\" info is improper\n1998235 - Firefox warning: Cookie \u201ccsrf-token\u201d will be soon rejected\n1998377 - Filesystem table head is not full displayed in disk tab\n1998378 - Virtual Machine is \u0027Not available\u0027 in Home -\u003e Overview -\u003e Cluster inventory\n1998519 - Add fstype when create localvolumeset instance on web console\n1998951 - Keepalived conf ingress peer on in Dual stack cluster contains both IPv6 and IPv4 addresses\n1999076 - [UI] Page Not Found error when clicking on Storage link provided in Overview page\n1999079 - creating pods before sriovnetworknodepolicy sync up succeed will cause node unschedulable\n1999091 - Console update toast notification can appear multiple times\n1999133 - removing and recreating static pod manifest leaves pod in error state\n1999246 - .indexignore is not ingore when oc command load dc configuration\n1999250 - ArgoCD in GitOps operator can\u0027t manage namespaces\n1999255 - ovnkube-node always crashes out the first time it starts\n1999261 - ovnkube-node log spam (and security token leak?)\n1999309 - While installing odf-operator via UI, web console update pop-up navigates to OperatorHub -\u003e Operator Installation page\n1999314 - console-operator is slow to mark Degraded as False once console starts working\n1999425 - kube-apiserver with \"[SHOULD NOT HAPPEN] failed to update managedFields\" err=\"failed to convert new object (machine.openshift.io/v1beta1, Kind=MachineHealthCheck)\n1999556 - \"master\" pool should be updated before the CVO reports available at the new version occurred\n1999578 - AWS EFS CSI tests are constantly failing\n1999603 - Memory Manager allows Guaranteed QoS Pod with hugepages requested is exactly equal to the left over Hugepages\n1999619 - cloudinit is malformatted if a user sets a password during VM creation flow\n1999621 - Empty ssh_authorized_keys entry is added to VM\u0027s cloudinit if created from a customize flow\n1999649 - MetalLB: Only one type of IP address can be assigned to service on dual stack cluster from a address pool that have both IPv4 and IPv6 addresses defined\n1999668 - openshift-install destroy cluster panic\u0027s when given invalid credentials to cloud provider (Azure Stack Hub)\n1999734 - IBM Cloud CIS Instance CRN missing in infrastructure manifest/resource\n1999771 - revert \"force cert rotation every couple days for development\" in 4.10\n1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function\n1999796 - Openshift Console `Helm` tab is not showing helm releases in a namespace when there is high number of deployments in the same namespace. \n1999836 - Admin web-console inconsistent status summary of sparse ClusterOperator conditions\n1999903 - Click \"This is a CD-ROM boot source\" ticking \"Use template size PVC\" on pvc upload form\n1999983 - No way to clear upload error from template boot source\n2000081 - [IPI baremetal]  The metal3 pod failed to restart when switching from Disabled to Managed provisioning without specifying provisioningInterface parameter\n2000096 - Git URL is not re-validated on edit build-config form reload\n2000216 - Successfully imported ImageStreams are not resolved in DeploymentConfig\n2000236 - Confusing usage message from dynkeepalived CLI\n2000268 - Mark cluster unupgradable if vcenter, esxi versions or HW versions are unsupported\n2000430 - bump cluster-api-provider-ovirt version in installer\n2000450 - 4.10: Enable static PV multi-az test\n2000490 - All critical alerts shipped by CMO should have links to a runbook\n2000521 - Kube-apiserver CO degraded due to failed conditional check (ConfigObservationDegraded)\n2000573 - Incorrect StorageCluster CR created and ODF cluster getting installed with 2 Zone OCP cluster\n2000628 - ibm-flashsystem-storage-storagesystem got created without any warning even when the attempt was cancelled\n2000651 - ImageStreamTag alias results in wrong tag and invalid link in Web Console\n2000754 - IPerf2 tests should be lower\n2000846 - Structure logs in the entire codebase of Local Storage Operator\n2000872 - [tracker] container is not able to list on some directories within the nfs after upgrade to 4.7.24\n2000877 - OCP ignores STOPSIGNAL in Dockerfile and sends SIGTERM\n2000938 - CVO does not respect changes to a Deployment strategy\n2000963 - \u0027Inline-volume (default fs)] volumes should store data\u0027 tests are failing on OKD with updated selinux-policy\n2001008 - [MachineSets] CloneMode defaults to linkedClone, but I don\u0027t have snapshot and should be fullClone\n2001240 - Remove response headers for downloads of binaries from OpenShift WebConsole\n2001295 - Remove openshift:kubevirt-machine-controllers decleration from machine-api\n2001317 - OCP Platform Quota Check - Inaccurate MissingQuota error\n2001337 - Details Card in ODF Dashboard mentions OCS\n2001339 - fix text content hotplug\n2001413 - [e2e][automation] add/delete nic and disk to template\n2001441 - Test: oc adm must-gather runs successfully for audit logs -  fail due to startup log\n2001442 - Empty termination.log file for the kube-apiserver has too permissive mode\n2001479 - IBM Cloud DNS unable to create/update records\n2001566 - Enable alerts for prometheus operator in UWM\n2001575 - Clicking on the perspective switcher shows a white page with loader\n2001577 - Quick search placeholder is not displayed properly when the search string is removed\n2001578 - [e2e][automation] add tests for vm dashboard tab\n2001605 - PVs remain in Released state for a long time after the claim is deleted\n2001617 - BucketClass Creation is restricted on 1st page but enabled using side navigation options\n2001620 - Cluster becomes degraded if it can\u0027t talk to Manila\n2001760 - While creating \u0027Backing Store\u0027, \u0027Bucket Class\u0027, \u0027Namespace Store\u0027 user is navigated to \u0027Installed Operators\u0027 page after clicking on ODF\n2001761 - Unable to apply cluster operator storage for SNO on GCP platform. \n2001765 - Some error message in the log  of diskmaker-manager caused confusion\n2001784 - show loading page before final results instead of showing a transient message No log files exist\n2001804 - Reload feature on Environment section in Build Config form does not work properly\n2001810 - cluster admin unable to view BuildConfigs in all namespaces\n2001817 - Failed to load RoleBindings list that will lead to \u2018Role name\u2019 is not able to be selected on Create RoleBinding page as well\n2001823 - OCM controller must update operator status\n2001825 - [SNO]ingress/authentication clusteroperator degraded when enable ccm from start\n2001835 - Could not select image tag version when create app from dev console\n2001855 - Add capacity is disabled for ocs-storagecluster\n2001856 - Repeating event: MissingVersion no image found for operand pod\n2001959 - Side nav list borders don\u0027t extend to edges of container\n2002007 - Layout issue on \"Something went wrong\" page\n2002010 - ovn-kube may never attempt to retry a pod creation\n2002012 - Cannot change volume mode when cloning a VM from a template\n2002027 - Two instances of Dotnet helm chart show as one in topology\n2002075 - opm render does not automatically pulling in the image(s) used in the deployments\n2002121 - [OVN] upgrades failed for IPI  OSP16 OVN  IPSec cluster\n2002125 - Network policy details page heading should be updated to Network Policy details\n2002133 - [e2e][automation] add support/virtualization and improve deleteResource\n2002134 - [e2e][automation] add test to verify vm details tab\n2002215 - Multipath day1 not working on s390x\n2002238 - Image stream tag is not persisted when switching from yaml to form editor\n2002262 - [vSphere] Incorrect user agent in vCenter sessions list\n2002266 - SinkBinding create form doesn\u0027t allow to use subject name, instead of label selector\n2002276 - OLM fails to upgrade operators immediately\n2002300 - Altering the Schedule Profile configurations doesn\u0027t affect the placement of the pods\n2002354 - Missing DU configuration \"Done\" status reporting during ZTP flow\n2002362 - Dynamic Plugin - ConsoleRemotePlugin for webpack doesn\u0027t use commonjs\n2002368 - samples should not go degraded when image allowedRegistries blocks imagestream creation\n2002372 - Pod creation failed due to mismatched pod IP address in CNI and OVN\n2002397 - Resources search is inconsistent\n2002434 - CRI-O leaks some children PIDs\n2002443 - Getting undefined error on create local volume set page\n2002461 - DNS operator performs spurious updates in response to API\u0027s defaulting of service\u0027s internalTrafficPolicy\n2002504 - When the openshift-cluster-storage-operator is degraded because of \"VSphereProblemDetectorController_SyncError\", the insights operator is not sending the logs from all pods. \n2002559 - User preference for topology list view does not follow when a new namespace is created\n2002567 - Upstream SR-IOV worker doc has broken links\n2002588 - Change text to be sentence case to align with PF\n2002657 - ovn-kube egress IP monitoring is using a random port over the node network\n2002713 - CNO: OVN logs should have millisecond resolution\n2002748 - [ICNI2] \u0027ErrorAddingLogicalPort\u0027 failed to handle external GW check: timeout waiting for namespace event\n2002759 - Custom profile should not allow not including at least one required HTTP2 ciphersuite\n2002763 - Two storage systems getting created with external mode RHCS\n2002808 - KCM does not use web identity credentials\n2002834 - Cluster-version operator does not remove unrecognized volume mounts\n2002896 - Incorrect result return when user filter data by name on search page\n2002950 - Why spec.containers.command is not created with \"oc create deploymentconfig \u003cdc-name\u003e --image=\u003cimage\u003e -- \u003ccommand\u003e\"\n2003096 - [e2e][automation] check bootsource URL is displaying on review step\n2003113 - OpenShift Baremetal IPI installer uses first three defined nodes under hosts in install-config for master nodes instead of filtering the hosts with the master role\n2003120 - CI: Uncaught error with ResizeObserver on operand details page\n2003145 - Duplicate operand tab titles causes \"two children with the same key\" warning\n2003164 - OLM, fatal error: concurrent map writes\n2003178 - [FLAKE][knative] The UI doesn\u0027t show updated traffic distribution after accepting the form\n2003193 - Kubelet/crio leaks netns and veth ports in the host\n2003195 - OVN CNI should ensure host veths are removed\n2003204 - Jenkins all new container images (openshift4/ose-jenkins) not supporting \u0027-e JENKINS_PASSWORD=password\u0027  ENV  which was working for old container images\n2003206 - Namespace stuck terminating: Failed to delete all resource types, 1 remaining: unexpected items still remain in namespace\n2003239 - \"[sig-builds][Feature:Builds][Slow] can use private repositories as build input\" tests fail outside of CI\n2003244 - Revert libovsdb client code\n2003251 - Patternfly components with list element has list item bullet when they should not. \n2003252 - \"[sig-builds][Feature:Builds][Slow] starting a build using CLI  start-build test context override environment BUILD_LOGLEVEL in buildconfig\" tests do not work as expected outside of CI\n2003269 - Rejected pods should be filtered from admission regression\n2003357 - QE- Removing the epic tags for gherkin tags related to 4.9 Release\n2003426 - [e2e][automation]  add test for vm details bootorder\n2003496 - [e2e][automation] add test for vm resources requirment settings\n2003641 - All metal ipi jobs are failing in 4.10\n2003651 - ODF4.9+LSO4.8 installation via UI, StorageCluster move to error state\n2003655 - [IPI ON-PREM] Keepalived chk_default_ingress track script failed even though default router pod runs on node\n2003683 - Samples operator is panicking in CI\n2003711 - [UI] Empty file ceph-external-cluster-details-exporter.py downloaded from external cluster \"Connection Details\" page\n2003715 - Error on creating local volume set after selection of the volume mode\n2003743 - Remove workaround keeping /boot RW for kdump support\n2003775 - etcd pod on CrashLoopBackOff after master replacement procedure\n2003788 - CSR reconciler report error constantly when BYOH CSR approved by other Approver\n2003792 - Monitoring metrics query graph flyover panel is useless\n2003808 - Add Sprint 207 translations\n2003845 - Project admin cannot access image vulnerabilities view\n2003859 - sdn emits events with garbage messages\n2003896 - (release-4.10) ApiRequestCounts conditional gatherer\n2004009 - 4.10: Fix multi-az zone scheduling e2e for 5 control plane replicas\n2004051 - CMO can report as being Degraded while node-exporter is deployed on all nodes\n2004059 - [e2e][automation] fix current tests for downstream\n2004060 - Trying to use basic spring boot sample causes crash on Firefox\n2004101 - [UI] When creating storageSystem deployment type dropdown under advanced setting doesn\u0027t close after selection\n2004127 - [flake] openshift-controller-manager event reason/SuccessfulDelete occurs too frequently\n2004203 - build config\u0027s created prior to 4.8 with image change triggers can result in trigger storm in OCM/openshift-apiserver\n2004313 - [RHOCP 4.9.0-rc.0] Failing to deploy Azure cluster from the macOS installer - ignition_bootstrap.ign: no such file or directory\n2004449 - Boot option recovery menu prevents image boot\n2004451 - The backup filename displayed in the RecentBackup message is incorrect\n2004459 - QE - Modified the AddFlow gherkin scripts and automation scripts\n2004508 - TuneD issues with the recent ConfigParser changes. \n2004510 - openshift-gitops operator hooks gets unauthorized (401) errors during jobs executions\n2004542 - [osp][octavia lb] cannot create LoadBalancer type svcs\n2004578 - Monitoring and node labels missing for an external storage platform\n2004585 - prometheus-k8s-0 cpu usage keeps increasing for the first 3 days\n2004596 - [4.10] Bootimage bump tracker\n2004597 - Duplicate ramdisk log containers running\n2004600 - Duplicate ramdisk log containers running\n2004609 - output of \"crictl inspectp\" is not complete\n2004625 - BMC credentials could be logged if they change\n2004632 - When LE takes a large amount of time, multiple whereabouts are seen\n2004721 - ptp/worker custom threshold doesn\u0027t change ptp events threshold\n2004736 - [knative] Create button on new Broker form is inactive despite form being filled\n2004796 - [e2e][automation] add test for vm scheduling policy\n2004814 - (release-4.10) OCM controller - change type of the etc-pki-entitlement secret to opaque\n2004870 - [External Mode] Insufficient spacing along y-axis in RGW Latency Performance Card\n2004901 - [e2e][automation] improve kubevirt devconsole tests\n2004962 - Console frontend job consuming too much CPU in CI\n2005014 - state of ODF StorageSystem is misreported during installation or uninstallation\n2005052 - Adding a MachineSet selector matchLabel causes orphaned Machines\n2005179 - pods status filter is not taking effect\n2005182 - sync list of deprecated apis about to be removed\n2005282 - Storage cluster name is given as title in StorageSystem details page\n2005355 - setuptools 58 makes Kuryr CI fail\n2005407 - ClusterNotUpgradeable Alert should be set to Severity Info\n2005415 - PTP operator with sidecar api configured throws  bind: address already in use\n2005507 - SNO spoke cluster failing to reach coreos.live.rootfs_url is missing url in console\n2005554 - The switch status of the button \"Show default project\" is not revealed correctly in code\n2005581 - 4.8.12 to 4.9 upgrade hung due to cluster-version-operator pod CrashLoopBackOff: error creating clients: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable\n2005761 - QE - Implementing crw-basic feature file\n2005783 - Fix accessibility issues in the \"Internal\" and \"Internal - Attached Mode\" Installation Flow\n2005811 - vSphere Problem Detector operator - ServerFaultCode: InvalidProperty\n2005854 - SSH NodePort service is created for each VM\n2005901 - KS, KCM and KA going Degraded during master nodes upgrade\n2005902 - Current UI flow for MCG only deployment is confusing and doesn\u0027t reciprocate any message to the end-user\n2005926 - PTP operator NodeOutOfPTPSync rule is using max offset from the master instead of openshift_ptp_clock_state metrics\n2005971 - Change telemeter to report the Application Services product usage metrics\n2005997 - SELinux domain container_logreader_t does not have a policy to follow sym links for log files\n2006025 - Description to use an existing StorageClass while creating StorageSystem needs to be re-phrased\n2006060 - ocs-storagecluster-storagesystem details are missing on UI for MCG Only and MCG only in LSO mode deployment types\n2006101 - Power off fails for drivers that don\u0027t support Soft power off\n2006243 - Metal IPI upgrade jobs are running out of disk space\n2006291 - bootstrapProvisioningIP set incorrectly when provisioningNetworkCIDR doesn\u0027t use the 0th address\n2006308 - Backing Store YAML tab on click displays a blank screen on UI\n2006325 - Multicast is broken across nodes\n2006329 - Console only allows Web Terminal Operator to be installed in OpenShift Operators\n2006364 - IBM Cloud: Set resourceGroupId for resourceGroups, not simply resource\n2006561 - [sig-instrumentation] Prometheus when installed on the cluster shouldn\u0027t have failing rules evaluation [Skipped:Disconnected] [Suite:openshift/conformance/parallel]\n2006690 - OS boot failure \"x64 Exception Type 06 - Invalid Opcode Exception\"\n2006714 - add retry for etcd errors in kube-apiserver\n2006767 - KubePodCrashLooping may not fire\n2006803 - Set CoreDNS cache entries for forwarded zones\n2006861 - Add Sprint 207 part 2 translations\n2006945 - race condition can cause crashlooping bootstrap kube-apiserver in cluster-bootstrap\n2006947 - e2e-aws-proxy for 4.10 is permafailing with samples operator errors\n2006975 - clusteroperator/etcd status condition should not change reasons frequently due to EtcdEndpointsDegraded\n2007085 - Intermittent failure mounting /run/media/iso when booting live ISO from USB stick\n2007136 - Creation of BackingStore, BucketClass, NamespaceStore fails\n2007271 - CI Integration for Knative test cases\n2007289 - kubevirt tests are failing in CI\n2007322 - Devfile/Dockerfile import does not work for unsupported git host\n2007328 - Updated patternfly to v4.125.3 and pf.quickstarts to v1.2.3. \n2007379 - Events are not generated for master offset  for ordinary clock\n2007443 - [ICNI 2.0] Loadbalancer pods do not establish BFD sessions with all workers that host pods for the routed namespace\n2007455 - cluster-etcd-operator: render command should fail if machineCidr contains reserved address\n2007495 - Large label value for the metric kubelet_started_pods_errors_total with label message when there is a error\n2007522 - No new local-storage-operator-metadata-container is build for 4.10\n2007551 - No new ose-aws-efs-csi-driver-operator-bundle-container is build for 4.10\n2007580 - Azure cilium installs are failing e2e tests\n2007581 - Too many haproxy processes in default-router pod causing high load average after upgrade from v4.8.3 to v4.8.10\n2007677 - Regression: core container io performance metrics are missing for pod, qos, and system slices on nodes\n2007692 - 4.9 \"old-rhcos\" jobs are permafailing with storage test failures\n2007710 - ci/prow/e2e-agnostic-cmd job is failing on prow\n2007757 - must-gather extracts imagestreams in the \"openshift\" namespace, but not Templates\n2007802 - AWS machine actuator get stuck if machine is completely missing\n2008096 - TestAWSFinalizerDeleteS3Bucket sometimes fails to teardown operator\n2008119 - The serviceAccountIssuer field on Authentication CR is reseted to \u201c\u201d when installation process\n2008151 - Topology breaks on clicking in empty state\n2008185 - Console operator go.mod should use go 1.16.version\n2008201 - openstack-az job is failing on haproxy idle test\n2008207 - vsphere CSI driver doesn\u0027t set resource limits\n2008223 - gather_audit_logs: fix oc command line to get the current audit profile\n2008235 - The Save button in the Edit DC form remains disabled\n2008256 - Update Internationalization README with scope info\n2008321 - Add correct documentation link for MON_DISK_LOW\n2008462 - Disable PodSecurity feature gate for 4.10\n2008490 - Backing store details page does not contain all the kebab actions. \n2008521 - gcp-hostname service should correct invalid search entries in resolv.conf\n2008532 - CreateContainerConfigError:: failed to prepare subPath for volumeMount\n2008539 - Registry doesn\u0027t fall back to secondary ImageContentSourcePolicy Mirror\n2008540 - HighlyAvailableWorkloadIncorrectlySpread always fires on upgrade on cluster with two workers\n2008599 - Azure Stack UPI does not have Internal Load Balancer\n2008612 - Plugin asset proxy does not pass through browser cache headers\n2008712 - VPA webhook timeout prevents all pods from starting\n2008733 - kube-scheduler: exposed /debug/pprof port\n2008911 - Prometheus repeatedly scaling prometheus-operator replica set\n2008926 - [sig-api-machinery] API data in etcd should be stored at the correct location and version for all resources [Serial] [Suite:openshift/conformance/serial]\n2008987 - OpenShift SDN Hosted Egress IP\u0027s are not being scheduled to nodes after upgrade to 4.8.12\n2009055 - Instances of OCS to be replaced with ODF on UI\n2009078 - NetworkPodsCrashLooping alerts in upgrade CI jobs\n2009083 - opm blocks pruning of existing bundles during add\n2009111 - [IPI-on-GCP] \u0027Install a cluster with nested virtualization enabled\u0027 failed due to unable to launch compute instances\n2009131 - [e2e][automation] add more test about vmi\n2009148 - [e2e][automation] test vm nic presets and options\n2009233 - ACM policy object generated by PolicyGen conflicting with OLM Operator\n2009253 - [BM] [IPI] [DualStack] apiVIP and ingressVIP should be of the same primary IP family\n2009298 - Service created for VM SSH access is not owned by the VM and thus is not deleted if the VM is deleted\n2009384 - UI changes to support BindableKinds CRD changes\n2009404 - ovnkube-node pod enters CrashLoopBackOff after OVN_IMAGE is swapped\n2009424 - Deployment upgrade is failing availability check\n2009454 - Change web terminal subscription permissions from get to list\n2009465 - container-selinux should come from rhel8-appstream\n2009514 - Bump OVS to 2.16-15\n2009555 - Supermicro X11 system not booting from vMedia with AI\n2009623 - Console: Observe \u003e Metrics page: Table pagination menu shows bullet points\n2009664 - Git Import: Edit of knative service doesn\u0027t work as expected for git import flow\n2009699 - Failure to validate flavor RAM\n2009754 - Footer is not sticky anymore in import forms\n2009785 - CRI-O\u0027s version file should be pinned by MCO\n2009791 - Installer:  ibmcloud ignores install-config values\n2009823 - [sig-arch] events should not repeat pathologically - reason/VSphereOlderVersionDetected Marking cluster un-upgradeable because one or more VMs are on hardware version vmx-13\n2009840 - cannot build extensions on aarch64 because of unavailability of rhel-8-advanced-virt repo\n2009859 - Large number of sessions created by vmware-vsphere-csi-driver-operator during e2e tests\n2009873 - Stale Logical Router Policies and Annotations for a given node\n2009879 - There should be test-suite coverage to ensure admin-acks work as expected\n2009888 - SRO package name collision between official and community version\n2010073 - uninstalling and then reinstalling sriov-network-operator is not working\n2010174 - 2 PVs get created unexpectedly with different paths that actually refer to the same device on the node. \n2010181 - Environment variables not getting reset on reload on deployment edit form\n2010310 - [sig-instrumentation][Late] OpenShift alerting rules should have description and summary annotations [Skipped:Disconnected] [Suite:openshift/conformance/parallel]\n2010341 - OpenShift Alerting Rules Style-Guide Compliance\n2010342 - Local console builds can have out of memory errors\n2010345 - OpenShift Alerting Rules Style-Guide Compliance\n2010348 - Reverts PIE build mode for K8S components\n2010352 - OpenShift Alerting Rules Style-Guide Compliance\n2010354 - OpenShift Alerting Rules Style-Guide Compliance\n2010359 - OpenShift Alerting Rules Style-Guide Compliance\n2010368 - OpenShift Alerting Rules Style-Guide Compliance\n2010376 - OpenShift Alerting Rules Style-Guide Compliance\n2010662 - Cluster is unhealthy after image-registry-operator tests\n2010663 - OpenShift Alerting Rules Style-Guide Compliance (ovn-kubernetes subcomponent)\n2010665 - Bootkube tries to use oc after cluster bootstrap is done and there is no API\n2010698 - [BM] [IPI] [Dual Stack] Installer must ensure ipv6 short forms too if clusterprovisioning IP is specified as ipv6 address\n2010719 - etcdHighNumberOfFailedGRPCRequests runbook is missing\n2010864 - Failure building EFS operator\n2010910 - ptp worker events unable to identify interface for multiple interfaces\n2010911 - RenderOperatingSystem() returns wrong OS version on OCP 4.7.24\n2010921 - Azure Stack Hub does not handle additionalTrustBundle\n2010931 - SRO CSV uses non default category \"Drivers and plugins\"\n2010946 - concurrent CRD from ovirt-csi-driver-operator gets reconciled by CVO after deployment, changing CR as well. \n2011038 - optional operator conditions are confusing\n2011063 - CVE-2021-39226 grafana: Snapshot authentication bypass\n2011171 - diskmaker-manager constantly redeployed by LSO when creating LV\u0027s\n2011293 - Build pod are not pulling images if we are not explicitly giving the registry name with the image\n2011368 - Tooltip in pipeline visualization shows misleading data\n2011386 - [sig-arch] Check if alerts are firing during or after upgrade success --- alert KubePodNotReady fired for 60 seconds with labels\n2011411 - Managed Service\u0027s Cluster overview page contains link to missing Storage dashboards\n2011443 - Cypress tests assuming Admin Perspective could fail on shared/reference cluster\n2011513 - Kubelet rejects pods that use resources that should be freed by completed pods\n2011668 - Machine stuck in deleting phase in VMware \"reconciler failed to Delete machine\"\n2011693 - (release-4.10) \"insightsclient_request_recvreport_total\" metric is always incremented\n2011698 - After upgrading cluster to 4.8 the kube-state-metrics service doesn\u0027t export namespace labels anymore\n2011733 - Repository README points to broken documentarion link\n2011753 - Ironic resumes clean before raid configuration job is actually completed\n2011809 - The nodes page in the openshift console doesn\u0027t work. You just get a blank page\n2011822 - Obfuscation doesn\u0027t work at clusters with OVN\n2011882 - SRO helm charts not synced with templates\n2011893 - Validation: BMC driver ipmi is not supported for secure UEFI boot\n2011896 - [4.10] ClusterVersion Upgradeable=False MultipleReasons should include all messages\n2011903 - vsphere-problem-detector: session leak\n2011927 - OLM should allow users to specify a proxy for GRPC connections\n2011956 - [tracker] Kubelet rejects pods that use resources that should be freed by completed pods\n2011960 - [tracker] Storage operator is not available after reboot cluster instances\n2011971 - ICNI2 pods are stuck in ContainerCreating state\n2011972 - Ingress operator not creating wildcard route for hypershift  clusters\n2011977 - SRO bundle references non-existent image\n2012069 - Refactoring Status controller\n2012177 - [OCP 4.9 + OCS 4.8.3] Overview tab is missing under Storage after successful deployment on UI\n2012228 - ibmcloud: credentialsrequests invalid for machine-api-operator: resource-group\n2012233 - [IBMCLOUD] IPI: \"Exceeded limit of remote rules per security group (the limit is 5 remote rules per security group)\"\n2012235 - [IBMCLOUD] IPI: IBM cloud provider requires ResourceGroupName in cloudproviderconfig\n2012317 - Dynamic Plugins: ListPageCreateDropdown items cut off\n2012407 - [e2e][automation] improve vm tab console tests\n2012426 - ThanosSidecarBucketOperationsFailed/ThanosSidecarUnhealthy alerts don\u0027t have namespace label\n2012562 - migration condition is not detected in list view\n2012770 - when using expression metric openshift_apps_deploymentconfigs_last_failed_rollout_time namespace label is re-written\n2012780 - The port 50936 used by haproxy is occupied by kube-apiserver\n2012838 - Setting the default maximum container root partition size for Overlay with CRI-O stop working\n2012902 - Neutron Ports assigned to Completed Pods are not reused Edit\n2012915 - kube_persistentvolumeclaim_labels and kube_persistentvolume_labels are missing in OCP 4.8 monitoring stack\n2012971 - Disable operands deletes\n2013034 - Cannot install to openshift-nmstate namespace\n2013127 - OperatorHub links could not be opened in a new tabs (sharing and open a deep link works fine)\n2013199 - post reboot of node SRIOV policy taking huge time\n2013203 - UI breaks when trying to create block pool before storage cluster/system creation\n2013222 - Full breakage for nightly payload promotion\n2013273 - Nil pointer exception when phc2sys options are missing\n2013321 - TuneD: high CPU utilization of the TuneD daemon. \n2013416 - Multiple assets emit different content to the same filename\n2013431 - Application selector dropdown has incorrect font-size and positioning\n2013528 - mapi_current_pending_csr is always set to 1 on OpenShift Container Platform 4.8\n2013545 - Service binding created outside topology is not visible\n2013599 - Scorecard support storage is not included in ocp4.9\n2013632 - Correction/Changes in Quick Start Guides for ODF 4.9 (Install ODF guide)\n2013646 - fsync controller will show false positive if gaps in metrics are observed. \n2013710 - ZTP Operator subscriptions for 4.9 release branch should point to 4.9 by default\n2013751 - Service details page is showing wrong in-cluster hostname\n2013787 - There are two tittle \u0027Network Attachment Definition Details\u0027 on NAD details page\n2013871 - Resource table headings are not aligned with their column data\n2013895 - Cannot enable accelerated network via MachineSets on Azure\n2013920 - \"--collector.filesystem.ignored-mount-points is DEPRECATED and will be removed in 2.0.0, use --collector.filesystem.mount-points-exclude\"\n2013930 - Create Buttons enabled for Bucket Class, Backingstore and Namespace Store in the absence of Storagesystem(or MCG)\n2013969 - oVIrt CSI driver fails on creating PVCs on hosted engine storage domain\n2013990 - Observe dashboard crashs on reload when perspective has changed (in another tab)\n2013996 - Project detail page: Action \"Delete Project\" does nothing for the default project\n2014071 - Payload imagestream new tags not properly updated during cluster upgrade\n2014153 - SRIOV exclusive pooling\n2014202 - [OCP-4.8.10] OVN-Kubernetes: service IP is not responding when egressIP set to the namespace\n2014238 - AWS console test is failing on importing duplicate YAML definitions\n2014245 - Several aria-labels, external links, and labels aren\u0027t internationalized\n2014248 - Several files aren\u0027t internationalized\n2014352 - Could not filter out machine by using node name on machines page\n2014464 - Unexpected spacing/padding below navigation groups in developer perspective\n2014471 - Helm Release notes tab is not automatically open after installing a chart for other languages\n2014486 - Integration Tests: OLM single namespace operator tests failing\n2014488 - Custom operator cannot change orders of condition tables\n2014497 - Regex slows down different forms and creates too much recursion errors in the log\n2014538 - Kuryr controller crash looping on  self._get_vip_port(loadbalancer).id   \u0027NoneType\u0027 object has no attribute \u0027id\u0027\n2014614 - Metrics scraping requests should be assigned to exempt priority level\n2014710 - TestIngressStatus test is broken on Azure\n2014954 - The prometheus-k8s-{0,1} pods are CrashLoopBackoff repeatedly\n2014995 - oc adm must-gather cannot gather audit logs with \u0027None\u0027 audit profile\n2015115 - [RFE] PCI passthrough\n2015133 - [IBMCLOUD] ServiceID API key credentials seems to be insufficient for ccoctl \u0027--resource-group-name\u0027 parameter\n2015154 - Support ports defined networks and primarySubnet\n2015274 - Yarn dev fails after updates to dynamic plugin JSON schema logic\n2015337 - 4.9.0 GA MetalLB operator image references need to be adjusted to match production\n2015386 - Possibility to add labels to the built-in OCP alerts\n2015395 - Table head on Affinity Rules modal is not fully expanded\n2015416 - CI implementation for Topology plugin\n2015418 - Project Filesystem query returns No datapoints found\n2015420 - No vm resource in project view\u0027s inventory\n2015422 - No conflict checking on snapshot name\n2015472 - Form and YAML view switch button should have distinguishable status\n2015481 - [4.10]  sriov-network-operator daemon pods are failing to start\n2015493 - Cloud Controller Manager Operator does not respect \u0027additionalTrustBundle\u0027 setting\n2015496 - Storage - PersistentVolumes : Claim colum value \u0027No Claim\u0027 in English\n2015498 - [UI] Add capacity when not applicable (for MCG only deployment and External mode cluster) fails to pass any info. to user and tries to just load a blank screen on \u0027Add Capacity\u0027 button click\n2015506 - Home - Search - Resources - APIRequestCount : hard to select an item from ellipsis menu\n2015515 - Kubelet checks all providers even if one is configured: NoCredentialProviders: no valid providers in chain. \n2015535 - Administration - ResourceQuotas - ResourceQuota details: Inside Pie chart \u0027x% used\u0027 is in English\n2015549 - Observe - Metrics: Column heading and pagination text is in English\n2015557 - Workloads - DeploymentConfigs :  Error message is in English\n2015568 - Compute - Nodes : CPU column\u0027s values are in English\n2015635 - Storage operator fails causing installation to fail on ASH\n2015660 - \"Finishing boot source customization\" screen should not use term \"patched\"\n2015793 - [hypershift] The collect-profiles job\u0027s pods should run on the control-plane node\n2015806 - Metrics view in Deployment reports \"Forbidden\" when not cluster-admin\n2015819 - Conmon sandbox processes run on non-reserved CPUs with workload partitioning\n2015837 - OS_CLOUD overwrites install-config\u0027s platform.openstack.cloud\n2015950 - update from 4.7.22 to 4.8.11 is failing due to large amount of secrets to watch\n2015952 - RH CodeReady Workspaces Operator in e2e testing will soon fail\n2016004 - [RFE] RHCOS: help determining whether a user-provided image was already booted (Ignition provisioning already performed)\n2016008 - [4.10] Bootimage bump tracker\n2016052 - No e2e CI presubmit configured for release component azure-file-csi-driver\n2016053 - No e2e CI presubmit configured for release component azure-file-csi-driver-operator\n2016054 - No e2e CI presubmit configured for release component cluster-autoscaler\n2016055 - No e2e CI presubmit configured for release component console\n2016058 - openshift-sync does not synchronise in \"ose-jenkins:v4.8\"\n2016064 - No e2e CI presubmit configured for release component ibm-cloud-controller-manager\n2016065 - No e2e CI presubmit configured for release component ibmcloud-machine-controllers\n2016175 - Pods get stuck in ContainerCreating state when attaching volumes fails on SNO clusters. \n2016179 - Add Sprint 208 translations\n2016228 - Collect Profiles pprof secret is hardcoded to openshift-operator-lifecycle-manager\n2016235 - should update to 7.5.11 for grafana resources version label\n2016296 - Openshift virtualization  : Create Windows Server 2019 VM using template : Fails\n2016334 - shiftstack: SRIOV nic reported as not supported\n2016352 - Some pods start before CA resources are present\n2016367 - Empty task box is getting created for a pipeline without finally task\n2016435 - Duplicate AlertmanagerClusterFailedToSendAlerts alerts\n2016438 - Feature flag gating is missing in few extensions contributed via knative plugin\n2016442 - OCPonRHV: pvc should be in Bound state and without error when choosing default sc\n2016446 - [OVN-Kubernetes] Egress Networkpolicy is failing Intermittently for statefulsets\n2016453 - Complete i18n for GaugeChart defaults\n2016479 - iface-id-ver is not getting updated for existing lsp\n2016925 - Dashboards with All filter, change to a specific value and change back to All,  data will disappear\n2016951 - dynamic actions list is not disabling \"open console\" for stopped vms\n2016955 - m5.large instance type for bootstrap node is hardcoded causing deployments to fail if instance type is not available\n2016988 - NTO does not set io_timeout and max_retries for AWS Nitro instances\n2017016 - [REF] Virtualization menu\n2017036 - [sig-network-edge][Feature:Idling] Unidling should handle many TCP connections fails in periodic-ci-openshift-release-master-ci-4.9-e2e-openstack-ovn\n2017050 - Dynamic Plugins: Shared modules loaded multiple times, breaking use of PatternFly\n2017130 - t is not a function error navigating to details page\n2017141 - Project dropdown has a dynamic inline width added which can cause min-width issue\n2017244 - ovirt csi operator static files creation is in the wrong order\n2017276 - [4.10] Volume mounts not created with the correct security context\n2017327 - When run opm index prune failed with error removing operator package cic-operator FOREIGN KEY constraint failed. \n2017427 - NTO does not restart TuneD daemon when profile application is taking too long\n2017535 - Broken Argo CD link image on GitOps Details Page\n2017547 - Siteconfig application sync fails with The AgentClusterInstall is invalid: spec.provisionRequirements.controlPlaneAgents: Required value when updating images references\n2017564 - On-prem prepender dispatcher script overwrites DNS search settings\n2017565 - CCMO does not handle additionalTrustBundle on Azure Stack\n2017566 - MetalLB: Web Console -Create Address pool form shows address pool name twice\n2017606 - [e2e][automation] add test to verify send key for VNC console\n2017650 - [OVN]EgressFirewall cannot be applied correctly if cluster has windows nodes\n2017656 - VM IP address is \"undefined\" under VM details -\u003e ssh field\n2017663 - SSH password authentication is disabled when public key is not supplied\n2017680 - [gcp] Couldn\u2019t enable support for instances with GPUs on GCP\n2017732 - [KMS] Prevent creation of encryption enabled storageclass without KMS connection set\n2017752 - (release-4.10) obfuscate identity provider attributes in collected authentication.operator.openshift.io resource\n2017756 - overlaySize setting on containerruntimeconfig is ignored due to cri-o defaults\n2017761 - [e2e][automation] dummy bug for 4.9 test dependency\n2017872 - Add Sprint 209 translations\n2017874 - The installer is incorrectly checking the quota for X instances instead of G and VT instances\n2017879 - Add Chinese translation for \"alternate\"\n2017882 - multus: add handling of pod UIDs passed from runtime\n2017909 - [ICNI 2.0] ovnkube-masters stop processing add/del events for pods\n2018042 - HorizontalPodAutoscaler CPU averageValue did not show up in HPA metrics GUI\n2018093 - Managed cluster should ensure control plane pods do not run in best-effort QoS\n2018094 - the tooltip length is limited\n2018152 - CNI pod is not restarted when It cannot start servers due to ports being used\n2018208 - e2e-metal-ipi-ovn-ipv6 are failing 75% of the time\n2018234 - user settings are saved in local storage instead of on cluster\n2018264 - Delete Export button doesn\u0027t work in topology sidebar (general issue with unknown CSV?)\n2018272 - Deployment managed by link and topology sidebar links to invalid resource page (at least for Exports)\n2018275 - Topology graph doesn\u0027t show context menu for Export CSV\n2018279 - Edit and Delete confirmation modals for managed resource should close when the managed resource is clicked\n2018380 - Migrate docs links to access.redhat.com\n2018413 - Error: context deadline exceeded, OCP 4.8.9\n2018428 - PVC is deleted along with VM even with \"Delete Disks\" unchecked\n2018445 - [e2e][automation] enhance tests for downstream\n2018446 - [e2e][automation] move tests to different level\n2018449 - [e2e][automation] add test about create/delete network attachment definition\n2018490 - [4.10] Image provisioning fails with file name too long\n2018495 - Fix typo in internationalization README\n2018542 - Kernel upgrade does not reconcile DaemonSet\n2018880 - Get \u0027No datapoints found.\u0027 when query metrics about alert rule KubeCPUQuotaOvercommit and KubeMemoryQuotaOvercommit\n2018884 - QE - Adapt crw-basic feature file to OCP 4.9/4.10 changes\n2018935 - go.sum not updated, that ART extracts version string from, WAS: Missing backport from 4.9 for Kube bump PR#950\n2018965 - e2e-metal-ipi-upgrade is permafailing in 4.10\n2018985 - The rootdisk size is 15Gi of windows VM in customize wizard\n2019001 - AWS: Operator degraded (CredentialsFailing): 1 of 6 credentials requests are failing to sync. \n2019096 - Update SRO leader election timeout to support SNO\n2019129 - SRO in operator hub points to wrong repo for README\n2019181 - Performance profile does not apply\n2019198 - ptp offset metrics are not named according to the log output\n2019219 - [IBMCLOUD]: cloud-provider-ibm missing IAM permissions in CCCMO CredentialRequest\n2019284 - Stop action should not in the action list while VMI is not running\n2019346 - zombie processes accumulation and Argument list too long\n2019360 - [RFE] Virtualization Overview page\n2019452 - Logger object in LSO appends to existing logger recursively\n2019591 - Operator install modal body that scrolls has incorrect padding causing shadow position to be incorrect\n2019634 - Pause and migration is enabled in action list for a user who has view only permission\n2019636 - Actions in VM tabs should be disabled when user has view only permission\n2019639 - \"Take snapshot\" should be disabled while VM image is still been importing\n2019645 - Create button is not removed on \"Virtual Machines\" page for view only user\n2019646 - Permission error should pop-up immediately while clicking \"Create VM\" button on template page for view only user\n2019647 - \"Remove favorite\" and \"Create new Template\" should be disabled in template action list for view only user\n2019717 - cant delete VM with un-owned pvc attached\n2019722 - The shared-resource-csi-driver-node pod runs as \u201cBestEffort\u201d qosClass\n2019739 - The shared-resource-csi-driver-node uses imagePullPolicy as \"Always\"\n2019744 - [RFE] Suggest users to download newest RHEL 8 version\n2019809 - [OVN][Upgrade] After upgrade to 4.7.34 ovnkube-master pods are in CrashLoopBackOff/ContainerCreating and other multiple issues at OVS/OVN level\n2019827 - Display issue with top-level menu items running demo plugin\n2019832 - 4.10 Nightlies blocked: Failed to upgrade authentication, operator was degraded\n2019886 - Kuryr unable to finish ports recovery upon controller restart\n2019948 - [RFE] Restructring Virtualization links\n2019972 - The Nodes section doesn\u0027t display the csr of the nodes that are trying to join the cluster\n2019977 - Installer doesn\u0027t validate region causing binary to hang with a 60 minute timeout\n2019986 - Dynamic demo plugin fails to build\n2019992 - instance:node_memory_utilisation:ratio metric is incorrect\n2020001 - Update dockerfile for demo dynamic plugin to reflect dir change\n2020003 - MCD does not regard \"dangling\" symlinks as a files, attempts to write through them on next backup, resulting in \"not writing through dangling symlink\" error and degradation. \n2020107 - cluster-version-operator: remove runlevel from CVO namespace\n2020153 - Creation of Windows high performance VM fails\n2020216 - installer: Azure storage container blob where is stored bootstrap.ign file shouldn\u0027t be public\n2020250 - Replacing deprecated ioutil\n2020257 - Dynamic plugin with multiple webpack compilation passes may fail to build\n2020275 - ClusterOperators link in console returns blank page during upgrades\n2020377 - permissions error while using tcpdump option with must-gather\n2020489 - coredns_dns metrics don\u0027t include the custom zone metrics data due to CoreDNS prometheus plugin is not defined\n2020498 - \"Show PromQL\" button is disabled\n2020625 - [AUTH-52] User fails to login from web console with keycloak OpenID IDP after enable group membership sync feature\n2020638 - [4.7] CI conformance test failures related to CustomResourcePublishOpenAPI\n2020664 - DOWN subports are not cleaned up\n2020904 - When trying to create a connection from the Developer view between VMs, it fails\n2021016 - \u0027Prometheus Stats\u0027 of dashboard \u0027Prometheus Overview\u0027 miss data on console compared with Grafana\n2021017 - 404 page not found error on knative eventing page\n2021031 - QE - Fix the topology CI scripts\n2021048 - [RFE] Added MAC Spoof check\n2021053 - Metallb operator presented as community operator\n2021067 - Extensive number of requests from storage version operator in cluster\n2021081 - Missing PolicyGenTemplate for configuring Local Storage Operator LocalVolumes\n2021135 - [azure-file-csi-driver] \"make unit-test\" returns non-zero code, but tests pass\n2021141 - Cluster should allow a fast rollout of kube-apiserver is failing on single node\n2021151 - Sometimes the DU node does not get the performance profile configuration applied and MachineConfigPool stays stuck in Updating\n2021152 - imagePullPolicy is \"Always\" for ptp operator images\n2021191 - Project admins should be able to list available network attachment defintions\n2021205 - Invalid URL in git import form causes validation to not happen on URL change\n2021322 - cluster-api-provider-azure should populate purchase plan information\n2021337 - Dynamic Plugins: ResourceLink doesn\u0027t render when passed a groupVersionKind\n2021364 - Installer requires invalid AWS permission s3:GetBucketReplication\n2021400 - Bump documentationBaseURL to 4.10\n2021405 - [e2e][automation] VM creation wizard Cloud Init editor\n2021433 - \"[sig-builds][Feature:Builds][pullsearch] docker build where the registry is not specified\" test fail permanently on disconnected\n2021466 - [e2e][automation] Windows guest tool mount\n2021544 - OCP 4.6.44 - Ingress VIP assigned as secondary IP in ovs-if-br-ex and added to resolv.conf as nameserver\n2021551 - Build is not recognizing the USER group from an s2i image\n2021607 - Unable to run openshift-install with a vcenter hostname that begins with a numeric character\n2021629 - api request counts for current hour are incorrect\n2021632 - [UI] Clicking on odf-operator breadcrumb from StorageCluster details page displays empty page\n2021693 - Modals assigned modal-lg class are no longer the correct width\n2021724 - Observe \u003e Dashboards: Graph lines are not visible when obscured by other lines\n2021731 - CCO occasionally down, reporting networksecurity.googleapis.com API as disabled\n2021936 - Kubelet version in RPMs should be using Dockerfile label instead of git tags\n2022050 - [BM][IPI] Failed during bootstrap - unable to read client-key /var/lib/kubelet/pki/kubelet-client-current.pem\n2022053 - dpdk application with vhost-net is not able to start\n2022114 - Console logging every proxy request\n2022144 - 1 of 3 ovnkube-master pods stuck in clbo after ipi bm deployment - dualstack  (Intermittent)\n2022251 - wait interval in case of a failed upload due to 403 is unnecessarily long\n2022399 - MON_DISK_LOW troubleshooting guide link when clicked, gives 404 error . \n2022447 - ServiceAccount in manifests conflicts with OLM\n2022502 - Patternfly tables with a checkbox column are not displaying correctly because of conflicting css rules. \n2022509 - getOverrideForManifest does not check manifest.GVK.Group\n2022536 - WebScale: duplicate ecmp next hop error caused by multiple of the same gateway IPs in ovnkube cache\n2022612 - no namespace field for \"Kubernetes / Compute Resources / Namespace (Pods)\" admin console dashboard\n2022627 - Machine object not picking up external FIP added to an openstack vm\n2022646 - configure-ovs.sh failure -  Error: unknown connection \u0027WARN:\u0027\n2022707 - Observe / monitoring dashboard shows forbidden errors on Dev Sandbox\n2022801 - Add Sprint 210 translations\n2022811 - Fix kubelet log rotation file handle leak\n2022812 - [SCALE] ovn-kube service controller executes unnecessary load balancer operations\n2022824 - Large number of sessions created by vmware-vsphere-csi-driver-operator during e2e tests\n2022880 - Pipeline renders with minor visual artifact with certain task dependencies\n2022886 - Incorrect URL in operator description\n2023042 - CRI-O filters custom runtime allowed annotation when both custom workload and custom runtime sections specified under the config\n2023060 - [e2e][automation] Windows VM with CDROM migration\n2023077 - [e2e][automation] Home Overview Virtualization status\n2023090 - [e2e][automation] Examples of Import URL for VM templates\n2023102 - [e2e][automation] Cloudinit disk of VM from custom template\n2023216 - ACL for a deleted egressfirewall still present on node join switch\n2023228 - Remove Tech preview badge on Trigger components 1.6 OSP on OCP 4.9\n2023238 - [sig-devex][Feature:ImageEcosystem][python][Slow] hot deploy for openshift python image  Django example should work with hot deploy\n2023342 - SCC admission should take ephemeralContainers into account\n2023356 - Devfiles can\u0027t be loaded in Safari on macOS (403 - Forbidden)\n2023434 - Update Azure Machine Spec API to accept Marketplace Images\n2023500 - Latency experienced while waiting for volumes to attach to node\n2023522 - can\u0027t remove package from index: database is locked\n2023560 - \"Network Attachment Definitions\" has no project field on the top in the list view\n2023592 - [e2e][automation] add mac spoof check for nad\n2023604 - ACL violation when deleting a provisioning-configuration resource\n2023607 - console returns blank page when normal user without any projects visit Installed Operators page\n2023638 - Downgrade support level for extended control plane integration to Dev Preview\n2023657 - inconsistent behaviours of adding ssh key on rhel node between 4.9 and 4.10\n2023675 - Changing CNV Namespace\n2023779 - Fix Patch 104847 in 4.9\n2023781 - initial hardware devices is not loading in wizard\n2023832 - CCO updates lastTransitionTime for non-Status changes\n2023839 - Bump recommended FCOS to 34.20211031.3.0\n2023865 - Console css overrides prevent dynamic plug-in PatternFly tables from displaying correctly\n2023950 - make test-e2e-operator on kubernetes-nmstate results in failure to pull image from \"registry:5000\" repository\n2023985 - [4.10] OVN idle service cannot be accessed after upgrade from 4.8\n2024055 - External DNS added extra prefix for the TXT record\n2024108 - Occasionally node remains in SchedulingDisabled state even after update has been completed sucessfully\n2024190 - e2e-metal UPI is permafailing with inability to find rhcos.json\n2024199 - 400 Bad Request error for some queries for the non admin user\n2024220 - Cluster monitoring checkbox flickers when installing Operator in all-namespace mode\n2024262 - Sample catalog is not displayed when one API call to the backend fails\n2024309 - cluster-etcd-operator: defrag controller needs to provide proper observability\n2024316 - modal about support displays wrong annotation\n2024328 - [oVirt / RHV] PV disks are lost when machine deleted while node is disconnected\n2024399 - Extra space is in the translated text of \"Add/Remove alternate service\" on Create Route page\n2024448 - When ssh_authorized_keys is empty in form view it should not appear in yaml view\n2024493 - Observe \u003e Alerting \u003e Alerting rules page throws error trying to destructure undefined\n2024515 - test-blocker: Ceph-storage-plugin tests failing\n2024535 - hotplug disk missing OwnerReference\n2024537 - WINDOWS_IMAGE_LINK does not refer to windows cloud image\n2024547 - Detail page is breaking for namespace store , backing store and bucket class. \n2024551 - KMS resources not getting created for IBM FlashSystem storage\n2024586 - Special Resource Operator(SRO) - Empty image in BuildConfig when using RT kernel\n2024613 - pod-identity-webhook starts without tls\n2024617 - vSphere CSI tests constantly failing with Rollout of the monitoring stack failed and is degraded\n2024665 - Bindable services are not shown on topology\n2024731 - linuxptp container: unnecessary checking of interfaces\n2024750 - i18n some remaining OLM items\n2024804 - gcp-pd-csi-driver does not use trusted-ca-bundle when cluster proxy configured\n2024826 - [RHOS/IPI] Masters are not joining a clusters when installing on OpenStack\n2024841 - test Keycloak with latest tag\n2024859 - Not able to deploy an existing image from private image registry using developer console\n2024880 - Egress IP breaks when network policies are applied\n2024900 - Operator upgrade kube-apiserver\n2024932 - console throws \"Unauthorized\" error after logging out\n2024933 - openshift-sync plugin does not sync existing secrets/configMaps on start up\n2025093 - Installer does not honour diskformat specified in storage policy and defaults to zeroedthick\n2025230 - ClusterAutoscalerUnschedulablePods should not be a warning\n2025266 - CreateResource route has exact prop which need to be removed\n2025301 - [e2e][automation] VM actions availability in different VM states\n2025304 - overwrite storage section of the DV spec instead of the pvc section\n2025431 - [RFE]Provide specific windows source link\n2025458 - [IPI-AWS] cluster-baremetal-operator pod in a crashloop state after patching from 4.7.21 to 4.7.36\n2025464 - [aws] openshift-install gather bootstrap collects logs for bootstrap and only one master node\n2025467 - [OVN-K][ETP=local] Host to service backed by ovn pods doesn\u0027t work for ExternalTrafficPolicy=local\n2025481 - Update VM Snapshots UI\n2025488 - [DOCS] Update the doc for nmstate operator installation\n2025592 - ODC 4.9 supports invalid devfiles only\n2025765 - It should not try to load from storageProfile after unchecking\"Apply optimized StorageProfile settings\"\n2025767 - VMs orphaned during machineset scaleup\n2025770 - [e2e] non-priv seems looking for v2v-vmware configMap in ns \"kubevirt-hyperconverged\" while using customize wizard\n2025788 - [IPI on azure]Pre-check on IPI Azure, should check VM Size\u2019s vCPUsAvailable instead of vCPUs for the sku. \n2025821 - Make \"Network Attachment Definitions\" available to regular user\n2025823 - The console nav bar ignores plugin separator in existing sections\n2025830 - CentOS capitalizaion is wrong\n2025837 - Warn users that the RHEL URL expire\n2025884 - External CCM deploys openstack-cloud-controller-manager from quay.io/openshift/origin-*\n2025903 - [UI] RoleBindings tab doesn\u0027t show correct rolebindings\n2026104 - [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them [Skipped:Disconnected] [Suite:openshift/conformance/parallel]\n2026178 - OpenShift Alerting Rules Style-Guide Compliance\n2026209 - Updation of task is getting failed (tekton hub integration)\n2026223 - Internal error occurred: failed calling webhook \"ptpconfigvalidationwebhook.openshift.io\"\n2026321 - [UPI on Azure] Shall we remove allowedValue about VMSize in ARM templates\n2026343 - [upgrade from 4.5 to 4.6] .status.connectionState.address of catsrc community-operators is not correct\n2026352 - Kube-Scheduler revision-pruner fail during install of new cluster\n2026374 - aws-pod-identity-webhook go.mod version out of sync with build environment\n2026383 - Error when rendering custom Grafana dashboard through ConfigMap\n2026387 - node tuning operator metrics endpoint serving old certificates after certificate rotation\n2026396 - Cachito Issues: sriov-network-operator Image build failure\n2026488 - openshift-controller-manager - delete event is repeating pathologically\n2026489 - ThanosRuleRuleEvaluationLatencyHigh alerts when a big quantity of alerts defined. \n2026560 - Cluster-version operator does not remove unrecognized volume mounts\n2026699 - fixed a bug with missing metadata\n2026813 - add Mellanox CX-6 Lx DeviceID 101f NIC support in SR-IOV Operator\n2026898 - Description/details are missing for Local Storage Operator\n2027132 - Use the specific icon for Fedora and CentOS template\n2027238 - \"Node Exporter / USE Method / Cluster\" CPU utilization graph shows incorrect legend\n2027272 - KubeMemoryOvercommit alert should be human readable\n2027281 - [Azure] External-DNS cannot find the private DNS zone in the resource group\n2027288 - Devfile samples can\u0027t be loaded after fixing it on Safari (redirect caching issue)\n2027299 - The status of checkbox component is not revealed correctly in code\n2027311 - K8s watch hooks do not work when fetching core resources\n2027342 - Alert ClusterVersionOperatorDown is firing on OpenShift Container Platform after ca certificate rotation\n2027363 - The azure-file-csi-driver and azure-file-csi-driver-operator don\u0027t use the downstream images\n2027387 - [IBMCLOUD] Terraform ibmcloud-provider buffers entirely the qcow2 image causing spikes of 5GB of RAM during installation\n2027498 - [IBMCloud] SG Name character length limitation\n2027501 - [4.10] Bootimage bump tracker\n2027524 - Delete Application doesn\u0027t delete Channels or Brokers\n2027563 - e2e/add-flow-ci.feature fix accessibility violations\n2027585 - CVO crashes when changing spec.upstream to a cincinnati graph which includes invalid conditional edges\n2027629 - Gather ValidatingWebhookConfiguration and MutatingWebhookConfiguration resource definitions\n2027685 - openshift-cluster-csi-drivers pods crashing on PSI\n2027745 - default samplesRegistry prevents the creation of imagestreams when registrySources.allowedRegistries is enforced\n2027824 - ovnkube-master CrashLoopBackoff: panic: Expected slice or struct but got string\n2027917 - No settings in hostfirmwaresettings and schema objects for masters\n2027927 - sandbox creation fails due to obsolete option in /etc/containers/storage.conf\n2027982 - nncp stucked at ConfigurationProgressing\n2028019 - Max pending serving CSRs allowed in cluster machine approver is not right for UPI clusters\n2028024 - After deleting a SpecialResource, the node is still tagged although the driver is removed\n2028030 - Panic detected in cluster-image-registry-operator pod\n2028042 - Desktop viewer for Windows VM shows \"no Service for the RDP (Remote Desktop Protocol) can be found\"\n2028054 - Cloud controller manager operator can\u0027t get leader lease when upgrading from 4.8 up to 4.9\n2028106 - [RFE] Use dynamic plugin actions for kubevirt plugin\n2028141 - Console tests doesn\u0027t pass on Node.js 15 and 16\n2028160 - Remove i18nKey in network-policy-peer-selectors.tsx\n2028162 - Add Sprint 210 translations\n2028170 - Remove leading and trailing whitespace\n2028174 - Add Sprint 210 part 2 translations\n2028187 - Console build doesn\u0027t pass on Node.js 16 because node-sass doesn\u0027t support it\n2028217 - Cluster-version operator does not default Deployment replicas to one\n2028240 - Multiple CatalogSources causing higher CPU use than necessary\n2028268 - Password parameters are listed in FirmwareSchema in spite that cannot and shouldn\u0027t be set in HostFirmwareSettings\n2028325 - disableDrain should be set automatically on SNO\n2028484 - AWS EBS CSI driver\u0027s livenessprobe does not respect operator\u0027s loglevel\n2028531 - Missing netFilter to the list of parameters when platform is OpenStack\n2028610 - Installer doesn\u0027t retry on GCP rate limiting\n2028685 - LSO repeatedly reports errors while diskmaker-discovery pod is starting\n2028695 - destroy cluster does not prune bootstrap instance profile\n2028731 - The containerruntimeconfig controller has wrong assumption regarding the number of containerruntimeconfigs\n2028802 - CRI-O panic due to invalid memory address or nil pointer dereference\n2028816 - VLAN IDs not released on failures\n2028881 - Override not working for the PerformanceProfile template\n2028885 - Console should show an error context if it logs an error object\n2028949 - Masthead dropdown item hover text color is incorrect\n2028963 - Whereabouts should reconcile stranded IP addresses\n2029034 - enabling ExternalCloudProvider leads to inoperative cluster\n2029178 - Create VM with wizard - page is not displayed\n2029181 - Missing CR from PGT\n2029273 - wizard is not able to use if project field is \"All Projects\"\n2029369 - Cypress tests github rate limit errors\n2029371 - patch pipeline--worker nodes unexpectedly reboot during scale out\n2029394 - missing empty text for hardware devices at wizard review\n2029414 - Alibaba Disk snapshots with XFS filesystem cannot be used\n2029416 - Alibaba Disk CSI driver does not use credentials provided by CCO / ccoctl\n2029521 - EFS CSI driver cannot delete volumes under load\n2029570 - Azure Stack Hub: CSI Driver does not use user-ca-bundle\n2029579 - Clicking on an Application which has a Helm Release in it causes an error\n2029644 - New resource FirmwareSchema - reset_required exists for Dell machines and doesn\u0027t for HPE\n2029645 - Sync upstream 1.15.0 downstream\n2029671 - VM action \"pause\" and \"clone\" should be disabled while VM disk is still being importing\n2029742 - [ovn] Stale lr-policy-list  and snat rules left for egressip\n2029750 - cvo keep restart due to it fail to get feature gate value during the initial start stage\n2029785 - CVO panic when an edge is included in both edges and conditionaledges\n2029843 - Downstream ztp-site-generate-rhel8 4.10 container image missing content(/home/ztp)\n2030003 - HFS CRD: Attempt to set Integer parameter to not-numeric string value - no error\n2030029 - [4.10][goroutine]Namespace stuck terminating: Failed to delete all resource types, 1 remaining: unexpected items still remain in namespace\n2030228 - Fix StorageSpec resources field to use correct API\n2030229 - Mirroring status card reflect wrong data\n2030240 - Hide overview page for non-privileged user\n2030305 - Export App job do not completes\n2030347 - kube-state-metrics exposes metrics about resource annotations\n2030364 - Shared resource CSI driver monitoring is not setup correctly\n2030488 - Numerous Azure CI jobs are Failing with Partially Rendered machinesets\n2030534 - Node selector/tolerations rules are evaluated too early\n2030539 - Prometheus is not highly available\n2030556 - Don\u0027t display Description or Message fields for alerting rules if those annotations are missing\n2030568 - Operator installation fails to parse operatorframework.io/initialization-resource annotation\n2030574 - console service uses older \"service.alpha.openshift.io\" for the service serving certificates. \n2030677 - BOND CNI: There is no option to configure MTU on a Bond interface\n2030692 - NPE in PipelineJobListener.upsertWorkflowJob\n2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache\n2030806 - CVE-2021-44717 golang: syscall: don\u0027t close fd 0 on ForkExec error\n2030847 - PerformanceProfile API version should be v2\n2030961 - Customizing the OAuth server URL does not apply to upgraded cluster\n2031006 - Application name input field is not autofocused when user selects \"Create application\"\n2031012 - Services of type loadbalancer do not work if the traffic reaches the node from an interface different from br-ex\n2031040 - Error screen when open topology sidebar for a Serverless / knative service which couldn\u0027t be started\n2031049 - [vsphere upi] pod machine-config-operator cannot be started due to panic issue\n2031057 - Topology sidebar for Knative services shows a small pod ring with \"0 undefined\" as tooltip\n2031060 - Failing CSR Unit test due to expired test certificate\n2031085 - ovs-vswitchd running more threads than expected\n2031141 - Some pods not able to reach k8s api svc IP 198.223.0.1\n2031228 - CVE-2021-43813 grafana: directory traversal vulnerability\n2031502 - [RFE] New common templates crash the ui\n2031685 - Duplicated forward upstreams should be removed from the dns operator\n2031699 - The displayed ipv6 address of a dns upstream should be case sensitive\n2031797 - [RFE] Order and text of Boot source type input are wrong\n2031826 - CI tests needed to confirm driver-toolkit image contents\n2031831 - OCP Console - Global CSS overrides affecting dynamic plugins\n2031839 - Starting from Go 1.17 invalid certificates will render a cluster dysfunctional\n2031858 - GCP beta-level Role (was: CCO occasionally down, reporting networksecurity.googleapis.com API as disabled)\n2031875 - [RFE]: Provide online documentation for the SRO CRD (via oc explain)\n2031926 - [ipv6dualstack] After SVC conversion from single stack only to RequireDualStack, cannot curl NodePort from the node itself\n2032006 - openshift-gitops-application-controller-0 failed to schedule with sufficient node allocatable resource\n2032111 - arm64 cluster, create project and deploy the example deployment, pod is CrashLoopBackOff due to the image is built on linux+amd64\n2032141 - open the alertrule link in new tab, got empty page\n2032179 - [PROXY] external dns pod cannot reach to cloud API in the cluster behind a proxy\n2032296 - Cannot create machine with ephemeral disk on Azure\n2032407 - UI will show the default openshift template wizard for HANA template\n2032415 - Templates page - remove \"support level\" badge and add \"support level\" column which should not be hard coded\n2032421 - [RFE] UI integration with automatic updated images\n2032516 - Not able to import git repo with .devfile.yaml\n2032521 - openshift-installer intermittent failure on AWS with \"Error: Provider produced inconsistent result after apply\" when creating the aws_vpc_dhcp_options_association resource\n2032547 - hardware devices table have filter when table is empty\n2032565 - Deploying compressed files with a MachineConfig resource degrades the MachineConfigPool\n2032566 - Cluster-ingress-router does not support Azure Stack\n2032573 - Adopting enforces deploy_kernel/ramdisk which does not work with deploy_iso\n2032589 - DeploymentConfigs ignore resolve-names annotation\n2032732 - Fix styling conflicts due to recent console-wide CSS changes\n2032831 - Knative Services and Revisions are not shown when Service has no ownerReference\n2032851 - Networking is \"not available\" in Virtualization Overview\n2032926 - Machine API components should use K8s 1.23 dependencies\n2032994 - AddressPool IP is not allocated to service external IP wtih aggregationLength 24\n2032998 - Can not achieve 250 pods/node with OVNKubernetes in a multiple worker node cluster\n2033013 - Project dropdown in user preferences page is broken\n2033044 - Unable to change import strategy if devfile is invalid\n2033098 - Conjunction in ProgressiveListFooter.tsx is not translatable\n2033111 - IBM VPC operator library bump removed global CLI args\n2033138 - \"No model registered for Templates\" shows on customize wizard\n2033215 - Flaky CI: crud/other-routes.spec.ts fails sometimes with an cypress ace/a11y AssertionError: 1 accessibility violation was detected\n2033239 - [IPI on Alibabacloud] \u0027openshift-install\u0027 gets the wrong region (\u2018cn-hangzhou\u2019) selected\n2033257 - unable to use configmap for helm charts\n2033271 - [IPI on Alibabacloud] destroying cluster succeeded, but the resource group deletion wasn\u2019t triggered\n2033290 - Product builds for console are failing\n2033382 - MAPO is missing machine annotations\n2033391 - csi-driver-shared-resource-operator sets unused CVO-manifest annotations\n2033403 - Devfile catalog does not show provider information\n2033404 - Cloud event schema is missing source type and resource field is using wrong value\n2033407 - Secure route data is not pre-filled in edit flow form\n2033422 - CNO not allowing LGW conversion from SGW in runtime\n2033434 - Offer darwin/arm64 oc in clidownloads\n2033489 - CCM operator failing on baremetal platform\n2033518 - [aws-efs-csi-driver]Should not accept invalid FSType in sc for AWS EFS driver\n2033524 - [IPI on Alibabacloud] interactive installer cannot list existing base domains\n2033536 - [IPI on Alibabacloud] bootstrap complains invalid value for alibabaCloud.resourceGroupID when updating \"cluster-infrastructure-02-config.yml\" status, which leads to bootstrap failed and all master nodes NotReady\n2033538 - Gather Cost Management Metrics Custom Resource\n2033579 - SRO cannot update the special-resource-lifecycle ConfigMap if the data field is undefined\n2033587 - Flaky CI test project-dashboard.scenario.ts: Resource Quotas Card was not found on project detail page\n2033634 - list-style-type: disc is applied to the modal dropdowns\n2033720 - Update samples in 4.10\n2033728 - Bump OVS to 2.16.0-33\n2033729 - remove runtime request timeout restriction for azure\n2033745 - Cluster-version operator makes upstream update service / Cincinnati requests more frequently than intended\n2033749 - Azure Stack Terraform fails without Local Provider\n2033750 - Local volume should pull multi-arch image for kube-rbac-proxy\n2033751 - Bump kubernetes to 1.23\n2033752 - make verify fails due to missing yaml-patch\n2033784 - set kube-apiserver degraded=true if webhook matches a virtual resource\n2034004 - [e2e][automation] add tests for VM snapshot improvements\n2034068 - [e2e][automation] Enhance tests for 4.10 downstream\n2034087 - [OVN] EgressIP was assigned to the node which is not egress node anymore\n2034097 - [OVN] After edit EgressIP object, the status is not correct\n2034102 - [OVN] Recreate the  deleted EgressIP object got  InvalidEgressIP  warning\n2034129 - blank page returned when clicking \u0027Get started\u0027 button\n2034144 - [OVN AWS] ovn-kube egress IP monitoring cannot detect the failure on ovn-k8s-mp0\n2034153 - CNO does not verify MTU migration for OpenShiftSDN\n2034155 - [OVN-K] [Multiple External Gateways] Per pod SNAT is disabled\n2034170 - Use function.knative.dev for Knative Functions related labels\n2034190 - unable to add new VirtIO disks to VMs\n2034192 - Prometheus fails to insert reporting metrics when the sample limit is met\n2034243 - regular user cant load template list\n2034245 - installing a cluster on aws, gcp always fails with \"Error: Incompatible provider version\"\n2034248 - GPU/Host device modal is too small\n2034257 - regular user `Create VM` missing permissions alert\n2034285 - [sig-api-machinery] API data in etcd should be stored at the correct location and version for all resources [Serial] [Suite:openshift/conformance/serial]\n2034287 - do not block upgrades if we can\u0027t create storageclass in 4.10 in vsphere\n2034300 - Du validator policy is NonCompliant after DU configuration completed\n2034319 - Negation constraint is not validating packages\n2034322 - CNO doesn\u0027t pick up settings required when ExternalControlPlane topology\n2034350 - The CNO should implement the Whereabouts IP reconciliation cron job\n2034362 - update description of disk interface\n2034398 - The Whereabouts IPPools CRD should include the podref field\n2034409 - Default CatalogSources should be pointing to 4.10 index images\n2034410 - Metallb BGP, BFD:  prometheus is not scraping the frr metrics\n2034413 - cloud-network-config-controller fails to init with secret \"cloud-credentials\" not found in manual credential mode\n2034460 - Summary: cloud-network-config-controller does not account for different environment\n2034474 - Template\u0027s boot source is \"Unknown source\" before and after set enableCommonBootImageImport to true\n2034477 - [OVN] Multiple EgressIP objects configured, EgressIPs weren\u0027t working properly\n2034493 - Change cluster version operator log level\n2034513 - [OVN] After update one EgressIP in EgressIP object, one internal IP lost from lr-policy-list\n2034527 - IPI deployment fails \u0027timeout reached while inspecting the node\u0027 when provisioning network ipv6\n2034528 - [IBM VPC] volumeBindingMode should be WaitForFirstConsumer\n2034534 - Update ose-machine-api-provider-openstack images to be consistent with ART\n2034537 - Update team\n2034559 - KubeAPIErrorBudgetBurn firing outside recommended latency thresholds\n2034563 - [Azure] create machine with wrong ephemeralStorageLocation value success\n2034577 - Current OVN gateway mode should be reflected on node annotation as well\n2034621 - context menu not popping up for application group\n2034622 - Allow volume expansion by default in vsphere CSI storageclass 4.10\n2034624 - Warn about unsupported CSI driver in vsphere operator\n2034647 - missing volumes list in snapshot modal\n2034648 - Rebase openshift-controller-manager to 1.23\n2034650 - Rebase openshift/builder to 1.23\n2034705 - vSphere: storage e2e tests logging configuration data\n2034743 - EgressIP: assigning the same egress IP to a second EgressIP object after a ovnkube-master restart does not fail. \n2034766 - Special Resource Operator(SRO) -  no cert-manager pod created in dual stack environment\n2034785 - ptpconfig with summary_interval cannot be applied\n2034823 - RHEL9 should be starred in template list\n2034838 - An external router can inject routes if no service is added\n2034839 - Jenkins sync plugin does not synchronize ConfigMap having label role=jenkins-agent\n2034879 - Lifecycle hook\u0027s name and owner shouldn\u0027t be allowed to be empty\n2034881 - Cloud providers components should use K8s 1.23 dependencies\n2034884 - ART cannot build the image because it tries to download controller-gen\n2034889 - `oc adm prune deployments` does not work\n2034898 - Regression in recently added Events feature\n2034957 - update openshift-apiserver to kube 1.23.1\n2035015 - ClusterLogForwarding CR remains stuck remediating forever\n2035093 - openshift-cloud-network-config-controller never runs on Hypershift cluster\n2035141 - [RFE] Show GPU/Host devices in template\u0027s details tab\n2035146 - \"kubevirt-plugin~PVC cannot be empty\" shows on add-disk modal while adding existing PVC\n2035167 - [cloud-network-config-controller] unable to deleted cloudprivateipconfig when deleting\n2035199 - IPv6 support in mtu-migration-dispatcher.yaml\n2035239 - e2e-metal-ipi-virtualmedia tests are permanently failing\n2035250 - Peering with ebgp peer over multi-hops doesn\u0027t work\n2035264 - [RFE] Provide a proper message for nonpriv user who not able to add PCI devices\n2035315 - invalid test cases for AWS passthrough mode\n2035318 - Upgrade management workflow needs to allow custom upgrade graph path for disconnected env\n2035321 - Add Sprint 211 translations\n2035326 - [ExternalCloudProvider] installation with additional network on workers fails\n2035328 - Ccoctl does not ignore credentials request manifest marked for deletion\n2035333 - Kuryr orphans ports on 504 errors from Neutron\n2035348 - Fix two grammar issues in kubevirt-plugin.json strings\n2035393 - oc set data --dry-run=server  makes persistent changes to configmaps and secrets\n2035409 - OLM E2E test depends on operator package that\u0027s no longer published\n2035439 - SDN  Automatic assignment EgressIP on GCP returned node IP adress not egressIP address\n2035453 - [IPI on Alibabacloud] 2 worker machines stuck in Failed phase due to connection to \u0027ecs-cn-hangzhou.aliyuncs.com\u0027 timeout, although the specified region is \u0027us-east-1\u0027\n2035454 - [IPI on Alibabacloud] the OSS bucket created during installation for image registry is not deleted after destroying the cluster\n2035467 - UI: Queried metrics can\u0027t be ordered on Oberve-\u003eMetrics page\n2035494 - [SDN Migration]ovnkube-node pods CrashLoopBackOff after sdn migrated to ovn for RHEL workers\n2035515 - [IBMCLOUD] allowVolumeExpansion should be true in storage class\n2035602 - [e2e][automation] add tests for Virtualization Overview page cards\n2035703 - Roles -\u003e RoleBindings tab doesn\u0027t show RoleBindings correctly\n2035704 - RoleBindings list page filter doesn\u0027t apply\n2035705 - Azure \u0027Destroy cluster\u0027 get stuck when the cluster resource group is already not existing. \n2035757 - [IPI on Alibabacloud] one master node turned NotReady which leads to installation failed\n2035772 - AccessMode and VolumeMode is not reserved for customize wizard\n2035847 - Two dashes in the Cronjob / Job pod name\n2035859 - the output of opm render doesn\u0027t contain  olm.constraint which is defined in dependencies.yaml\n2035882 - [BIOS setting values] Create events for all invalid settings in spec\n2035903 - One redundant capi-operator credential requests in \u201coc adm extract --credentials-requests\u201d\n2035910 - [UI] Manual approval options are missing after ODF 4.10 installation starts when Manual Update approval is chosen\n2035927 - Cannot enable HighNodeUtilization scheduler profile\n2035933 - volume mode and access mode are empty in customize wizard review tab\n2035969 - \"ip a \" shows \"Error: Peer netns reference is invalid\" after create test pods\n2035986 - Some pods under kube-scheduler/kube-controller-manager are using the deprecated annotation\n2036006 - [BIOS setting values] Attempt to set Integer parameter results in preparation error\n2036029 - New added cloud-network-config operator doesn\u2019t supported aws sts format credential\n2036096 - [azure-file-csi-driver] there are no e2e tests for NFS backend\n2036113 - cluster scaling new nodes ovs-configuration fails on all new nodes\n2036567 - [csi-driver-nfs] Upstream merge: Bump k8s libraries to 1.23\n2036569 - [cloud-provider-openstack] Upstream merge: Bump k8s libraries to 1.23\n2036577 - OCP 4.10 nightly builds from 4.10.0-0.nightly-s390x-2021-12-18-034912 to 4.10.0-0.nightly-s390x-2022-01-11-233015 fail to upgrade from OCP 4.9.11 and 4.9.12 for network type OVNKubernetes for zVM hypervisor environments\n2036622 - sdn-controller crashes when restarted while a previous egress IP assignment exists\n2036717 - Valid AlertmanagerConfig custom resource with valid a mute time interval definition is rejected\n2036826 - `oc adm prune deployments` can prune the RC/RS\n2036827 - The ccoctl still accepts CredentialsRequests without ServiceAccounts on GCP platform\n2036861 - kube-apiserver is degraded while enable multitenant\n2036937 - Command line tools page shows wrong download ODO link\n2036940 - oc registry login fails if the file is empty or stdout\n2036951 - [cluster-csi-snapshot-controller-operator] proxy settings is being injected in container\n2036989 - Route URL copy to clipboard button wraps to a separate line by itself\n2036990 - ZTP \"DU Done inform policy\" never becomes compliant on multi-node clusters\n2036993 - Machine API components should use Go lang version 1.17\n2037036 - The tuned profile goes into degraded status and ksm.service is displayed in the log. \n2037061 - aws and gcp CredentialsRequest manifests missing ServiceAccountNames list for cluster-api\n2037073 - Alertmanager container fails to start because of startup probe never being successful\n2037075 - Builds do not support CSI volumes\n2037167 - Some log level in ibm-vpc-block-csi-controller are hard code\n2037168 - IBM-specific Deployment manifest for package-server-manager should be excluded on non-IBM cluster-profiles\n2037182 - PingSource badge color is not matched with knativeEventing color\n2037203 - \"Running VMs\" card is too small in Virtualization Overview\n2037209 - [IPI on Alibabacloud] worker nodes are put in the default resource group unexpectedly\n2037237 - Add \"This is a CD-ROM boot source\" to customize wizard\n2037241 - default TTL for noobaa cache buckets should be 0\n2037246 - Cannot customize auto-update boot source\n2037276 - [IBMCLOUD] vpc-node-label-updater may fail to label nodes appropriately\n2037288 - Remove stale image reference\n2037331 - Ensure the ccoctl behaviors are similar between aws and gcp on the existing resources\n2037483 - Rbacs for Pods within the CBO should be more restrictive\n2037484 - Bump dependencies to k8s 1.23\n2037554 - Mismatched wave number error message should include the wave numbers that are in conflict\n2037622 - [4.10-Alibaba CSI driver][Restore size for volumesnapshot/volumesnapshotcontent is showing as 0 in Snapshot feature for Alibaba platform]\n2037635 - impossible to configure custom certs for default console route in ingress config\n2037637 - configure custom certificate for default console route doesn\u0027t take effect for OCP \u003e= 4.8\n2037638 - Builds do not support CSI volumes as volume sources\n2037664 - text formatting issue in Installed Operators list table\n2037680 - [IPI on Alibabacloud] sometimes operator \u0027cloud-controller-manager\u0027 tells empty VERSION, due to conflicts on listening tcp :8080\n2037689 - [IPI on Alibabacloud] sometimes operator \u0027cloud-controller-manager\u0027 tells empty VERSION, due to conflicts on listening tcp :8080\n2037801 - Serverless installation is failing on CI jobs for e2e tests\n2037813 - Metal Day 1 Networking -  networkConfig Field Only Accepts String Format\n2037856 - use lease for leader election\n2037891 - 403 Forbidden error shows for all the graphs in each grafana dashboard after upgrade from 4.9 to 4.10\n2037903 - Alibaba Cloud: delete-ram-user requires the credentials-requests\n2037904 - upgrade operator deployment failed due to memory limit too low for manager container\n2038021 - [4.10-Alibaba CSI driver][Default volumesnapshot class is not added/present after successful cluster installation]\n2038034 - non-privileged user cannot see auto-update boot source\n2038053 - Bump dependencies to k8s 1.23\n2038088 - Remove ipa-downloader references\n2038160 - The `default` project missed the annotation : openshift.io/node-selector: \"\"\n2038166 - Starting from Go 1.17 invalid certificates will render a cluster non-functional\n2038196 - must-gather is missing collecting some metal3 resources\n2038240 - Error when configuring a file using permissions bigger than decimal 511 (octal 0777)\n2038253 - Validator Policies are long lived\n2038272 - Failures to build a PreprovisioningImage are not reported\n2038384 - Azure Default Instance Types are Incorrect\n2038389 - Failing test: [sig-arch] events should not repeat pathologically\n2038412 - Import page calls the git file list unnecessarily twice from GitHub/GitLab/Bitbucket\n2038465 - Upgrade chromedriver to 90.x to support Mac M1 chips\n2038481 - kube-controller-manager-guard and openshift-kube-scheduler-guard pods being deleted and restarted on a cordoned node when drained\n2038596 - Auto egressIP for OVN cluster on GCP: After egressIP object is deleted, egressIP still takes effect\n2038663 - update kubevirt-plugin OWNERS\n2038691 - [AUTH-8] Panic on user login when the user belongs to a group in the IdP side and the group already exists via \"oc adm groups new\"\n2038705 - Update ptp reviewers\n2038761 - Open Observe-\u003eTargets page, wait for a while, page become blank\n2038768 - All the filters on the Observe-\u003eTargets page can\u0027t work\n2038772 - Some monitors failed to display on Observe-\u003eTargets page\n2038793 - [SDN EgressIP] After reboot egress node, the egressip was lost from egress node\n2038827 - should add user containers in /etc/subuid and /etc/subgid to support run pods in user namespaces\n2038832 - New templates for centos stream8 are missing registry suggestions in create vm wizard\n2038840 - [SDN EgressIP]cloud-network-config-controller pod was CrashLoopBackOff after some operation\n2038864 - E2E tests fail because multi-hop-net was not created\n2038879 - All Builds are getting listed in DeploymentConfig under workloads on OpenShift Console\n2038934 - CSI driver operators should use the trusted CA bundle when cluster proxy is configured\n2038968 - Move feature gates from a carry patch to openshift/api\n2039056 - Layout issue with breadcrumbs on API explorer page\n2039057 - Kind column is not wide enough in API explorer page\n2039064 - Bulk Import e2e test flaking at a high rate\n2039065 - Diagnose and fix Bulk Import e2e test that was previously disabled\n2039085 - Cloud credential operator configuration failing to apply in hypershift/ROKS clusters\n2039099 - [OVN EgressIP GCP] After reboot egress node, egressip that was previously assigned got lost\n2039109 - [FJ OCP4.10 Bug]: startironic.sh failed to pull the image of image-customization container when behind a proxy\n2039119 - CVO hotloops on Service openshift-monitoring/cluster-monitoring-operator\n2039170 - [upgrade]Error shown on registry operator \"missing the cloud-provider-config configmap\" after upgrade\n2039227 - Improve image customization server parameter passing during installation\n2039241 - Improve image customization server parameter passing during installation\n2039244 - Helm Release revision history page crashes the UI\n2039294 - SDN controller metrics cannot be consumed correctly by prometheus\n2039311 - oc Does Not Describe Build CSI Volumes\n2039315 - Helm release list page should only fetch secrets for deployed charts\n2039321 - SDN controller metrics are not being consumed by prometheus\n2039330 - Create NMState button doesn\u0027t work in OperatorHub web console\n2039339 - cluster-ingress-operator should report Unupgradeable if user has modified the aws resources annotations\n2039345 - CNO does not verify the minimum MTU value for IPv6/dual-stack clusters. \n2039359 - `oc adm prune deployments` can\u0027t prune the RS  where the associated Deployment no longer exists\n2039382 - gather_metallb_logs does not have execution permission\n2039406 - logout from rest session after vsphere operator sync is finished\n2039408 - Add GCP region northamerica-northeast2 to allowed regions\n2039414 - Cannot see the weights increased for NodeAffinity, InterPodAffinity, TaintandToleration\n2039425 - No need to set KlusterletAddonConfig CR applicationManager-\u003eenabled: true in RAN ztp deployment\n2039491 - oc - git:// protocol used in unit tests\n2039516 - Bump OVN to ovn21.12-21.12.0-25\n2039529 - Project Dashboard Resource Quotas Card empty state test flaking at a high rate\n2039534 - Diagnose and fix Project Dashboard Resource Quotas Card test that was previously disabled\n2039541 - Resolv-prepender script duplicating entries\n2039586 - [e2e] update centos8 to centos stream8\n2039618 - VM created from SAP HANA template leads to 404 page if leave one network parameter empty\n2039619 - [AWS] In tree provisioner storageclass aws disk type should contain \u0027gp3\u0027 and csi provisioner storageclass default aws disk type should be \u0027gp3\u0027\n2039670 - Create PDBs for control plane components\n2039678 - Page goes blank when create image pull secret\n2039689 - [IPI on Alibabacloud] Pay-by-specification NAT is no longer supported\n2039743 - React missing key warning when open operator hub detail page (and maybe others as well)\n2039756 - React missing key warning when open KnativeServing details\n2039770 - Observe dashboard doesn\u0027t react on time-range changes after browser reload when perspective is changed in another tab\n2039776 - Observe dashboard shows nothing if the URL links to an non existing dashboard\n2039781 - [GSS] OBC is not visible by admin of a Project on Console\n2039798 - Contextual binding with Operator backed service creates visual connector instead of Service binding connector\n2039868 - Insights Advisor widget is not in the disabled state when the Insights Operator is disabled\n2039880 - Log level too low for control plane metrics\n2039919 - Add E2E test for router compression feature\n2039981 - ZTP for standard clusters installs stalld on master nodes\n2040132 - Flag --port has been deprecated, This flag has no effect now and will be removed in v1.24. You can use --secure-port instead\n2040136 - external-dns-operator pod keeps restarting and reports error: timed out waiting for cache to be synced\n2040143 - [IPI on Alibabacloud] suggest to remove region \"cn-nanjing\" or provide better error message\n2040150 - Update ConfigMap keys for IBM HPCS\n2040160 - [IPI on Alibabacloud] installation fails when region does not support pay-by-bandwidth\n2040285 - Bump build-machinery-go for console-operator to pickup change in yaml-patch repository\n2040357 - bump OVN to ovn-2021-21.12.0-11.el8fdp\n2040376 - \"unknown instance type\" error for supported m6i.xlarge instance\n2040394 - Controller: enqueue the failed configmap till services update\n2040467 - Cannot build ztp-site-generator container image\n2040504 - Change AWS EBS GP3 IOPS in MachineSet doesn\u0027t take affect in OpenShift 4\n2040521 - RouterCertsDegraded certificate could not validate route hostname v4-0-config-system-custom-router-certs.apps\n2040535 - Auto-update boot source is not available in customize wizard\n2040540 - ovs hardware offload: ovsargs format error when adding vf netdev name\n2040603 - rhel worker scaleup playbook failed because missing some dependency of podman\n2040616 - rolebindings page doesn\u0027t load for normal users\n2040620 - [MAPO] Error pulling MAPO image on installation\n2040653 - Topology sidebar warns that another component is updated while rendering\n2040655 - User settings update fails when selecting application in topology sidebar\n2040661 - Different react warnings about updating state on unmounted components when leaving topology\n2040670 - Permafailing CI job: periodic-ci-openshift-release-master-nightly-4.10-e2e-gcp-libvirt-cert-rotation\n2040671 - [Feature:IPv6DualStack] most tests are failing in dualstack ipi\n2040694 - Three upstream HTTPClientConfig struct fields missing in the operator\n2040705 - Du policy for standard cluster runs the PTP daemon on masters and workers\n2040710 - cluster-baremetal-operator cannot update BMC subscription CR\n2040741 - Add CI test(s) to ensure that metal3 components are deployed in vSphere, OpenStack and None platforms\n2040782 - Import YAML page blocks input with more then one generateName attribute\n2040783 - The Import from YAML summary page doesn\u0027t show the resource name if created via generateName attribute\n2040791 - Default PGT policies must be \u0027inform\u0027 to integrate with the Lifecycle Operator\n2040793 - Fix snapshot e2e failures\n2040880 - do not block upgrades if we can\u0027t connect to vcenter\n2041087 - MetalLB: MetalLB CR is not upgraded automatically from 4.9 to 4.10\n2041093 - autounattend.xml missing\n2041204 - link to templates in virtualization-cluster-overview inventory card is to all templates\n2041319 - [IPI on Alibabacloud] installation in region \"cn-shanghai\" failed, due to \"Resource alicloud_vswitch CreateVSwitch Failed...InvalidCidrBlock.Overlapped\"\n2041326 - Should bump cluster-kube-descheduler-operator to kubernetes version V1.23\n2041329 - aws and gcp CredentialsRequest manifests missing ServiceAccountNames list for cloud-network-config-controller\n2041361 - [IPI on Alibabacloud] Disable session persistence and removebBandwidth peak of listener\n2041441 - Provision volume with size 3000Gi even if sizeRange: \u0027[10-2000]GiB\u0027 in storageclass on IBM cloud\n2041466 - Kubedescheduler version is missing from the operator logs\n2041475 - React components should have a (mostly) unique name in react dev tools to simplify code analyses\n2041483 - MetallB: quay.io/openshift/origin-kube-rbac-proxy:4.10 deploy Metallb CR  is missing (controller and speaker pods)\n2041492 - Spacing between resources in inventory card is too small\n2041509 - GCP Cloud provider components should use K8s 1.23 dependencies\n2041510 - cluster-baremetal-operator doesn\u0027t run baremetal-operator\u0027s subscription webhook\n2041541 - audit: ManagedFields are dropped using API not annotation\n2041546 - ovnkube: set election timer at RAFT cluster creation time\n2041554 - use lease for leader election\n2041581 - KubeDescheduler operator log shows \"Use of insecure cipher detected\"\n2041583 - etcd and api server cpu mask interferes with a guaranteed workload\n2041598 - Including CA bundle in Azure Stack cloud config causes MCO failure\n2041605 - Dynamic Plugins: discrepancy in proxy alias documentation/implementation\n2041620 - bundle CSV alm-examples does not parse\n2041641 - Fix inotify leak and kubelet retaining memory\n2041671 - Delete templates leads to 404 page\n2041694 - [IPI on Alibabacloud] installation fails when region does not support the cloud_essd disk category\n2041734 - ovs hwol: VFs are unbind when switchdev mode is enabled\n2041750 - [IPI on Alibabacloud] trying \"create install-config\" with region \"cn-wulanchabu (China (Ulanqab))\" (or \"ap-southeast-6 (Philippines (Manila))\", \"cn-guangzhou (China (Guangzhou))\") failed due to invalid endpoint\n2041763 - The Observe \u003e Alerting pages no longer have their default sort order applied\n2041830 - CI: ovn-kubernetes-master-e2e-aws-ovn-windows is broken\n2041854 - Communities / Local prefs are applied to all the services regardless of the pool, and only one community is applied\n2041882 - cloud-network-config operator can\u0027t work normal on GCP workload identity cluster\n2041888 - Intermittent incorrect build to run correlation, leading to run status updates applied to wrong build, builds stuck in non-terminal phases\n2041926 - [IPI on Alibabacloud] Installer ignores public zone when it does not exist\n2041971 - [vsphere] Reconciliation of mutating webhooks didn\u0027t happen\n2041989 - CredentialsRequest manifests being installed for ibm-cloud-managed profile\n2041999 - [PROXY] external dns pod cannot recognize custom proxy CA\n2042001 - unexpectedly found multiple load balancers\n2042029 - kubedescheduler fails to install completely\n2042036 - [IBMCLOUD] \"openshift-install explain installconfig.platform.ibmcloud\" contains not yet supported custom vpc parameters\n2042049 - Seeing warning related to unrecognized feature gate in kubescheduler \u0026 KCM logs\n2042059 - update discovery burst to reflect lots of CRDs on openshift clusters\n2042069 - Revert toolbox to rhcos-toolbox\n2042169 - Can not delete egressnetworkpolicy in Foreground propagation\n2042181 - MetalLB: User should not be allowed add same bgp advertisement twice in BGP address pool\n2042265 - [IBM]\"--scale-down-utilization-threshold\" doesn\u0027t work on IBMCloud\n2042274 - Storage API should be used when creating a PVC\n2042315 - Baremetal IPI deployment with IPv6 control plane and disabled provisioning network fails as the nodes do not pass introspection\n2042366 - Lifecycle hooks should be independently managed\n2042370 - [IPI on Alibabacloud] installer panics when the zone does not have an enhanced NAT gateway\n2042382 - [e2e][automation] CI takes more then 2 hours to run\n2042395 - Add prerequisites for active health checks test\n2042438 - Missing rpms in openstack-installer image\n2042466 - Selection does not happen when switching from Topology Graph to List View\n2042493 - No way to verify if IPs with leading zeros are still valid in the apiserver\n2042567 - insufficient info on CodeReady Containers configuration\n2042600 - Alone, the io.kubernetes.cri-o.Devices option poses a security risk\n2042619 - Overview page of the console is broken for hypershift clusters\n2042655 - [IPI on Alibabacloud] cluster becomes unusable if there is only one kube-apiserver pod running\n2042711 - [IBMCloud] Machine Deletion Hook cannot work on IBMCloud\n2042715 - [AliCloud] Machine Deletion Hook cannot work on AliCloud\n2042770 - [IPI on Alibabacloud] with vpcID \u0026 vswitchIDs specified, the installer would still try creating NAT gateway unexpectedly\n2042829 - Topology performance: HPA was fetched for each Deployment (Pod Ring)\n2042851 - Create template from SAP HANA template flow - VM is created instead of a new template\n2042906 - Edit machineset with same machine deletion hook name succeed\n2042960 - azure-file CI fails with \"gid(0) in storageClass and pod fsgroup(1000) are not equal\"\n2043003 - [IPI on Alibabacloud] \u0027destroy cluster\u0027 of a failed installation (bug2041694) stuck after \u0027stage=Nat gateways\u0027\n2043042 - [Serial] [sig-auth][Feature:OAuthServer] [RequestHeaders] [IdP] test RequestHeaders IdP [Suite:openshift/conformance/serial]\n2043043 - Cluster Autoscaler should use K8s 1.23 dependencies\n2043064 - Topology performance: Unnecessary rerenderings in topology nodes (unchanged mobx props)\n2043078 - Favorite system projects not visible in the project selector after toggling \"Show default projects\". \n2043117 - Recommended operators links are erroneously treated as external\n2043130 - Update CSI sidecars to the latest release for 4.10\n2043234 - Missing validation when creating several BGPPeers with the same peerAddress\n2043240 - Sync openshift/descheduler with sigs.k8s.io/descheduler\n2043254 - crio does not bind the security profiles directory\n2043296 - Ignition fails when reusing existing statically-keyed LUKS volume\n2043297 - [4.10] Bootimage bump tracker\n2043316 - RHCOS VM fails to boot on Nutanix AOS\n2043446 - Rebase aws-efs-utils to the latest upstream version. \n2043556 - Add proper ci-operator configuration to ironic and ironic-agent images\n2043577 - DPU network operator\n2043651 - Fix bug with exp. backoff working correcly when setting nextCheck in vsphere operator\n2043675 - Too many machines deleted by cluster autoscaler when scaling down\n2043683 - Revert bug 2039344 Ignoring IPv6 addresses against etcd cert validation\n2043709 - Logging flags no longer being bound to command line\n2043721 - Installer bootstrap hosts using outdated kubelet containing bugs\n2043731 - [IBMCloud] terraform outputs missing for ibmcloud bootstrap and worker ips for must-gather\n2043759 - Bump cluster-ingress-operator to k8s.io/api 1.23\n2043780 - Bump router to k8s.io/api 1.23\n2043787 - Bump cluster-dns-operator to k8s.io/api 1.23\n2043801 - Bump CoreDNS to k8s.io/api 1.23\n2043802 - EgressIP stopped working after single egressIP for a netnamespace is switched to the other node of HA pair after the first egress node is shutdown\n2043961 - [OVN-K] If pod creation fails, retry doesn\u0027t work as expected. \n2044201 - Templates golden image parameters names should be supported\n2044244 - Builds are failing after upgrading the cluster with builder image [jboss-webserver-5/jws56-openjdk8-openshift-rhel8]\n2044248 - [IBMCloud][vpc.block.csi.ibm.io]Cluster common user use the storageclass without parameter \u201ccsi.storage.k8s.io/fstype\u201d create pvc,pod successfully but write data to the pod\u0027s volume failed of \"Permission denied\"\n2044303 - [ovn][cloud-network-config-controller] cloudprivateipconfigs ips were left after deleting egressip objects\n2044347 - Bump to kubernetes 1.23.3\n2044481 - collect sharedresource cluster scoped instances with must-gather\n2044496 - Unable to create hardware events subscription - failed to add finalizers\n2044628 - CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources\n2044680 - Additional libovsdb performance and resource consumption fixes\n2044704 - Observe \u003e Alerting pages should not show runbook links in 4.10\n2044717 - [e2e] improve tests for upstream test environment\n2044724 - Remove namespace column on VM list page when a project is selected\n2044745 - Upgrading cluster from 4.9 to 4.10 on Azure (ARO) causes the cloud-network-config-controller pod to CrashLoopBackOff\n2044808 - machine-config-daemon-pull.service: use `cp` instead of `cat` when extracting MCD in OKD\n2045024 - CustomNoUpgrade alerts should be ignored\n2045112 - vsphere-problem-detector has missing rbac rules for leases\n2045199 - SnapShot with Disk Hot-plug hangs\n2045561 - Cluster Autoscaler should use the same default Group value as Cluster API\n2045591 - Reconciliation of aws pod identity mutating webhook did not happen\n2045849 - Add Sprint 212 translations\n2045866 - MCO Operator pod spam \"Error creating event\" warning messages in 4.10\n2045878 - Sync upstream 1.16.0 downstream; includes hybrid helm plugin\n2045916 - [IBMCloud] Default machine profile in installer is unreliable\n2045927 - [FJ OCP4.10 Bug]: Podman failed to pull the IPA image due to the loss of proxy environment\n2046025 - [IPI on Alibabacloud] pre-configured alicloud DNS private zone is deleted after destroying cluster, please clarify\n2046137 - oc output for unknown commands is not human readable\n2046296 - When creating multiple consecutive egressIPs on GCP not all of them get assigned to the instance\n2046297 - Bump DB reconnect timeout\n2046517 - In Notification drawer, the \"Recommendations\" header shows when there isn\u0027t any recommendations\n2046597 - Observe \u003e Targets page may show the wrong service monitor is multiple monitors have the same namespace \u0026 label selectors\n2046626 - Allow setting custom metrics for Ansible-based Operators\n2046683 - [AliCloud]\"--scale-down-utilization-threshold\" doesn\u0027t work on AliCloud\n2047025 - Installation fails because of Alibaba CSI driver operator is degraded\n2047190 - Bump Alibaba CSI driver for 4.10\n2047238 - When using communities and localpreferences together, only localpreference gets applied\n2047255 - alibaba: resourceGroupID not found\n2047258 - [aws-usgov] fatal error occurred if AMI is not provided for AWS GovCloud regions\n2047317 - Update HELM OWNERS files under Dev Console\n2047455 - [IBM Cloud] Update custom image os type\n2047496 - Add image digest feature\n2047779 - do not degrade cluster if storagepolicy creation fails\n2047927 - \u0027oc get project\u0027 caused \u0027Observed a panic: cannot deep copy core.NamespacePhase\u0027 when AllRequestBodies is used\n2047929 - use lease for leader election\n2047975 - [sig-network][Feature:Router] The HAProxy router should override the route host for overridden domains with a custom value [Skipped:Disconnected] [Suite:openshift/conformance/parallel]\n2048046 - New route annotation to show another URL or hide topology URL decorator doesn\u0027t work for Knative Services\n2048048 - Application tab in User Preferences dropdown menus are too wide. \n2048050 - Topology list view items are not highlighted on keyboard navigation\n2048117 - [IBM]Shouldn\u0027t change status.storage.bucket and status.storage.resourceKeyCRN when update sepc.stroage,ibmcos with invalid value\n2048413 - Bond CNI: Failed to  attach Bond NAD to pod\n2048443 - Image registry operator panics when finalizes config deletion\n2048478 - [alicloud] CCM deploys alibaba-cloud-controller-manager from quay.io/openshift/origin-*\n2048484 - SNO: cluster-policy-controller failed to start due to missing serving-cert/tls.crt\n2048598 - Web terminal view is broken\n2048836 - ovs-configure mis-detecting the ipv6 status on IPv4 only cluster causing Deployment failure\n2048891 - Topology page is crashed\n2049003 - 4.10: [IBMCloud] ibm-vpc-block-csi-node does not specify an update strategy, only resource requests, or priority class\n2049043 - Cannot create VM from template\n2049156 - \u0027oc get project\u0027 caused \u0027Observed a panic: cannot deep copy core.NamespacePhase\u0027 when AllRequestBodies is used\n2049886 - Placeholder bug for OCP 4.10.0 metadata release\n2049890 - Warning annotation for pods with cpu requests or limits on single-node OpenShift cluster without workload partitioning\n2050189 - [aws-efs-csi-driver] Merge upstream changes since v1.3.2\n2050190 - [aws-ebs-csi-driver] Merge upstream changes since v1.2.0\n2050227 - Installation on PSI fails with: \u0027openstack platform does not have the required standard-attr-tag network extension\u0027\n2050247 - Failing test in periodics: [sig-network] Services should respect internalTrafficPolicy=Local Pod and Node, to Pod (hostNetwork: true) [Feature:ServiceInternalTrafficPolicy] [Skipped:Network/OVNKubernetes] [Suite:openshift/conformance/parallel] [Suite:k8s]\n2050250 - Install fails to bootstrap, complaining about DefragControllerDegraded and sad members\n2050310 - ContainerCreateError when trying to launch large (\u003e500) numbers of pods across nodes\n2050370 - alert data for burn budget needs to be updated to prevent regression\n2050393 - ZTP missing support for local image registry and custom machine config\n2050557 - Can not push images to image-registry when enabling KMS encryption in AlibabaCloud\n2050737 - Remove metrics and events for master port offsets\n2050801 - Vsphere upi tries to access vsphere during manifests generation phase\n2050883 - Logger object in LSO does not log source location accurately\n2051692 - co/image-registry is degrade because ImagePrunerDegraded: Job has reached the specified backoff limit\n2052062 - Whereabouts should implement client-go 1.22+\n2052125 - [4.10] Crio appears to be coredumping in some scenarios\n2052210 - [aws-c2s] kube-apiserver crashloops due to missing cloud config\n2052339 - Failing webhooks will block an upgrade to 4.10 mid-way through the upgrade. \n2052458 - [IBM Cloud] ibm-vpc-block-csi-controller does not specify an update strategy, priority class, or only resource requests\n2052598 - kube-scheduler should use configmap lease\n2052599 - kube-controller-manger should use configmap lease\n2052600 - Failed to scaleup RHEL machine against OVN cluster due to jq tool is required by configure-ovs.sh\n2052609 - [vSphere CSI driver Operator] RWX volumes counts metrics `vsphere_rwx_volumes_total` not valid\n2052611 - MetalLB: BGPPeer object does not have ability to set ebgpMultiHop\n2052612 - MetalLB: Webhook Validation: Two BGPPeers instances can have different router ID set. \n2052644 - Infinite OAuth redirect loop post-upgrade to 4.10.0-rc.1\n2052666 - [4.10.z] change gitmodules to rhcos-4.10 branch\n2052756 - [4.10] PVs are not being cleaned up after PVC deletion\n2053175 - oc adm catalog mirror throws \u0027missing signature key\u0027 error when using file://local/index\n2053218 - ImagePull fails with error  \"unable to pull manifest from example.com/busy.box:v5  invalid reference format\"\n2053252 - Sidepanel for Connectors/workloads in topology shows invalid tabs\n2053268 - inability to detect static lifecycle failure\n2053314 - requestheader IDP test doesn\u0027t wait for cleanup, causing high failure rates\n2053323 - OpenShift-Ansible BYOH Unit Tests are Broken\n2053339 - Remove dev preview badge from IBM FlashSystem deployment windows\n2053751 - ztp-site-generate container is missing convenience entrypoint\n2053945 - [4.10] Failed to apply sriov policy on intel nics\n2054109 - Missing \"app\" label\n2054154 - RoleBinding in project without subject is causing \"Project access\" page to fail\n2054244 - Latest pipeline run should be listed on the top of the pipeline run list\n2054288 - console-master-e2e-gcp-console is broken\n2054562 - DPU network operator 4.10 branch need to sync with master\n2054897 - Unable to deploy hw-event-proxy operator\n2055193 - e2e-metal-ipi-serial-ovn-ipv6 is failing frequently\n2055358 - Summary Interval Hardcoded in PTP Operator if Set in the Global Body Instead of Command Line\n2055371 - Remove Check which enforces summary_interval must match logSyncInterval\n2055689 - [ibm]Operator storage PROGRESSING and DEGRADED is true during fresh install for ocp4.11\n2055894 - CCO mint mode will not work for Azure after sunsetting of Active Directory Graph API\n2056441 - AWS EFS CSI driver should use the trusted CA bundle when cluster proxy is configured\n2056479 - ovirt-csi-driver-node pods are crashing intermittently\n2056572 - reconcilePrecaching error: cannot list resource \"clusterserviceversions\" in API group \"operators.coreos.com\" at the cluster scope\"\n2056629 - [4.10] EFS CSI driver can\u0027t unmount volumes with \"wait: no child processes\"\n2056878 - (dummy bug) ovn-kubernetes ExternalTrafficPolicy still SNATs\n2056928 - Ingresscontroller LB scope change behaviour differs for different values of aws-load-balancer-internal annotation\n2056948 - post 1.23 rebase: regression in service-load balancer reliability\n2057438 - Service Level Agreement (SLA) always show \u0027Unknown\u0027\n2057721 - Fix Proxy support in RHACM 2.4.2\n2057724 - Image creation fails when NMstateConfig CR is empty\n2058641 - [4.10] Pod density test causing problems when using kube-burner\n2059761 - 4.9.23-s390x-machine-os-content manifest invalid when mirroring content for disconnected install\n2060610 - Broken access to public images: Unable to connect to the server: no basic auth credentials\n2060956 - service domain can\u0027t be resolved when networkpolicy is used in OCP 4.10-rc\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3577\nhttps://access.redhat.com/security/cve/CVE-2016-10228\nhttps://access.redhat.com/security/cve/CVE-2017-14502\nhttps://access.redhat.com/security/cve/CVE-2018-20843\nhttps://access.redhat.com/security/cve/CVE-2018-1000858\nhttps://access.redhat.com/security/cve/CVE-2019-8625\nhttps://access.redhat.com/security/cve/CVE-2019-8710\nhttps://access.redhat.com/security/cve/CVE-2019-8720\nhttps://access.redhat.com/security/cve/CVE-2019-8743\nhttps://access.redhat.com/security/cve/CVE-2019-8764\nhttps://access.redhat.com/security/cve/CVE-2019-8766\nhttps://access.redhat.com/security/cve/CVE-2019-8769\nhttps://access.redhat.com/security/cve/CVE-2019-8771\nhttps://access.redhat.com/security/cve/CVE-2019-8782\nhttps://access.redhat.com/security/cve/CVE-2019-8783\nhttps://access.redhat.com/security/cve/CVE-2019-8808\nhttps://access.redhat.com/security/cve/CVE-2019-8811\nhttps://access.redhat.com/security/cve/CVE-2019-8812\nhttps://access.redhat.com/security/cve/CVE-2019-8813\nhttps://access.redhat.com/security/cve/CVE-2019-8814\nhttps://access.redhat.com/security/cve/CVE-2019-8815\nhttps://access.redhat.com/security/cve/CVE-2019-8816\nhttps://access.redhat.com/security/cve/CVE-2019-8819\nhttps://access.redhat.com/security/cve/CVE-2019-8820\nhttps://access.redhat.com/security/cve/CVE-2019-8823\nhttps://access.redhat.com/security/cve/CVE-2019-8835\nhttps://access.redhat.com/security/cve/CVE-2019-8844\nhttps://access.redhat.com/security/cve/CVE-2019-8846\nhttps://access.redhat.com/security/cve/CVE-2019-9169\nhttps://access.redhat.com/security/cve/CVE-2019-13050\nhttps://access.redhat.com/security/cve/CVE-2019-13627\nhttps://access.redhat.com/security/cve/CVE-2019-14889\nhttps://access.redhat.com/security/cve/CVE-2019-15903\nhttps://access.redhat.com/security/cve/CVE-2019-19906\nhttps://access.redhat.com/security/cve/CVE-2019-20454\nhttps://access.redhat.com/security/cve/CVE-2019-20807\nhttps://access.redhat.com/security/cve/CVE-2019-25013\nhttps://access.redhat.com/security/cve/CVE-2020-1730\nhttps://access.redhat.com/security/cve/CVE-2020-3862\nhttps://access.redhat.com/security/cve/CVE-2020-3864\nhttps://access.redhat.com/security/cve/CVE-2020-3865\nhttps://access.redhat.com/security/cve/CVE-2020-3867\nhttps://access.redhat.com/security/cve/CVE-2020-3868\nhttps://access.redhat.com/security/cve/CVE-2020-3885\nhttps://access.redhat.com/security/cve/CVE-2020-3894\nhttps://access.redhat.com/security/cve/CVE-2020-3895\nhttps://access.redhat.com/security/cve/CVE-2020-3897\nhttps://access.redhat.com/security/cve/CVE-2020-3899\nhttps://access.redhat.com/security/cve/CVE-2020-3900\nhttps://access.redhat.com/security/cve/CVE-2020-3901\nhttps://access.redhat.com/security/cve/CVE-2020-3902\nhttps://access.redhat.com/security/cve/CVE-2020-8927\nhttps://access.redhat.com/security/cve/CVE-2020-9802\nhttps://access.redhat.com/security/cve/CVE-2020-9803\nhttps://access.redhat.com/security/cve/CVE-2020-9805\nhttps://access.redhat.com/security/cve/CVE-2020-9806\nhttps://access.redhat.com/security/cve/CVE-2020-9807\nhttps://access.redhat.com/security/cve/CVE-2020-9843\nhttps://access.redhat.com/security/cve/CVE-2020-9850\nhttps://access.redhat.com/security/cve/CVE-2020-9862\nhttps://access.redhat.com/security/cve/CVE-2020-9893\nhttps://access.redhat.com/security/cve/CVE-2020-9894\nhttps://access.redhat.com/security/cve/CVE-2020-9895\nhttps://access.redhat.com/security/cve/CVE-2020-9915\nhttps://access.redhat.com/security/cve/CVE-2020-9925\nhttps://access.redhat.com/security/cve/CVE-2020-9952\nhttps://access.redhat.com/security/cve/CVE-2020-10018\nhttps://access.redhat.com/security/cve/CVE-2020-11793\nhttps://access.redhat.com/security/cve/CVE-2020-13434\nhttps://access.redhat.com/security/cve/CVE-2020-14391\nhttps://access.redhat.com/security/cve/CVE-2020-15358\nhttps://access.redhat.com/security/cve/CVE-2020-15503\nhttps://access.redhat.com/security/cve/CVE-2020-25660\nhttps://access.redhat.com/security/cve/CVE-2020-25677\nhttps://access.redhat.com/security/cve/CVE-2020-27618\nhttps://access.redhat.com/security/cve/CVE-2020-27781\nhttps://access.redhat.com/security/cve/CVE-2020-29361\nhttps://access.redhat.com/security/cve/CVE-2020-29362\nhttps://access.redhat.com/security/cve/CVE-2020-29363\nhttps://access.redhat.com/security/cve/CVE-2021-3121\nhttps://access.redhat.com/security/cve/CVE-2021-3326\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-3450\nhttps://access.redhat.com/security/cve/CVE-2021-3516\nhttps://access.redhat.com/security/cve/CVE-2021-3517\nhttps://access.redhat.com/security/cve/CVE-2021-3518\nhttps://access.redhat.com/security/cve/CVE-2021-3520\nhttps://access.redhat.com/security/cve/CVE-2021-3521\nhttps://access.redhat.com/security/cve/CVE-2021-3537\nhttps://access.redhat.com/security/cve/CVE-2021-3541\nhttps://access.redhat.com/security/cve/CVE-2021-3733\nhttps://access.redhat.com/security/cve/CVE-2021-3749\nhttps://access.redhat.com/security/cve/CVE-2021-20305\nhttps://access.redhat.com/security/cve/CVE-2021-21684\nhttps://access.redhat.com/security/cve/CVE-2021-22946\nhttps://access.redhat.com/security/cve/CVE-2021-22947\nhttps://access.redhat.com/security/cve/CVE-2021-25215\nhttps://access.redhat.com/security/cve/CVE-2021-27218\nhttps://access.redhat.com/security/cve/CVE-2021-30666\nhttps://access.redhat.com/security/cve/CVE-2021-30761\nhttps://access.redhat.com/security/cve/CVE-2021-30762\nhttps://access.redhat.com/security/cve/CVE-2021-33928\nhttps://access.redhat.com/security/cve/CVE-2021-33929\nhttps://access.redhat.com/security/cve/CVE-2021-33930\nhttps://access.redhat.com/security/cve/CVE-2021-33938\nhttps://access.redhat.com/security/cve/CVE-2021-36222\nhttps://access.redhat.com/security/cve/CVE-2021-37750\nhttps://access.redhat.com/security/cve/CVE-2021-39226\nhttps://access.redhat.com/security/cve/CVE-2021-41190\nhttps://access.redhat.com/security/cve/CVE-2021-43813\nhttps://access.redhat.com/security/cve/CVE-2021-44716\nhttps://access.redhat.com/security/cve/CVE-2021-44717\nhttps://access.redhat.com/security/cve/CVE-2022-0532\nhttps://access.redhat.com/security/cve/CVE-2022-21673\nhttps://access.redhat.com/security/cve/CVE-2022-24407\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYipqONzjgjWX9erEAQjQcBAAgWTjA6Q2NgqfVf63ZpJF1jPurZLPqxDL\n0in/5+/wqWaiQ6yk7wM3YBZgviyKnAMCVdrLsaR7R77BvfJcTE3W/fzogxpp6Rne\neGT1PTgQRecrSIn+WG4gGSteavTULWOIoPvUiNpiy3Y7fFgjFdah+Nyx3Xd+xehM\nCEswylOd6Hr03KZ1tS3XL3kGL2botha48Yls7FzDFbNcy6TBAuycmQZifKu8mHaF\naDAupVJinDnnVgACeS6CnZTAD+Vrx5W7NIisteXv4x5Hy+jBIUHr8Yge3oxYoFnC\nY/XmuOw2KilLZuqFe+KHig45qT+FmNU8E1egcGpNWvmS8hGZfiG1jEQAqDPbZHxp\nsQAQZLQyz3TvXa29vp4QcsUuMxndIOi+QaK75JmqE06MqMIlFDYpr6eQOIgIZvFO\nRDZU/qvBjh56ypInoqInBf8KOQMy6eO+r6nFbMGcAfucXmz0EVcSP1oFHAoA1nWN\nrs1Qz/SO4CvdPERxcr1MLuBLggZ6iqGmHKk5IN0SwcndBHaVJ3j/LBv9m7wBYVry\nbSvojBDYx5ricbTwB5sGzu7oH5yVl813FA9cjkFpEhBiMtTfI+DKC8ssoRYNHd5Z\n7gLW6KWPUIDuCIiiioPZAJMyvJ0IMrNDoQ0lhqPeV7PFdlRhT95M/DagUZOpPVuT\nb5PUYUBIZLc=\n=GUDA\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. ==========================================================================\nUbuntu Security Notice USN-5079-1\nSeptember 15, 2021\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.04\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in curl. \n\nSoftware Description:\n- curl: HTTP, HTTPS, and FTP client and client libraries\n\nDetails:\n\nIt was discovered that curl incorrect handled memory when sending data to\nan MQTT server. A remote attacker could use this issue to cause curl to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. (CVE-2021-22945)\n\nPatrick Monnerat discovered that curl incorrectly handled upgrades to TLS. (CVE-2021-22946)\n\nPatrick Monnerat discovered that curl incorrectly handled responses\nreceived before STARTTLS. A remote attacker could possibly use this issue\nto inject responses and intercept communications. (CVE-2021-22947)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.04:\n  curl                            7.74.0-1ubuntu2.3\n  libcurl3-gnutls                 7.74.0-1ubuntu2.3\n  libcurl3-nss                    7.74.0-1ubuntu2.3\n  libcurl4                        7.74.0-1ubuntu2.3\n\nUbuntu 20.04 LTS:\n  curl                            7.68.0-1ubuntu2.7\n  libcurl3-gnutls                 7.68.0-1ubuntu2.7\n  libcurl3-nss                    7.68.0-1ubuntu2.7\n  libcurl4                        7.68.0-1ubuntu2.7\n\nUbuntu 18.04 LTS:\n  curl                            7.58.0-2ubuntu3.15\n  libcurl3-gnutls                 7.58.0-2ubuntu3.15\n  libcurl3-nss                    7.58.0-2ubuntu3.15\n  libcurl4                        7.58.0-2ubuntu3.15\n\nIn general, a standard system update will make all the necessary changes. Bugs fixed (https://bugzilla.redhat.com/):\n\n1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic\n1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet\n1997017 - unprivileged client fails to get guest agent data\n1998855 - Node drain: Sometimes source virt-launcher pod status is Failed and not Completed\n2000251 - RoleBinding and ClusterRoleBinding brought in by kubevirt does not get reconciled when kind is ServiceAccount\n2001270 - [VMIO] [Warm from Vmware] Snapshot files are not deleted after Successful Import\n2001281 - [VMIO] [Warm from VMware] Source VM should not be turned ON if  vmio import is  removed\n2001901 - [4.8.3] NNCP creation failures after nmstate-handler pod deletion\n2007336 - 4.8.3 containers\n2007776 - Failed to Migrate Windows VM with CDROM  (readonly)\n2008511 - [CNV-4.8.3] VMI is in LiveMigrate loop when Upgrading Cluster from 2.6.7/4.7.32 to OCP 4.8.13\n2012890 - With descheduler during multiple VMIs migrations, some VMs are restarted\n2025475 - [4.8.3] Upgrade from 2.6 to 4.x versions failed due to vlan-filtering issues\n2026881 - [4.8.3] vlan-filtering is getting applied on veth ports\n\n5. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.5.2 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):\n\n2000734 - CVE-2021-3757 nodejs-immer: prototype pollution may lead to DoS or remote code execution\n2005438 - Combining Rsync and Stunnel in a single pod can degrade performance (1.5 backport)\n2006842 - MigCluster CR remains in \"unready\" state and source registry is inaccessible after temporary shutdown of source cluster\n2007429 - \"oc describe\" and \"oc log\" commands on \"Migration resources\" tree cannot be copied after failed migration\n2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)\n\n5. Description:\n\nRed Hat OpenShift Serverless release of the OpenShift Serverless Operator. \n\nSecurity Fix(es):\n\n* golang: net/http/httputil: panic due to racy read of persistConn after\nhandler panic (CVE-2021-36221)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic\n2016256 - Release of OpenShift Serverless Eventing 1.19.0\n2016258 - Release of OpenShift Serverless Serving 1.19.0\n\n5",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-22947"
          },
          {
            "db": "VULHUB",
            "id": "VHN-381421"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22947"
          },
          {
            "db": "PACKETSTORM",
            "id": "165631"
          },
          {
            "db": "PACKETSTORM",
            "id": "166714"
          },
          {
            "db": "PACKETSTORM",
            "id": "165209"
          },
          {
            "db": "PACKETSTORM",
            "id": "166279"
          },
          {
            "db": "PACKETSTORM",
            "id": "164171"
          },
          {
            "db": "PACKETSTORM",
            "id": "165135"
          },
          {
            "db": "PACKETSTORM",
            "id": "165099"
          },
          {
            "db": "PACKETSTORM",
            "id": "165053"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-22947",
            "trust": 2.0
          },
          {
            "db": "SIEMENS",
            "id": "SSA-389290",
            "trust": 1.1
          },
          {
            "db": "HACKERONE",
            "id": "1334763",
            "trust": 1.1
          },
          {
            "db": "PACKETSTORM",
            "id": "165053",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "165135",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "165209",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "165099",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "165337",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "164993",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "164740",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166319",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "164948",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "170303",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166112",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-381421",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22947",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "165631",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166714",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166279",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "164171",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381421"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22947"
          },
          {
            "db": "PACKETSTORM",
            "id": "165631"
          },
          {
            "db": "PACKETSTORM",
            "id": "166714"
          },
          {
            "db": "PACKETSTORM",
            "id": "165209"
          },
          {
            "db": "PACKETSTORM",
            "id": "166279"
          },
          {
            "db": "PACKETSTORM",
            "id": "164171"
          },
          {
            "db": "PACKETSTORM",
            "id": "165135"
          },
          {
            "db": "PACKETSTORM",
            "id": "165099"
          },
          {
            "db": "PACKETSTORM",
            "id": "165053"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22947"
          }
        ]
      },
      "id": "VAR-202109-1789",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381421"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2026-03-09T21:33:54.751000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Arch Linux Issues: ",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-22947 log"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-22947"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-345",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-310",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381421"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22947"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.1,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
          },
          {
            "trust": 1.1,
            "url": "https://security.netapp.com/advisory/ntap-20211029-0003/"
          },
          {
            "trust": 1.1,
            "url": "https://support.apple.com/kb/ht213183"
          },
          {
            "trust": 1.1,
            "url": "https://www.debian.org/security/2022/dsa-5197"
          },
          {
            "trust": 1.1,
            "url": "http://seclists.org/fulldisclosure/2022/mar/29"
          },
          {
            "trust": 1.1,
            "url": "https://security.gentoo.org/glsa/202212-01"
          },
          {
            "trust": 1.1,
            "url": "https://hackerone.com/reports/1334763"
          },
          {
            "trust": 1.1,
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "trust": 1.1,
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "trust": 1.1,
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "trust": 1.1,
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "trust": 1.1,
            "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html"
          },
          {
            "trust": 1.1,
            "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/apoak4x73ejtaptsvt7irvdmuwvxnwgd/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rwlec6yvem2hwubx67sdgpsy4cqb72oe/"
          },
          {
            "trust": 0.7,
            "url": "https://access.redhat.com/security/cve/cve-2021-22946"
          },
          {
            "trust": 0.7,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.7,
            "url": "https://access.redhat.com/security/cve/cve-2021-22947"
          },
          {
            "trust": 0.7,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.7,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2021-3733"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2021-33938"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2021-33929"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2021-33928"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2021-33930"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2021-37750"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2021-22876"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-3200"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-27645"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-33574"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-13435"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-5827"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-24370"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-13751"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-19603"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-35942"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-17594"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-12762"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-36086"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-3778"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-22898"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-16135"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-36084"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-3800"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-36087"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-3445"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-22925"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-20232"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-20266"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-20838"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-20231"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-14155"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-36085"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-33560"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-17595"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-28153"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-13750"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-18218"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-3580"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-3796"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2020-14145"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14145"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-3572"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-42574"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-3426"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-23841"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20231"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-23840"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20673"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20266"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2018-20673"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20232"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-36222"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-43527"
          },
          {
            "trust": 0.2,
            "url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-20271"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-3948"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-36385"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-43267"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36385"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-20317"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20317"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-27218"
          },
          {
            "trust": 0.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/apoak4x73ejtaptsvt7irvdmuwvxnwgd/"
          },
          {
            "trust": 0.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rwlec6yvem2hwubx67sdgpsy4cqb72oe/"
          },
          {
            "trust": 0.1,
            "url": "http://seclists.org/oss-sec/2021/q3/168"
          },
          {
            "trust": 0.1,
            "url": "https://security.archlinux.org/cve-2021-22947"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-25013"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25012"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27823"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-35522"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-1870"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-35524"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3575"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-30758"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25013"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-13558"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-15389"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25009"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-5727"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5785"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-41617"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-30665"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-12973"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-30689"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20847"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-30682"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10001"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-25014"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-25012"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-35521"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-18032"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-1801"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-1765"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-4658"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-20845"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-26927"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-20847"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-17541"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27918"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-36331"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3712"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-30749"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-30795"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-5785"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-1788"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-31535"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5727"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-30744"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-21775"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-21806"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27814"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-36330"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-36241"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-30797"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4658"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13558"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20321"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27842"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-36332"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-1799"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25010"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-21779"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-10001"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-29623"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25014"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27828"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12973"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20845"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-1844"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3481"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-25009"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-1871"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-25010"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-29338"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-30734"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-35523"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-26926"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-30720"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-28650"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27843"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-24870"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27845"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-1789"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-30663"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-30799"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3272"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:0202"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15389"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27824"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22924"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-22924"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1354"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:5038"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#low"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html-single/install/index#installing"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3795"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/index"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20271"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23440"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-13050"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9925"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9802"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8771"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-30762"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8783"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-8927"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9895"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8625"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-44716"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3450"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8812"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8812"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-3899"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8819"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-43813"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-3867"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8720"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9893"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8782"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8808"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-3902"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24407"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-25215"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-3900"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-30761"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8743"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3537"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9805"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19906"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8820"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9807"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8769"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8710"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3449"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8813"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9850"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8710"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27781"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8811"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8769"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:0055"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9803"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8764"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9862"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27618"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2014-3577"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-25013"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3577"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3749"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-3885"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-15503"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20807"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3326"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-41190"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-10018"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14889"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25660"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8835"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2017-14502"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8764"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8844"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-3865"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-1730"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-3864"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19906"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3520"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-15358"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-21684"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13627"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14391"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3541"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-3862"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:0056"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8811"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-3901"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-39226"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8823"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3518"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8808"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-13434"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-1000858"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-15903"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-3895"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-44717"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-11793"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000858"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20454"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-20843"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-0532"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8720"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9894"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8816"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9843"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-13627"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8771"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-3897"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9806"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8814"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-14889"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8743"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3121"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9915"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8815"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8813"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8625"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8766"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8783"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-9169"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20807"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-29362"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3516"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-29361"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9952"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-10228"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3517"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20305"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-21673"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-29363"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8766"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-3868"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8846"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-3894"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25677"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-30666"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8782"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3521"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.15"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.7"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22945"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-5079-1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/curl/7.74.0-1ubuntu2.3"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25648"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-34558"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-0512"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-29923"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-0512"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:4914"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25648"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3656"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-28950"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27218"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3757"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:4848"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23841"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3620"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23840"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33929"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33930"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3733"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:4766"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36221"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36221"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33928"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33938"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381421"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22947"
          },
          {
            "db": "PACKETSTORM",
            "id": "165631"
          },
          {
            "db": "PACKETSTORM",
            "id": "166714"
          },
          {
            "db": "PACKETSTORM",
            "id": "165209"
          },
          {
            "db": "PACKETSTORM",
            "id": "166279"
          },
          {
            "db": "PACKETSTORM",
            "id": "164171"
          },
          {
            "db": "PACKETSTORM",
            "id": "165135"
          },
          {
            "db": "PACKETSTORM",
            "id": "165099"
          },
          {
            "db": "PACKETSTORM",
            "id": "165053"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22947"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-381421",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-22947",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "165631",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166714",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "165209",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166279",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164171",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "165135",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "165099",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "165053",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22947",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-09-29T00:00:00",
            "db": "VULHUB",
            "id": "VHN-381421",
            "ident": null
          },
          {
            "date": "2022-01-20T17:48:29",
            "db": "PACKETSTORM",
            "id": "165631",
            "ident": null
          },
          {
            "date": "2022-04-13T22:20:44",
            "db": "PACKETSTORM",
            "id": "166714",
            "ident": null
          },
          {
            "date": "2021-12-09T14:50:37",
            "db": "PACKETSTORM",
            "id": "165209",
            "ident": null
          },
          {
            "date": "2022-03-11T16:38:38",
            "db": "PACKETSTORM",
            "id": "166279",
            "ident": null
          },
          {
            "date": "2021-09-15T15:27:42",
            "db": "PACKETSTORM",
            "id": "164171",
            "ident": null
          },
          {
            "date": "2021-12-03T16:41:45",
            "db": "PACKETSTORM",
            "id": "165135",
            "ident": null
          },
          {
            "date": "2021-11-30T14:44:48",
            "db": "PACKETSTORM",
            "id": "165099",
            "ident": null
          },
          {
            "date": "2021-11-23T17:10:05",
            "db": "PACKETSTORM",
            "id": "165053",
            "ident": null
          },
          {
            "date": "2021-09-29T20:15:08.253000",
            "db": "NVD",
            "id": "CVE-2021-22947",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2023-01-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-381421",
            "ident": null
          },
          {
            "date": "2024-03-27T15:03:30.377000",
            "db": "NVD",
            "id": "CVE-2021-22947",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "164171"
          }
        ],
        "trust": 0.1
      },
      "title": {
        "_id": null,
        "data": "Red Hat Security Advisory 2022-0202-04",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "165631"
          }
        ],
        "trust": 0.1
      },
      "type": {
        "_id": null,
        "data": "bypass",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "165209"
          }
        ],
        "trust": 0.1
      }
    }

    VAR-202109-1803

    Vulnerability from variot - Updated: 2026-03-09 21:32

    ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. The server is fast, reliable and extensible through a simple API. An attacker could exploit this vulnerability to write malicious content and execute it. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ===================================================================== Red Hat Security Advisory

    Synopsis: Moderate: httpd24-httpd security and bug fix update Advisory ID: RHSA-2022:6753-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2022:6753 Issue date: 2022-09-29 CVE Names: CVE-2021-33193 CVE-2021-34798 CVE-2021-36160 CVE-2021-39275 CVE-2021-44224 CVE-2022-22719 CVE-2022-22721 CVE-2022-23943 CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556 CVE-2022-31813 =====================================================================

    1. Summary:

    An update for httpd24-httpd is now available for Red Hat Software Collections.

    Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

    Security Fix(es):

    • httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943)

    • httpd: Request splitting via HTTP/2 method injection and mod_proxy (CVE-2021-33193)

    • httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)

    • httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path (CVE-2021-36160)

    • httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275)

    • httpd: possible NULL dereference or SSRF in forward proxy configurations (CVE-2021-44224)

    • httpd: mod_lua: Use of uninitialized value of in r:parsebody (CVE-2022-22719)

    • httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (CVE-2022-22721)

    • httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)

    • httpd: mod_lua: DoS in r:parsebody (CVE-2022-29404)

    • httpd: mod_sed: DoS vulnerability (CVE-2022-30522)

    • httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism (CVE-2022-31813)

    • httpd: out-of-bounds read via ap_rwrite() (CVE-2022-28614)

    • httpd: out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)

    • httpd: mod_lua: Information disclosure with websockets (CVE-2022-30556)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

    • proxy rewrite to unix socket fails with CVE-2021-40438 fix (BZ#2022319)

    Additional changes:

    • To fix CVE-2022-29404, the default value for the "LimitRequestBody" directive in the Apache HTTP Server has been changed from 0 (unlimited) to 1 GiB.

    On systems where the value of "LimitRequestBody" is not explicitly specified in an httpd configuration file, updating the httpd package sets "LimitRequestBody" to the default value of 1 GiB. As a consequence, if the total size of the HTTP request body exceeds this 1 GiB default limit, httpd returns the 413 Request Entity Too Large error code.

    If the new default allowed size of an HTTP request message body is insufficient for your use case, update your httpd configuration files within the respective context (server, per-directory, per-file, or per-location) and set your preferred limit in bytes. For example, to set a new 2 GiB limit, use:

    LimitRequestBody 2147483648

    Systems already configured to use any explicit value for the "LimitRequestBody" directive are unaffected by this change.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    After installing the updated packages, the httpd daemon will be restarted automatically.

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1966728 - CVE-2021-33193 httpd: Request splitting via HTTP/2 method injection and mod_proxy 2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input 2005124 - CVE-2021-36160 httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path 2005128 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests 2034672 - CVE-2021-44224 httpd: possible NULL dereference or SSRF in forward proxy configurations 2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds 2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody 2064322 - CVE-2022-22719 httpd: mod_lua: Use of uninitialized value of in r:parsebody 2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling 2095002 - CVE-2022-28614 httpd: out-of-bounds read via ap_rwrite() 2095006 - CVE-2022-28615 httpd: out-of-bounds read in ap_strcmp_match() 2095012 - CVE-2022-29404 httpd: mod_lua: DoS in r:parsebody 2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability 2095018 - CVE-2022-30556 httpd: mod_lua: Information disclosure with websockets 2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism

    1. Package List:

    Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

    Source: httpd24-httpd-2.4.34-23.el7.5.src.rpm

    noarch: httpd24-httpd-manual-2.4.34-23.el7.5.noarch.rpm

    ppc64le: httpd24-httpd-2.4.34-23.el7.5.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-23.el7.5.ppc64le.rpm httpd24-httpd-devel-2.4.34-23.el7.5.ppc64le.rpm httpd24-httpd-tools-2.4.34-23.el7.5.ppc64le.rpm httpd24-mod_ldap-2.4.34-23.el7.5.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-23.el7.5.ppc64le.rpm httpd24-mod_session-2.4.34-23.el7.5.ppc64le.rpm httpd24-mod_ssl-2.4.34-23.el7.5.ppc64le.rpm

    s390x: httpd24-httpd-2.4.34-23.el7.5.s390x.rpm httpd24-httpd-debuginfo-2.4.34-23.el7.5.s390x.rpm httpd24-httpd-devel-2.4.34-23.el7.5.s390x.rpm httpd24-httpd-tools-2.4.34-23.el7.5.s390x.rpm httpd24-mod_ldap-2.4.34-23.el7.5.s390x.rpm httpd24-mod_proxy_html-2.4.34-23.el7.5.s390x.rpm httpd24-mod_session-2.4.34-23.el7.5.s390x.rpm httpd24-mod_ssl-2.4.34-23.el7.5.s390x.rpm

    x86_64: httpd24-httpd-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-devel-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-tools-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_ldap-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_proxy_html-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_session-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_ssl-2.4.34-23.el7.5.x86_64.rpm

    Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

    Source: httpd24-httpd-2.4.34-23.el7.5.src.rpm

    noarch: httpd24-httpd-manual-2.4.34-23.el7.5.noarch.rpm

    x86_64: httpd24-httpd-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-devel-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-tools-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_ldap-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_proxy_html-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_session-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_ssl-2.4.34-23.el7.5.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2021-33193 https://access.redhat.com/security/cve/CVE-2021-34798 https://access.redhat.com/security/cve/CVE-2021-36160 https://access.redhat.com/security/cve/CVE-2021-39275 https://access.redhat.com/security/cve/CVE-2021-44224 https://access.redhat.com/security/cve/CVE-2022-22719 https://access.redhat.com/security/cve/CVE-2022-22721 https://access.redhat.com/security/cve/CVE-2022-23943 https://access.redhat.com/security/cve/CVE-2022-26377 https://access.redhat.com/security/cve/CVE-2022-28614 https://access.redhat.com/security/cve/CVE-2022-28615 https://access.redhat.com/security/cve/CVE-2022-29404 https://access.redhat.com/security/cve/CVE-2022-30522 https://access.redhat.com/security/cve/CVE-2022-30556 https://access.redhat.com/security/cve/CVE-2022-31813 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/articles/6975397

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBYzXoqNzjgjWX9erEAQhSKA//d1V5w3Dbdd0R1QxlXMIweLpztJrkXpmN EY7WAFIMy0MG64KNjZFF5i4USpUlCm/tZX/fHZas4JjhZBqLxNSqsOdPeynDqp+8 qZnnGiIhyO37S7x5v89VSaWngLpTi2f0d7RmJ05VJzAP8Q0a9cTqtIZiCsM18tTg BdoD1M/VWUhtPWCzgXiQVI8yF44IOenN2095OCv1Vxc3kiwQdbWcd7Uqz2TgVQ1m qeqh9AHqaDTwHVM9Ipj5oGp1Ue5zsyAEd77ClBCAzP3p7bWucfTErDrUSE3/hkDm H8BlPVPaOsRv0poFvvCODQhccC2bFc3uxoKzfSx+/WwkrU7vO/5/npmOfcwKfvBQ FYqhqADiUcfpJGENligpNAHLI+Pijrl2Tfwl0XbDa8+7KXQ0T75VG3Gq7dFlPcUm 965hFguLI0es2FpGcJldEqsc1XJxdkPmzTYhqDWLLED5X72dwQdtKwhMaFFVctK+ KyspQqaci6bVr9ETF89r0ZBmnxXjSIY7/ijySy0KnldW25t+ZGmLV4pM3CYb7ZVz qEm9I/oRD0JB/4C5Bk9j5nWF3gzE2MhYfeepqINGIbfvNPiP8G2LFL/CEz46isF9 rFUT/az/p5mdNEwwe5GhEgLkpk0fhcZiAtJ4bGRcJ9YRURh5rrMPtXmXP5THoMau 3VmN11LnfT4= =pvMD -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce .

    For the oldstable distribution (buster), these problems have been fixed in version 2.4.38-3+deb10u6.

    For the stable distribution (bullseye), these problems have been fixed in version 2.4.51-1~deb11u1.

    We recommend that you upgrade your apache2 packages.

    For the detailed security status of apache2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache2

    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmFgr44ACgkQEMKTtsN8 TjbophAAiZ+fhF2r8BUbQkL8BhpfqjA+hVsp9WEMTn8Gq6kiW0wLvK3jWPM301Ou D4gHqKmFPmYNC1KBOyk/lJdxyD7iTUweUyLi3WXzxhIDMx0kxkRw1oXlyCHzIqSJ M277bgk32h2cDCbsXjrN/8agKPcKgfwDqiyf/igfEq6V8OB2zVvJPKVFq45n54+q 4FPXSyx1g2u5ewSeXbU2uHDej6Qborui4osDdbwx8CT6aETi0cIXJ8RbXF3PUCHG 5DzZagnRq6GumPsl01jcPu7b9Ck8MlkxMSG3FRsSIJVkwpsQ2C34ywIJkFlzUZZh jhdVUrfbyfLpSdcPcipAAjl9I6gDqa9SFdMRK7ixCpQ6iTiVeDZdJ8pA4jnSweNQ THik07di9R0juX0p7peQiIyBKrEf7Y3WSvLOn0SBKXvZnzc/72rH2nP5FclsgCsV TWxptziGridC43KB8/tDJAAOXVF2lzylzF70V/UGTNo1jk9w3/p6btU1iuzKspyY Y4aPZla3DImI8mezrgFrGYNg7bZYLKuJyGDADKih2sUQpzmDZ6MJxKAE3NLRWyQa 7cCJdoNR9yVqytEw1Y/ZRXAXWfMb3Y1ts2EqR8hzLQgMYb0JC58cLMG3T0RgyPoO A4CTIoYpK1WnsykAE8M4XFrnOW3lrtse6T8N/dTVMuodElAEhc0= =/At6 -----END PGP SIGNATURE----- . This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.

    This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-20


                                           https://security.gentoo.org/
    

    Severity: High Title: Apache HTTPD: Multiple Vulnerabilities Date: August 14, 2022 Bugs: #813429, #816399, #816864, #829722, #835131, #850622 ID: 202208-20


    Synopsis

    Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution. Please review the CVE identifiers referenced below for details.

    Impact

    Please review the referenced CVE identifiers for details.

    Workaround

    There is no known workaround at this time.

    Resolution

    All Apache HTTPD users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.54"

    All Apache HTTPD tools users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/apache-tools-2.4.54"

    References

    [ 1 ] CVE-2021-33193 https://nvd.nist.gov/vuln/detail/CVE-2021-33193 [ 2 ] CVE-2021-34798 https://nvd.nist.gov/vuln/detail/CVE-2021-34798 [ 3 ] CVE-2021-36160 https://nvd.nist.gov/vuln/detail/CVE-2021-36160 [ 4 ] CVE-2021-39275 https://nvd.nist.gov/vuln/detail/CVE-2021-39275 [ 5 ] CVE-2021-40438 https://nvd.nist.gov/vuln/detail/CVE-2021-40438 [ 6 ] CVE-2021-41524 https://nvd.nist.gov/vuln/detail/CVE-2021-41524 [ 7 ] CVE-2021-41773 https://nvd.nist.gov/vuln/detail/CVE-2021-41773 [ 8 ] CVE-2021-42013 https://nvd.nist.gov/vuln/detail/CVE-2021-42013 [ 9 ] CVE-2021-44224 https://nvd.nist.gov/vuln/detail/CVE-2021-44224 [ 10 ] CVE-2021-44790 https://nvd.nist.gov/vuln/detail/CVE-2021-44790 [ 11 ] CVE-2022-22719 https://nvd.nist.gov/vuln/detail/CVE-2022-22719 [ 12 ] CVE-2022-22720 https://nvd.nist.gov/vuln/detail/CVE-2022-22720 [ 13 ] CVE-2022-22721 https://nvd.nist.gov/vuln/detail/CVE-2022-22721 [ 14 ] CVE-2022-23943 https://nvd.nist.gov/vuln/detail/CVE-2022-23943 [ 15 ] CVE-2022-26377 https://nvd.nist.gov/vuln/detail/CVE-2022-26377 [ 16 ] CVE-2022-28614 https://nvd.nist.gov/vuln/detail/CVE-2022-28614 [ 17 ] CVE-2022-28615 https://nvd.nist.gov/vuln/detail/CVE-2022-28615 [ 18 ] CVE-2022-29404 https://nvd.nist.gov/vuln/detail/CVE-2022-29404 [ 19 ] CVE-2022-30522 https://nvd.nist.gov/vuln/detail/CVE-2022-30522 [ 20 ] CVE-2022-30556 https://nvd.nist.gov/vuln/detail/CVE-2022-30556 [ 21 ] CVE-2022-31813 https://nvd.nist.gov/vuln/detail/CVE-2022-31813

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    https://security.gentoo.org/glsa/202208-20

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-5090-3 September 28, 2021

    apache2 regression

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 21.04
    • Ubuntu 20.04 LTS
    • Ubuntu 18.04 LTS

    Summary:

    USN-5090-1 introduced a regression in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem.

    Original advisory details:

    James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote attacker could possibly use this issue to perform request splitting or cache poisoning attacks. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2021-34798) Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. If the server was configured with third-party modules, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-39275) It was discovered that the Apache mod_proxy module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to forward requests to arbitrary origin servers. (CVE-2021-40438)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 21.04: apache2 2.4.46-4ubuntu1.3 apache2-bin 2.4.46-4ubuntu1.3

    Ubuntu 20.04 LTS: apache2 2.4.41-4ubuntu3.6 apache2-bin 2.4.41-4ubuntu3.6

    Ubuntu 18.04 LTS: apache2 2.4.29-1ubuntu4.18 apache2-bin 2.4.29-1ubuntu4.18

    In general, a standard system update will make all the necessary changes

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "ucosminexus primary server base",
            "scope": null,
            "trust": 1.6,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": null,
            "trust": 1.6,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server",
            "scope": null,
            "trust": 1.6,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.2.1.4.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "instantis enterprisetrack",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "17.1"
          },
          {
            "_id": null,
            "model": "storagegrid",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "instantis enterprisetrack",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "17.3"
          },
          {
            "_id": null,
            "model": "cloud backup",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "instantis enterprisetrack",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "17.2"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "35"
          },
          {
            "_id": null,
            "model": "sinema server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "14.0"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.2.1.3.0"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "34"
          },
          {
            "_id": null,
            "model": "sinec nms",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "*"
          },
          {
            "_id": null,
            "model": "clustered data ontap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.4.49"
          },
          {
            "_id": null,
            "model": "zfs storage appliance kit",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.8"
          },
          {
            "_id": null,
            "model": "cosminexus http server",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "_id": null,
            "model": "gnu/linux",
            "scope": null,
            "trust": 0.8,
            "vendor": "debian",
            "version": null
          },
          {
            "_id": null,
            "model": "ontap",
            "scope": null,
            "trust": 0.8,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "hitachi web server - custom edition",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus application server-r",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "_id": null,
            "model": "storagegrid",
            "scope": null,
            "trust": 0.8,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "hitachi web server",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "_id": null,
            "model": "http server",
            "scope": null,
            "trust": 0.8,
            "vendor": "apache",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus developer",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u7acb",
            "version": null
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": null,
            "trust": 0.8,
            "vendor": "fedora",
            "version": null
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "apache",
            "version": "\u003c=2.4.48"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-03225"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-008414"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-39275"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "168565"
          },
          {
            "db": "PACKETSTORM",
            "id": "169541"
          },
          {
            "db": "PACKETSTORM",
            "id": "169540"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2021-39275",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2021-39275",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2022-03225",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-400791",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-39275",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-39275",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-39275",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-39275",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-03225",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-400791",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-39275",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-03225"
          },
          {
            "db": "VULHUB",
            "id": "VHN-400791"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-39275"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-008414"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-39275"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. The server is fast, reliable and extensible through a simple API. An attacker could exploit this vulnerability to write malicious content and execute it. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: httpd24-httpd security and bug fix update\nAdvisory ID:       RHSA-2022:6753-01\nProduct:           Red Hat Software Collections\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:6753\nIssue date:        2022-09-29\nCVE Names:         CVE-2021-33193 CVE-2021-34798 CVE-2021-36160 \n                   CVE-2021-39275 CVE-2021-44224 CVE-2022-22719 \n                   CVE-2022-22721 CVE-2022-23943 CVE-2022-26377 \n                   CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 \n                   CVE-2022-30522 CVE-2022-30556 CVE-2022-31813 \n=====================================================================\n\n1. Summary:\n\nAn update for httpd24-httpd is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. \n\nSecurity Fix(es):\n\n* httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943)\n\n* httpd: Request splitting via HTTP/2 method injection and mod_proxy\n(CVE-2021-33193)\n\n* httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)\n\n* httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path\n(CVE-2021-36160)\n\n* httpd: Out-of-bounds write in ap_escape_quotes() via malicious input\n(CVE-2021-39275)\n\n* httpd: possible NULL dereference or SSRF in forward proxy configurations\n(CVE-2021-44224)\n\n* httpd: mod_lua: Use of uninitialized value of in r:parsebody\n(CVE-2022-22719)\n\n* httpd: core: Possible buffer overflow with very large or unlimited\nLimitXMLRequestBody (CVE-2022-22721)\n\n* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)\n\n* httpd: mod_lua: DoS in r:parsebody (CVE-2022-29404)\n\n* httpd: mod_sed: DoS vulnerability (CVE-2022-30522)\n\n* httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism\n(CVE-2022-31813)\n\n* httpd: out-of-bounds read via ap_rwrite() (CVE-2022-28614)\n\n* httpd: out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)\n\n* httpd: mod_lua: Information disclosure with websockets (CVE-2022-30556)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* proxy rewrite to unix socket fails with CVE-2021-40438 fix (BZ#2022319)\n\nAdditional changes:\n\n* To fix CVE-2022-29404, the default value for the \"LimitRequestBody\"\ndirective in the Apache HTTP Server has been changed from 0 (unlimited) to\n1 GiB. \n\nOn systems where the value of \"LimitRequestBody\" is not explicitly\nspecified in an httpd configuration file, updating the httpd package sets\n\"LimitRequestBody\" to the default value of 1 GiB. As a consequence, if the\ntotal size of the HTTP request body exceeds this 1 GiB default limit, httpd\nreturns the 413 Request Entity Too Large error code. \n\nIf the new default allowed size of an HTTP request message body is\ninsufficient for your use case, update your httpd configuration files\nwithin the respective context (server, per-directory, per-file, or\nper-location) and set your preferred limit in bytes. For example, to set a\nnew 2 GiB limit, use:\n\nLimitRequestBody 2147483648\n\nSystems already configured to use any explicit value for the\n\"LimitRequestBody\" directive are unaffected by this change. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1966728 - CVE-2021-33193 httpd: Request splitting via HTTP/2 method injection and mod_proxy\n2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input\n2005124 - CVE-2021-36160 httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path\n2005128 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests\n2034672 - CVE-2021-44224 httpd: possible NULL dereference or SSRF in forward proxy configurations\n2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds\n2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody\n2064322 - CVE-2022-22719 httpd: mod_lua: Use of uninitialized value of in r:parsebody\n2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling\n2095002 - CVE-2022-28614 httpd: out-of-bounds read via ap_rwrite()\n2095006 - CVE-2022-28615 httpd: out-of-bounds read in ap_strcmp_match()\n2095012 - CVE-2022-29404 httpd: mod_lua: DoS in r:parsebody\n2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability\n2095018 - CVE-2022-30556 httpd: mod_lua: Information disclosure with websockets\n2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nhttpd24-httpd-2.4.34-23.el7.5.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-23.el7.5.noarch.rpm\n\nppc64le:\nhttpd24-httpd-2.4.34-23.el7.5.ppc64le.rpm\nhttpd24-httpd-debuginfo-2.4.34-23.el7.5.ppc64le.rpm\nhttpd24-httpd-devel-2.4.34-23.el7.5.ppc64le.rpm\nhttpd24-httpd-tools-2.4.34-23.el7.5.ppc64le.rpm\nhttpd24-mod_ldap-2.4.34-23.el7.5.ppc64le.rpm\nhttpd24-mod_proxy_html-2.4.34-23.el7.5.ppc64le.rpm\nhttpd24-mod_session-2.4.34-23.el7.5.ppc64le.rpm\nhttpd24-mod_ssl-2.4.34-23.el7.5.ppc64le.rpm\n\ns390x:\nhttpd24-httpd-2.4.34-23.el7.5.s390x.rpm\nhttpd24-httpd-debuginfo-2.4.34-23.el7.5.s390x.rpm\nhttpd24-httpd-devel-2.4.34-23.el7.5.s390x.rpm\nhttpd24-httpd-tools-2.4.34-23.el7.5.s390x.rpm\nhttpd24-mod_ldap-2.4.34-23.el7.5.s390x.rpm\nhttpd24-mod_proxy_html-2.4.34-23.el7.5.s390x.rpm\nhttpd24-mod_session-2.4.34-23.el7.5.s390x.rpm\nhttpd24-mod_ssl-2.4.34-23.el7.5.s390x.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_session-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-23.el7.5.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nhttpd24-httpd-2.4.34-23.el7.5.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-23.el7.5.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_session-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-23.el7.5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-33193\nhttps://access.redhat.com/security/cve/CVE-2021-34798\nhttps://access.redhat.com/security/cve/CVE-2021-36160\nhttps://access.redhat.com/security/cve/CVE-2021-39275\nhttps://access.redhat.com/security/cve/CVE-2021-44224\nhttps://access.redhat.com/security/cve/CVE-2022-22719\nhttps://access.redhat.com/security/cve/CVE-2022-22721\nhttps://access.redhat.com/security/cve/CVE-2022-23943\nhttps://access.redhat.com/security/cve/CVE-2022-26377\nhttps://access.redhat.com/security/cve/CVE-2022-28614\nhttps://access.redhat.com/security/cve/CVE-2022-28615\nhttps://access.redhat.com/security/cve/CVE-2022-29404\nhttps://access.redhat.com/security/cve/CVE-2022-30522\nhttps://access.redhat.com/security/cve/CVE-2022-30556\nhttps://access.redhat.com/security/cve/CVE-2022-31813\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/articles/6975397\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYzXoqNzjgjWX9erEAQhSKA//d1V5w3Dbdd0R1QxlXMIweLpztJrkXpmN\nEY7WAFIMy0MG64KNjZFF5i4USpUlCm/tZX/fHZas4JjhZBqLxNSqsOdPeynDqp+8\nqZnnGiIhyO37S7x5v89VSaWngLpTi2f0d7RmJ05VJzAP8Q0a9cTqtIZiCsM18tTg\nBdoD1M/VWUhtPWCzgXiQVI8yF44IOenN2095OCv1Vxc3kiwQdbWcd7Uqz2TgVQ1m\nqeqh9AHqaDTwHVM9Ipj5oGp1Ue5zsyAEd77ClBCAzP3p7bWucfTErDrUSE3/hkDm\nH8BlPVPaOsRv0poFvvCODQhccC2bFc3uxoKzfSx+/WwkrU7vO/5/npmOfcwKfvBQ\nFYqhqADiUcfpJGENligpNAHLI+Pijrl2Tfwl0XbDa8+7KXQ0T75VG3Gq7dFlPcUm\n965hFguLI0es2FpGcJldEqsc1XJxdkPmzTYhqDWLLED5X72dwQdtKwhMaFFVctK+\nKyspQqaci6bVr9ETF89r0ZBmnxXjSIY7/ijySy0KnldW25t+ZGmLV4pM3CYb7ZVz\nqEm9I/oRD0JB/4C5Bk9j5nWF3gzE2MhYfeepqINGIbfvNPiP8G2LFL/CEz46isF9\nrFUT/az/p5mdNEwwe5GhEgLkpk0fhcZiAtJ4bGRcJ9YRURh5rrMPtXmXP5THoMau\n3VmN11LnfT4=\n=pvMD\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 2.4.38-3+deb10u6. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.4.51-1~deb11u1. \n\nWe recommend that you upgrade your apache2 packages. \n\nFor the detailed security status of apache2 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/apache2\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmFgr44ACgkQEMKTtsN8\nTjbophAAiZ+fhF2r8BUbQkL8BhpfqjA+hVsp9WEMTn8Gq6kiW0wLvK3jWPM301Ou\nD4gHqKmFPmYNC1KBOyk/lJdxyD7iTUweUyLi3WXzxhIDMx0kxkRw1oXlyCHzIqSJ\nM277bgk32h2cDCbsXjrN/8agKPcKgfwDqiyf/igfEq6V8OB2zVvJPKVFq45n54+q\n4FPXSyx1g2u5ewSeXbU2uHDej6Qborui4osDdbwx8CT6aETi0cIXJ8RbXF3PUCHG\n5DzZagnRq6GumPsl01jcPu7b9Ck8MlkxMSG3FRsSIJVkwpsQ2C34ywIJkFlzUZZh\njhdVUrfbyfLpSdcPcipAAjl9I6gDqa9SFdMRK7ixCpQ6iTiVeDZdJ8pA4jnSweNQ\nTHik07di9R0juX0p7peQiIyBKrEf7Y3WSvLOn0SBKXvZnzc/72rH2nP5FclsgCsV\nTWxptziGridC43KB8/tDJAAOXVF2lzylzF70V/UGTNo1jk9w3/p6btU1iuzKspyY\nY4aPZla3DImI8mezrgFrGYNg7bZYLKuJyGDADKih2sUQpzmDZ6MJxKAE3NLRWyQa\n7cCJdoNR9yVqytEw1Y/ZRXAXWfMb3Y1ts2EqR8hzLQgMYb0JC58cLMG3T0RgyPoO\nA4CTIoYpK1WnsykAE8M4XFrnOW3lrtse6T8N/dTVMuodElAEhc0=\n=/At6\n-----END PGP SIGNATURE-----\n. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51\nserves as a replacement for Red Hat JBoss Core Services Apache HTTP Server\n2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are\ndocumented in the Release Notes document linked to in the References. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202208-20\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: Apache HTTPD: Multiple Vulnerabilities\n     Date: August 14, 2022\n     Bugs: #813429, #816399, #816864, #829722, #835131, #850622\n       ID: 202208-20\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Apache Webserver, the\nworst of which could result in remote code execution. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Apache HTTPD users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.4.54\"\n\nAll Apache HTTPD tools users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=app-admin/apache-tools-2.4.54\"\n\nReferences\n=========\n[ 1 ] CVE-2021-33193\n      https://nvd.nist.gov/vuln/detail/CVE-2021-33193\n[ 2 ] CVE-2021-34798\n      https://nvd.nist.gov/vuln/detail/CVE-2021-34798\n[ 3 ] CVE-2021-36160\n      https://nvd.nist.gov/vuln/detail/CVE-2021-36160\n[ 4 ] CVE-2021-39275\n      https://nvd.nist.gov/vuln/detail/CVE-2021-39275\n[ 5 ] CVE-2021-40438\n      https://nvd.nist.gov/vuln/detail/CVE-2021-40438\n[ 6 ] CVE-2021-41524\n      https://nvd.nist.gov/vuln/detail/CVE-2021-41524\n[ 7 ] CVE-2021-41773\n      https://nvd.nist.gov/vuln/detail/CVE-2021-41773\n[ 8 ] CVE-2021-42013\n      https://nvd.nist.gov/vuln/detail/CVE-2021-42013\n[ 9 ] CVE-2021-44224\n      https://nvd.nist.gov/vuln/detail/CVE-2021-44224\n[ 10 ] CVE-2021-44790\n      https://nvd.nist.gov/vuln/detail/CVE-2021-44790\n[ 11 ] CVE-2022-22719\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22719\n[ 12 ] CVE-2022-22720\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22720\n[ 13 ] CVE-2022-22721\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22721\n[ 14 ] CVE-2022-23943\n      https://nvd.nist.gov/vuln/detail/CVE-2022-23943\n[ 15 ] CVE-2022-26377\n      https://nvd.nist.gov/vuln/detail/CVE-2022-26377\n[ 16 ] CVE-2022-28614\n      https://nvd.nist.gov/vuln/detail/CVE-2022-28614\n[ 17 ] CVE-2022-28615\n      https://nvd.nist.gov/vuln/detail/CVE-2022-28615\n[ 18 ] CVE-2022-29404\n      https://nvd.nist.gov/vuln/detail/CVE-2022-29404\n[ 19 ] CVE-2022-30522\n      https://nvd.nist.gov/vuln/detail/CVE-2022-30522\n[ 20 ] CVE-2022-30556\n      https://nvd.nist.gov/vuln/detail/CVE-2022-30556\n[ 21 ] CVE-2022-31813\n      https://nvd.nist.gov/vuln/detail/CVE-2022-31813\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-20\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-5090-3\nSeptember 28, 2021\n\napache2 regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.04\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nUSN-5090-1 introduced a regression in Apache HTTP Server. One of the upstream\nfixes introduced a regression in UDS URIs. This update fixes the problem. \n\nOriginal advisory details:\n\n James Kettle discovered that the Apache HTTP Server HTTP/2 module\n incorrectly handled certain crafted methods. A remote attacker could\n possibly use this issue to perform request splitting or cache poisoning\n attacks. A remote attacker could possibly use this issue to\n cause the server to crash, resulting in a denial of service. \n (CVE-2021-34798)\n  Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly\n handled certain request uri-paths. A remote attacker could possibly use\n this issue to cause the server to crash, resulting in a denial of service. \n This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. If the server was configured with third-party modules, a remote\n attacker could use this issue to cause the server to crash, resulting in a\n denial of service, or possibly execute arbitrary code. (CVE-2021-39275)\n  It was discovered that the Apache mod_proxy module incorrectly handled\n certain request uri-paths. A remote attacker could possibly use this issue\n to cause the server to forward requests to arbitrary origin servers. \n (CVE-2021-40438)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.04:\n  apache2                         2.4.46-4ubuntu1.3\n  apache2-bin                     2.4.46-4ubuntu1.3\n\nUbuntu 20.04 LTS:\n  apache2                         2.4.41-4ubuntu3.6\n  apache2-bin                     2.4.41-4ubuntu3.6\n\nUbuntu 18.04 LTS:\n  apache2                         2.4.29-1ubuntu4.18\n  apache2-bin                     2.4.29-1ubuntu4.18\n\nIn general, a standard system update will make all the necessary changes",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-39275"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-008414"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-03225"
          },
          {
            "db": "VULHUB",
            "id": "VHN-400791"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-39275"
          },
          {
            "db": "PACKETSTORM",
            "id": "168565"
          },
          {
            "db": "PACKETSTORM",
            "id": "169132"
          },
          {
            "db": "PACKETSTORM",
            "id": "169541"
          },
          {
            "db": "PACKETSTORM",
            "id": "169540"
          },
          {
            "db": "PACKETSTORM",
            "id": "168072"
          },
          {
            "db": "PACKETSTORM",
            "id": "164307"
          },
          {
            "db": "PACKETSTORM",
            "id": "164305"
          },
          {
            "db": "PACKETSTORM",
            "id": "164318"
          }
        ],
        "trust": 3.06
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-39275",
            "trust": 4.2
          },
          {
            "db": "SIEMENS",
            "id": "SSA-685781",
            "trust": 1.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-25-259-04",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU99030761",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-008414",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-03225",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "169540",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "168072",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "168565",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "169541",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "166321",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "165587",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-400791",
            "trust": 0.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-167-06",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-39275",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169132",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "164307",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "164305",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "164318",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-03225"
          },
          {
            "db": "VULHUB",
            "id": "VHN-400791"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-39275"
          },
          {
            "db": "PACKETSTORM",
            "id": "168565"
          },
          {
            "db": "PACKETSTORM",
            "id": "169132"
          },
          {
            "db": "PACKETSTORM",
            "id": "169541"
          },
          {
            "db": "PACKETSTORM",
            "id": "169540"
          },
          {
            "db": "PACKETSTORM",
            "id": "168072"
          },
          {
            "db": "PACKETSTORM",
            "id": "164307"
          },
          {
            "db": "PACKETSTORM",
            "id": "164305"
          },
          {
            "db": "PACKETSTORM",
            "id": "164318"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-008414"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-39275"
          }
        ]
      },
      "id": "VAR-202109-1803",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-03225"
          },
          {
            "db": "VULHUB",
            "id": "VHN-400791"
          }
        ],
        "trust": 1.2207219
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-03225"
          }
        ]
      },
      "last_update_date": "2026-03-09T21:32:47.310000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "hitachi-sec-2022-111",
            "trust": 0.8,
            "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
          },
          {
            "title": "Patch for Apache HTTP Server ap_escape_quotes Buffer Overflow Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/313446"
          },
          {
            "title": "Red Hat: Moderate: httpd:2.4 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220891 - Security Advisory"
          },
          {
            "title": "Red Hat: CVE-2021-39275",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-39275"
          },
          {
            "title": "Debian Security Advisories: DSA-4982-1 apache2 -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=93a29f7ecf9a6aaba79d3b3320aa4b85"
          },
          {
            "title": "Arch Linux Issues: ",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-39275 log"
          },
          {
            "title": "Hitachi Security Advisories: Vulnerability in Cosminexus HTTP Server and Hitachi Web Server",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2022-111"
          },
          {
            "title": "Red Hat: Moderate: httpd24-httpd security and bug fix update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226753 - Security Advisory"
          },
          {
            "title": "Brocade Security Advisories: CVE-2021-39275. ap_escape_quotes buffer overflow",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories\u0026qid=8a2abdf2d185adc365552c461d65931f"
          },
          {
            "title": "Amazon Linux AMI: ALAS-2021-1543",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2021-1543"
          },
          {
            "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20227143 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20227144 - Security Advisory"
          },
          {
            "title": "Amazon Linux 2: ALAS2-2021-1716",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1716"
          },
          {
            "title": "Cisco: Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-apache-httpd-2.4.49-VWL69sWQ"
          },
          {
            "title": "PROJET TUTEURE",
            "trust": 0.1,
            "url": "https://github.com/PierreChrd/py-projet-tut "
          },
          {
            "title": "Tier 0\nTier 1\nTier 2",
            "trust": 0.1,
            "url": "https://github.com/Totes5706/TotesHTB "
          },
          {
            "title": "Requirements\nvulnsearch-cve\nUsage\nvulnsearch\nUsage\nTest Sample",
            "trust": 0.1,
            "url": "https://github.com/kasem545/vulnsearch "
          },
          {
            "title": "Skynet",
            "trust": 0.1,
            "url": "https://github.com/bioly230/THM_Skynet "
          },
          {
            "title": "Shodan Search Script",
            "trust": 0.1,
            "url": "https://github.com/firatesatoglu/shodanSearch "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-03225"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-39275"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-008414"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.1
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-120",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-400791"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-008414"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-39275"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39275"
          },
          {
            "trust": 1.3,
            "url": "https://security.gentoo.org/glsa/202208-20"
          },
          {
            "trust": 1.2,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-httpd-2.4.49-vwl69swq"
          },
          {
            "trust": 1.2,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf"
          },
          {
            "trust": 1.2,
            "url": "https://security.netapp.com/advisory/ntap-20211008-0004/"
          },
          {
            "trust": 1.2,
            "url": "https://www.debian.org/security/2021/dsa-4982"
          },
          {
            "trust": 1.2,
            "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
          },
          {
            "trust": 1.2,
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "trust": 1.2,
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "trust": 1.2,
            "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html"
          },
          {
            "trust": 1.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/"
          },
          {
            "trust": 1.1,
            "url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3cusers.httpd.apache.org%3e"
          },
          {
            "trust": 1.1,
            "url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3cusers.httpd.apache.org%3e"
          },
          {
            "trust": 1.1,
            "url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3cusers.httpd.apache.org%3e"
          },
          {
            "trust": 1.1,
            "url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3cusers.httpd.apache.org%3e"
          },
          {
            "trust": 1.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu99030761/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-259-04"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36160"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34798"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33193"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-40438"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-39275"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-36160"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.3,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.3,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-44224"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-33193"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41524"
          },
          {
            "trust": 0.3,
            "url": "https://ubuntu.com/security/notices/usn-5090-1"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28614"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29404"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28615"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30522"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22719"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30556"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23943"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26377"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-25313"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-22822"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-22824"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-22826"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-22827"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-45960"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-41524"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22827"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22826"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-23990"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-25315"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-25314"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-22823"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-25236"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-25235"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23852"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-23852"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2022-22825"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-46143"
          },
          {
            "trust": 0.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/"
          },
          {
            "trust": 0.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3cusers.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3cusers.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3cusers.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3cusers.httpd.apache.org%3e"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/787.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:0891"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-06"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/totes5706/toteshtb"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/articles/6975397"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-30556"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22719"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-28614"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:6753"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-34798"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-28615"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-31813"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-30522"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-22721"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-29404"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23943"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-26377"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/"
          },
          {
            "trust": 0.1,
            "url": "https://security-tracker.debian.org/tracker/apache2"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:7143"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:7144"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-31813"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "https://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44790"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41773"
          },
          {
            "trust": 0.1,
            "url": "https://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-42013"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22720"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-5090-2"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.17"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.5"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.46-4ubuntu1.2"
          },
          {
            "trust": 0.1,
            "url": "https://ubuntu.com/security/notices/usn-5090-3"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.6"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/bugs/1945311"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.18"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.46-4ubuntu1.3"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-03225"
          },
          {
            "db": "VULHUB",
            "id": "VHN-400791"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-39275"
          },
          {
            "db": "PACKETSTORM",
            "id": "168565"
          },
          {
            "db": "PACKETSTORM",
            "id": "169132"
          },
          {
            "db": "PACKETSTORM",
            "id": "169541"
          },
          {
            "db": "PACKETSTORM",
            "id": "169540"
          },
          {
            "db": "PACKETSTORM",
            "id": "168072"
          },
          {
            "db": "PACKETSTORM",
            "id": "164307"
          },
          {
            "db": "PACKETSTORM",
            "id": "164305"
          },
          {
            "db": "PACKETSTORM",
            "id": "164318"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-008414"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-39275"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-03225",
            "ident": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-400791",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-39275",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "168565",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "169132",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "169541",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "169540",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "168072",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164307",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164305",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164318",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-008414",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2021-39275",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-01-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-03225",
            "ident": null
          },
          {
            "date": "2021-09-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-400791",
            "ident": null
          },
          {
            "date": "2021-09-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-39275",
            "ident": null
          },
          {
            "date": "2022-09-30T14:51:18",
            "db": "PACKETSTORM",
            "id": "168565",
            "ident": null
          },
          {
            "date": "2021-10-28T19:12:00",
            "db": "PACKETSTORM",
            "id": "169132",
            "ident": null
          },
          {
            "date": "2022-10-27T13:05:26",
            "db": "PACKETSTORM",
            "id": "169541",
            "ident": null
          },
          {
            "date": "2022-10-27T13:05:19",
            "db": "PACKETSTORM",
            "id": "169540",
            "ident": null
          },
          {
            "date": "2022-08-15T16:02:48",
            "db": "PACKETSTORM",
            "id": "168072",
            "ident": null
          },
          {
            "date": "2021-09-28T15:13:59",
            "db": "PACKETSTORM",
            "id": "164307",
            "ident": null
          },
          {
            "date": "2021-09-28T15:06:35",
            "db": "PACKETSTORM",
            "id": "164305",
            "ident": null
          },
          {
            "date": "2021-09-28T15:23:06",
            "db": "PACKETSTORM",
            "id": "164318",
            "ident": null
          },
          {
            "date": "2022-03-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-008414",
            "ident": null
          },
          {
            "date": "2021-09-16T15:15:07.580000",
            "db": "NVD",
            "id": "CVE-2021-39275",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-01-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-03225",
            "ident": null
          },
          {
            "date": "2022-10-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-400791",
            "ident": null
          },
          {
            "date": "2023-11-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-39275",
            "ident": null
          },
          {
            "date": "2025-09-22T01:14:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-008414",
            "ident": null
          },
          {
            "date": "2025-05-01T15:39:40.260000",
            "db": "NVD",
            "id": "CVE-2021-39275",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "168072"
          },
          {
            "db": "PACKETSTORM",
            "id": "164307"
          },
          {
            "db": "PACKETSTORM",
            "id": "164305"
          },
          {
            "db": "PACKETSTORM",
            "id": "164318"
          }
        ],
        "trust": 0.4
      },
      "title": {
        "_id": null,
        "data": "Apache\u00a0HTTP\u00a0Server\u00a0 of \u00a0ap_escape_quotes()\u00a0 Buffer over-end vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-008414"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "arbitrary",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "169132"
          },
          {
            "db": "PACKETSTORM",
            "id": "164318"
          }
        ],
        "trust": 0.2
      }
    }

    VAR-201507-0037

    Vulnerability from variot - Updated: 2026-03-09 21:23

    named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries. ISC BIND is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause a denial-of-service.

    For the oldstable distribution (wheezy), this problem has been fixed in version 1:9.8.4.dfsg.P1-6+nmu2+deb7u6.

    For the stable distribution (jessie), this problem has been fixed in version 1:9.9.5.dfsg-9+deb8u2.

    We recommend that you upgrade your bind9 packages. This issue was addressed by updating BIND to version 9.9.7-P2. CVE-ID CVE-2015-5477

    OS X Server v4.1.5 may be obtained from the Mac App Store. Relevant releases/architectures:

    RHEL Desktop Workstation (v. 5 client):

    Source: bind-9.3.6-25.P1.el5_11.3.src.rpm

    i386: bind-9.3.6-25.P1.el5_11.3.i386.rpm bind-debuginfo-9.3.6-25.P1.el5_11.3.i386.rpm bind-libs-9.3.6-25.P1.el5_11.3.i386.rpm bind-sdb-9.3.6-25.P1.el5_11.3.i386.rpm bind-utils-9.3.6-25.P1.el5_11.3.i386.rpm

    x86_64: bind-9.3.6-25.P1.el5_11.3.x86_64.rpm bind-debuginfo-9.3.6-25.P1.el5_11.3.i386.rpm bind-debuginfo-9.3.6-25.P1.el5_11.3.x86_64.rpm bind-libs-9.3.6-25.P1.el5_11.3.i386.rpm bind-libs-9.3.6-25.P1.el5_11.3.x86_64.rpm bind-sdb-9.3.6-25.P1.el5_11.3.x86_64.rpm bind-utils-9.3.6-25.P1.el5_11.3.x86_64.rpm

    RHEL Desktop Workstation (v. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    ===================================================================== Red Hat Security Advisory

    Synopsis: Important: bind security update Advisory ID: RHSA-2016:0079-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0079.html Issue date: 2016-01-28 CVE Names: CVE-2015-5477 CVE-2015-5722 CVE-2015-8000 =====================================================================

    1. Summary:

    Updated bind packages that fix three security issues are now available for Red Hat Enterprise Linux 6.6 Extended Update Support.

    Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

    1. Relevant releases/architectures:

    Red Hat Enterprise Linux HPC Node EUS (v. 6.6) - x86_64 Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.6) - i386, ppc64, s390x, x86_64

    1. Description:

    The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.

    A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named (functioning as an authoritative DNS server or a DNS resolver) exit unexpectedly with an assertion failure via a specially crafted DNS request packet. (CVE-2015-5477)

    A denial of service flaw was found in the way BIND parsed certain malformed DNSSEC keys. A remote attacker could use this flaw to send a specially crafted DNS query (for example, a query requiring a response from a zone containing a deliberately malformed key) that would cause named functioning as a validating resolver to crash. (CVE-2015-5722)

    A denial of service flaw was found in the way BIND processed certain records with malformed class attributes. A remote attacker could use this flaw to send a query to request a cached record with a malformed class attribute that would cause named functioning as an authoritative or recursive server to crash. (CVE-2015-8000)

    Note: This issue affects authoritative servers as well as recursive servers, however authoritative servers are at limited risk if they perform authentication when making recursive queries to resolve addresses for servers listed in NS RRSETs.

    Red Hat would like to thank ISC for reporting the CVE-2015-5477, CVE-2015-5722, and CVE-2015-8000 issues. Upstream acknowledges Jonathan Foote as the original reporter of CVE-2015-5477, and Hanno Böck as the original reporter of CVE-2015-5722.

    All bind users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically.

    1. Solution:

    Before applying this update, make sure all previously released errata relevant to your system have been applied.

    For details on how to apply this update, refer to:

    https://access.redhat.com/articles/11258

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1247361 - CVE-2015-5477 bind: TKEY query handling flaw leading to denial of service 1259087 - CVE-2015-5722 bind: malformed DNSSEC key failed assertion denial of service 1291176 - CVE-2015-8000 bind: responses with a malformed class attribute can trigger an assertion failure in db.c

    1. Package List:

    Red Hat Enterprise Linux HPC Node EUS (v. 6.6):

    Source: bind-9.8.2-0.30.rc1.el6_6.4.src.rpm

    x86_64: bind-debuginfo-9.8.2-0.30.rc1.el6_6.4.i686.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.4.x86_64.rpm bind-libs-9.8.2-0.30.rc1.el6_6.4.i686.rpm bind-libs-9.8.2-0.30.rc1.el6_6.4.x86_64.rpm bind-utils-9.8.2-0.30.rc1.el6_6.4.x86_64.rpm

    Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.6):

    x86_64: bind-9.8.2-0.30.rc1.el6_6.4.x86_64.rpm bind-chroot-9.8.2-0.30.rc1.el6_6.4.x86_64.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.4.i686.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.4.x86_64.rpm bind-devel-9.8.2-0.30.rc1.el6_6.4.i686.rpm bind-devel-9.8.2-0.30.rc1.el6_6.4.x86_64.rpm bind-sdb-9.8.2-0.30.rc1.el6_6.4.x86_64.rpm

    Red Hat Enterprise Linux Server EUS (v. 6.6):

    Source: bind-9.8.2-0.30.rc1.el6_6.4.src.rpm

    i386: bind-9.8.2-0.30.rc1.el6_6.4.i686.rpm bind-chroot-9.8.2-0.30.rc1.el6_6.4.i686.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.4.i686.rpm bind-libs-9.8.2-0.30.rc1.el6_6.4.i686.rpm bind-utils-9.8.2-0.30.rc1.el6_6.4.i686.rpm

    ppc64: bind-9.8.2-0.30.rc1.el6_6.4.ppc64.rpm bind-chroot-9.8.2-0.30.rc1.el6_6.4.ppc64.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.4.ppc.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.4.ppc64.rpm bind-libs-9.8.2-0.30.rc1.el6_6.4.ppc.rpm bind-libs-9.8.2-0.30.rc1.el6_6.4.ppc64.rpm bind-utils-9.8.2-0.30.rc1.el6_6.4.ppc64.rpm

    s390x: bind-9.8.2-0.30.rc1.el6_6.4.s390x.rpm bind-chroot-9.8.2-0.30.rc1.el6_6.4.s390x.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.4.s390.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.4.s390x.rpm bind-libs-9.8.2-0.30.rc1.el6_6.4.s390.rpm bind-libs-9.8.2-0.30.rc1.el6_6.4.s390x.rpm bind-utils-9.8.2-0.30.rc1.el6_6.4.s390x.rpm

    x86_64: bind-9.8.2-0.30.rc1.el6_6.4.x86_64.rpm bind-chroot-9.8.2-0.30.rc1.el6_6.4.x86_64.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.4.i686.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.4.x86_64.rpm bind-libs-9.8.2-0.30.rc1.el6_6.4.i686.rpm bind-libs-9.8.2-0.30.rc1.el6_6.4.x86_64.rpm bind-utils-9.8.2-0.30.rc1.el6_6.4.x86_64.rpm

    Red Hat Enterprise Linux Server Optional EUS (v. 6.6):

    i386: bind-debuginfo-9.8.2-0.30.rc1.el6_6.4.i686.rpm bind-devel-9.8.2-0.30.rc1.el6_6.4.i686.rpm bind-sdb-9.8.2-0.30.rc1.el6_6.4.i686.rpm

    ppc64: bind-debuginfo-9.8.2-0.30.rc1.el6_6.4.ppc.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.4.ppc64.rpm bind-devel-9.8.2-0.30.rc1.el6_6.4.ppc.rpm bind-devel-9.8.2-0.30.rc1.el6_6.4.ppc64.rpm bind-sdb-9.8.2-0.30.rc1.el6_6.4.ppc64.rpm

    s390x: bind-debuginfo-9.8.2-0.30.rc1.el6_6.4.s390.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.4.s390x.rpm bind-devel-9.8.2-0.30.rc1.el6_6.4.s390.rpm bind-devel-9.8.2-0.30.rc1.el6_6.4.s390x.rpm bind-sdb-9.8.2-0.30.rc1.el6_6.4.s390x.rpm

    x86_64: bind-debuginfo-9.8.2-0.30.rc1.el6_6.4.i686.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.4.x86_64.rpm bind-devel-9.8.2-0.30.rc1.el6_6.4.i686.rpm bind-devel-9.8.2-0.30.rc1.el6_6.4.x86_64.rpm bind-sdb-9.8.2-0.30.rc1.el6_6.4.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2015-5477 https://access.redhat.com/security/cve/CVE-2015-5722 https://access.redhat.com/security/cve/CVE-2015-8000 https://access.redhat.com/security/updates/classification/#important https://kb.isc.org/article/AA-01272 https://kb.isc.org/article/AA-01287 https://kb.isc.org/article/AA-01317

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iD8DBQFWqh1xXlSAg2UNWIIRAp7CAJ9w8AmBLVorEliRxhkdVPJGa2ylCgCgvfMl uToGAGXXJzZZlOm00ysafoo= =G0Vs -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce.

    Release Date: 2015-09-08 Last Updated: 2015-09-08

    Potential Security Impact: Remote denial of service (DoS)

    Source: Hewlett-Packard Company, HP Software Security Response Team

    VULNERABILITY SUMMARY A potential security vulnerability has been identified with TCP/IP Services for OpenVMS running BIND. The vulnerability could be remotely exploited to cause a Denial of Service (DoS).

    References:

    CVE-2015-5477 SSRT102242

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. TCP/IP Services for OpenVMS V5.7 ECO5 running BIND

    BACKGROUND

    CVSS 2.0 Base Metrics

    Reference Base Vector Base Score CVE-2015-5477 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

    RESOLUTION

    HP has made the following patch kits available to resolve the vulnerabilities with TCP/IP Services for OpenVMS running BIND.

    Platform Patch Kit Name

    Alpha OpenVMS V8.4 QXCM1001434254_4652022589_2015-08-28.BCK

    ITANIUM OpenVMS V8.4 QXCM1001434254_4652022589_2015-08-28.BCK

    NOTE: Please contact OpenVMS Technical Support to request these patch kits.

    HISTORY Version:1 (rev.1) - 8 September 2015 Initial release

    Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

    Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

    Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

    Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

    Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

    Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

    3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

    Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

    Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/bind-9.9.7_P2-i486-1_slack14.1.txz: Upgraded. This update fixes a security issue where an error in the handling of TKEY queries can be exploited by an attacker for use as a denial-of-service vector, as a constructed packet can use the defect to trigger a REQUIRE assertion failure, causing BIND to exit. Additionally, exposure is not prevented by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling, before checks enforcing those boundaries. Operators should take steps to upgrade to a patched version as soon as possible. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477 https://kb.isc.org/article/AA-01272 ( Security fix ) +--------------------------+

    Where to find the new packages: +-----------------------------+

    Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

    Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

    Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/bind-9.9.7_P2-i486-1_slack13.0.txz

    Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/bind-9.9.7_P2-x86_64-1_slack13.0.txz

    Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/bind-9.9.7_P2-i486-1_slack13.1.txz

    Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/bind-9.9.7_P2-x86_64-1_slack13.1.txz

    Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/bind-9.9.7_P2-i486-1_slack13.37.txz

    Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/bind-9.9.7_P2-x86_64-1_slack13.37.txz

    Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/bind-9.9.7_P2-i486-1_slack14.0.txz

    Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/bind-9.9.7_P2-x86_64-1_slack14.0.txz

    Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/bind-9.9.7_P2-i486-1_slack14.1.txz

    Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/bind-9.9.7_P2-x86_64-1_slack14.1.txz

    Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.10.2_P3-i586-1.txz

    Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.10.2_P3-x86_64-1.txz

    MD5 signatures: +-------------+

    Slackware 13.0 package: 6a7f7bbc83fd3d189d1e43f672deb33d bind-9.9.7_P2-i486-1_slack13.0.txz

    Slackware x86_64 13.0 package: 3b8306bfbec7ff968762ab5c38e7d419 bind-9.9.7_P2-x86_64-1_slack13.0.txz

    Slackware 13.1 package: cfb8dfe797158a769697c261f2e5114c bind-9.9.7_P2-i486-1_slack13.1.txz

    Slackware x86_64 13.1 package: 417b3bb461e5fd5aae6b671fd584a1ae bind-9.9.7_P2-x86_64-1_slack13.1.txz

    Slackware 13.37 package: df46b76823c598beb2d0f47f2b6a9813 bind-9.9.7_P2-i486-1_slack13.37.txz

    Slackware x86_64 13.37 package: b17f5230240b9a0738e2066897b09a40 bind-9.9.7_P2-x86_64-1_slack13.37.txz

    Slackware 14.0 package: c9f9074c811f470009e6dda97dc5ff68 bind-9.9.7_P2-i486-1_slack14.0.txz

    Slackware x86_64 14.0 package: 578d63e26fee2783502f0828dc3d491c bind-9.9.7_P2-x86_64-1_slack14.0.txz

    Slackware 14.1 package: 9e27701833bd20df42e25418ffa8fdca bind-9.9.7_P2-i486-1_slack14.1.txz

    Slackware x86_64 14.1 package: 4b9c8c11a38c28ca2f12e8f97e3763c6 bind-9.9.7_P2-x86_64-1_slack14.1.txz

    Slackware -current package: c47d83f7a7b31902e802df3b72d1e902 n/bind-9.10.2_P3-i586-1.txz

    Slackware x86_64 -current package: c95fcfd95ed0261a2dedee90432f34c7 n/bind-9.10.2_P3-x86_64-1.txz

    Installation instructions: +------------------------+

    Upgrade the package as root:

    upgradepkg bind-9.9.7_P2-i486-1_slack14.1.txz

    Then, restart the name server:

    /etc/rc.d/rc.bind restart

    +-----+

    Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

    +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "bind",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "isc",
            "version": "9.9.7"
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "isc",
            "version": "9.10.2"
          },
          {
            "_id": null,
            "model": "junos 12.1x44-d20",
            "scope": null,
            "trust": 0.6,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "isc",
            "version": "9.9.7"
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "isc",
            "version": "9.10.2"
          },
          {
            "_id": null,
            "model": "8.4-release-p12",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "bind a1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.5"
          },
          {
            "_id": null,
            "model": "big-ip wom hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip psm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "hp-ux b.11.31.06",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip aam",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5"
          },
          {
            "_id": null,
            "model": "enterprise linux server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "junos 12.1x44-d33",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip afm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "big-ip gtm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "i v4r4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "big-ip psm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "big-ip apm hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "hp-ux c.9.7.3.8.0",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip psm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.4"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3"
          },
          {
            "_id": null,
            "model": "i v5r4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator hf7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.0"
          },
          {
            "_id": null,
            "model": "big-ip gtm hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3.0"
          },
          {
            "_id": null,
            "model": "junos 14.1r3",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "junos 12.3r8",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x4.1"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5"
          },
          {
            "_id": null,
            "model": "junos 12.3r5",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "i v5r3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "i v5r2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.1"
          },
          {
            "_id": null,
            "model": "enterprise linux workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "_id": null,
            "model": "big-ip afm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.0"
          },
          {
            "_id": null,
            "model": "bind a5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "_id": null,
            "model": "big-ip psm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "big-iq device",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "4.5"
          },
          {
            "_id": null,
            "model": "junos 12.1x44-d35",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "bind b3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "_id": null,
            "model": "junos 12.1x44-d51",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-iq device",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "4.2"
          },
          {
            "_id": null,
            "model": "i v5r1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.0"
          },
          {
            "_id": null,
            "model": "bind b4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "_id": null,
            "model": "i v4r1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "junos 14.1x53-d16",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "8.4-release-p9",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip edge gateway 11.1.0-hf2",
            "scope": null,
            "trust": 0.3,
            "vendor": "f5",
            "version": null
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4.3"
          },
          {
            "_id": null,
            "model": "big-ip asm hf7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "bind rc3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "clustered data ontap",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netapp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.4"
          },
          {
            "_id": null,
            "model": "i v5r2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "junos 12.1x44-d34",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "bind p1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.6"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "junos 14.2r5",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip apm hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.1"
          },
          {
            "_id": null,
            "model": "solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10"
          },
          {
            "_id": null,
            "model": "junos 14.1r1",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-iq device",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "4.4"
          },
          {
            "_id": null,
            "model": "big-ip afm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5"
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "_id": null,
            "model": "bind 9.5.2-p2",
            "scope": null,
            "trust": 0.3,
            "vendor": "isc",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-release-p10",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "junos 12.1x47-d10",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-release-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "bind -p1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "_id": null,
            "model": "i v4r1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "opensuse evergreen",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "11.4"
          },
          {
            "_id": null,
            "model": "junos 12.1x44-d50",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip psm hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.1"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "junos 14.1r4",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.6"
          },
          {
            "_id": null,
            "model": "big-ip asm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "junos 14.1x53-d30",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "junos 12.3x48-d15",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.1"
          },
          {
            "_id": null,
            "model": "big-ip apm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "junos os 12.1x47-d30",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.1"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.3"
          },
          {
            "_id": null,
            "model": "junos 12.3r12",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "bind 9.5.0a7",
            "scope": null,
            "trust": 0.3,
            "vendor": "isc",
            "version": null
          },
          {
            "_id": null,
            "model": "bind 9.6.0-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "isc",
            "version": null
          },
          {
            "_id": null,
            "model": "junos 12.3r4.6",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "big-ip psm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3"
          },
          {
            "_id": null,
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "_id": null,
            "model": "junos 12.3r2",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "junos d30",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "12.1x44"
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.2"
          },
          {
            "_id": null,
            "model": "vcx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.8.17"
          },
          {
            "_id": null,
            "model": "bind a4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "_id": null,
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3.0"
          },
          {
            "_id": null,
            "model": "junos 15.1r2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-iq security",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "4.5"
          },
          {
            "_id": null,
            "model": "bind 9.5.0a6",
            "scope": null,
            "trust": 0.3,
            "vendor": "isc",
            "version": null
          },
          {
            "_id": null,
            "model": "8.4-release-p19",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip link controller hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3.0"
          },
          {
            "_id": null,
            "model": "vm server for",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "x863.3"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway 10.2.3-hf1",
            "scope": null,
            "trust": 0.3,
            "vendor": "f5",
            "version": null
          },
          {
            "_id": null,
            "model": "junos 14.2r1",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.5"
          },
          {
            "_id": null,
            "model": "smartcloud provisioning for software virtual appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "junos 14.1r2",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip asm hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "junos 15.2r1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "junos 13.2x51-d39",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip ltm hf7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "big-iq security",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "4.4"
          },
          {
            "_id": null,
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "i v5r3",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.4"
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "opensuse",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "13.2"
          },
          {
            "_id": null,
            "model": "big-ip wom",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "bind p3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.5.1"
          },
          {
            "_id": null,
            "model": "junos d15",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "12.1x44"
          },
          {
            "_id": null,
            "model": "junos 13.2r5",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "bind rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.0.1"
          },
          {
            "_id": null,
            "model": "big-ip afm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3"
          },
          {
            "_id": null,
            "model": "junos os 15.1x49-d30",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip psm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip aam",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "bind a1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "_id": null,
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "8.4-release-p8",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip pem",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5"
          },
          {
            "_id": null,
            "model": "junos 12.3r2-s3",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip ltm hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3.0"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "bind rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.0"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip wom",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4.1"
          },
          {
            "_id": null,
            "model": "junos 12.1x46-d20",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.6"
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.4"
          },
          {
            "_id": null,
            "model": "bind 9.4.2-p2",
            "scope": null,
            "trust": 0.3,
            "vendor": "isc",
            "version": null
          },
          {
            "_id": null,
            "model": "junos 15.1x53-d20",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "junos 14.1x53-d26",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip gtm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3.0"
          },
          {
            "_id": null,
            "model": "junos 12.1x44-d55",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "junos d40",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "12.1x44"
          },
          {
            "_id": null,
            "model": "junos 12.1x44-d30.4",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "i v3r7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "i v4r3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "enterprise linux workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "junos 15.1r1",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "8.4-release-p13",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "junos d20",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "12.1x44"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "bind 9.4.3-p5",
            "scope": null,
            "trust": 0.3,
            "vendor": "isc",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise linux desktop client",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "5"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway 11.0.0-hf2",
            "scope": null,
            "trust": 0.3,
            "vendor": "f5",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "_id": null,
            "model": "big-iq device",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "4.3"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "junos 15.1x49-d20",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip aam",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.0"
          },
          {
            "_id": null,
            "model": "9.3-release-p2",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "i v4r3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.4"
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.2"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "i v4r2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "linux x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "14.1"
          },
          {
            "_id": null,
            "model": "junos 14.1x53-d10",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "bind -p2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "_id": null,
            "model": "big-ip aam",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5"
          },
          {
            "_id": null,
            "model": "junos 12.1x46-d10",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip asm hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.0.0"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.2"
          },
          {
            "_id": null,
            "model": "big-ip psm hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3.0"
          },
          {
            "_id": null,
            "model": "bind rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "_id": null,
            "model": "big-ip gtm hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip apm hf7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x4.1.5"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.1"
          },
          {
            "_id": null,
            "model": "big-ip psm hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip wom hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.2"
          },
          {
            "_id": null,
            "model": "junos 12.3x50-d50",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "bind 9.5.0a3",
            "scope": null,
            "trust": 0.3,
            "vendor": "isc",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip asm hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3.0"
          },
          {
            "_id": null,
            "model": "junos 14.1r6",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "7"
          },
          {
            "_id": null,
            "model": "9.3-release-p3",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "big-iq cloud hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "4.4"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "junos 12.1x47-d25",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.2"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "8.4-release-p23",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.1.0"
          },
          {
            "_id": null,
            "model": "8.4-release-p24",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2"
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.1"
          },
          {
            "_id": null,
            "model": "bind 9.5.0b2",
            "scope": null,
            "trust": 0.3,
            "vendor": "isc",
            "version": null
          },
          {
            "_id": null,
            "model": "linux lts amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "12.04"
          },
          {
            "_id": null,
            "model": "netezza host management",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.8.0"
          },
          {
            "_id": null,
            "model": "junos 12.1x46-d25",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip afm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "big-ip wom hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.2"
          },
          {
            "_id": null,
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "hp-ux b.11.11",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip edge gateway hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.1"
          },
          {
            "_id": null,
            "model": "bind a2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.2"
          },
          {
            "_id": null,
            "model": "junos 15.1r3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-iq security",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "4.3"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "14.1"
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.1"
          },
          {
            "_id": null,
            "model": "junos 13.2r3",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip psm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "bind 9.6.1-p2",
            "scope": null,
            "trust": 0.3,
            "vendor": "isc",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "bind p2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.7.0"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "8.4-release-p14",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "_id": null,
            "model": "big-ip wom hf7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "junos 14.1x53-d20",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip analytics 11.0.0-hf2",
            "scope": null,
            "trust": 0.3,
            "vendor": "f5",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip afm hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3.0"
          },
          {
            "_id": null,
            "model": "i v5r4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "bind a3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "_id": null,
            "model": "bind 9.5.1b1",
            "scope": null,
            "trust": 0.3,
            "vendor": "isc",
            "version": null
          },
          {
            "_id": null,
            "model": "hp-ux b.11.31.08",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.7.0"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.1"
          },
          {
            "_id": null,
            "model": "junos 13.2x51-d26",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip analytics hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6"
          },
          {
            "_id": null,
            "model": "bind rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "_id": null,
            "model": "linux x86 64 -current",
            "scope": null,
            "trust": 0.3,
            "vendor": "slackware",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip analytics hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "14.0"
          },
          {
            "_id": null,
            "model": "junos 14.2r2",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip analytics hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "i v5r3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "junos 12.1x44-d45",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.1"
          },
          {
            "_id": null,
            "model": "junos d10",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "12.1x44"
          },
          {
            "_id": null,
            "model": "hp-ux b.11.23",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "junos 12.1x46-d35",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip pem",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip apm hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "i v5r4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "freebsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "9.3"
          },
          {
            "_id": null,
            "model": "bind p1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.7.1"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "5"
          },
          {
            "_id": null,
            "model": "bind -p1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "_id": null,
            "model": "junos 12.1x44-d25",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "bind 9.5.0-p2",
            "scope": null,
            "trust": 0.3,
            "vendor": "isc",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "big-ip psm hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "i v5r3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "i v4r4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "junos 12.1x46-d45",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip link controller hf7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5"
          },
          {
            "_id": null,
            "model": "big-ip pem",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.0"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "junos 12.1x47-d11",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "junos 13.3r8",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip apm hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "junos 12.3r7",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5"
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "9.3-release-p13",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "junos 14.1x53-d25",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.1.0"
          },
          {
            "_id": null,
            "model": "junos 13.2r6",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.8"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway 11.1.0-hf3",
            "scope": null,
            "trust": 0.3,
            "vendor": "f5",
            "version": null
          },
          {
            "_id": null,
            "model": "junos 13.2x51-d40",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip asm hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "junos 13.2x51-d20",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "netezza host management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.7.0"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "i v5r1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.0"
          },
          {
            "_id": null,
            "model": "bind 9.5.0b1",
            "scope": null,
            "trust": 0.3,
            "vendor": "isc",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.0.1"
          },
          {
            "_id": null,
            "model": "junos d25",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "12.1x44"
          },
          {
            "_id": null,
            "model": "junos 12.1x47-d20",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "junos 14.1r7",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "junos 12.3r3.4",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "_id": null,
            "model": "big-ip psm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-iq cloud",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.2"
          },
          {
            "_id": null,
            "model": "junos 12.1x44-d20.3",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "bind 9.5.0a5",
            "scope": null,
            "trust": 0.3,
            "vendor": "isc",
            "version": null
          },
          {
            "_id": null,
            "model": "i v5r2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "big-ip apm hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip gtm hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip wom",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.37"
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.5"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "junos d35",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "12.1x44"
          },
          {
            "_id": null,
            "model": "i v4r1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.0"
          },
          {
            "_id": null,
            "model": "8.4-release-p20",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5"
          },
          {
            "_id": null,
            "model": "big-ip wom hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "junos os 12.3x50-d42",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "centos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "centos",
            "version": "7"
          },
          {
            "_id": null,
            "model": "bind 9.7.1-p2",
            "scope": null,
            "trust": 0.3,
            "vendor": "isc",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-iq cloud",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "4.2"
          },
          {
            "_id": null,
            "model": "linux lts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "14.04"
          },
          {
            "_id": null,
            "model": "hp-ux b.11.31.09",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "linux lts i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "12.04"
          },
          {
            "_id": null,
            "model": "junos 12.1x44-d40",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "junos 12.1x44-d30",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "bind rc3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "big-ip afm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "bind p1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.5.1"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "opensuse",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "13.1"
          },
          {
            "_id": null,
            "model": "junos 12.1x46-d30",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "junos 13.2r4",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-iq adc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "4.5"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "8.4-release-p16",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip gtm hf7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "big-iq cloud",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "lotus protector for mail security",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.80"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.4"
          },
          {
            "_id": null,
            "model": "big-ip gtm hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "_id": null,
            "model": "big-ip link controller 11.1.0-hf3",
            "scope": null,
            "trust": 0.3,
            "vendor": "f5",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip edge gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3"
          },
          {
            "_id": null,
            "model": "linux enterprise server sp4 ltss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "_id": null,
            "model": "bind 9.4.3b2",
            "scope": null,
            "trust": 0.3,
            "vendor": "isc",
            "version": null
          },
          {
            "_id": null,
            "model": "junos 15.1f3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip link controller hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "bind rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "_id": null,
            "model": "bind b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "_id": null,
            "model": "hp-ux b.11.31",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "bind -p1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4.1"
          },
          {
            "_id": null,
            "model": "linux x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "14.0"
          },
          {
            "_id": null,
            "model": "lotus protector for mail security",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.8.1.0"
          },
          {
            "_id": null,
            "model": "big-ip asm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "8.4-release-p15",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.7.1"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.1"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.1.0"
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.4"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "i v5r1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "big-ip psm hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "junos 13.2r9",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "junos 12.1x46-d20.5",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "_id": null,
            "model": "junos 12.3x48-d10",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip pem",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.2"
          },
          {
            "_id": null,
            "model": "linux x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.1"
          },
          {
            "_id": null,
            "model": "8.4-release-p4",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "i v3r7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.10.5"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "big-ip apm hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3.0"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5"
          },
          {
            "_id": null,
            "model": "junos 12.1x46-d40",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2"
          },
          {
            "_id": null,
            "model": "linux x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.0"
          },
          {
            "_id": null,
            "model": "junos 12.3r11",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip analytics hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "big-ip psm hf7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "big-ip wom",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "centos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "centos",
            "version": "5"
          },
          {
            "_id": null,
            "model": "bind 9.4.3-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "isc",
            "version": null
          },
          {
            "_id": null,
            "model": "junos 13.2r1",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.3"
          },
          {
            "_id": null,
            "model": "big-ip asm hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "vm server for",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "x863.4"
          },
          {
            "_id": null,
            "model": "bind b2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "_id": null,
            "model": "bind 9.3.5-p2",
            "scope": null,
            "trust": 0.3,
            "vendor": "isc",
            "version": null
          },
          {
            "_id": null,
            "model": "i v3r7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "bind 9.4.3-p4",
            "scope": null,
            "trust": 0.3,
            "vendor": "isc",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise linux server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3"
          },
          {
            "_id": null,
            "model": "big-ip link controller 11.1.0-hf2",
            "scope": null,
            "trust": 0.3,
            "vendor": "f5",
            "version": null
          },
          {
            "_id": null,
            "model": "i v4r2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "bind p3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4.3"
          },
          {
            "_id": null,
            "model": "junos 13.2x51-d36",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1"
          },
          {
            "_id": null,
            "model": "8.4-release-p17",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "junos 15.1x49-d10",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3"
          },
          {
            "_id": null,
            "model": "junos 12.1x44-d24",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip apm hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "linux x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.37"
          },
          {
            "_id": null,
            "model": "northstar controller application service pack",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "2.1.01"
          },
          {
            "_id": null,
            "model": "i v4r2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "junos 15.1f2-s2",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "tcp/ip services for openvms bind eco5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.7"
          },
          {
            "_id": null,
            "model": "junos 14.1r5",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "junos 14.1x53-d18",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-release-p5",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "bind rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.2"
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.4"
          },
          {
            "_id": null,
            "model": "big-ip psm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.1"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.1.0"
          },
          {
            "_id": null,
            "model": "i v4r3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "big-ip asm hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "big-iq security",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "linux -current",
            "scope": null,
            "trust": 0.3,
            "vendor": "slackware",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip analytics hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "junos 12.3r4",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.1"
          },
          {
            "_id": null,
            "model": "junos 12.3r9",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "bind 9.6.1-p3",
            "scope": null,
            "trust": 0.3,
            "vendor": "isc",
            "version": null
          },
          {
            "_id": null,
            "model": "bind a2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.5"
          },
          {
            "_id": null,
            "model": "bind a6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "_id": null,
            "model": "junos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "12.1x44"
          },
          {
            "_id": null,
            "model": "bind 9.5.0a4",
            "scope": null,
            "trust": 0.3,
            "vendor": "isc",
            "version": null
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.0"
          },
          {
            "_id": null,
            "model": "big-ip psm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.0"
          },
          {
            "_id": null,
            "model": "big-ip gtm hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-iq cloud",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "4.3"
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip apm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip psm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "junos 12.1x44-d26",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-iq security",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "4.2"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3.0"
          },
          {
            "_id": null,
            "model": "junos 12.1x44-d35.5",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.4"
          },
          {
            "_id": null,
            "model": "9.3-release-p6",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "8.4-release-p7",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip analytics hf7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "enterprise linux hpc node",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.1"
          },
          {
            "_id": null,
            "model": "9.3-release-p9",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "_id": null,
            "model": "big-ip pem",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5"
          },
          {
            "_id": null,
            "model": "junos 12.3r10.2",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "enterprise linux server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "5"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "bind 9.5.2-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "isc",
            "version": null
          },
          {
            "_id": null,
            "model": "junos 12.3x48-d20",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-iq security",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "vcx",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.8.18"
          },
          {
            "_id": null,
            "model": "bind -p2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "_id": null,
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.4"
          },
          {
            "_id": null,
            "model": "junos 13.2r7",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "junos 12.3r1.8",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "junos 13.2x51-d15",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "junos 12.1x46-d36",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "junos 13.2x51-d25",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "junos 14.2r4",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip gtm hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "northstar controller application",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "2.1.0"
          },
          {
            "_id": null,
            "model": "big-ip psm hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-iq cloud",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "4.5"
          },
          {
            "_id": null,
            "model": "enterprise manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "3.1.1"
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3"
          },
          {
            "_id": null,
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "enterprise linux desktop workstation client",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "5"
          },
          {
            "_id": null,
            "model": "junos 14.2r3",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.3"
          },
          {
            "_id": null,
            "model": "big-ip pem hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3.0"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "junos 14.1x53-d12",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.1"
          },
          {
            "_id": null,
            "model": "junos 12.1x46-d15",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "junos 12.1x47-d15",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "junos 12.1x44-d32",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "junos 13.2x51-d30",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise linux hpc node",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7"
          },
          {
            "_id": null,
            "model": "junos 13.2r8",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3"
          },
          {
            "_id": null,
            "model": "big-iq cloud",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "4.4"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip aam",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.6.0"
          },
          {
            "_id": null,
            "model": "freebsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "8.4"
          },
          {
            "_id": null,
            "model": "vm server for",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "x863.2"
          },
          {
            "_id": null,
            "model": "big-ip psm hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "8.4-release-p27",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip psm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1"
          },
          {
            "_id": null,
            "model": "junos 12.3r10",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "i v4r4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "15.04"
          },
          {
            "_id": null,
            "model": "junos 12.1x44-d15",
            "scope": null,
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "76092"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-807"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-5477"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Jonathan Foote",
        "sources": [
          {
            "db": "BID",
            "id": "76092"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2015-5477",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2015-5477",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-5477",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201507-807",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2015-5477",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2015-5477"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-807"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-5477"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries. ISC BIND is prone to a remote denial-of-service vulnerability. \nAttackers can exploit this issue to cause a denial-of-service. \n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 1:9.8.4.dfsg.P1-6+nmu2+deb7u6. \n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1:9.9.5.dfsg-9+deb8u2. \n\nWe recommend that you upgrade your bind9 packages. This issue was addressed by updating BIND to version\n9.9.7-P2. \nCVE-ID\nCVE-2015-5477\n\n\nOS X Server v4.1.5 may be obtained from the Mac App Store. Relevant releases/architectures:\n\nRHEL Desktop Workstation (v. 5 client):\n\nSource:\nbind-9.3.6-25.P1.el5_11.3.src.rpm\n\ni386:\nbind-9.3.6-25.P1.el5_11.3.i386.rpm\nbind-debuginfo-9.3.6-25.P1.el5_11.3.i386.rpm\nbind-libs-9.3.6-25.P1.el5_11.3.i386.rpm\nbind-sdb-9.3.6-25.P1.el5_11.3.i386.rpm\nbind-utils-9.3.6-25.P1.el5_11.3.i386.rpm\n\nx86_64:\nbind-9.3.6-25.P1.el5_11.3.x86_64.rpm\nbind-debuginfo-9.3.6-25.P1.el5_11.3.i386.rpm\nbind-debuginfo-9.3.6-25.P1.el5_11.3.x86_64.rpm\nbind-libs-9.3.6-25.P1.el5_11.3.i386.rpm\nbind-libs-9.3.6-25.P1.el5_11.3.x86_64.rpm\nbind-sdb-9.3.6-25.P1.el5_11.3.x86_64.rpm\nbind-utils-9.3.6-25.P1.el5_11.3.x86_64.rpm\n\nRHEL Desktop Workstation (v. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: bind security update\nAdvisory ID:       RHSA-2016:0079-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2016-0079.html\nIssue date:        2016-01-28\nCVE Names:         CVE-2015-5477 CVE-2015-5722 CVE-2015-8000 \n=====================================================================\n\n1. Summary:\n\nUpdated bind packages that fix three security issues are now available for\nRed Hat Enterprise Linux 6.6 Extended Update Support. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux HPC Node EUS (v. 6.6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional EUS (v. 6.6) - x86_64\nRed Hat Enterprise Linux Server EUS (v. 6.6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional EUS (v. 6.6) - i386, ppc64, s390x, x86_64\n\n3. Description:\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named); a resolver\nlibrary (routines for applications to use when interfacing with DNS); and\ntools for verifying that the DNS server is operating correctly. \n\nA flaw was found in the way BIND handled requests for TKEY DNS resource\nrecords. A remote attacker could use this flaw to make named (functioning\nas an authoritative DNS server or a DNS resolver) exit unexpectedly with an\nassertion failure via a specially crafted DNS request packet. \n(CVE-2015-5477)\n\nA denial of service flaw was found in the way BIND parsed certain malformed\nDNSSEC keys. A remote attacker could use this flaw to send a specially\ncrafted DNS query (for example, a query requiring a response from a zone\ncontaining a deliberately malformed key) that would cause named functioning\nas a validating resolver to crash. (CVE-2015-5722)\n\nA denial of service flaw was found in the way BIND processed certain\nrecords with malformed class attributes. A remote attacker could use this\nflaw to send a query to request a cached record with a malformed class\nattribute that would cause named functioning as an authoritative or\nrecursive server to crash. (CVE-2015-8000)\n\nNote: This issue affects authoritative servers as well as recursive\nservers, however authoritative servers are at limited risk if they perform\nauthentication when making recursive queries to resolve addresses for\nservers listed in NS RRSETs. \n\nRed Hat would like to thank ISC for reporting the CVE-2015-5477,\nCVE-2015-5722, and CVE-2015-8000 issues. Upstream acknowledges Jonathan\nFoote as the original reporter of CVE-2015-5477, and Hanno B\u00f6ck as the\noriginal reporter of CVE-2015-5722. \n\nAll bind users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdate, the BIND daemon (named) will be restarted automatically. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1247361 - CVE-2015-5477 bind: TKEY query handling flaw leading to denial of service\n1259087 - CVE-2015-5722 bind: malformed DNSSEC key failed assertion denial of service\n1291176 - CVE-2015-8000 bind: responses with a malformed class attribute can trigger an assertion failure in db.c\n\n6. Package List:\n\nRed Hat Enterprise Linux HPC Node EUS (v. 6.6):\n\nSource:\nbind-9.8.2-0.30.rc1.el6_6.4.src.rpm\n\nx86_64:\nbind-debuginfo-9.8.2-0.30.rc1.el6_6.4.i686.rpm\nbind-debuginfo-9.8.2-0.30.rc1.el6_6.4.x86_64.rpm\nbind-libs-9.8.2-0.30.rc1.el6_6.4.i686.rpm\nbind-libs-9.8.2-0.30.rc1.el6_6.4.x86_64.rpm\nbind-utils-9.8.2-0.30.rc1.el6_6.4.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional EUS (v. 6.6):\n\nx86_64:\nbind-9.8.2-0.30.rc1.el6_6.4.x86_64.rpm\nbind-chroot-9.8.2-0.30.rc1.el6_6.4.x86_64.rpm\nbind-debuginfo-9.8.2-0.30.rc1.el6_6.4.i686.rpm\nbind-debuginfo-9.8.2-0.30.rc1.el6_6.4.x86_64.rpm\nbind-devel-9.8.2-0.30.rc1.el6_6.4.i686.rpm\nbind-devel-9.8.2-0.30.rc1.el6_6.4.x86_64.rpm\nbind-sdb-9.8.2-0.30.rc1.el6_6.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server EUS (v. 6.6):\n\nSource:\nbind-9.8.2-0.30.rc1.el6_6.4.src.rpm\n\ni386:\nbind-9.8.2-0.30.rc1.el6_6.4.i686.rpm\nbind-chroot-9.8.2-0.30.rc1.el6_6.4.i686.rpm\nbind-debuginfo-9.8.2-0.30.rc1.el6_6.4.i686.rpm\nbind-libs-9.8.2-0.30.rc1.el6_6.4.i686.rpm\nbind-utils-9.8.2-0.30.rc1.el6_6.4.i686.rpm\n\nppc64:\nbind-9.8.2-0.30.rc1.el6_6.4.ppc64.rpm\nbind-chroot-9.8.2-0.30.rc1.el6_6.4.ppc64.rpm\nbind-debuginfo-9.8.2-0.30.rc1.el6_6.4.ppc.rpm\nbind-debuginfo-9.8.2-0.30.rc1.el6_6.4.ppc64.rpm\nbind-libs-9.8.2-0.30.rc1.el6_6.4.ppc.rpm\nbind-libs-9.8.2-0.30.rc1.el6_6.4.ppc64.rpm\nbind-utils-9.8.2-0.30.rc1.el6_6.4.ppc64.rpm\n\ns390x:\nbind-9.8.2-0.30.rc1.el6_6.4.s390x.rpm\nbind-chroot-9.8.2-0.30.rc1.el6_6.4.s390x.rpm\nbind-debuginfo-9.8.2-0.30.rc1.el6_6.4.s390.rpm\nbind-debuginfo-9.8.2-0.30.rc1.el6_6.4.s390x.rpm\nbind-libs-9.8.2-0.30.rc1.el6_6.4.s390.rpm\nbind-libs-9.8.2-0.30.rc1.el6_6.4.s390x.rpm\nbind-utils-9.8.2-0.30.rc1.el6_6.4.s390x.rpm\n\nx86_64:\nbind-9.8.2-0.30.rc1.el6_6.4.x86_64.rpm\nbind-chroot-9.8.2-0.30.rc1.el6_6.4.x86_64.rpm\nbind-debuginfo-9.8.2-0.30.rc1.el6_6.4.i686.rpm\nbind-debuginfo-9.8.2-0.30.rc1.el6_6.4.x86_64.rpm\nbind-libs-9.8.2-0.30.rc1.el6_6.4.i686.rpm\nbind-libs-9.8.2-0.30.rc1.el6_6.4.x86_64.rpm\nbind-utils-9.8.2-0.30.rc1.el6_6.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional EUS (v. 6.6):\n\ni386:\nbind-debuginfo-9.8.2-0.30.rc1.el6_6.4.i686.rpm\nbind-devel-9.8.2-0.30.rc1.el6_6.4.i686.rpm\nbind-sdb-9.8.2-0.30.rc1.el6_6.4.i686.rpm\n\nppc64:\nbind-debuginfo-9.8.2-0.30.rc1.el6_6.4.ppc.rpm\nbind-debuginfo-9.8.2-0.30.rc1.el6_6.4.ppc64.rpm\nbind-devel-9.8.2-0.30.rc1.el6_6.4.ppc.rpm\nbind-devel-9.8.2-0.30.rc1.el6_6.4.ppc64.rpm\nbind-sdb-9.8.2-0.30.rc1.el6_6.4.ppc64.rpm\n\ns390x:\nbind-debuginfo-9.8.2-0.30.rc1.el6_6.4.s390.rpm\nbind-debuginfo-9.8.2-0.30.rc1.el6_6.4.s390x.rpm\nbind-devel-9.8.2-0.30.rc1.el6_6.4.s390.rpm\nbind-devel-9.8.2-0.30.rc1.el6_6.4.s390x.rpm\nbind-sdb-9.8.2-0.30.rc1.el6_6.4.s390x.rpm\n\nx86_64:\nbind-debuginfo-9.8.2-0.30.rc1.el6_6.4.i686.rpm\nbind-debuginfo-9.8.2-0.30.rc1.el6_6.4.x86_64.rpm\nbind-devel-9.8.2-0.30.rc1.el6_6.4.i686.rpm\nbind-devel-9.8.2-0.30.rc1.el6_6.4.x86_64.rpm\nbind-sdb-9.8.2-0.30.rc1.el6_6.4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-5477\nhttps://access.redhat.com/security/cve/CVE-2015-5722\nhttps://access.redhat.com/security/cve/CVE-2015-8000\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://kb.isc.org/article/AA-01272\nhttps://kb.isc.org/article/AA-01287\nhttps://kb.isc.org/article/AA-01317\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFWqh1xXlSAg2UNWIIRAp7CAJ9w8AmBLVorEliRxhkdVPJGa2ylCgCgvfMl\nuToGAGXXJzZZlOm00ysafoo=\n=G0Vs\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce. \n\nRelease Date: 2015-09-08\nLast Updated: 2015-09-08\n\nPotential Security Impact: Remote denial of service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with TCP/IP Services\nfor OpenVMS running BIND. The vulnerability could be remotely exploited to\ncause a Denial of Service (DoS). \n\nReferences:\n\nCVE-2015-5477\nSSRT102242\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nTCP/IP Services for OpenVMS V5.7 ECO5 running BIND\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2015-5477    (AV:N/AC:L/Au:N/C:N/I:N/A:C)       7.8\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following patch kits available to resolve the vulnerabilities\nwith TCP/IP Services for OpenVMS running BIND. \n\n  Platform\n    Patch Kit Name\n\n  Alpha OpenVMS V8.4\n    QXCM1001434254_4652022589_2015-08-28.BCK\n\n  ITANIUM OpenVMS V8.4\n    QXCM1001434254_4652022589_2015-08-28.BCK\n\n  NOTE: Please contact OpenVMS Technical Support to request these patch kits. \n\nHISTORY\nVersion:1 (rev.1) - 8 September 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/bind-9.9.7_P2-i486-1_slack14.1.txz:  Upgraded. \n  This update fixes a security issue where an error in the handling of TKEY\n  queries can be exploited by an attacker for use as a denial-of-service\n  vector, as a constructed packet can use the defect to trigger a REQUIRE\n  assertion failure, causing BIND to exit. \n  Additionally, exposure is not prevented by either ACLs or configuration\n  options limiting or denying service because the exploitable code occurs\n  early in the packet handling, before checks enforcing those boundaries. \n  Operators should take steps to upgrade to a patched version as soon as\n  possible. \n  For more information, see:\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477\n    https://kb.isc.org/article/AA-01272\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/bind-9.9.7_P2-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/bind-9.9.7_P2-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/bind-9.9.7_P2-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/bind-9.9.7_P2-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/bind-9.9.7_P2-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/bind-9.9.7_P2-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/bind-9.9.7_P2-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/bind-9.9.7_P2-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/bind-9.9.7_P2-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/bind-9.9.7_P2-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.10.2_P3-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.10.2_P3-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 package:\n6a7f7bbc83fd3d189d1e43f672deb33d  bind-9.9.7_P2-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n3b8306bfbec7ff968762ab5c38e7d419  bind-9.9.7_P2-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\ncfb8dfe797158a769697c261f2e5114c  bind-9.9.7_P2-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n417b3bb461e5fd5aae6b671fd584a1ae  bind-9.9.7_P2-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\ndf46b76823c598beb2d0f47f2b6a9813  bind-9.9.7_P2-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\nb17f5230240b9a0738e2066897b09a40  bind-9.9.7_P2-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\nc9f9074c811f470009e6dda97dc5ff68  bind-9.9.7_P2-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n578d63e26fee2783502f0828dc3d491c  bind-9.9.7_P2-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n9e27701833bd20df42e25418ffa8fdca  bind-9.9.7_P2-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n4b9c8c11a38c28ca2f12e8f97e3763c6  bind-9.9.7_P2-x86_64-1_slack14.1.txz\n\nSlackware -current package:\nc47d83f7a7b31902e802df3b72d1e902  n/bind-9.10.2_P3-i586-1.txz\n\nSlackware x86_64 -current package:\nc95fcfd95ed0261a2dedee90432f34c7  n/bind-9.10.2_P3-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg bind-9.9.7_P2-i486-1_slack14.1.txz\n\nThen, restart the name server:\n# /etc/rc.d/rc.bind restart\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-5477"
          },
          {
            "db": "BID",
            "id": "76092"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-5477"
          },
          {
            "db": "PACKETSTORM",
            "id": "132856"
          },
          {
            "db": "PACKETSTORM",
            "id": "132888"
          },
          {
            "db": "PACKETSTORM",
            "id": "133081"
          },
          {
            "db": "PACKETSTORM",
            "id": "132887"
          },
          {
            "db": "PACKETSTORM",
            "id": "135473"
          },
          {
            "db": "PACKETSTORM",
            "id": "133507"
          },
          {
            "db": "PACKETSTORM",
            "id": "132871"
          }
        ],
        "trust": 1.89
      },
      "exploit_availability": {
        "_id": null,
        "data": [
          {
            "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=37723",
            "trust": 0.2,
            "type": "exploit"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2015-5477"
          }
        ]
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2015-5477",
            "trust": 2.7
          },
          {
            "db": "ISC",
            "id": "AA-01272",
            "trust": 1.9
          },
          {
            "db": "JUNIPER",
            "id": "JSA10718",
            "trust": 1.4
          },
          {
            "db": "JUNIPER",
            "id": "JSA10783",
            "trust": 1.4
          },
          {
            "db": "BID",
            "id": "76092",
            "trust": 1.4
          },
          {
            "db": "EXPLOIT-DB",
            "id": "37721",
            "trust": 1.1
          },
          {
            "db": "EXPLOIT-DB",
            "id": "37723",
            "trust": 1.1
          },
          {
            "db": "ISC",
            "id": "AA-01305",
            "trust": 1.1
          },
          {
            "db": "ISC",
            "id": "AA-01306",
            "trust": 1.1
          },
          {
            "db": "ISC",
            "id": "AA-01307",
            "trust": 1.1
          },
          {
            "db": "ISC",
            "id": "AA-01438",
            "trust": 1.1
          },
          {
            "db": "PACKETSTORM",
            "id": "132926",
            "trust": 1.1
          },
          {
            "db": "MCAFEE",
            "id": "SB10126",
            "trust": 1.1
          },
          {
            "db": "SECTRACK",
            "id": "1033100",
            "trust": 1.1
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-807",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-5477",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "132856",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "132888",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "133081",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "132887",
            "trust": 0.1
          },
          {
            "db": "ISC",
            "id": "AA-01317",
            "trust": 0.1
          },
          {
            "db": "ISC",
            "id": "AA-01287",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "135473",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "133507",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "132871",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2015-5477"
          },
          {
            "db": "BID",
            "id": "76092"
          },
          {
            "db": "PACKETSTORM",
            "id": "132856"
          },
          {
            "db": "PACKETSTORM",
            "id": "132888"
          },
          {
            "db": "PACKETSTORM",
            "id": "133081"
          },
          {
            "db": "PACKETSTORM",
            "id": "132887"
          },
          {
            "db": "PACKETSTORM",
            "id": "135473"
          },
          {
            "db": "PACKETSTORM",
            "id": "133507"
          },
          {
            "db": "PACKETSTORM",
            "id": "132871"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-807"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-5477"
          }
        ]
      },
      "id": "VAR-201507-0037",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.47248593428571434
      },
      "last_update_date": "2026-03-09T21:23:05.126000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Debian CVElist Bug Report Logs: bind9: CVE-2015-5477: An error in handling TKEY queries can cause named to exit with a REQUIRE assertion failure",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=72aa555886f251baf2a0e394069c44d4"
          },
          {
            "title": "Debian CVElist Bug Report Logs: bind9: CVE-2016-2848: A packet with malformed options can trigger an assertion failure",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=dd4f6f8da1fe3001ac04ce05d33ac6e0"
          },
          {
            "title": "Debian Security Advisories: DSA-3319-1 bind9 -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=c8db294e6981a358dc6389c1d158b657"
          },
          {
            "title": "Ubuntu Security Notice: bind9 vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2693-1"
          },
          {
            "title": "Amazon Linux AMI: ALAS-2015-573",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2015-573"
          },
          {
            "title": "Red Hat: CVE-2015-5477",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2015-5477"
          },
          {
            "title": "Apple: OS X Server v4.1.5",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=a9a4311d557110737edd921b56ef1a70"
          },
          {
            "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2015",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=8b701aba68029ec36b631a8e26157a22"
          },
          {
            "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2016",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=6c15273f6bf4a785175f27073b98a1ce"
          },
          {
            "title": "vaas-cve-2015-5477",
            "trust": 0.1,
            "url": "https://github.com/hmlio/vaas-cve-2015-5477 "
          },
          {
            "title": "cve-2015-5477",
            "trust": 0.1,
            "url": "https://github.com/knqyf263/cve-2015-5477 "
          },
          {
            "title": "cve-2015-5477",
            "trust": 0.1,
            "url": "https://github.com/robertdavidgraham/cve-2015-5477 "
          },
          {
            "title": "ShareDoc_cve-2015-5477",
            "trust": 0.1,
            "url": "https://github.com/denmilu/ShareDoc_cve-2015-5477 "
          },
          {
            "title": "cve-2015-5477",
            "trust": 0.1,
            "url": "https://github.com/ilanyu/cve-2015-5477 "
          },
          {
            "title": "tkeypoc",
            "trust": 0.1,
            "url": "https://github.com/elceef/tkeypoc "
          },
          {
            "title": "ShareDoc",
            "trust": 0.1,
            "url": "https://github.com/JiounDai/ShareDoc "
          },
          {
            "title": "awesome-c",
            "trust": 0.1,
            "url": "https://github.com/honeyzhaoAliyun/awesome-c "
          },
          {
            "title": "awesome-c",
            "trust": 0.1,
            "url": "https://github.com/IMCG/awesome-c "
          },
          {
            "title": "CDL",
            "trust": 0.1,
            "url": "https://github.com/NCSU-DANCE-Research-Group/CDL "
          },
          {
            "title": "Classified-Distributed-Learning-for-Detecting-Security-Attacks-in-Containerized-Applications",
            "trust": 0.1,
            "url": "https://github.com/yuhang-lin/Classified-Distributed-Learning-for-Detecting-Security-Attacks-in-Containerized-Applications "
          },
          {
            "title": "afl-cve",
            "trust": 0.1,
            "url": "https://github.com/mrash/afl-cve "
          },
          {
            "title": "The Register",
            "trust": 0.1,
            "url": "https://www.theregister.co.uk/2015/08/04/bind_bug_exploits_now_in_the_wild/"
          },
          {
            "title": "The Register",
            "trust": 0.1,
            "url": "https://www.theregister.co.uk/2015/07/30/bind_remote_dos_vulnerability/"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2015-5477"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-19",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-5477"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.9,
            "url": "https://kb.isc.org/article/aa-01272"
          },
          {
            "trust": 1.4,
            "url": "http://rhn.redhat.com/errata/rhsa-2015-1513.html"
          },
          {
            "trust": 1.4,
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "trust": 1.4,
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
          },
          {
            "trust": 1.2,
            "url": "http://rhn.redhat.com/errata/rhsa-2015-1515.html"
          },
          {
            "trust": 1.2,
            "url": "http://rhn.redhat.com/errata/rhsa-2015-1514.html"
          },
          {
            "trust": 1.2,
            "url": "http://rhn.redhat.com/errata/rhsa-2016-0079.html"
          },
          {
            "trust": 1.2,
            "url": "https://www.exploit-db.com/exploits/37723/"
          },
          {
            "trust": 1.1,
            "url": "http://www.debian.org/security/2015/dsa-3319"
          },
          {
            "trust": 1.1,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00048.html"
          },
          {
            "trust": 1.1,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00044.html"
          },
          {
            "trust": 1.1,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00001.html"
          },
          {
            "trust": 1.1,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00045.html"
          },
          {
            "trust": 1.1,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00043.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.ubuntu.com/usn/usn-2693-1"
          },
          {
            "trust": 1.1,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00050.html"
          },
          {
            "trust": 1.1,
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05095918"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=144181171013996\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=144000632319155\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=144294073801304\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=144017354030745\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/bid/76092"
          },
          {
            "trust": 1.1,
            "url": "http://rhn.redhat.com/errata/rhsa-2016-0078.html"
          },
          {
            "trust": 1.1,
            "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10718"
          },
          {
            "trust": 1.1,
            "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04952480"
          },
          {
            "trust": 1.1,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00033.html"
          },
          {
            "trust": 1.1,
            "url": "https://kb.isc.org/article/aa-01306"
          },
          {
            "trust": 1.1,
            "url": "https://security.gentoo.org/glsa/201510-01"
          },
          {
            "trust": 1.1,
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10126"
          },
          {
            "trust": 1.1,
            "url": "https://kb.isc.org/article/aa-01305"
          },
          {
            "trust": 1.1,
            "url": "https://kb.isc.org/article/aa-01307"
          },
          {
            "trust": 1.1,
            "url": "https://support.apple.com/kb/ht205032"
          },
          {
            "trust": 1.1,
            "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04789415"
          },
          {
            "trust": 1.1,
            "url": "http://www.securitytracker.com/id/1033100"
          },
          {
            "trust": 1.1,
            "url": "http://packetstormsecurity.com/files/132926/bind-tkey-query-denial-of-service.html"
          },
          {
            "trust": 1.1,
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-august/163015.html"
          },
          {
            "trust": 1.1,
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-august/163007.html"
          },
          {
            "trust": 1.1,
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-august/163006.html"
          },
          {
            "trust": 1.1,
            "url": "https://kb.isc.org/article/aa-01438"
          },
          {
            "trust": 1.1,
            "url": "https://kb.juniper.net/jsa10783"
          },
          {
            "trust": 1.1,
            "url": "https://www.exploit-db.com/exploits/37721/"
          },
          {
            "trust": 1.1,
            "url": "https://security.netapp.com/advisory/ntap-20160114-0001/"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5477"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2015-5477"
          },
          {
            "trust": 0.3,
            "url": "http://seclists.org/oss-sec/2015/q3/233"
          },
          {
            "trust": 0.3,
            "url": "http://www.isc.org/products/bind/"
          },
          {
            "trust": 0.3,
            "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10718\u0026actp=rss"
          },
          {
            "trust": 0.3,
            "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10783\u0026cat=sirt_1\u0026actp=list"
          },
          {
            "trust": 0.3,
            "url": "https://support.apple.com/en-ie/ht205032"
          },
          {
            "trust": 0.3,
            "url": "https://kb.netapp.com/support/index?page=content\u0026id=9010056\u0026actp=rss"
          },
          {
            "trust": 0.3,
            "url": "http://seclists.org/bugtraq/2015/jul/135"
          },
          {
            "trust": 0.3,
            "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04952480"
          },
          {
            "trust": 0.3,
            "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04789415"
          },
          {
            "trust": 0.3,
            "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04769567"
          },
          {
            "trust": 0.3,
            "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774040"
          },
          {
            "trust": 0.3,
            "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04800156"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21963712"
          },
          {
            "trust": 0.3,
            "url": "https://www.us-cert.gov/ncas/current-activity/2015/09/16/internet-systems-consortium-isc-releases-security-updates-bind"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020890"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966274"
          },
          {
            "trust": 0.3,
            "url": "http://aix.software.ibm.com/aix/efixes/security/bind9_advisory8.asc"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964491"
          },
          {
            "trust": 0.3,
            "url": "https://support.f5.com/kb/en-us/solutions/public/16000/900/sol16909.html"
          },
          {
            "trust": 0.3,
            "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.3,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/19.html"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/hmlio/vaas-cve-2015-5477"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=40201"
          },
          {
            "trust": 0.1,
            "url": "https://usn.ubuntu.com/2693-1/"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/kb/ht201222"
          },
          {
            "trust": 0.1,
            "url": "https://www.apple.com/support/security/pgp/"
          },
          {
            "trust": 0.1,
            "url": "https://kb.isc.org/article/aa-01287"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2015-5722"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8000"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5722"
          },
          {
            "trust": 0.1,
            "url": "https://kb.isc.org/article/aa-01317"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2015-8000"
          },
          {
            "trust": 0.1,
            "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
          },
          {
            "trust": 0.1,
            "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
          },
          {
            "trust": 0.1,
            "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/"
          },
          {
            "trust": 0.1,
            "url": "http://slackware.com"
          },
          {
            "trust": 0.1,
            "url": "http://osuosl.org)"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5477"
          },
          {
            "trust": 0.1,
            "url": "http://slackware.com/gpg-key"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2015-5477"
          },
          {
            "db": "BID",
            "id": "76092"
          },
          {
            "db": "PACKETSTORM",
            "id": "132856"
          },
          {
            "db": "PACKETSTORM",
            "id": "132888"
          },
          {
            "db": "PACKETSTORM",
            "id": "133081"
          },
          {
            "db": "PACKETSTORM",
            "id": "132887"
          },
          {
            "db": "PACKETSTORM",
            "id": "135473"
          },
          {
            "db": "PACKETSTORM",
            "id": "133507"
          },
          {
            "db": "PACKETSTORM",
            "id": "132871"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-807"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-5477"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2015-5477",
            "ident": null
          },
          {
            "db": "BID",
            "id": "76092",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "132856",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "132888",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "133081",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "132887",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "135473",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "133507",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "132871",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-807",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2015-5477",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2015-07-29T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-5477",
            "ident": null
          },
          {
            "date": "2015-07-28T00:00:00",
            "db": "BID",
            "id": "76092",
            "ident": null
          },
          {
            "date": "2015-07-29T00:57:15",
            "db": "PACKETSTORM",
            "id": "132856",
            "ident": null
          },
          {
            "date": "2015-08-03T01:12:35",
            "db": "PACKETSTORM",
            "id": "132888",
            "ident": null
          },
          {
            "date": "2015-08-13T22:20:48",
            "db": "PACKETSTORM",
            "id": "133081",
            "ident": null
          },
          {
            "date": "2015-08-03T01:12:27",
            "db": "PACKETSTORM",
            "id": "132887",
            "ident": null
          },
          {
            "date": "2016-01-28T17:19:00",
            "db": "PACKETSTORM",
            "id": "135473",
            "ident": null
          },
          {
            "date": "2015-09-09T15:44:17",
            "db": "PACKETSTORM",
            "id": "133507",
            "ident": null
          },
          {
            "date": "2015-07-28T23:33:00",
            "db": "PACKETSTORM",
            "id": "132871",
            "ident": null
          },
          {
            "date": "2015-07-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201507-807",
            "ident": null
          },
          {
            "date": "2015-07-29T14:59:05.397000",
            "db": "NVD",
            "id": "CVE-2015-5477",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2017-11-10T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-5477",
            "ident": null
          },
          {
            "date": "2017-04-18T01:05:00",
            "db": "BID",
            "id": "76092",
            "ident": null
          },
          {
            "date": "2015-07-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201507-807",
            "ident": null
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2015-5477",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "132856"
          },
          {
            "db": "PACKETSTORM",
            "id": "132888"
          },
          {
            "db": "PACKETSTORM",
            "id": "132887"
          },
          {
            "db": "PACKETSTORM",
            "id": "135473"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-807"
          }
        ],
        "trust": 1.0
      },
      "title": {
        "_id": null,
        "data": "ISC BIND Denial of service vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-807"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "_id": null,
        "data": "Failure to Handle Exceptional Conditions",
        "sources": [
          {
            "db": "BID",
            "id": "76092"
          }
        ],
        "trust": 0.3
      }
    }

    VAR-202012-1277

    Vulnerability from variot - Updated: 2026-03-09 21:22

    A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. HAXX Haxx curl is a set of file transfer tools that use the URL syntax to work under the command line of the Swedish Haxx (HAXX) company. The tool supports file upload and download and includes a libcurl (client URL transfer library) for program development. There is a security vulnerability in Haxx curl FTP PASV Responses. Attackers can use this vulnerability to bypass data access restrictions and obtain sensitive information through curl's FTP PASV Responses. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512


    Debian Security Advisory DSA-4881-1 security@debian.org https://www.debian.org/security/ Alessandro Ghedini March 30, 2021 https://www.debian.org/security/faq


    Package : curl CVE ID : CVE-2020-8169 CVE-2020-8177 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2021-22876 CVE-2021-22890 Debian Bug : 965280 965281 968831 977161 977162 977163

    Multiple vulnerabilities were discovered in cURL, an URL transfer library:

    CVE-2020-8169

    Marek Szlagor reported that libcurl could be tricked into prepending
    a part of the password to the host name before it resolves it,
    potentially leaking the partial password over the network and to the
    DNS server(s).
    

    CVE-2020-8177

    sn reported that curl could be tricked by a malicious server into
    overwriting a local file when using th -J (--remote-header-name) and
    -i (--include) options in the same command line.
    

    CVE-2020-8231

    Marc Aldorasi reported that libcurl might use the wrong connection
    when an application using libcurl's multi API sets the option
    CURLOPT_CONNECT_ONLY, which could lead to information leaks.
    

    CVE-2020-8285

    xnynx reported that libcurl could run out of stack space when using
    tha FTP wildcard matching functionality (CURLOPT_CHUNK_BGN_FUNCTION).
    

    CVE-2020-8286

    It was reported that libcurl didn't verify that an OCSP response
    actually matches the certificate it is intended to.
    

    CVE-2021-22876

    Viktor Szakats reported that libcurl does not strip off user
    credentials from the URL when automatically populating the Referer
    HTTP request header field in outgoing HTTP requests.
    

    CVE-2021-22890

    Mingtao Yang reported that, when using an HTTPS proxy and TLS 1.3,
    libcurl could confuse session tickets arriving from the HTTPS proxy
    as if they arrived from the remote server instead. This could allow
    an HTTPS proxy to trick libcurl into using the wrong session ticket
    for the host and thereby circumvent the server TLS certificate check.
    

    For the stable distribution (buster), these problems have been fixed in version 7.64.0-4+deb10u2.

    We recommend that you upgrade your curl packages.

    For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl

    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAmBkQCoACgkQbwzL4CFi Ryg6Gg/+LqhhJ8+D7skevVkYzxHzdH2yT/XMeoYp0D37yHmEfH9PyjXwfplG+XEw /xwFRBK8qxD1ja+rQddYyeTvi1OMnMgMS3UsRHlfeMnLxh2+oHnvHDYG848npUEZ Rq4YFoc/n9YTAJZP/G4oiuBeXqH2Sqa5hSNT6VrYfRciCxkYnzA78b85KpI8aYyR lhfiJMNpwrqDbt/QzblpELBkGMIV402VeiqDwHfcVzm2E810xXQNLvPMbWtvDYkA TSrNsdqfuFr1tuQSZY6CGSWEyXtB/tOo8+pvUixlJMBWJMl5TXEcJkD5ckehx0yb C3n9yapfklxHiG9lD4zwwIJDqd3Y4SxdDiSlUC4OhdvpwniMygX0S3ICaPA4iac/ cWanml0Fop3OmRy+vQURTd3sADoT5HoRSUXZVU+HdTrRaEt2xs5okZkWSd3yr4Ux i+HgjUAFkkk8DLRB68Bbpx1LGxFGQT7L8yd4wsWINXlzASIP1A5dnNfE5w0VWOHG 3KDq47wNfjuiZC8GXW+HQCxz5MijnS8Y/Egl0OozNFDwEitNBZEsIjpZaZBdZIwi UFfcK7+u/y/TRY54rA4erkdcHFwpYW5EZVGdb7Z+WPWVlzw0ImXrM68LSAhHQaqW 1Hx4VwwwTsMIPnrx2kriRiiDPOW1r5Kip3yHa+QZLedSRGibQWk= =001T -----END PGP SIGNATURE----- . This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.

    This release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages that are part of the JBoss Core Services offering.

    This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.

    Security Fix(es):

    • curl: Use-after-free in TLS session handling when using OpenSSL TLS backend (CVE-2021-22901)

    • httpd: NULL pointer dereference on specially crafted HTTP/2 request (CVE-2021-31618)

    • libcurl: partial password leak over DNS on HTTP redirect (CVE-2020-8169)

    • curl: FTP PASV command response can cause curl to connect to arbitrary host (CVE-2020-8284)

    • curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used (CVE-2020-8285)

    • curl: Inferior OCSP verification (CVE-2020-8286)

    • curl: Leak of authentication credentials in URL via automatic Referer (CVE-2021-22876)

    • curl: TLS 1.3 session ticket mix-up with HTTPS proxy host (CVE-2021-22890)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:

    Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.

    The References section of this erratum contains a download link for the update. You must be logged in to download the update. Bugs fixed (https://bugzilla.redhat.com/):

    1847916 - CVE-2020-8169 libcurl: partial password leak over DNS on HTTP redirect 1902667 - CVE-2020-8284 curl: FTP PASV command response can cause curl to connect to arbitrary host 1902687 - CVE-2020-8285 curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used 1906096 - CVE-2020-8286 curl: Inferior OCSP verification 1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer 1941965 - CVE-2021-22890 curl: TLS 1.3 session ticket mix-up with HTTPS proxy host 1963146 - CVE-2021-22901 curl: Use-after-free in TLS session handling when using OpenSSL TLS backend 1968013 - CVE-2021-31618 httpd: NULL pointer dereference on specially crafted HTTP/2 request

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    After installing the updated packages, the httpd daemon will be restarted automatically. Applications using the APR libraries, such as httpd, must be restarted for this update to take effect. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve

    1. JIRA issues fixed (https://issues.jboss.org/):

    TRACING-1725 - Elasticsearch operator reports x509 errors communicating with ElasticSearch in OpenShift Service Mesh project

    1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ===================================================================== Red Hat Security Advisory

    Synopsis: Moderate: OpenShift Container Platform 4.7.13 bug fix and security update Advisory ID: RHSA-2021:2121-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:2121 Issue date: 2021-06-01 CVE Names: CVE-2016-10228 CVE-2019-2708 CVE-2019-3842 CVE-2019-9169 CVE-2019-13012 CVE-2019-14866 CVE-2019-18811 CVE-2019-19523 CVE-2019-19528 CVE-2019-25013 CVE-2019-25032 CVE-2019-25034 CVE-2019-25035 CVE-2019-25036 CVE-2019-25037 CVE-2019-25038 CVE-2019-25039 CVE-2019-25040 CVE-2019-25041 CVE-2019-25042 CVE-2020-0431 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2020-8927 CVE-2020-9948 CVE-2020-9951 CVE-2020-9983 CVE-2020-10543 CVE-2020-10878 CVE-2020-11608 CVE-2020-12114 CVE-2020-12362 CVE-2020-12464 CVE-2020-13434 CVE-2020-13543 CVE-2020-13584 CVE-2020-13776 CVE-2020-14314 CVE-2020-14344 CVE-2020-14345 CVE-2020-14346 CVE-2020-14347 CVE-2020-14356 CVE-2020-14360 CVE-2020-14361 CVE-2020-14362 CVE-2020-14363 CVE-2020-15358 CVE-2020-15437 CVE-2020-15586 CVE-2020-16845 CVE-2020-24330 CVE-2020-24331 CVE-2020-24332 CVE-2020-24394 CVE-2020-24977 CVE-2020-25212 CVE-2020-25284 CVE-2020-25285 CVE-2020-25643 CVE-2020-25659 CVE-2020-25704 CVE-2020-25712 CVE-2020-26116 CVE-2020-26137 CVE-2020-27618 CVE-2020-27619 CVE-2020-27783 CVE-2020-27786 CVE-2020-27835 CVE-2020-28196 CVE-2020-28935 CVE-2020-28974 CVE-2020-29361 CVE-2020-29362 CVE-2020-29363 CVE-2020-35508 CVE-2020-36242 CVE-2020-36322 CVE-2021-0342 CVE-2021-3121 CVE-2021-3177 CVE-2021-3326 CVE-2021-21642 CVE-2021-21643 CVE-2021-21644 CVE-2021-21645 CVE-2021-23336 CVE-2021-25215 CVE-2021-30465 =====================================================================

    1. Summary:

    Red Hat OpenShift Container Platform release 4.7.13 is now available with updates to packages and images that fix several bugs.

    This release includes a security update for Red Hat OpenShift Container Platform 4.7.

    Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Description:

    Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.13. See the following advisory for the RPM packages for this release:

    https://access.redhat.com/errata/RHSA-2021:2122

    Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

    https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html

    This update fixes the following bug among others:

    • Previously, resources for the ClusterOperator were being created early in the update process, which led to update failures when the ClusterOperator had no status condition while Operators were updating. This bug fix changes the timing of when these resources are created. As a result, updates can take place without errors. (BZ#1959238)

    Security Fix(es):

    • gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)

    You may download the oc tool and use it to inspect release image metadata as follows:

    (For x86_64 architecture)

    $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-x86_64

    The image digest is sha256:783a2c963f35ccab38e82e6a8c7fa954c3a4551e07d2f43c06098828dd986ed4

    (For s390x architecture)

    $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-s390x

    The image digest is sha256:4cf44e68413acad063203e1ee8982fd01d8b9c1f8643a5b31cd7ff341b3199cd

    (For ppc64le architecture)

    $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-ppc64le

    The image digest is sha256:d47ce972f87f14f1f3c5d50428d2255d1256dae3f45c938ace88547478643e36

    All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor

    1. Solution:

    For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

    https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html

    Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923268 - [Assisted-4.7] [Staging] Using two both spelling "canceled" "cancelled" 1947216 - [AWS] Missing iam:ListAttachedRolePolicies permission in permissions.go 1953963 - Enable/Disable host operations returns cluster resource with incomplete hosts list 1957749 - ovn-kubernetes pod should have CPU and memory requests set but not limits 1959238 - CVO creating cloud-controller-manager too early causing upgrade failures 1960103 - SR-IOV obliviously reboot the node 1961941 - Local Storage Operator using LocalVolume CR fails to create PV's when backend storage failure is simulated 1962302 - packageserver clusteroperator does not set reason or message for Available condition 1962312 - Deployment considered unhealthy despite being available and at latest generation 1962435 - Public DNS records were not deleted when destroying a cluster which is using byo private hosted zone 1963115 - Test verify /run filesystem contents failing

    1. References:

    https://access.redhat.com/security/cve/CVE-2016-10228 https://access.redhat.com/security/cve/CVE-2019-2708 https://access.redhat.com/security/cve/CVE-2019-3842 https://access.redhat.com/security/cve/CVE-2019-9169 https://access.redhat.com/security/cve/CVE-2019-13012 https://access.redhat.com/security/cve/CVE-2019-14866 https://access.redhat.com/security/cve/CVE-2019-18811 https://access.redhat.com/security/cve/CVE-2019-19523 https://access.redhat.com/security/cve/CVE-2019-19528 https://access.redhat.com/security/cve/CVE-2019-25013 https://access.redhat.com/security/cve/CVE-2019-25032 https://access.redhat.com/security/cve/CVE-2019-25034 https://access.redhat.com/security/cve/CVE-2019-25035 https://access.redhat.com/security/cve/CVE-2019-25036 https://access.redhat.com/security/cve/CVE-2019-25037 https://access.redhat.com/security/cve/CVE-2019-25038 https://access.redhat.com/security/cve/CVE-2019-25039 https://access.redhat.com/security/cve/CVE-2019-25040 https://access.redhat.com/security/cve/CVE-2019-25041 https://access.redhat.com/security/cve/CVE-2019-25042 https://access.redhat.com/security/cve/CVE-2020-0431 https://access.redhat.com/security/cve/CVE-2020-8231 https://access.redhat.com/security/cve/CVE-2020-8284 https://access.redhat.com/security/cve/CVE-2020-8285 https://access.redhat.com/security/cve/CVE-2020-8286 https://access.redhat.com/security/cve/CVE-2020-8927 https://access.redhat.com/security/cve/CVE-2020-9948 https://access.redhat.com/security/cve/CVE-2020-9951 https://access.redhat.com/security/cve/CVE-2020-9983 https://access.redhat.com/security/cve/CVE-2020-10543 https://access.redhat.com/security/cve/CVE-2020-10878 https://access.redhat.com/security/cve/CVE-2020-11608 https://access.redhat.com/security/cve/CVE-2020-12114 https://access.redhat.com/security/cve/CVE-2020-12362 https://access.redhat.com/security/cve/CVE-2020-12464 https://access.redhat.com/security/cve/CVE-2020-13434 https://access.redhat.com/security/cve/CVE-2020-13543 https://access.redhat.com/security/cve/CVE-2020-13584 https://access.redhat.com/security/cve/CVE-2020-13776 https://access.redhat.com/security/cve/CVE-2020-14314 https://access.redhat.com/security/cve/CVE-2020-14344 https://access.redhat.com/security/cve/CVE-2020-14345 https://access.redhat.com/security/cve/CVE-2020-14346 https://access.redhat.com/security/cve/CVE-2020-14347 https://access.redhat.com/security/cve/CVE-2020-14356 https://access.redhat.com/security/cve/CVE-2020-14360 https://access.redhat.com/security/cve/CVE-2020-14361 https://access.redhat.com/security/cve/CVE-2020-14362 https://access.redhat.com/security/cve/CVE-2020-14363 https://access.redhat.com/security/cve/CVE-2020-15358 https://access.redhat.com/security/cve/CVE-2020-15437 https://access.redhat.com/security/cve/CVE-2020-15586 https://access.redhat.com/security/cve/CVE-2020-16845 https://access.redhat.com/security/cve/CVE-2020-24330 https://access.redhat.com/security/cve/CVE-2020-24331 https://access.redhat.com/security/cve/CVE-2020-24332 https://access.redhat.com/security/cve/CVE-2020-24394 https://access.redhat.com/security/cve/CVE-2020-24977 https://access.redhat.com/security/cve/CVE-2020-25212 https://access.redhat.com/security/cve/CVE-2020-25284 https://access.redhat.com/security/cve/CVE-2020-25285 https://access.redhat.com/security/cve/CVE-2020-25643 https://access.redhat.com/security/cve/CVE-2020-25659 https://access.redhat.com/security/cve/CVE-2020-25704 https://access.redhat.com/security/cve/CVE-2020-25712 https://access.redhat.com/security/cve/CVE-2020-26116 https://access.redhat.com/security/cve/CVE-2020-26137 https://access.redhat.com/security/cve/CVE-2020-27618 https://access.redhat.com/security/cve/CVE-2020-27619 https://access.redhat.com/security/cve/CVE-2020-27783 https://access.redhat.com/security/cve/CVE-2020-27786 https://access.redhat.com/security/cve/CVE-2020-27835 https://access.redhat.com/security/cve/CVE-2020-28196 https://access.redhat.com/security/cve/CVE-2020-28935 https://access.redhat.com/security/cve/CVE-2020-28974 https://access.redhat.com/security/cve/CVE-2020-29361 https://access.redhat.com/security/cve/CVE-2020-29362 https://access.redhat.com/security/cve/CVE-2020-29363 https://access.redhat.com/security/cve/CVE-2020-35508 https://access.redhat.com/security/cve/CVE-2020-36242 https://access.redhat.com/security/cve/CVE-2020-36322 https://access.redhat.com/security/cve/CVE-2021-0342 https://access.redhat.com/security/cve/CVE-2021-3121 https://access.redhat.com/security/cve/CVE-2021-3177 https://access.redhat.com/security/cve/CVE-2021-3326 https://access.redhat.com/security/cve/CVE-2021-21642 https://access.redhat.com/security/cve/CVE-2021-21643 https://access.redhat.com/security/cve/CVE-2021-21644 https://access.redhat.com/security/cve/CVE-2021-21645 https://access.redhat.com/security/cve/CVE-2021-23336 https://access.redhat.com/security/cve/CVE-2021-25215 https://access.redhat.com/security/cve/CVE-2021-30465 https://access.redhat.com/security/updates/classification/#moderate

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBYLXBgdzjgjWX9erEAQiYKw/+MeUvVzbi9kHuo6vE8J9xEQCvgpJtLfRM yj4VFCt8lkWmfGmuAMd5LkvD5suav1Gu9yA6E60VvKrorV6+PDOZ8jiUyzRR+di6 TZZ7Ji6taqaQUuf451KF39zuxYAh29pKT6mZMhmqK65jEg7uj66R8+P2p7tahaai Kkqe6LKxNCXyVzWmc5HHkc3AJJ6vSVIuMeA6KOHpXy0vy57jZKeyb3dau0BVl/ir ZbnbOHdTJ+7hEVV3yGwARcVgUhHDcHiSYAS+RUj7Hqx0RIFilb9RbOdoEdbauaWx CGIdSYmj1F4apCZuYWmhZxtQ5/Lsj7EPi+7UleyTzqgMQsqSr8kvxGe/yzfY+yAQ ++QCSnleeKu/+HjN72d73h8yWGGzMrc/rYwDJWcFwjIL6/pj4Tgm4OK30vJlQUz5 3gHuEDz+j42s270cv6dRDd9v5xpexxIOXyHzruFRLk4xVCnS17PGeJ4I9mJmkYxL 5GuCiMnixToobWtmrh9MX2Qjkhj81o4E+rLMvG/4yUk2kGejo/nLwgZNsSz8gN5Z gMZOYSDys2zJu6/jmxY/8MXzS3yNIJj3FxXe7w5XA0mHUuuZ/EaJsMLnlCCSRARV GpMwj1/Aj1ZSNeYplr2YwQz7lB7hp+J/vn567zBPeYQus5EAyzqzudTbSLdm8ZyL PEh85hYKLe4= =Xe05 -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-4665-2 December 09, 2020

    curl vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 14.04 ESM
    • Ubuntu 12.04 ESM

    Summary:

    Several security issues were fixed in curl.

    Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries

    Details:

    USN-4665-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

    Original advisory details:

    Varnavas Papaioannou discovered that curl incorrectly handled FTP PASV responses. (CVE-2020-8284)

    It was discovered that curl incorrectly handled FTP wildcard matchins. A remote attacker could possibly use this issue to cause curl to consume resources and crash, resulting in a denial of service. (CVE-2020-8285)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 14.04 ESM: curl 7.35.0-1ubuntu2.20+esm6 libcurl3 7.35.0-1ubuntu2.20+esm6 libcurl3-gnutls 7.35.0-1ubuntu2.20+esm6 libcurl3-nss 7.35.0-1ubuntu2.20+esm6

    Ubuntu 12.04 ESM: curl 7.22.0-3ubuntu4.29 libcurl3 7.22.0-3ubuntu4.29 libcurl3-gnutls 7.22.0-3ubuntu4.29 libcurl3-nss 7.22.0-3ubuntu4.29

    In general, a standard system update will make all the necessary changes.

    Security Fix(es):

    • golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)
    • golang: net: lookup functions may return invalid host names (CVE-2021-33195)
    • golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)
    • golang: match/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)
    • golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918)
    • golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)
    • golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196)

    It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless client kn 1.16.0. This has been fixed (CVE-2021-3703). Bugs fixed (https://bugzilla.redhat.com/):

    1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1983651 - Release of OpenShift Serverless Serving 1.17.0 1983654 - Release of OpenShift Serverless Eventing 1.17.0 1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names 1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty 1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents 1992955 - CVE-2021-3703 serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196

    5

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "33"
          },
          {
            "_id": null,
            "model": "macos",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "11.0.1"
          },
          {
            "_id": null,
            "model": "essbase",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "21.2"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "m12-2s",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujitsu",
            "version": "xcp3110"
          },
          {
            "_id": null,
            "model": "clustered data ontap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "8.2.12"
          },
          {
            "_id": null,
            "model": "communications billing and revenue management",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.0.0.3.0"
          },
          {
            "_id": null,
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.15.7"
          },
          {
            "_id": null,
            "model": "sinec infrastructure network services",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "1.0.1.1"
          },
          {
            "_id": null,
            "model": "m10-1",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujitsu",
            "version": "xcp3110"
          },
          {
            "_id": null,
            "model": "m10-4s",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujitsu",
            "version": "xcp3110"
          },
          {
            "_id": null,
            "model": "mac os x",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.15"
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.73.0"
          },
          {
            "_id": null,
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.14.6"
          },
          {
            "_id": null,
            "model": "m10-4",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujitsu",
            "version": "xcp2410"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.1.0"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "32"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.0.6"
          },
          {
            "_id": null,
            "model": "solidfire",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "macos",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "11.1"
          },
          {
            "_id": null,
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.58"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.0.0"
          },
          {
            "_id": null,
            "model": "m12-2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujitsu",
            "version": "xcp2410"
          },
          {
            "_id": null,
            "model": "macos",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "8.2.0"
          },
          {
            "_id": null,
            "model": "m12-1",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujitsu",
            "version": "xcp2410"
          },
          {
            "_id": null,
            "model": "mac os x",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.15.7"
          },
          {
            "_id": null,
            "model": "hci management node",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "m10-4",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujitsu",
            "version": "xcp3110"
          },
          {
            "_id": null,
            "model": "mac os x",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.14.6"
          },
          {
            "_id": null,
            "model": "m12-2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujitsu",
            "version": "xcp3110"
          },
          {
            "_id": null,
            "model": "hci storage node",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "m12-2s",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujitsu",
            "version": "xcp2410"
          },
          {
            "_id": null,
            "model": "hci bootstrap os",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "mac os x",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.14.0"
          },
          {
            "_id": null,
            "model": "m12-1",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujitsu",
            "version": "xcp3110"
          },
          {
            "_id": null,
            "model": "m10-4s",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujitsu",
            "version": "xcp2410"
          },
          {
            "_id": null,
            "model": "m10-1",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujitsu",
            "version": "xcp2410"
          },
          {
            "_id": null,
            "model": "communications cloud native core policy",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "1.14.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "9.0"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-8284"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "163193"
          },
          {
            "db": "PACKETSTORM",
            "id": "163197"
          },
          {
            "db": "PACKETSTORM",
            "id": "163267"
          },
          {
            "db": "PACKETSTORM",
            "id": "163276"
          },
          {
            "db": "PACKETSTORM",
            "id": "162877"
          },
          {
            "db": "PACKETSTORM",
            "id": "164192"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2020-8284",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2020-8284",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-186409",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.2,
                "id": "CVE-2020-8284",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-8284",
                "trust": 1.0,
                "value": "LOW"
              },
              {
                "author": "VULHUB",
                "id": "VHN-186409",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-8284",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-186409"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-8284"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8284"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. HAXX Haxx curl is a set of file transfer tools that use the URL syntax to work under the command line of the Swedish Haxx (HAXX) company. The tool supports file upload and download and includes a libcurl (client URL transfer library) for program development. There is a security vulnerability in Haxx curl FTP PASV Responses. Attackers can use this vulnerability to bypass data access restrictions and obtain sensitive information through curl\u0027s FTP PASV Responses. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4881-1                   security@debian.org\nhttps://www.debian.org/security/                       Alessandro Ghedini\nMarch 30, 2021                        https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : curl\nCVE ID         : CVE-2020-8169 CVE-2020-8177 CVE-2020-8231 CVE-2020-8284 \n                 CVE-2020-8285 CVE-2020-8286 CVE-2021-22876 CVE-2021-22890\nDebian Bug     : 965280 965281 968831 977161 977162 977163\n\nMultiple vulnerabilities were discovered in cURL, an URL transfer library:\n\nCVE-2020-8169\n\n    Marek Szlagor reported that libcurl could be tricked into prepending\n    a part of the password to the host name before it resolves it,\n    potentially leaking the partial password over the network and to the\n    DNS server(s). \n\nCVE-2020-8177\n\n    sn reported that curl could be tricked by a malicious server into\n    overwriting a local file when using th -J (--remote-header-name) and\n    -i (--include) options in the same command line. \n\nCVE-2020-8231\n\n    Marc Aldorasi reported that libcurl might use the wrong connection\n    when an application using libcurl\u0027s multi API sets the option\n    CURLOPT_CONNECT_ONLY, which could lead to information leaks. \n\nCVE-2020-8285\n\n    xnynx reported that libcurl could run out of stack space when using\n    tha FTP wildcard matching functionality (CURLOPT_CHUNK_BGN_FUNCTION). \n\nCVE-2020-8286\n\n    It was reported that libcurl didn\u0027t verify that an OCSP response\n    actually matches the certificate it is intended to. \n\nCVE-2021-22876\n\n    Viktor Szakats reported that libcurl does not strip off user\n    credentials from the URL when automatically populating the Referer\n    HTTP request header field in outgoing HTTP requests. \n\nCVE-2021-22890\n\n    Mingtao Yang reported that, when using an HTTPS proxy and TLS 1.3,\n    libcurl could confuse session tickets arriving from the HTTPS proxy\n    as if they arrived from the remote server instead. This could allow\n    an HTTPS proxy to trick libcurl into using the wrong session ticket\n    for the host and thereby circumvent the server TLS certificate check. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 7.64.0-4+deb10u2. \n\nWe recommend that you upgrade your curl packages. \n\nFor the detailed security status of curl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/curl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAmBkQCoACgkQbwzL4CFi\nRyg6Gg/+LqhhJ8+D7skevVkYzxHzdH2yT/XMeoYp0D37yHmEfH9PyjXwfplG+XEw\n/xwFRBK8qxD1ja+rQddYyeTvi1OMnMgMS3UsRHlfeMnLxh2+oHnvHDYG848npUEZ\nRq4YFoc/n9YTAJZP/G4oiuBeXqH2Sqa5hSNT6VrYfRciCxkYnzA78b85KpI8aYyR\nlhfiJMNpwrqDbt/QzblpELBkGMIV402VeiqDwHfcVzm2E810xXQNLvPMbWtvDYkA\nTSrNsdqfuFr1tuQSZY6CGSWEyXtB/tOo8+pvUixlJMBWJMl5TXEcJkD5ckehx0yb\nC3n9yapfklxHiG9lD4zwwIJDqd3Y4SxdDiSlUC4OhdvpwniMygX0S3ICaPA4iac/\ncWanml0Fop3OmRy+vQURTd3sADoT5HoRSUXZVU+HdTrRaEt2xs5okZkWSd3yr4Ux\ni+HgjUAFkkk8DLRB68Bbpx1LGxFGQT7L8yd4wsWINXlzASIP1A5dnNfE5w0VWOHG\n3KDq47wNfjuiZC8GXW+HQCxz5MijnS8Y/Egl0OozNFDwEitNBZEsIjpZaZBdZIwi\nUFfcK7+u/y/TRY54rA4erkdcHFwpYW5EZVGdb7Z+WPWVlzw0ImXrM68LSAhHQaqW\n1Hx4VwwwTsMIPnrx2kriRiiDPOW1r5Kip3yHa+QZLedSRGibQWk=\n=001T\n-----END PGP SIGNATURE-----\n. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages\nthat are part of the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.37 Service Pack 7 and includes bug fixes and\nenhancements. Refer to the Release Notes for information on the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* curl: Use-after-free in TLS session handling when using OpenSSL TLS\nbackend (CVE-2021-22901)\n\n* httpd: NULL pointer dereference on specially crafted HTTP/2 request\n(CVE-2021-31618)\n\n* libcurl: partial password leak over DNS on HTTP redirect (CVE-2020-8169)\n\n* curl: FTP PASV command response can cause curl to connect to arbitrary\nhost (CVE-2020-8284)\n\n* curl: Malicious FTP server can trigger stack overflow when\nCURLOPT_CHUNK_BGN_FUNCTION is used (CVE-2020-8285)\n\n* curl: Inferior OCSP verification (CVE-2020-8286)\n\n* curl: Leak of authentication credentials in URL via automatic Referer\n(CVE-2021-22876)\n\n* curl: TLS 1.3 session ticket mix-up with HTTPS proxy host\n(CVE-2021-22890)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update. Bugs fixed (https://bugzilla.redhat.com/):\n\n1847916 - CVE-2020-8169 libcurl: partial password leak over DNS on HTTP redirect\n1902667 - CVE-2020-8284 curl: FTP PASV command response can cause curl to connect to arbitrary host\n1902687 - CVE-2020-8285 curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used\n1906096 - CVE-2020-8286 curl: Inferior OCSP verification\n1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer\n1941965 - CVE-2021-22890 curl: TLS 1.3 session ticket mix-up with HTTPS proxy host\n1963146 - CVE-2021-22901 curl: Use-after-free in TLS session handling when using OpenSSL TLS backend\n1968013 - CVE-2021-31618 httpd: NULL pointer dereference on specially crafted HTTP/2 request\n\n5. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. Applications using the APR libraries, such as httpd, must be\nrestarted for this update to take effect.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Bugs fixed (https://bugzilla.redhat.com/):\n\n1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers\n1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nTRACING-1725 -  Elasticsearch operator reports x509 errors communicating with ElasticSearch in OpenShift Service Mesh project\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: OpenShift Container Platform 4.7.13 bug fix and security update\nAdvisory ID:       RHSA-2021:2121-01\nProduct:           Red Hat OpenShift Enterprise\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2021:2121\nIssue date:        2021-06-01\nCVE Names:         CVE-2016-10228 CVE-2019-2708 CVE-2019-3842 \n                   CVE-2019-9169 CVE-2019-13012 CVE-2019-14866 \n                   CVE-2019-18811 CVE-2019-19523 CVE-2019-19528 \n                   CVE-2019-25013 CVE-2019-25032 CVE-2019-25034 \n                   CVE-2019-25035 CVE-2019-25036 CVE-2019-25037 \n                   CVE-2019-25038 CVE-2019-25039 CVE-2019-25040 \n                   CVE-2019-25041 CVE-2019-25042 CVE-2020-0431 \n                   CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 \n                   CVE-2020-8286 CVE-2020-8927 CVE-2020-9948 \n                   CVE-2020-9951 CVE-2020-9983 CVE-2020-10543 \n                   CVE-2020-10878 CVE-2020-11608 CVE-2020-12114 \n                   CVE-2020-12362 CVE-2020-12464 CVE-2020-13434 \n                   CVE-2020-13543 CVE-2020-13584 CVE-2020-13776 \n                   CVE-2020-14314 CVE-2020-14344 CVE-2020-14345 \n                   CVE-2020-14346 CVE-2020-14347 CVE-2020-14356 \n                   CVE-2020-14360 CVE-2020-14361 CVE-2020-14362 \n                   CVE-2020-14363 CVE-2020-15358 CVE-2020-15437 \n                   CVE-2020-15586 CVE-2020-16845 CVE-2020-24330 \n                   CVE-2020-24331 CVE-2020-24332 CVE-2020-24394 \n                   CVE-2020-24977 CVE-2020-25212 CVE-2020-25284 \n                   CVE-2020-25285 CVE-2020-25643 CVE-2020-25659 \n                   CVE-2020-25704 CVE-2020-25712 CVE-2020-26116 \n                   CVE-2020-26137 CVE-2020-27618 CVE-2020-27619 \n                   CVE-2020-27783 CVE-2020-27786 CVE-2020-27835 \n                   CVE-2020-28196 CVE-2020-28935 CVE-2020-28974 \n                   CVE-2020-29361 CVE-2020-29362 CVE-2020-29363 \n                   CVE-2020-35508 CVE-2020-36242 CVE-2020-36322 \n                   CVE-2021-0342 CVE-2021-3121 CVE-2021-3177 \n                   CVE-2021-3326 CVE-2021-21642 CVE-2021-21643 \n                   CVE-2021-21644 CVE-2021-21645 CVE-2021-23336 \n                   CVE-2021-25215 CVE-2021-30465 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.7.13 is now available with\nupdates to packages and images that fix several bugs. \n\nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.7.13. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2021:2122\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nThis update fixes the following bug among others:\n\n* Previously, resources for the ClusterOperator were being created early in\nthe update process, which led to update failures when the ClusterOperator\nhad no status condition while Operators were updating. This bug fix changes\nthe timing of when these resources are created. As a result, updates can\ntake place without errors. (BZ#1959238)\n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index\nvalidation (CVE-2021-3121)\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.13-x86_64\n\nThe image digest is\nsha256:783a2c963f35ccab38e82e6a8c7fa954c3a4551e07d2f43c06098828dd986ed4\n\n(For s390x architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.13-s390x\n\nThe image digest is\nsha256:4cf44e68413acad063203e1ee8982fd01d8b9c1f8643a5b31cd7ff341b3199cd\n\n(For ppc64le architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.13-ppc64le\n\nThe image digest is\nsha256:d47ce972f87f14f1f3c5d50428d2255d1256dae3f45c938ace88547478643e36\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\n3. Solution:\n\nFor OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1923268 - [Assisted-4.7] [Staging] Using two both spelling \"canceled\"  \"cancelled\"\n1947216 - [AWS] Missing iam:ListAttachedRolePolicies permission in permissions.go\n1953963 - Enable/Disable host operations returns cluster resource with incomplete hosts list\n1957749 - ovn-kubernetes pod should have CPU and memory requests set but not limits\n1959238 - CVO creating cloud-controller-manager too early causing upgrade failures\n1960103 - SR-IOV obliviously reboot the node\n1961941 - Local Storage Operator using LocalVolume CR fails to create PV\u0027s when backend storage failure is simulated\n1962302 - packageserver clusteroperator does not set reason or message for Available condition\n1962312 - Deployment considered unhealthy despite being available and at latest generation\n1962435 - Public DNS records were not deleted when destroying a cluster which is using byo private hosted zone\n1963115 - Test verify /run filesystem contents failing\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-10228\nhttps://access.redhat.com/security/cve/CVE-2019-2708\nhttps://access.redhat.com/security/cve/CVE-2019-3842\nhttps://access.redhat.com/security/cve/CVE-2019-9169\nhttps://access.redhat.com/security/cve/CVE-2019-13012\nhttps://access.redhat.com/security/cve/CVE-2019-14866\nhttps://access.redhat.com/security/cve/CVE-2019-18811\nhttps://access.redhat.com/security/cve/CVE-2019-19523\nhttps://access.redhat.com/security/cve/CVE-2019-19528\nhttps://access.redhat.com/security/cve/CVE-2019-25013\nhttps://access.redhat.com/security/cve/CVE-2019-25032\nhttps://access.redhat.com/security/cve/CVE-2019-25034\nhttps://access.redhat.com/security/cve/CVE-2019-25035\nhttps://access.redhat.com/security/cve/CVE-2019-25036\nhttps://access.redhat.com/security/cve/CVE-2019-25037\nhttps://access.redhat.com/security/cve/CVE-2019-25038\nhttps://access.redhat.com/security/cve/CVE-2019-25039\nhttps://access.redhat.com/security/cve/CVE-2019-25040\nhttps://access.redhat.com/security/cve/CVE-2019-25041\nhttps://access.redhat.com/security/cve/CVE-2019-25042\nhttps://access.redhat.com/security/cve/CVE-2020-0431\nhttps://access.redhat.com/security/cve/CVE-2020-8231\nhttps://access.redhat.com/security/cve/CVE-2020-8284\nhttps://access.redhat.com/security/cve/CVE-2020-8285\nhttps://access.redhat.com/security/cve/CVE-2020-8286\nhttps://access.redhat.com/security/cve/CVE-2020-8927\nhttps://access.redhat.com/security/cve/CVE-2020-9948\nhttps://access.redhat.com/security/cve/CVE-2020-9951\nhttps://access.redhat.com/security/cve/CVE-2020-9983\nhttps://access.redhat.com/security/cve/CVE-2020-10543\nhttps://access.redhat.com/security/cve/CVE-2020-10878\nhttps://access.redhat.com/security/cve/CVE-2020-11608\nhttps://access.redhat.com/security/cve/CVE-2020-12114\nhttps://access.redhat.com/security/cve/CVE-2020-12362\nhttps://access.redhat.com/security/cve/CVE-2020-12464\nhttps://access.redhat.com/security/cve/CVE-2020-13434\nhttps://access.redhat.com/security/cve/CVE-2020-13543\nhttps://access.redhat.com/security/cve/CVE-2020-13584\nhttps://access.redhat.com/security/cve/CVE-2020-13776\nhttps://access.redhat.com/security/cve/CVE-2020-14314\nhttps://access.redhat.com/security/cve/CVE-2020-14344\nhttps://access.redhat.com/security/cve/CVE-2020-14345\nhttps://access.redhat.com/security/cve/CVE-2020-14346\nhttps://access.redhat.com/security/cve/CVE-2020-14347\nhttps://access.redhat.com/security/cve/CVE-2020-14356\nhttps://access.redhat.com/security/cve/CVE-2020-14360\nhttps://access.redhat.com/security/cve/CVE-2020-14361\nhttps://access.redhat.com/security/cve/CVE-2020-14362\nhttps://access.redhat.com/security/cve/CVE-2020-14363\nhttps://access.redhat.com/security/cve/CVE-2020-15358\nhttps://access.redhat.com/security/cve/CVE-2020-15437\nhttps://access.redhat.com/security/cve/CVE-2020-15586\nhttps://access.redhat.com/security/cve/CVE-2020-16845\nhttps://access.redhat.com/security/cve/CVE-2020-24330\nhttps://access.redhat.com/security/cve/CVE-2020-24331\nhttps://access.redhat.com/security/cve/CVE-2020-24332\nhttps://access.redhat.com/security/cve/CVE-2020-24394\nhttps://access.redhat.com/security/cve/CVE-2020-24977\nhttps://access.redhat.com/security/cve/CVE-2020-25212\nhttps://access.redhat.com/security/cve/CVE-2020-25284\nhttps://access.redhat.com/security/cve/CVE-2020-25285\nhttps://access.redhat.com/security/cve/CVE-2020-25643\nhttps://access.redhat.com/security/cve/CVE-2020-25659\nhttps://access.redhat.com/security/cve/CVE-2020-25704\nhttps://access.redhat.com/security/cve/CVE-2020-25712\nhttps://access.redhat.com/security/cve/CVE-2020-26116\nhttps://access.redhat.com/security/cve/CVE-2020-26137\nhttps://access.redhat.com/security/cve/CVE-2020-27618\nhttps://access.redhat.com/security/cve/CVE-2020-27619\nhttps://access.redhat.com/security/cve/CVE-2020-27783\nhttps://access.redhat.com/security/cve/CVE-2020-27786\nhttps://access.redhat.com/security/cve/CVE-2020-27835\nhttps://access.redhat.com/security/cve/CVE-2020-28196\nhttps://access.redhat.com/security/cve/CVE-2020-28935\nhttps://access.redhat.com/security/cve/CVE-2020-28974\nhttps://access.redhat.com/security/cve/CVE-2020-29361\nhttps://access.redhat.com/security/cve/CVE-2020-29362\nhttps://access.redhat.com/security/cve/CVE-2020-29363\nhttps://access.redhat.com/security/cve/CVE-2020-35508\nhttps://access.redhat.com/security/cve/CVE-2020-36242\nhttps://access.redhat.com/security/cve/CVE-2020-36322\nhttps://access.redhat.com/security/cve/CVE-2021-0342\nhttps://access.redhat.com/security/cve/CVE-2021-3121\nhttps://access.redhat.com/security/cve/CVE-2021-3177\nhttps://access.redhat.com/security/cve/CVE-2021-3326\nhttps://access.redhat.com/security/cve/CVE-2021-21642\nhttps://access.redhat.com/security/cve/CVE-2021-21643\nhttps://access.redhat.com/security/cve/CVE-2021-21644\nhttps://access.redhat.com/security/cve/CVE-2021-21645\nhttps://access.redhat.com/security/cve/CVE-2021-23336\nhttps://access.redhat.com/security/cve/CVE-2021-25215\nhttps://access.redhat.com/security/cve/CVE-2021-30465\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYLXBgdzjgjWX9erEAQiYKw/+MeUvVzbi9kHuo6vE8J9xEQCvgpJtLfRM\nyj4VFCt8lkWmfGmuAMd5LkvD5suav1Gu9yA6E60VvKrorV6+PDOZ8jiUyzRR+di6\nTZZ7Ji6taqaQUuf451KF39zuxYAh29pKT6mZMhmqK65jEg7uj66R8+P2p7tahaai\nKkqe6LKxNCXyVzWmc5HHkc3AJJ6vSVIuMeA6KOHpXy0vy57jZKeyb3dau0BVl/ir\nZbnbOHdTJ+7hEVV3yGwARcVgUhHDcHiSYAS+RUj7Hqx0RIFilb9RbOdoEdbauaWx\nCGIdSYmj1F4apCZuYWmhZxtQ5/Lsj7EPi+7UleyTzqgMQsqSr8kvxGe/yzfY+yAQ\n++QCSnleeKu/+HjN72d73h8yWGGzMrc/rYwDJWcFwjIL6/pj4Tgm4OK30vJlQUz5\n3gHuEDz+j42s270cv6dRDd9v5xpexxIOXyHzruFRLk4xVCnS17PGeJ4I9mJmkYxL\n5GuCiMnixToobWtmrh9MX2Qjkhj81o4E+rLMvG/4yUk2kGejo/nLwgZNsSz8gN5Z\ngMZOYSDys2zJu6/jmxY/8MXzS3yNIJj3FxXe7w5XA0mHUuuZ/EaJsMLnlCCSRARV\nGpMwj1/Aj1ZSNeYplr2YwQz7lB7hp+J/vn567zBPeYQus5EAyzqzudTbSLdm8ZyL\nPEh85hYKLe4=\n=Xe05\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. ==========================================================================\nUbuntu Security Notice USN-4665-2\nDecember 09, 2020\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 ESM\n- Ubuntu 12.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in curl. \n\nSoftware Description:\n- curl: HTTP, HTTPS, and FTP client and client libraries\n\nDetails:\n\nUSN-4665-1 fixed several vulnerabilities in curl. This update provides\nthe corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. \n\nOriginal advisory details:\n\n Varnavas Papaioannou discovered that curl incorrectly handled FTP PASV\n responses. (CVE-2020-8284)\n\n It was discovered that curl incorrectly handled FTP wildcard matchins. A\n remote attacker could possibly use this issue to cause curl to consume\n resources and crash, resulting in a denial of service. (CVE-2020-8285)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 ESM:\n  curl                            7.35.0-1ubuntu2.20+esm6\n  libcurl3                        7.35.0-1ubuntu2.20+esm6\n  libcurl3-gnutls                 7.35.0-1ubuntu2.20+esm6\n  libcurl3-nss                    7.35.0-1ubuntu2.20+esm6\n\nUbuntu 12.04 ESM:\n  curl                            7.22.0-3ubuntu4.29\n  libcurl3                        7.22.0-3ubuntu4.29\n  libcurl3-gnutls                 7.22.0-3ubuntu4.29\n  libcurl3-nss                    7.22.0-3ubuntu4.29\n\nIn general, a standard system update will make all the necessary changes. \n\nSecurity Fix(es):\n\n* golang: crypto/tls: certificate of wrong type is causing TLS client to\npanic\n(CVE-2021-34558)\n* golang: net: lookup functions may return invalid host names\n(CVE-2021-33195)\n* golang: net/http/httputil: ReverseProxy forwards connection headers if\nfirst one is empty (CVE-2021-33197)\n* golang: match/big.Rat: may cause a panic or an unrecoverable fatal error\nif passed inputs with very large exponents (CVE-2021-33198)\n* golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a\ncustom TokenReader (CVE-2021-27918)\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a\nvery large header (CVE-2021-31525)\n* golang: archive/zip: malformed archive may cause panic or memory\nexhaustion (CVE-2021-33196)\n\nIt was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196\nhave been incorrectly mentioned as fixed in RHSA for Serverless client kn\n1.16.0. This has been fixed (CVE-2021-3703). Bugs fixed (https://bugzilla.redhat.com/):\n\n1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic\n1983651 - Release of OpenShift Serverless Serving 1.17.0\n1983654 - Release of OpenShift Serverless Eventing 1.17.0\n1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names\n1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty\n1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents\n1992955 - CVE-2021-3703 serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196\n\n5",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-8284"
          },
          {
            "db": "VULHUB",
            "id": "VHN-186409"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-8284"
          },
          {
            "db": "PACKETSTORM",
            "id": "169015"
          },
          {
            "db": "PACKETSTORM",
            "id": "163193"
          },
          {
            "db": "PACKETSTORM",
            "id": "163197"
          },
          {
            "db": "PACKETSTORM",
            "id": "163267"
          },
          {
            "db": "PACKETSTORM",
            "id": "163276"
          },
          {
            "db": "PACKETSTORM",
            "id": "162877"
          },
          {
            "db": "PACKETSTORM",
            "id": "160436"
          },
          {
            "db": "PACKETSTORM",
            "id": "164192"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-8284",
            "trust": 2.0
          },
          {
            "db": "SIEMENS",
            "id": "SSA-389290",
            "trust": 1.1
          },
          {
            "db": "HACKERONE",
            "id": "1040166",
            "trust": 1.1
          },
          {
            "db": "PACKETSTORM",
            "id": "160436",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "163197",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "163267",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "163276",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "163193",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "160706",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "163257",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "163496",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "160423",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "162629",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-186409",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-8284",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "169015",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "162877",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "164192",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-186409"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-8284"
          },
          {
            "db": "PACKETSTORM",
            "id": "169015"
          },
          {
            "db": "PACKETSTORM",
            "id": "163193"
          },
          {
            "db": "PACKETSTORM",
            "id": "163197"
          },
          {
            "db": "PACKETSTORM",
            "id": "163267"
          },
          {
            "db": "PACKETSTORM",
            "id": "163276"
          },
          {
            "db": "PACKETSTORM",
            "id": "162877"
          },
          {
            "db": "PACKETSTORM",
            "id": "160436"
          },
          {
            "db": "PACKETSTORM",
            "id": "164192"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8284"
          }
        ]
      },
      "id": "VAR-202012-1277",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-186409"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2026-03-09T21:22:59.757000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Debian CVElist Bug Report Logs: curl: CVE-2020-8284: trusting FTP PASV responses",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=0ffb05dc08c6c9f5251a5fb47d2c1b45"
          },
          {
            "title": "IBM: Security Bulletin: IBM MQ is affected by a vulnerability within libcurl (CVE-2020-8284)",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8dce374d73a7e6e542a5aecc279d3c25"
          },
          {
            "title": "Arch Linux Issues: ",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2020-8284 log"
          },
          {
            "title": "Amazon Linux 2: ALAS2-2021-1693",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1693"
          },
          {
            "title": "Debian Security Advisories: DSA-4881-1 curl -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a9706a30f62799ecc4d45bdb53c244eb"
          },
          {
            "title": "Siemens Security Advisories: Siemens Security Advisory",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=4a9822530e6b610875f83ffc10e02aba"
          },
          {
            "title": "Siemens Security Advisories: Siemens Security Advisory",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
          },
          {
            "title": "evilFTP",
            "trust": 0.1,
            "url": "https://github.com/vp777/evilFTP "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Live-Hack-CVE/CVE-2021-40491 "
          },
          {
            "title": "surferFTP",
            "trust": 0.1,
            "url": "https://github.com/vp777/surferFTP "
          },
          {
            "title": "clair-client",
            "trust": 0.1,
            "url": "https://github.com/indece-official/clair-client "
          },
          {
            "title": "PIA-PC",
            "trust": 0.1,
            "url": "https://github.com/zanezhub/PIA-PC "
          },
          {
            "title": "myapp-container-jaxrs",
            "trust": 0.1,
            "url": "https://github.com/akiraabe/myapp-container-jaxrs "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2020-8284"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.1
          },
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-186409"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8284"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.1,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
          },
          {
            "trust": 1.1,
            "url": "https://security.netapp.com/advisory/ntap-20210122-0007/"
          },
          {
            "trust": 1.1,
            "url": "https://support.apple.com/kb/ht212325"
          },
          {
            "trust": 1.1,
            "url": "https://support.apple.com/kb/ht212326"
          },
          {
            "trust": 1.1,
            "url": "https://support.apple.com/kb/ht212327"
          },
          {
            "trust": 1.1,
            "url": "https://www.debian.org/security/2021/dsa-4881"
          },
          {
            "trust": 1.1,
            "url": "https://security.gentoo.org/glsa/202012-14"
          },
          {
            "trust": 1.1,
            "url": "https://curl.se/docs/cve-2020-8284.html"
          },
          {
            "trust": 1.1,
            "url": "https://hackerone.com/reports/1040166"
          },
          {
            "trust": 1.1,
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "trust": 1.1,
            "url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
          },
          {
            "trust": 1.1,
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "trust": 1.1,
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "trust": 1.1,
            "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/nzuvsqhn2eshmjxnq2z7t2eelbb5hjxg/"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/daehe2s2qlo4ao4meeyl75nb7sah5psl/"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8284"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8285"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8286"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2020-8286"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2020-8285"
          },
          {
            "trust": 0.6,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2020-8284"
          },
          {
            "trust": 0.6,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8231"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-25013"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-29361"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-2708"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-28196"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-15358"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-8927"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-29362"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-9169"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-29363"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-13434"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2016-10228"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-8231"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-3326"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-27618"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8169"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22890"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29362"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-20305"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-23336"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20305"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2017-14502"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27618"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2020-26116"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3842"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8927"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29363"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2020-27619"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2020-24977"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-3842"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2020-13776"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-3177"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-3449"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-3450"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29361"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28196"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-22901"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22901"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-22876"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-22890"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-31618"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31618"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-8169"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26116"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28362"
          },
          {
            "trust": 0.2,
            "url": "https://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhb"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-3114"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-28362"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13776"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23336"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-27219"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27619"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24977"
          },
          {
            "trust": 0.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/daehe2s2qlo4ao4meeyl75nb7sah5psl/"
          },
          {
            "trust": 0.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/nzuvsqhn2eshmjxnq2z7t2eelbb5hjxg/"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "https://security-tracker.debian.org/tracker/curl"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8177"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=securitypatches\u0026version=2.4.37"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.openssl\u0026downloadtype=securitypatches\u0026version=1.1.1g"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.37/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:2471"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:2472"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27219"
          },
          {
            "trust": 0.1,
            "url": "https://issues.jboss.org/):"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:2532"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3114"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28500"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-28500"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-13949"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:2543"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13949"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23337"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25039"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14347"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-36322"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-12114"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25712"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-15586"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12114"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-13543"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27835"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9951"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25704"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25037"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-36242"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-25037"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3121"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-10878"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19528"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9948"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-13012"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-28935"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0431"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-25034"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-16845"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-25035"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-14866"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14363"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-25038"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-13584"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-26137"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-18811"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14360"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-21645"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25040"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27783"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19528"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-12464"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-24330"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14314"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25042"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-25042"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-12362"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25038"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25659"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-25032"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14356"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-25041"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-25036"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25032"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-21643"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27786"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-25215"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25643"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9983"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-24331"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25036"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-24394"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-0431"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-0342"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18811"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-30465"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25035"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14345"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14344"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19523"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14362"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-21644"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14361"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10543"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25285"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-35508"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12362"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25212"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19523"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-28974"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:2121"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-24332"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-10543"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-25039"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-15437"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13012"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25284"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14346"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-25040"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10878"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25041"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11608"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:2122"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-11608"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-21642"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12464"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25034"
          },
          {
            "trust": 0.1,
            "url": "https://usn.ubuntu.com/4665-1"
          },
          {
            "trust": 0.1,
            "url": "https://usn.ubuntu.com/4665-2"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3537"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27918"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33196"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33195"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-27918"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27218"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3520"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33196"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33197"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33195"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33198"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33198"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-31525"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-27218"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-34558"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:3556"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3326"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3516"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33197"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20271"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3518"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3517"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3421"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31525"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20271"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3703"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3541"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-186409"
          },
          {
            "db": "PACKETSTORM",
            "id": "169015"
          },
          {
            "db": "PACKETSTORM",
            "id": "163193"
          },
          {
            "db": "PACKETSTORM",
            "id": "163197"
          },
          {
            "db": "PACKETSTORM",
            "id": "163267"
          },
          {
            "db": "PACKETSTORM",
            "id": "163276"
          },
          {
            "db": "PACKETSTORM",
            "id": "162877"
          },
          {
            "db": "PACKETSTORM",
            "id": "160436"
          },
          {
            "db": "PACKETSTORM",
            "id": "164192"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8284"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-186409",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-8284",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "169015",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "163193",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "163197",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "163267",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "163276",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "162877",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "160436",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164192",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8284",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2020-12-14T00:00:00",
            "db": "VULHUB",
            "id": "VHN-186409",
            "ident": null
          },
          {
            "date": "2020-12-14T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-8284",
            "ident": null
          },
          {
            "date": "2021-03-28T19:12:00",
            "db": "PACKETSTORM",
            "id": "169015",
            "ident": null
          },
          {
            "date": "2021-06-17T18:01:23",
            "db": "PACKETSTORM",
            "id": "163193",
            "ident": null
          },
          {
            "date": "2021-06-17T18:09:26",
            "db": "PACKETSTORM",
            "id": "163197",
            "ident": null
          },
          {
            "date": "2021-06-23T16:08:25",
            "db": "PACKETSTORM",
            "id": "163267",
            "ident": null
          },
          {
            "date": "2021-06-24T17:54:53",
            "db": "PACKETSTORM",
            "id": "163276",
            "ident": null
          },
          {
            "date": "2021-06-01T14:45:29",
            "db": "PACKETSTORM",
            "id": "162877",
            "ident": null
          },
          {
            "date": "2020-12-10T16:02:10",
            "db": "PACKETSTORM",
            "id": "160436",
            "ident": null
          },
          {
            "date": "2021-09-17T16:04:56",
            "db": "PACKETSTORM",
            "id": "164192",
            "ident": null
          },
          {
            "date": "2020-12-14T20:15:13.903000",
            "db": "NVD",
            "id": "CVE-2020-8284",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-05-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-186409",
            "ident": null
          },
          {
            "date": "2023-11-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-8284",
            "ident": null
          },
          {
            "date": "2024-11-21T05:38:39.193000",
            "db": "NVD",
            "id": "CVE-2020-8284",
            "ident": null
          }
        ]
      },
      "title": {
        "_id": null,
        "data": "Debian Security Advisory 4881-1",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "169015"
          }
        ],
        "trust": 0.1
      },
      "type": {
        "_id": null,
        "data": "code execution",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "163276"
          }
        ],
        "trust": 0.1
      }
    }

    VAR-201708-0039

    Vulnerability from variot - Updated: 2026-03-09 20:32

    Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication. NTP Contains an authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Network Time Protocol is prone to a authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks.

    http://creativecommons.org/licenses/by-sa/2.5

    .

    Release Date: 2016-09-21 Last Updated: 2016-09-21

    Potential Security Impact: Multiple Remote Vulnerabilities

    Source: Hewlett Packard Enterprise, Product Security Response Team

    VULNERABILITY SUMMARY Potential security vulnerabilities in NTP have been addressed with HPE Comware 7 (CW7) network products.

    References:

    • CVE-2015-7704
    • CVE-2015-7705
    • CVE-2015-7855
    • CVE-2015-7871
    • PSRT110228
    • SSRT102943

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - Comware 7 (CW7) Products - Please refer to the RESOLUTION below for a list of impacted products. All product versions are impacted prior to the fixed versions listed.

    BACKGROUND

    CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

    CVE-2015-7704
      6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
      6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)
    
    CVE-2015-7705
      6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
      6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)
    
    CVE-2015-7855
      6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
      6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)
    
    CVE-2015-7871
      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
      5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
    
    Information on CVSS is documented in
    HPE Customer Notice HPSN-2008-002 here:
    

    https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

    RESOLUTION HPE has released the following software updates to resolve the vulnerabilities in HPE Comware 7 network products.

    COMWARE 7 Products

    • 12500 (Comware 7) - Version: R7377
      • HP Network Products
      • JC072B HP 12500 Main Processing Unit
      • JC085A HP A12518 Switch Chassis
      • JC086A HP A12508 Switch Chassis
      • JC652A HP 12508 DC Switch Chassis
      • JC653A HP 12518 DC Switch Chassis
      • JC654A HP 12504 AC Switch Chassis
      • JC655A HP 12504 DC Switch Chassis
      • JF430A HP A12518 Switch Chassis
      • JF430B HP 12518 Switch Chassis
      • JF430C HP 12518 AC Switch Chassis
      • JF431A HP A12508 Switch Chassis
      • JF431B HP 12508 Switch Chassis
      • JF431C HP 12508 AC Switch Chassis
      • JG497A HP 12500 MPU w/Comware V7 OS
      • JG782A HP FF 12508E AC Switch Chassis
      • JG783A HP FF 12508E DC Switch Chassis
      • JG784A HP FF 12518E AC Switch Chassis
      • JG785A HP FF 12518E DC Switch Chassis
      • JG802A HP FF 12500E MPU
    • 10500 (Comware 7) - Version: R7178
      • HP Network Products
      • JC611A HP 10508-V Switch Chassis
      • JC612A HP 10508 Switch Chassis
      • JC613A HP 10504 Switch Chassis
      • JC748A HP 10512 Switch Chassis
      • JG608A HP FlexFabric 11908-V Switch Chassis
      • JG609A HP FlexFabric 11900 Main Processing Unit
      • JG820A HP 10504 TAA Switch Chassis
      • JG821A HP 10508 TAA Switch Chassis
      • JG822A HP 10508-V TAA Switch Chassis
      • JG823A HP 10512 TAA Switch Chassis
      • JG496A HP 10500 Type A MPU w/Comware v7 OS
      • JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
      • JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit
    • 12900 (Comware 7) - Version: R1138P03
      • HP Network Products
      • JG619A HP FlexFabric 12910 Switch AC Chassis
      • JG621A HP FlexFabric 12910 Main Processing Unit
      • JG632A HP FlexFabric 12916 Switch AC Chassis
      • JG634A HP FlexFabric 12916 Main Processing Unit
      • JH104A HP FlexFabric 12900E Main Processing Unit
      • JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
      • JH263A HP FlexFabric 12904E Main Processing Unit
      • JH255A HP FlexFabric 12908E Switch Chassis
      • JH262A HP FlexFabric 12904E Switch Chassis
      • JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
      • JH103A HP FlexFabric 12916E Switch Chassis
    • 5900 (Comware 7) - Version: R2422P02
      • HP Network Products
      • JC772A HP 5900AF-48XG-4QSFP+ Switch
      • JG296A HP 5920AF-24XG Switch
      • JG336A HP 5900AF-48XGT-4QSFP+ Switch
      • JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
      • JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
      • JG555A HP 5920AF-24XG TAA Switch
      • JG838A HP FF 5900CP-48XG-4QSFP+ Switch
      • JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
      • JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
      • JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
    • MSR1000 (Comware 7) - Version: R0305P08
      • HP Network Products
      • JG875A HP MSR1002-4 AC Router
      • JH060A HP MSR1003-8S AC Router
    • MSR2000 (Comware 7) - Version: R0305P08
      • HP Network Products
      • JG411A HP MSR2003 AC Router
      • JG734A HP MSR2004-24 AC Router
      • JG735A HP MSR2004-48 Router
      • JG866A HP MSR2003 TAA-compliant AC Router
    • MSR3000 (Comware 7) - Version: R0305P08
      • HP Network Products
      • JG404A HP MSR3064 Router
      • JG405A HP MSR3044 Router
      • JG406A HP MSR3024 AC Router
      • JG407A HP MSR3024 DC Router
      • JG408A HP MSR3024 PoE Router
      • JG409A HP MSR3012 AC Router
      • JG410A HP MSR3012 DC Router
      • JG861A HP MSR3024 TAA-compliant AC Router
    • MSR4000 (Comware 7) - Version: R0305P08
      • HP Network Products
      • JG402A HP MSR4080 Router Chassis
      • JG403A HP MSR4060 Router Chassis
      • JG412A HP MSR4000 MPU-100 Main Processing Unit
      • JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
    • VSR (Comware 7) - Version: E0322
      • HP Network Products
      • JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
      • JG811AAE HP VSR1001 Comware 7 Virtual Services Router
      • JG812AAE HP VSR1004 Comware 7 Virtual Services Router
      • JG813AAE HP VSR1008 Comware 7 Virtual Services Router
    • 7900 (Comware 7) - Version: R2138P03
      • HP Network Products
      • JG682A HP FlexFabric 7904 Switch Chassis
      • JG841A HP FlexFabric 7910 Switch Chassis
      • JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
      • JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
      • JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
      • JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
      • JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
      • JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
    • 5130 (Comware 7) - Version: R3111P03
      • HP Network Products
      • JG932A HP 5130-24G-4SFP+ EI Switch
      • JG933A HP 5130-24G-SFP-4SFP+ EI Switch
      • JG934A HP 5130-48G-4SFP+ EI Switch
      • JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
      • JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
      • JG938A HP 5130-24G-2SFP+-2XGT EI Switch
      • JG939A HP 5130-48G-2SFP+-2XGT EI Switch
      • JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
      • JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
      • JG975A HP 5130-24G-4SFP+ EI Brazil Switch
      • JG976A HP 5130-48G-4SFP+ EI Brazil Switch
      • JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
      • JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
    • 5700 (Comware 7) - Version: R2422P02
      • HP Network Products
      • JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
      • JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
      • JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
      • JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
      • JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
      • JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
    • 5930 (Comware 7) - Version: R2422P02
      • HP Network Products
      • JG726A HP FlexFabric 5930 32QSFP+ Switch
      • JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
      • JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
      • JH179A HP FlexFabric 5930 4-slot Switch
      • JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
      • JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
    • HSR6600 (Comware 7) - Version: R7103P07
      • HP Network Products
      • JG353A HP HSR6602-G Router
      • JG354A HP HSR6602-XG Router
      • JG776A HP HSR6602-G TAA-compliant Router
      • JG777A HP HSR6602-XG TAA-compliant Router
    • HSR6800 (Comware 7) - Version: R7103P07
      • HP Network Products
      • JG361A HP HSR6802 Router Chassis
      • JG361B HP HSR6802 Router Chassis
      • JG362A HP HSR6804 Router Chassis
      • JG362B HP HSR6804 Router Chassis
      • JG363A HP HSR6808 Router Chassis
      • JG363B HP HSR6808 Router Chassis
      • JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
      • JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing
      • JH075A HP HSR6800 RSE-X3 Router Main Processing Unit
    • 1950 (Comware 7) - Version: R3111P03
      • HP Network Products
      • JG960A HP 1950-24G-4XG Switch
      • JG961A HP 1950-48G-2SFP+-2XGT Switch
      • JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
      • JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
    • 7500 (Comware 7) - Version: R7178
      • HP Network Products
      • JD238C HP 7510 Switch Chassis
      • JD239C HP 7506 Switch Chassis
      • JD240C HP 7503 Switch Chassis
      • JD242C HP 7502 Switch Chassis
      • JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit
      • JH208A HP 7502 Main Processing Unit
      • JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit
    • 5130HI - Version: R1118P02
      • HP Network Products
      • JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch
      • JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch
      • JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch
      • JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch
    • 5510HI - Version: R1118P02
      • HP Network Products
      • JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch
      • JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch
      • JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch
      • JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch
      • JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch

    Note: Please contact HPE Technical Support if any assistance is needed acquiring the software updates.

    HISTORY Version:1 (rev.1) - 21 September 2016 Initial release

    Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

    Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

    Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com

    Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

    Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

    Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

    3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX

    Copyright 2016 Hewlett Packard Enterprise

    Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    ============================================================================= FreeBSD-SA-15:25.ntp Security Advisory The FreeBSD Project

    Topic: Multiple vulnerabilities of ntp

    Category: contrib Module: ntp Announced: 2015-10-26 Credits: Network Time Foundation Affects: All supported versions of FreeBSD. Corrected: 2015-10-26 11:35:40 UTC (stable/10, 10.2-STABLE) 2015-10-26 11:36:55 UTC (releng/10.2, 10.2-RELEASE-p6) 2015-10-26 11:37:31 UTC (releng/10.1, 10.1-RELEASE-p23) 2015-10-26 11:36:40 UTC (stable/9, 9.3-STABLE) 2015-10-26 11:42:25 UTC (releng/9.3, 9.3-RELEASE-p29) CVE Name: CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704, CVE-2015-7848, CVE-2015-7849, CVE-2015-7850, CVE-2015-7851, CVE-2015-7852, CVE-2015-7853, CVE-2015-7854, CVE-2015-7855, CVE-2015-7871

    For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/.

    I.

    II. Problem Description

    Crypto-NAK packets can be used to cause ntpd(8) to accept time from an unauthenticated ephemeral symmetric peer by bypassing the authentication required to mobilize peer associations. [CVE-2015-7871] FreeBSD 9.3 and 10.1 are not affected.

    If ntpd(8) is fed a crafted mode 6 or mode 7 packet containing an unusual long data value where a network address is expected, the decodenetnum() function will abort with an assertion failure instead of simply returning a failure condition. [CVE-2015-7855]

    If ntpd(8) is configured to allow remote configuration, and if the (possibly spoofed) source IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password or if ntpd(8) was configured to disable authentication, then an attacker can send a set of packets to ntpd(8) that may cause it to crash, with the hypothetical possibility of a small code injection. [CVE-2015-7854]

    A negative value for the datalen parameter will overflow a data buffer. NTF's ntpd(8) driver implementations always set this value to 0 and are therefore not vulnerable to this weakness. If you are running a custom refclock driver in ntpd(8) and that driver supplies a negative value for datalen (no custom driver of even minimal competence would do this) then ntpd would overflow a data buffer. It is even hypothetically possible in this case that instead of simply crashing ntpd the attacker could effect a code injection attack. [CVE-2015-7853]

    If an attacker can figure out the precise moment that ntpq(8) is listening for data and the port number it is listening on or if the attacker can provide a malicious instance ntpd(8) that victims will connect to then an attacker can send a set of crafted mode 6 response packets that, if received by ntpq(8), can cause ntpq(8) to crash. [CVE-2015-7852]

    If ntpd(8) is configured to allow remote configuration, and if the (possibly spoofed) IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password or if ntpd(8) was configured to disable authentication, then an attacker can send a set of packets to ntpd that may cause ntpd(8) to overwrite files. [CVE-2015-7851]. The default configuration of ntpd(8) within FreeBSD does not allow remote configuration.

    If ntpd(8) is configured to allow remote configuration, and if the (possibly spoofed) source IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password or if ntpd(8) was configured to disable authentication, then an attacker can send a set of packets to ntpd that will cause it to crash and/or create a potentially huge log file. Specifically, the attacker could enable extended logging, point the key file at the log file, and cause what amounts to an infinite loop. [CVE-2015-7850]. The default configuration of ntpd(8) within FreeBSD does not allow remote configuration.

    If ntpd(8) is configured to allow remote configuration, and if the (possibly spoofed) source IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password or if ntpd was configured to disable authentication, then an attacker can send a set of packets to ntpd that may cause a crash or theoretically perform a code injection attack. [CVE-2015-7849]. The default configuration of ntpd(8) within FreeBSD does not allow remote configuration.

    If ntpd(8) is configured to enable mode 7 packets, and if the use of mode 7 packets is not properly protected thru the use of the available mode 7 authentication and restriction mechanisms, and if the (possibly spoofed) source IP address is allowed to send mode 7 queries, then an attacker can send a crafted packet to ntpd that will cause it to crash. [CVE-2015-7848]. The default configuration of ntpd(8) within FreeBSD does not allow mode 7 packets.

    If ntpd(8) is configured to use autokey, then an attacker can send packets to ntpd that will, after several days of ongoing attack, cause it to run out of memory. [CVE-2015-7701]. The default configuration of ntpd(8) within FreeBSD does not use autokey.

    If ntpd(8) is configured to allow for remote configuration, and if the (possibly spoofed) source IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password, it's possible for an attacker to use the "pidfile" or "driftfile" directives to potentially overwrite other files. [CVE-2015-5196]. The default configuration of ntpd(8) within FreeBSD does not allow remote configuration

    An ntpd(8) client that honors Kiss-of-Death responses will honor KoD messages that have been forged by an attacker, causing it to delay or stop querying its servers for time updates. Also, an attacker can forge packets that claim to be from the target and send them to servers often enough that a server that implements KoD rate limiting will send the target machine a KoD response to attempt to reduce the rate of incoming packets, or it may also trigger a firewall block at the server for packets from the target machine. For either of these attacks to succeed, the attacker must know what servers the target is communicating with. An attacker can be anywhere on the Internet and can frequently learn the identity of the target's time source by sending the target a time query. [CVE-2015-7704]

    The fix for CVE-2014-9750 was incomplete in that there were certain code paths where a packet with particular autokey operations that contained malicious data was not always being completely validated. Receipt of these packets can cause ntpd to crash. [CVE-2015-7702]. The default configuration of ntpd(8) within FreeBSD does not use autokey.

    III. Impact

    An attacker which can send NTP packets to ntpd(8), which uses cryptographic authentication of NTP data, may be able to inject malicious time data causing the system clock to be set incorrectly. [CVE-2015-7871]

    An attacker which can send NTP packets to ntpd(8), can block the communication of the daemon with time servers, causing the system clock not being synchronized. [CVE-2015-7704]

    An attacker which can send NTP packets to ntpd(8), can remotely crash the daemon, sending malicious data packet. [CVE-2015-7855] [CVE-2015-7854] [CVE-2015-7853] [CVE-2015-7852] [CVE-2015-7849] [CVE-2015-7848]

    An attacker which can send NTP packets to ntpd(8), can remotely trigger the daemon to overwrite its configuration files. [CVE-2015-7851] [CVE-2015-5196]

    IV. Workaround

    No workaround is available, but systems not running ntpd(8) are not affected. Network administrators are advised to implement BCP-38, which helps to reduce risk associated with the attacks.

    V. Solution

    Perform one of the following:

    1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.

    The ntpd service has to be restarted after the update. A reboot is recommended but not required.

    2) To update your vulnerable system via a binary patch:

    Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

    freebsd-update fetch

    freebsd-update install

    The ntpd service has to be restarted after the update. A reboot is recommended but not required.

    3) To update your vulnerable system via a source code patch:

    The following patches have been verified to apply to the applicable FreeBSD release branches.

    a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

    [FreeBSD 10.2]

    fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-102.patch.bz2

    bunzip2 ntp-102.patch.bz2

    fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-102.patch.asc

    gpg --verify ntp-102.patch.asc

    [FreeBSD 10.1]

    fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-101.patch.bz2

    bunzip2 ntp-101.patch.bz2

    fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-101.patch.asc

    gpg --verify ntp-101.patch.asc

    [FreeBSD 9.3]

    fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-93.patch.bz2

    bunzip2 ntp-93.patch.bz2

    fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-93.patch.asc

    gpg --verify ntp-93.patch.asc

    b) Apply the patch. Execute the following commands as root:

    cd /usr/src

    patch < /path/to/patch

    find contrib/ntp -type f -empty -delete

    c) Recompile the operating system using buildworld and installworld as described in https://www.FreeBSD.org/handbook/makeworld.html.

    d) For 9.3-RELEASE and 10.1-RELEASE an update to /etc/ntp.conf is recommended, which can be done with help of the mergemaster(8) tool on 9.3-RELEASE and with help of the etcupdate(8) tool on 10.1-RELEASE.

    Restart the ntpd(8) daemon, or reboot the system.

    VI. Correction details

    The following list contains the correction revision numbers for each affected branch.

    Branch/path Revision


    stable/9/ r289998 releng/9.3/ r290001 stable/10/ r289997 releng/10.1/ r290000 releng/10.2/ r289999


    To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:

    svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

    Or visit the following URL, replacing NNNNNN with the revision number:

    https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN

    VII. References

    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871

    The latest revision of this advisory is available at https://security.FreeBSD.org/advisories/FreeBSD-SA-15:25.ntp.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIcBAEBAgAGBQJWLhOJAAoJEO1n7NZdz2rn91wP/2GwEt1boNQq2a7nYzv/mS5D sYKkIi7o+2yr2BLXvtc3O7c9QC3/YeGsza9DTRqndcY572SWvRgtkFstMTTm8IV/ RVlIE40gVR3tex0zo7BiD7uKUrxWxWcpwMbE5dzlE+vSybyyj0dSSkwUHJjrbJoA RmyNuEEUhQn5sRCg6qJv/PLp2G7BcYAasKScukjm7QnLP2kq/tvM9mcqwfh2tadM 7kbf8uq+ykvsRzctaDnxQaB5+zJxBQYJjBelxQfIkNek0XGfdj3sRwISeFznbllq mOLTIBaFiuEtHtusO7MKKavMgS5CQJOvuuvd/l3NY1MnxC6X/1SWig9KIKDIn/hv q8dsnq7LLx+tO6Cv4Dub7EbC2ZP3xXGOC4Ie02z8bTZnbX7iwyPUidQQqtU9ra15 rxzFcZnBxu+yyMNJVsV2qVV/r9OycgKxWlEELC1wYrK9fKfvLdA5aEGjDeU1Z+s6 JS2zKr0t4F2bMrCsjYP1lQD8sHkCVjwJk+IJU/slcwSajDjBNlMH0yBxGYE1ETIZ qMF7/PAkLe8V78pdYmXw9pcaPyhI+ihPLnNrdhX8AI2RX5jDK7IuUNJeUM04UrVB 8N+mMwgamcuCPWNNyXaL0bz21fexZOuhHmU+B8Yn3SFX5O5b/r9gGvrjo8ei8jOk EUlBT3ViDhHNrI7PTaiI =djPm -----END PGP SIGNATURE----- . From: Yury German blueknight@gentoo.org To: gentoo-announce@lists.gentoo.org Message-ID: 57035F2D.8090108@gentoo.org Subject: [ GLSA 201604-03 ] Xen: Multiple vulnerabilities


    Gentoo Linux Security Advisory GLSA 201604-03


                                           https://security.gentoo.org/
    

    Severity: Normal Title: Xen: Multiple vulnerabilities Date: April 05, 2016 Bugs: #445254, #513832, #547202, #549200, #549950, #550658, #553664, #553718, #555532, #556304, #561110, #564472, #564932, #566798, #566838, #566842, #567962, #571552, #571556, #574012 ID: 201604-03


    Synopsis

    Multiple vulnerabilities have been found in Xen, the worst of which cause a Denial of Service.

    Background

    Xen is a bare-metal hypervisor.

    Affected packages

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
    

    1 app-emulation/xen < 4.6.0-r9 >= 4.6.0-r9 >= 4.5.2-r5 2 app-emulation/xen-pvgrub < 4.6.0 Vulnerable! 3 app-emulation/xen-tools < 4.6.0-r9 >= 4.6.0-r9 >= 4.5.2-r5 4 app-emulation/pvgrub >= 4.6.0 *>= 4.5.2 ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 4 affected packages

    Description

    Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details.

    Resolution

    All Xen 4.5 users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.5.2-r5"

    All Xen 4.6 users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.6.0-r9"

    All Xen tools 4.5 users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot -v ">=app-emulation/xen-tools-4.5.2-r5"

    All Xen tools 4.6 users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot -v ">=app-emulation/xen-tools-4.6.0-r9"

    All Xen pvgrub users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-pvgrub-4.6.0"=

    References

    [ 1 ] CVE-2012-3494 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3494 [ 2 ] CVE-2012-3495 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3495 [ 3 ] CVE-2012-3496 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3496 [ 4 ] CVE-2012-3497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3497 [ 5 ] CVE-2012-3498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3498 [ 6 ] CVE-2012-3515 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3515 [ 7 ] CVE-2012-4411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4411 [ 8 ] CVE-2012-4535 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4535 [ 9 ] CVE-2012-4536 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4536 [ 10 ] CVE-2012-4537 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4537 [ 11 ] CVE-2012-4538 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4538 [ 12 ] CVE-2012-4539 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4539 [ 13 ] CVE-2012-6030 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6030 [ 14 ] CVE-2012-6031 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6031 [ 15 ] CVE-2012-6032 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6032 [ 16 ] CVE-2012-6033 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6033 [ 17 ] CVE-2012-6034 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6034 [ 18 ] CVE-2012-6035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6035 [ 19 ] CVE-2012-6036 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6036 [ 20 ] CVE-2015-2151 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2151 [ 21 ] CVE-2015-3209 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3209 [ 22 ] CVE-2015-3259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3259 [ 23 ] CVE-2015-3340 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3340 [ 24 ] CVE-2015-3456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3456 [ 25 ] CVE-2015-4103 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4103 [ 26 ] CVE-2015-4104 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4104 [ 27 ] CVE-2015-4105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4105 [ 28 ] CVE-2015-4106 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4106 [ 29 ] CVE-2015-4163 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4163 [ 30 ] CVE-2015-4164 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4164 [ 31 ] CVE-2015-5154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5154 [ 32 ] CVE-2015-7311 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7311 [ 33 ] CVE-2015-7504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7504 [ 34 ] CVE-2015-7812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7812 [ 35 ] CVE-2015-7813 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7813 [ 36 ] CVE-2015-7814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7814 [ 37 ] CVE-2015-7835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7835 [ 38 ] CVE-2015-7871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871 [ 39 ] CVE-2015-7969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7969 [ 40 ] CVE-2015-7970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7970 [ 41 ] CVE-2015-7971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7971 [ 42 ] CVE-2015-7972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7972 [ 43 ] CVE-2015-8339 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8339 [ 44 ] CVE-2015-8340 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8340 [ 45 ] CVE-2015-8341 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8341 [ 46 ] CVE-2015-8550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8550 [ 47 ] CVE-2015-8551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8551 [ 48 ] CVE-2015-8552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8552 [ 49 ] CVE-2015-8554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8554 [ 50 ] CVE-2015-8555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8555 [ 51 ] CVE-2016-2270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2270 [ 52 ] CVE-2016-2271 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2271

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    https://security.gentoo.org/glsa/201604-03

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    http://creativecommons.org/licenses/by-sa/2.5

    --roWGDR0oQEDLX1s6lNAQV7ISgI2Pjo8Pc . ============================================================================ Ubuntu Security Notice USN-2783-1 October 27, 2015

    ntp vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 15.10
    • Ubuntu 15.04
    • Ubuntu 14.04 LTS
    • Ubuntu 12.04 LTS

    Summary:

    Several security issues were fixed in NTP. (CVE-2015-5146)

    Miroslav Lichvar discovered that NTP incorrectly handled logconfig directives. (CVE-2015-5194)

    Miroslav Lichvar discovered that NTP incorrectly handled certain statistics types. (CVE-2015-5195)

    Miroslav Lichvar discovered that NTP incorrectly handled certain file paths. (CVE-2015-5196, CVE-2015-7703)

    Miroslav Lichvar discovered that NTP incorrectly handled certain packets. (CVE-2015-5219)

    Aanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that NTP incorrectly handled restarting after hitting a panic threshold. (CVE-2015-7691, CVE-2015-7692, CVE-2015-7702)

    It was discovered that NTP incorrectly handled memory when processing certain autokey messages. (CVE-2015-7701)

    Aanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that NTP incorrectly handled rate limiting. A remote attacker could possibly use this issue to cause clients to stop updating their clock. (CVE-2015-7704, CVE-2015-7705)

    Yves Younan discovered that NTP incorrectly handled logfile and keyfile directives. (CVE-2015-7850)

    Yves Younan and Aleksander Nikolich discovered that NTP incorrectly handled ascii conversion. (CVE-2015-7852)

    Yves Younan discovered that NTP incorrectly handled reference clock memory. A malicious refclock could possibly use this issue to cause NTP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-7853)

    John D "Doug" Birdwell discovered that NTP incorrectly handled decoding certain bogus values. (CVE-2015-7855)

    Stephen Gray discovered that NTP incorrectly handled symmetric association authentication. (CVE-2015-7871)

    In the default installation, attackers would be isolated by the NTP AppArmor profile.

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 15.10: ntp 1:4.2.6.p5+dfsg-3ubuntu8.1

    Ubuntu 15.04: ntp 1:4.2.6.p5+dfsg-3ubuntu6.2

    Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.5

    Ubuntu 12.04 LTS: ntp 1:4.2.6.p3+dfsg-1ubuntu3.6

    In general, a standard system update will make all the necessary changes.

    References: http://www.ubuntu.com/usn/usn-2783-1 CVE-2015-5146, CVE-2015-5194, CVE-2015-5195, CVE-2015-5196, CVE-2015-5219, CVE-2015-5300, CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704, CVE-2015-7705, CVE-2015-7850, CVE-2015-7852, CVE-2015-7853, CVE-2015-7855, CVE-2015-7871

    Package Information: https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu8.1 https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu6.2 https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.5 https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.6 .

    CVE-2015-5194

    It was found that ntpd could crash due to an uninitialized
    variable when processing malformed logconfig configuration
    commands.
    

    CVE-2015-5195

    It was found that ntpd exits with a segmentation fault when a
    statistics type that was not enabled during compilation (e.g. 
    timingstats) is referenced by the statistics or filegen
    configuration command
    

    CVE-2015-5219

    It was discovered that sntp program would hang in an infinite loop
    when a crafted NTP packet was received, related to the conversion
    of the precision value in the packet to double.
    

    CVE-2015-5300

    It was found that ntpd did not correctly implement the -g option:
    
    Normally, ntpd exits with a message to the system log if the offset
    exceeds the panic threshold, which is 1000 s by default. This
    option allows the time to be set to any value without restriction;
    however, this can happen only once. If the threshold is exceeded
    after that, ntpd will exit with a message to the system log. This
    option can be used with the -q and -x options.
    
    ntpd could actually step the clock multiple times by more than the
    panic threshold if its clock discipline doesn't have enough time to
    reach the sync state and stay there for at least one update. If a
    man-in-the-middle attacker can control the NTP traffic since ntpd
    was started (or maybe up to 15-30 minutes after that), they can
    prevent the client from reaching the sync state and force it to step
    its clock by any amount any number of times, which can be used by
    attackers to expire certificates, etc.
    
    This is contrary to what the documentation says. Normally, the
    assumption is that an MITM attacker can step the clock more than the
    panic threshold only once when ntpd starts and to make a larger
    adjustment the attacker has to divide it into multiple smaller
    steps, each taking 15 minutes, which is slow.
    

    CVE-2015-7701

    A memory leak flaw was found in ntpd's CRYPTO_ASSOC.
    

    CVE-2015-7703

    Miroslav Lichvar of Red Hat found that the :config command can be
    used to set the pidfile and driftfile paths without any
    restrictions. A remote attacker could use this flaw to overwrite a
    file on the file system with a file containing the pid of the ntpd
    process (immediately) or the current estimated drift of the system
    clock (in hourly intervals). For example:
    
    ntpq -c ':config pidfile /tmp/ntp.pid'
    ntpq -c ':config driftfile /tmp/ntp.drift'
    
    In Debian ntpd is configured to drop root privileges, which limits
    the impact of this issue.
    

    CVE-2015-7704

    If ntpd as an NTP client receives a Kiss-of-Death (KoD) packet
    from the server to reduce its polling rate, it doesn't check if the
    originate timestamp in the reply matches the transmit timestamp from
    its request. An off-path attacker can send a crafted KoD packet to
    the client, which will increase the client's polling interval to a
    large value and effectively disable synchronization with the server. A
    specially crafted configuration file could cause an endless loop
    resulting in a denial of service.
    

    CVE-2015-7852

    A potential off by one vulnerability exists in the cookedprint
    functionality of ntpq. A specially crafted buffer could cause a
    buffer overflow potentially resulting in null byte being written out
    of bounds.
    

    CVE-2015-7871

    An error handling logic error exists within ntpd that manifests due
    to improper error condition handling associated with certain
    crypto-NAK packets. An unauthenticated, off-path attacker can force
    ntpd processes on targeted servers to peer with time sources of the
    attacker's choosing by transmitting symmetric active crypto-NAK
    packets to ntpd.
    

    For the oldstable distribution (wheezy), these problems have been fixed in version 1:4.2.6.p5+dfsg-2+deb7u6.

    For the stable distribution (jessie), these problems have been fixed in version 1:4.2.6.p5+dfsg-7+deb8u1.

    For the testing distribution (stretch), these problems have been fixed in version 1:4.2.8p4+dfsg-3.

    For the unstable distribution (sid), these problems have been fixed in version 1:4.2.8p4+dfsg-3.

    We recommend that you upgrade your ntp packages.

    Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz: Upgraded. In addition to bug fixes and enhancements, this release fixes several low and medium severity vulnerabilities. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9750 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5196 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871 ( Security fix ) +--------------------------+

    Where to find the new packages: +-----------------------------+

    Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

    Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

    Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p4-i486-1_slack13.0.txz

    Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.0.txz

    Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p4-i486-1_slack13.1.txz

    Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.1.txz

    Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p4-i486-1_slack13.37.txz

    Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.37.txz

    Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p4-i486-1_slack14.0.txz

    Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.0.txz

    Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz

    Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.1.txz

    Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p4-i586-1.txz

    Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p4-x86_64-1.txz

    MD5 signatures: +-------------+

    Slackware 13.0 package: 21dd14178fea17a88c9326c8672ecefd ntp-4.2.8p4-i486-1_slack13.0.txz

    Slackware x86_64 13.0 package: 8647479b2007b92ff8598184f2275263 ntp-4.2.8p4-x86_64-1_slack13.0.txz

    Slackware 13.1 package: e0f122e8e271dc84db06202c03cc0288 ntp-4.2.8p4-i486-1_slack13.1.txz

    Slackware x86_64 13.1 package: db0aff04b72b3d8c96ca8c8e1ed36c05 ntp-4.2.8p4-x86_64-1_slack13.1.txz

    Slackware 13.37 package: 5914e43e886e5ff88fefd30083493e30 ntp-4.2.8p4-i486-1_slack13.37.txz

    Slackware x86_64 13.37 package: 4335c3bf2ae24afc5ad734e8d80b3e94 ntp-4.2.8p4-x86_64-1_slack13.37.txz

    Slackware 14.0 package: 39b05698797b638b67130e0b170e0a4b ntp-4.2.8p4-i486-1_slack14.0.txz

    Slackware x86_64 14.0 package: dcf4a56ba1d013ee1c9d0e624e158709 ntp-4.2.8p4-x86_64-1_slack14.0.txz

    Slackware 14.1 package: 1fd3a7beaf23303e2c211af377662614 ntp-4.2.8p4-i486-1_slack14.1.txz

    Slackware x86_64 14.1 package: 438c3185aa8ec20d1c2b5e51786e4d41 ntp-4.2.8p4-x86_64-1_slack14.1.txz

    Slackware -current package: 81bfb2fed450cb26a51b5e1cee0d33ed n/ntp-4.2.8p4-i586-1.txz

    Slackware x86_64 -current package: 8bae4ad633af40d4d54b7686e4b225f9 n/ntp-4.2.8p4-x86_64-1.txz

    Installation instructions: +------------------------+

    Upgrade the package as root:

    upgradepkg ntp-4.2.8p4-i486-1_slack14.1.txz

    Then, restart the NTP daemon:

    sh /etc/rc.d/rc.ntpd restart

    +-----+

    Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

    +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "ntp",
            "version": "4.2.8"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "oncommand balance",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "ntp",
            "version": "4.3.77"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "ntp",
            "version": "4.2.5"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ntp",
            "version": "4.2.6"
          },
          {
            "_id": null,
            "model": "oncommand performance manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "clustered data ontap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "data ontap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "ntp",
            "version": "4.2.8"
          },
          {
            "_id": null,
            "model": "oncommand unified manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ntp",
            "version": "4.3.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "ntp",
            "version": "4.3.70"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ntp",
            "version": null
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "ntp",
            "version": "4.2.8p4  less than  4.2.x"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "ntp",
            "version": "4.3.77  less than  4.3.x"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ntp",
            "version": "4.3.67"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ntp",
            "version": "4.3.74"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ntp",
            "version": "4.3.68"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ntp",
            "version": "4.3.69"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ntp",
            "version": "4.3.72"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ntp",
            "version": "4.3.73"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ntp",
            "version": "4.3.75"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ntp",
            "version": "4.3.76"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ntp",
            "version": "4.3.71"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "14.1"
          },
          {
            "_id": null,
            "model": "linux x86 64 -current",
            "scope": null,
            "trust": 0.3,
            "vendor": "slackware",
            "version": null
          },
          {
            "_id": null,
            "model": "linux x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "14.1"
          },
          {
            "_id": null,
            "model": "linux x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "14.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "14.0"
          },
          {
            "_id": null,
            "model": "linux x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.37"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.37"
          },
          {
            "_id": null,
            "model": "linux x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.1"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.1"
          },
          {
            "_id": null,
            "model": "linux x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.0"
          },
          {
            "_id": null,
            "model": "linux -current",
            "scope": null,
            "trust": 0.3,
            "vendor": "slackware",
            "version": null
          },
          {
            "_id": null,
            "model": "ruggedcom rox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "2.6.3"
          },
          {
            "_id": null,
            "model": "ruggedcom rox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "2.6.2"
          },
          {
            "_id": null,
            "model": "ruggedcom rox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "ruggedcom rox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "1.16"
          },
          {
            "_id": null,
            "model": "ruggedcom rox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "1.14.5"
          },
          {
            "_id": null,
            "model": "ruggedcom rox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "automation stratix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rockwell",
            "version": "59000"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ntp",
            "version": "4.3.25"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ntp",
            "version": "4.3"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ntp",
            "version": "4.2.6"
          },
          {
            "_id": null,
            "model": "4.2.8p3",
            "scope": null,
            "trust": 0.3,
            "vendor": "ntp",
            "version": null
          },
          {
            "_id": null,
            "model": "4.2.8p2",
            "scope": null,
            "trust": 0.3,
            "vendor": "ntp",
            "version": null
          },
          {
            "_id": null,
            "model": "4.2.7p366",
            "scope": null,
            "trust": 0.3,
            "vendor": "ntp",
            "version": null
          },
          {
            "_id": null,
            "model": "4.2.7p111",
            "scope": null,
            "trust": 0.3,
            "vendor": "ntp",
            "version": null
          },
          {
            "_id": null,
            "model": "4.2.7p11",
            "scope": null,
            "trust": 0.3,
            "vendor": "ntp",
            "version": null
          },
          {
            "_id": null,
            "model": "4.2.5p186",
            "scope": null,
            "trust": 0.3,
            "vendor": "ntp",
            "version": null
          },
          {
            "_id": null,
            "model": "junos os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "0"
          },
          {
            "_id": null,
            "model": "qlogic virtual fabric extension module for ibm bladecenter",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "qlogic 8gb intelligent pass-thru module and san switch module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.10"
          },
          {
            "_id": null,
            "model": "ib6131 gb infiniband switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "83.4"
          },
          {
            "_id": null,
            "model": "ib6131 gb infiniband switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "83.2"
          },
          {
            "_id": null,
            "model": "flex system fc3171 8gb san switch and san pass-thru",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.0.00"
          },
          {
            "_id": null,
            "model": "flex system en6131 40gb ethernet switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.4"
          },
          {
            "_id": null,
            "model": "flex system en6131 40gb ethernet switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "vsr1008 comware virtual services router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "70"
          },
          {
            "_id": null,
            "model": "vsr1004 comware virtual services router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "70"
          },
          {
            "_id": null,
            "model": "vsr1001 virtual services router day evaluation software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "600"
          },
          {
            "_id": null,
            "model": "vsr1001 comware virtual services router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "70"
          },
          {
            "_id": null,
            "model": "msr4080 router chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "msr4060 router chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "msr4000 taa-compliant mpu-100 main processing unit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "msr4000 mpu-100 main processing unit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "msr3064 router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "msr3044 router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "msr3024 taa-compliant ac router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "msr3024 poe router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "msr3024 dc router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "msr3024 ac router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "msr3012 dc router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "msr3012 ac router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "msr2004-48 router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "msr2004-24 ac router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "msr2003 taa-compliant ac router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "msr2003 ac router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "msr1003-8s ac router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "msr1002-4 ac router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "hsr6808 router chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "hsr6804 router chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "hsr6802 router chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "hsr6800 rse-x3 router main processing unit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "hsr6800 rse-x2 router taa-compliant main processing",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "hsr6800 rse-x2 router main processing unit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "hsr6602-xg taa-compliant router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "hsr6602-xg router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "hsr6602-g taa-compliant router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "hsr6602-g router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flexfabric taa-compliant switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "79100"
          },
          {
            "_id": null,
            "model": "flexfabric switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "79100"
          },
          {
            "_id": null,
            "model": "flexfabric 7.2tbps taa-compliant fabric/main processing uni",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "79100"
          },
          {
            "_id": null,
            "model": "flexfabric 7.2tbps fabric main processing unit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7910/0"
          },
          {
            "_id": null,
            "model": "flexfabric 2.4tbps taa-compliant fabric/main processing uni",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "79100"
          },
          {
            "_id": null,
            "model": "flexfabric 2.4tbps fabric main processing unit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7910/0"
          },
          {
            "_id": null,
            "model": "flexfabric taa-compliant switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "79040"
          },
          {
            "_id": null,
            "model": "flexfabric switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "79040"
          },
          {
            "_id": null,
            "model": "flexfabric 4-slot taa-compliant switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "59300"
          },
          {
            "_id": null,
            "model": "flexfabric 4-slot switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "59300"
          },
          {
            "_id": null,
            "model": "flexfabric 32qsfp+ taa-compliant switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "59300"
          },
          {
            "_id": null,
            "model": "flexfabric 32qsfp+ switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "59300"
          },
          {
            "_id": null,
            "model": "flexfabric 2qsfp+ 2-slot taa-compliant switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "59300"
          },
          {
            "_id": null,
            "model": "flexfabric 2qsfp+ 2-slot switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "59300"
          },
          {
            "_id": null,
            "model": "flexfabric 5900cp 48xg 4qsfp+ taa-compliant",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flexfabric 5700-48g-4xg-2qsfp+ taa-compliant switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flexfabric 5700-48g-4xg-2qsfp+ switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flexfabric 5700-40xg-2qsfp+ taa-compliant switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flexfabric 5700-40xg-2qsfp+ switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flexfabric 5700-32xgt-8xg-2qsfp+ taa-compliant switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flexfabric 5700-32xgt-8xg-2qsfp+ switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flexfabric 12916e switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flexfabric switch ac chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "129160"
          },
          {
            "_id": null,
            "model": "flexfabric main processing unit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "129160"
          },
          {
            "_id": null,
            "model": "flexfabric taa-compliant switch ac chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "129100"
          },
          {
            "_id": null,
            "model": "flexfabric taa-compliant main processing unit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "129100"
          },
          {
            "_id": null,
            "model": "flexfabric switch ac chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "129100"
          },
          {
            "_id": null,
            "model": "flexfabric main processing unit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "129100"
          },
          {
            "_id": null,
            "model": "flexfabric 12908e switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flexfabric 12904e switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flexfabric 12904e main processing unit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flexfabric 12900e main processing unit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "flexfabric switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "11908-v0"
          },
          {
            "_id": null,
            "model": "flexfabric main processing unit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "119000"
          },
          {
            "_id": null,
            "model": "ff 5900cp-48xg-4qsfp+ switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ff 12518e dc switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ff 12518e ac switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ff 12508e dc switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ff 12508e ac switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ff 12500e mpu",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "a12518 switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "a12508 switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "75100"
          },
          {
            "_id": null,
            "model": "switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "75060"
          },
          {
            "_id": null,
            "model": "switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "75030"
          },
          {
            "_id": null,
            "model": "switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "75020"
          },
          {
            "_id": null,
            "model": "main processing unit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "75020"
          },
          {
            "_id": null,
            "model": "5920af-24xg taa switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5920af-24xg switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5900af-48xgt-4qsfp+ switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5900af-48xg-4qsfp+ taa switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5900af-48xg-4qsfp+ switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5900af-48g-4xg-2qsfp+ switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5900af 48xgt 4qsfp+ taa-compliant switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5900af 48g 4xg 2qsfp+ taa-compliant",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "48g poe+ 4sfp+ hi 1-slot switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "55100"
          },
          {
            "_id": null,
            "model": "48g 4sfp+ hi 1-slot switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "55100"
          },
          {
            "_id": null,
            "model": "24g sfp 4sfp+ hi 1-slot switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "55100"
          },
          {
            "_id": null,
            "model": "24g poe+ 4sfp+ hi 1-slot switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "55100"
          },
          {
            "_id": null,
            "model": "24g 4sfp+ hi 1-slot switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "55100"
          },
          {
            "_id": null,
            "model": "5130-48g-poe+-4sfp+ ei switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5130-48g-poe+-4sfp+ ei brazil switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5130-48g-poe+-2sfp+-2xgt ei switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5130-48g-4sfp+ ei switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5130-48g-4sfp+ ei brazil switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5130-48g-2sfp+-2xgt ei switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5130-24g-sfp-4sfp+ ei switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5130-24g-poe+-4sfp+ ei switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5130-24g-poe+-4sfp+ ei brazil switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5130-24g-poe+-2sfp+-2xgt ei switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5130-24g-4sfp+ ei switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5130-24g-4sfp+ ei brazil switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "5130-24g-2sfp+-2xgt ei switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "48g poe+ 4sfp+ 1-slot hi switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "51300"
          },
          {
            "_id": null,
            "model": "48g 4sfp+ 1-slot hi switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "51300"
          },
          {
            "_id": null,
            "model": "24g poe+ 4sfp+ 1-slot hi switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "51300"
          },
          {
            "_id": null,
            "model": "24g 4sfp+ 1-slot hi switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "51300"
          },
          {
            "_id": null,
            "model": "1950-48g-2sfp+-2xgt-poe+ switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "1950-48g-2sfp+-2xgt switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "1950-24g-4xg switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "1950-24g-2sfp+-2xgt-poe+ switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "125180"
          },
          {
            "_id": null,
            "model": "dc switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "125180"
          },
          {
            "_id": null,
            "model": "ac switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "125180"
          },
          {
            "_id": null,
            "model": "switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "125080"
          },
          {
            "_id": null,
            "model": "dc switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "125080"
          },
          {
            "_id": null,
            "model": "ac switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "125080"
          },
          {
            "_id": null,
            "model": "dc switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "125040"
          },
          {
            "_id": null,
            "model": "ac switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "125040"
          },
          {
            "_id": null,
            "model": "mpu w/comware os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "12500v70"
          },
          {
            "_id": null,
            "model": "main processing unit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "125000"
          },
          {
            "_id": null,
            "model": "taa switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "105120"
          },
          {
            "_id": null,
            "model": "switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "105120"
          },
          {
            "_id": null,
            "model": "taa switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10508-v0"
          },
          {
            "_id": null,
            "model": "switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10508-v0"
          },
          {
            "_id": null,
            "model": "taa switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "105080"
          },
          {
            "_id": null,
            "model": "switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "105080"
          },
          {
            "_id": null,
            "model": "taa switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "105040"
          },
          {
            "_id": null,
            "model": "switch chassis",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "105040"
          },
          {
            "_id": null,
            "model": "type d taa-compliant with comware os main processing un",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10500v70"
          },
          {
            "_id": null,
            "model": "type d main processing unit with comware os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10500v70"
          },
          {
            "_id": null,
            "model": "type a mpu w/comware os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10500v70"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-release-p9",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-release-p6",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-release-p5",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-release-p3",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-release-p25",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-release-p24",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-release-p22",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-release-p21",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-release-p2",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-release-p13",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-release-p10",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-release-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-rc3-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-rc2-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-rc2",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-rc1-p2",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-rc",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-prerelease",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-beta3-p2",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-beta1-p2",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-beta1-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-beta1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "freebsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "9.3"
          },
          {
            "_id": null,
            "model": "10.2-rc2-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.2-rc1-p2",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.2-rc1-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.2-prerelease",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.2-beta2-p3",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.2-beta2-p2",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "freebsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "10.2"
          },
          {
            "_id": null,
            "model": "10.1-stable",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.1-releng",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.1-release-p9",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.1-release-p6",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.1-release-p5",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.1-release-p19",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.1-release-p17",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.1-release-p16",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.1-release-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.1-release",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.1-rc4-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.1-rc3-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.1-rc2-p3",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.1-rc2-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.1-rc1-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.1-prerelease",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.1-beta3-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.1-beta1-p1",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "freebsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "summit wm3000 series",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "0"
          },
          {
            "_id": null,
            "model": "purview appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "6.3"
          },
          {
            "_id": null,
            "model": "purview appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "netsight appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "6.3"
          },
          {
            "_id": null,
            "model": "netsight appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "nac appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "6.3"
          },
          {
            "_id": null,
            "model": "nac appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "extremexos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "16.1.2"
          },
          {
            "_id": null,
            "model": "extremexos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "15.7.4"
          },
          {
            "_id": null,
            "model": "extremexos patch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "15.7.38"
          },
          {
            "_id": null,
            "model": "extremexos patch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "15.7.31"
          },
          {
            "_id": null,
            "model": "extremexos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "15.7.2"
          },
          {
            "_id": null,
            "model": "extremexos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "15.7"
          },
          {
            "_id": null,
            "model": "extremexos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "15.6.4"
          },
          {
            "_id": null,
            "model": "extremexos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "16.1"
          },
          {
            "_id": null,
            "model": "extremexos 15.4.1.3-patch1-10",
            "scope": null,
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": null
          },
          {
            "_id": null,
            "model": "extremexos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "15.4.1.0"
          },
          {
            "_id": null,
            "model": "extremexos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "15.3"
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "ruggedcom rox",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "2.9.0"
          },
          {
            "_id": null,
            "model": "automation stratix",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "rockwell",
            "version": "590015.6.3"
          },
          {
            "_id": null,
            "model": "ntp",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ntp",
            "version": "4.3.77"
          },
          {
            "_id": null,
            "model": "4.2.8p4",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ntp",
            "version": null
          },
          {
            "_id": null,
            "model": "qlogic virtual fabric extension module for ibm bladecenter",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.3.14.0"
          },
          {
            "_id": null,
            "model": "qlogic 8gb intelligent pass-thru module and san switch module",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.10.1.37.00"
          },
          {
            "_id": null,
            "model": "ib6131 gb infiniband switch",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "83.5.1000"
          },
          {
            "_id": null,
            "model": "flex system fc3171 8gb san switch and san pass-thru",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.7.03.00"
          },
          {
            "_id": null,
            "model": "flex system en6131 40gb ethernet switch",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.5.1000"
          },
          {
            "_id": null,
            "model": "9.3-stable",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "9.3-release-p29",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.2-stable",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.2-release-p6",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "10.1-release-p23",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "purview appliance",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "6.4"
          },
          {
            "_id": null,
            "model": "netsight appliance",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "6.4"
          },
          {
            "_id": null,
            "model": "nac appliance",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "6.4"
          },
          {
            "_id": null,
            "model": "extremexos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "21.1"
          },
          {
            "_id": null,
            "model": "extremexos",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "extremenetworks",
            "version": "16.2"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "77287"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-574"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007708"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7871"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Stephen Gray \u0026amp;amp;lt;stepgray@cisco.com\u0026amp;amp;gt;.",
        "sources": [
          {
            "db": "BID",
            "id": "77287"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2015-7871",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2015-7871",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2015-7871",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2015-7871",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-7871",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2015-7871",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201510-574",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2015-7871",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2015-7871"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-574"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007708"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7871"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication. NTP Contains an authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Network Time Protocol is prone to a authentication-bypass vulnerability. \nAn attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. \n\nRelease Date: 2016-09-21\nLast Updated: 2016-09-21\n\nPotential Security Impact: Multiple Remote Vulnerabilities\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities in NTP have been addressed with HPE\nComware 7 (CW7) network products. \n\nReferences:\n\n  - CVE-2015-7704\n  - CVE-2015-7705\n  - CVE-2015-7855\n  - CVE-2015-7871\n  - PSRT110228\n  - SSRT102943\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n  - Comware 7 (CW7) Products - Please refer to the RESOLUTION\n below for a list of impacted products. All product versions are impacted\nprior to the fixed versions listed. \n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n    CVE-2015-7704\n      6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\n      6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)\n\n    CVE-2015-7705\n      6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\n      6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)\n\n    CVE-2015-7855\n      6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\n      6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)\n\n    CVE-2015-7871\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\n      5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n    Information on CVSS is documented in\n    HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\nHPE has released the following software updates to resolve the\nvulnerabilities in HPE Comware 7 network products. \n\n**COMWARE 7 Products**\n\n  + **12500 (Comware 7) - Version: R7377**\n    * HP Network Products\n      - JC072B HP 12500 Main Processing Unit\n      - JC085A HP A12518 Switch Chassis\n      - JC086A HP A12508 Switch Chassis\n      - JC652A HP 12508 DC Switch Chassis\n      - JC653A HP 12518 DC Switch Chassis\n      - JC654A HP 12504 AC Switch Chassis\n      - JC655A HP 12504 DC Switch Chassis\n      - JF430A HP A12518 Switch Chassis\n      - JF430B HP 12518 Switch Chassis\n      - JF430C HP 12518 AC Switch Chassis\n      - JF431A HP A12508 Switch Chassis\n      - JF431B HP 12508 Switch Chassis\n      - JF431C HP 12508 AC Switch Chassis\n      - JG497A HP 12500 MPU w/Comware V7 OS\n      - JG782A HP FF 12508E AC Switch Chassis\n      - JG783A HP FF 12508E DC Switch Chassis\n      - JG784A HP FF 12518E AC Switch Chassis\n      - JG785A HP FF 12518E DC Switch Chassis\n      - JG802A HP FF 12500E MPU\n  + **10500 (Comware 7) - Version: R7178**\n    * HP Network Products\n      - JC611A HP 10508-V Switch Chassis\n      - JC612A HP 10508 Switch Chassis\n      - JC613A HP 10504 Switch Chassis\n      - JC748A HP 10512 Switch Chassis\n      - JG608A HP FlexFabric 11908-V Switch Chassis\n      - JG609A HP FlexFabric 11900 Main Processing Unit\n      - JG820A HP 10504 TAA Switch Chassis\n      - JG821A HP 10508 TAA Switch Chassis\n      - JG822A HP 10508-V TAA Switch Chassis\n      - JG823A HP 10512 TAA Switch Chassis\n      - JG496A HP 10500 Type A MPU w/Comware v7 OS\n      - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n      - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System\nMain Processing Unit\n  + **12900 (Comware 7) - Version: R1138P03**\n    * HP Network Products\n      - JG619A HP FlexFabric 12910 Switch AC Chassis\n      - JG621A HP FlexFabric 12910 Main Processing Unit\n      - JG632A HP FlexFabric 12916 Switch AC Chassis\n      - JG634A HP FlexFabric 12916 Main Processing Unit\n      - JH104A HP FlexFabric 12900E Main Processing Unit\n      - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n      - JH263A HP FlexFabric 12904E Main Processing Unit\n      - JH255A HP FlexFabric 12908E Switch Chassis\n      - JH262A HP FlexFabric 12904E Switch Chassis\n      - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n      - JH103A HP FlexFabric 12916E Switch Chassis\n  + **5900 (Comware 7) - Version: R2422P02**\n    * HP Network Products\n      - JC772A HP 5900AF-48XG-4QSFP+ Switch\n      - JG296A HP 5920AF-24XG Switch\n      - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n      - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n      - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n      - JG555A HP 5920AF-24XG TAA Switch\n      - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n      - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n      - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n      - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n  + **MSR1000 (Comware 7) - Version: R0305P08**\n    * HP Network Products\n      - JG875A HP MSR1002-4 AC Router\n      - JH060A HP MSR1003-8S AC Router\n  + **MSR2000 (Comware 7) - Version: R0305P08**\n    * HP Network Products\n      - JG411A HP MSR2003 AC Router\n      - JG734A HP MSR2004-24 AC Router\n      - JG735A HP MSR2004-48 Router\n      - JG866A HP MSR2003 TAA-compliant AC Router\n  + **MSR3000 (Comware 7) - Version: R0305P08**\n    * HP Network Products\n      - JG404A HP MSR3064 Router\n      - JG405A HP MSR3044 Router\n      - JG406A HP MSR3024 AC Router\n      - JG407A HP MSR3024 DC Router\n      - JG408A HP MSR3024 PoE Router\n      - JG409A HP MSR3012 AC Router\n      - JG410A HP MSR3012 DC Router\n      - JG861A HP MSR3024 TAA-compliant AC Router\n  + **MSR4000 (Comware 7) - Version: R0305P08**\n    * HP Network Products\n      - JG402A HP MSR4080 Router Chassis\n      - JG403A HP MSR4060 Router Chassis\n      - JG412A HP MSR4000 MPU-100 Main Processing Unit\n      - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n  + **VSR (Comware 7) - Version: E0322**\n    * HP Network Products\n      - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n      - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n      - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n      - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n  + **7900 (Comware 7) - Version: R2138P03**\n    * HP Network Products\n      - JG682A HP FlexFabric 7904 Switch Chassis\n      - JG841A HP FlexFabric 7910 Switch Chassis\n      - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n      - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n      - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n      - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n      - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n      - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n  + **5130 (Comware 7) - Version: R3111P03**\n    * HP Network Products\n      - JG932A HP 5130-24G-4SFP+ EI Switch\n      - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n      - JG934A HP 5130-48G-4SFP+ EI Switch\n      - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n      - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n      - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n      - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n      - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n      - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n      - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n      - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n  + **5700 (Comware 7) - Version: R2422P02**\n    * HP Network Products\n      - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n      - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n      - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n      - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n      - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n      - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n  + **5930 (Comware 7) - Version: R2422P02**\n    * HP Network Products\n      - JG726A HP FlexFabric 5930 32QSFP+ Switch\n      - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n      - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n      - JH179A HP FlexFabric 5930 4-slot Switch\n      - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n      - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n  + **HSR6600 (Comware 7) - Version: R7103P07**\n    * HP Network Products\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n  + **HSR6800 (Comware 7) - Version: R7103P07**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing\n      - JH075A HP HSR6800 RSE-X3 Router Main Processing Unit\n  + **1950 (Comware 7) - Version: R3111P03**\n    * HP Network Products\n      - JG960A HP 1950-24G-4XG Switch\n      - JG961A HP 1950-48G-2SFP+-2XGT Switch\n      - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n      - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n  + **7500 (Comware 7) - Version: R7178**\n    * HP Network Products\n      - JD238C HP 7510 Switch Chassis\n      - JD239C HP 7506 Switch Chassis\n      - JD240C HP 7503 Switch Chassis\n      - JD242C HP 7502 Switch Chassis\n      - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only\nMain Processing Unit\n      - JH208A HP 7502 Main Processing Unit\n      - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port\n40GbE QSFP+ Main Processing Unit\n  + **5130HI - Version: R1118P02**\n    * HP Network Products\n      - JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch\n      - JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch\n      - JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch\n      - JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch\n  + **5510HI - Version: R1118P02**\n    * HP Network Products\n      - JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch\n      - JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch\n      - JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch\n      - JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch\n      - JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch\n\n**Note:** Please contact HPE Technical Support if any assistance is needed\nacquiring the software updates. \n\nHISTORY\nVersion:1 (rev.1) - 21 September 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n  Web form: https://www.hpe.com/info/report-security-vulnerability\n  Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=============================================================================\nFreeBSD-SA-15:25.ntp                                        Security Advisory\n                                                          The FreeBSD Project\n\nTopic:          Multiple vulnerabilities of ntp\n\nCategory:       contrib\nModule:         ntp\nAnnounced:      2015-10-26\nCredits:        Network Time Foundation\nAffects:        All supported versions of FreeBSD. \nCorrected:      2015-10-26 11:35:40 UTC (stable/10, 10.2-STABLE)\n                2015-10-26 11:36:55 UTC (releng/10.2, 10.2-RELEASE-p6)\n                2015-10-26 11:37:31 UTC (releng/10.1, 10.1-RELEASE-p23)\n                2015-10-26 11:36:40 UTC (stable/9, 9.3-STABLE)\n                2015-10-26 11:42:25 UTC (releng/9.3, 9.3-RELEASE-p29)\nCVE Name:       CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704,\n                CVE-2015-7848, CVE-2015-7849, CVE-2015-7850, CVE-2015-7851,\n                CVE-2015-7852, CVE-2015-7853, CVE-2015-7854, CVE-2015-7855,\n                CVE-2015-7871\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit https://security.FreeBSD.org/. \n\nI. \n\nII.  Problem Description\n\nCrypto-NAK packets can be used to cause ntpd(8) to accept time from an\nunauthenticated ephemeral symmetric peer by bypassing the authentication\nrequired to mobilize peer associations. [CVE-2015-7871] FreeBSD 9.3 and\n10.1 are not affected. \n\nIf ntpd(8) is fed a crafted mode 6 or mode 7 packet containing an unusual\nlong data value where a network address is expected, the decodenetnum()\nfunction will abort with an assertion failure instead of simply returning\na failure condition. [CVE-2015-7855]\n\nIf ntpd(8) is configured to allow remote configuration, and if the\n(possibly spoofed) source IP address is allowed to send remote\nconfiguration requests, and if the attacker knows the remote\nconfiguration password or if ntpd(8) was configured to disable\nauthentication, then an attacker can send a set of packets to ntpd(8) that\nmay cause it to crash, with the hypothetical possibility of a small code\ninjection. [CVE-2015-7854]\n\nA negative value for the datalen parameter will overflow a data buffer. \nNTF\u0027s ntpd(8) driver implementations always set this value to 0 and are\ntherefore not vulnerable to this weakness. If you are running a custom\nrefclock driver in ntpd(8) and that driver supplies a negative value for\ndatalen (no custom driver of even minimal competence would do this)\nthen ntpd would overflow a data buffer. It is even hypothetically\npossible in this case that instead of simply crashing ntpd the\nattacker could effect a code injection attack. [CVE-2015-7853]\n\nIf an attacker can figure out the precise moment that ntpq(8) is listening\nfor data and the port number it is listening on or if the attacker can\nprovide a malicious instance ntpd(8) that victims will connect to then an\nattacker can send a set of crafted mode 6 response packets that, if\nreceived by ntpq(8), can cause ntpq(8) to crash. [CVE-2015-7852]\n\nIf ntpd(8) is configured to allow remote configuration, and if the\n(possibly spoofed) IP address is allowed to send remote configuration\nrequests, and if the attacker knows the remote configuration password\nor if ntpd(8) was configured to disable authentication, then an attacker\ncan send a set of packets to ntpd that may cause ntpd(8) to overwrite\nfiles. [CVE-2015-7851].  The default configuration of ntpd(8) within\nFreeBSD does not allow remote configuration. \n\nIf ntpd(8) is configured to allow remote configuration, and if the\n(possibly spoofed) source IP address is allowed to send remote\nconfiguration requests, and if the attacker knows the remote\nconfiguration password or if ntpd(8) was configured to disable\nauthentication, then an attacker can send a set of packets to ntpd\nthat will cause it to crash and/or create a potentially huge log\nfile.  Specifically, the attacker could enable extended logging,\npoint the key file at the log file, and cause what amounts to an\ninfinite loop. [CVE-2015-7850].  The default configuration of ntpd(8)\nwithin FreeBSD does not allow remote configuration. \n\nIf ntpd(8) is configured to allow remote configuration, and if the\n(possibly spoofed) source IP address is allowed to send remote\nconfiguration requests, and if the attacker knows the remote\nconfiguration password or if ntpd was configured to disable\nauthentication, then an attacker can send a set of packets to\nntpd that may cause a crash or theoretically perform a code\ninjection attack. [CVE-2015-7849].  The default configuration of ntpd(8)\nwithin FreeBSD does not allow remote configuration. \n\nIf ntpd(8) is configured to enable mode 7 packets, and if the use\nof mode 7 packets is not properly protected thru the use of the\navailable mode 7 authentication and restriction mechanisms, and\nif the (possibly spoofed) source IP address is allowed to send\nmode 7 queries, then an attacker can send a crafted packet to\nntpd that will cause it to crash. [CVE-2015-7848].  The default\nconfiguration of ntpd(8) within FreeBSD does not allow mode 7\npackets. \n\nIf ntpd(8) is configured to use autokey, then an attacker can send\npackets to ntpd that will, after several days of ongoing attack,\ncause it to run out of memory. [CVE-2015-7701].  The default\nconfiguration of ntpd(8) within FreeBSD does not use autokey. \n\nIf ntpd(8) is configured to allow for remote configuration, and if\nthe (possibly spoofed) source IP address is allowed to send\nremote configuration requests, and if the attacker knows the\nremote configuration password, it\u0027s possible for an attacker\nto use the \"pidfile\" or \"driftfile\" directives to potentially\noverwrite other files. [CVE-2015-5196].  The default configuration\nof ntpd(8) within FreeBSD does not allow remote configuration\n\nAn ntpd(8) client that honors Kiss-of-Death responses will honor\nKoD messages that have been forged by an attacker, causing it\nto delay or stop querying its servers for time updates. Also,\nan attacker can forge packets that claim to be from the target\nand send them to servers often enough that a server that\nimplements KoD rate limiting will send the target machine a\nKoD response to attempt to reduce the rate of incoming packets,\nor it may also trigger a firewall block at the server for\npackets from the target machine. For either of these attacks\nto succeed, the attacker must know what servers the target\nis communicating with. An attacker can be anywhere on the\nInternet and can frequently learn the identity of the target\u0027s\ntime source by sending the target a time query. [CVE-2015-7704]\n\nThe fix for CVE-2014-9750 was incomplete in that there were\ncertain code paths where a packet with particular autokey\noperations that contained malicious data was not always being\ncompletely validated. Receipt of these packets can cause ntpd\nto crash. [CVE-2015-7702].  The default configuration of ntpd(8)\nwithin FreeBSD does not use autokey. \n\nIII. Impact\n\nAn attacker which can send NTP packets to ntpd(8), which uses cryptographic\nauthentication of NTP data, may be able to inject malicious time data\ncausing the system clock to be set incorrectly. [CVE-2015-7871]\n\nAn attacker which can send NTP packets to ntpd(8), can block the\ncommunication of the daemon with time servers, causing the system\nclock not being synchronized. [CVE-2015-7704]\n\nAn attacker which can send NTP packets to ntpd(8), can remotely crash\nthe daemon, sending malicious data packet. [CVE-2015-7855] [CVE-2015-7854]\n[CVE-2015-7853] [CVE-2015-7852] [CVE-2015-7849] [CVE-2015-7848]\n\nAn attacker which can send NTP packets to ntpd(8), can remotely\ntrigger the daemon to overwrite its configuration files. [CVE-2015-7851]\n[CVE-2015-5196]\n\nIV.  Workaround\n\nNo workaround is available, but systems not running ntpd(8) are not\naffected.  Network administrators are advised to implement BCP-38,\nwhich helps to reduce risk associated with the attacks. \n\nV.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\nThe ntpd service has to be restarted after the update.  A reboot is\nrecommended but not required. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nThe ntpd service has to be restarted after the update.  A reboot is\nrecommended but not required. \n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 10.2]\n# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-102.patch.bz2\n# bunzip2 ntp-102.patch.bz2\n# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-102.patch.asc\n# gpg --verify ntp-102.patch.asc\n\n[FreeBSD 10.1]\n# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-101.patch.bz2\n# bunzip2 ntp-101.patch.bz2\n# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-101.patch.asc\n# gpg --verify ntp-101.patch.asc\n\n[FreeBSD 9.3]\n# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-93.patch.bz2\n# bunzip2 ntp-93.patch.bz2\n# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-93.patch.asc\n# gpg --verify ntp-93.patch.asc\n\nb) Apply the patch.  Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n# find contrib/ntp -type f -empty -delete\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in https://www.FreeBSD.org/handbook/makeworld.html. \n\nd) For 9.3-RELEASE and 10.1-RELEASE an update to /etc/ntp.conf is recommended,\nwhich can be done with help of the mergemaster(8) tool on 9.3-RELEASE and\nwith help of the etcupdate(8) tool on 10.1-RELEASE. \n\nRestart the ntpd(8) daemon, or reboot the system. \n\nVI.  Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/9/                                                         r289998\nreleng/9.3/                                                       r290001\nstable/10/                                                        r289997\nreleng/10.1/                                                      r290000\nreleng/10.2/                                                      r289999\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\nhttps://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\n\nVII. References\n\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871\n\nThe latest revision of this advisory is available at\nhttps://security.FreeBSD.org/advisories/FreeBSD-SA-15:25.ntp.asc\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIcBAEBAgAGBQJWLhOJAAoJEO1n7NZdz2rn91wP/2GwEt1boNQq2a7nYzv/mS5D\nsYKkIi7o+2yr2BLXvtc3O7c9QC3/YeGsza9DTRqndcY572SWvRgtkFstMTTm8IV/\nRVlIE40gVR3tex0zo7BiD7uKUrxWxWcpwMbE5dzlE+vSybyyj0dSSkwUHJjrbJoA\nRmyNuEEUhQn5sRCg6qJv/PLp2G7BcYAasKScukjm7QnLP2kq/tvM9mcqwfh2tadM\n7kbf8uq+ykvsRzctaDnxQaB5+zJxBQYJjBelxQfIkNek0XGfdj3sRwISeFznbllq\nmOLTIBaFiuEtHtusO7MKKavMgS5CQJOvuuvd/l3NY1MnxC6X/1SWig9KIKDIn/hv\nq8dsnq7LLx+tO6Cv4Dub7EbC2ZP3xXGOC4Ie02z8bTZnbX7iwyPUidQQqtU9ra15\nrxzFcZnBxu+yyMNJVsV2qVV/r9OycgKxWlEELC1wYrK9fKfvLdA5aEGjDeU1Z+s6\nJS2zKr0t4F2bMrCsjYP1lQD8sHkCVjwJk+IJU/slcwSajDjBNlMH0yBxGYE1ETIZ\nqMF7/PAkLe8V78pdYmXw9pcaPyhI+ihPLnNrdhX8AI2RX5jDK7IuUNJeUM04UrVB\n8N+mMwgamcuCPWNNyXaL0bz21fexZOuhHmU+B8Yn3SFX5O5b/r9gGvrjo8ei8jOk\nEUlBT3ViDhHNrI7PTaiI\n=djPm\n-----END PGP SIGNATURE-----\n. From: Yury German \u003cblueknight@gentoo.org\u003e\nTo: gentoo-announce@lists.gentoo.org\nMessage-ID: \u003c57035F2D.8090108@gentoo.org\u003e\nSubject: [ GLSA 201604-03 ] Xen: Multiple vulnerabilities\n\n\n\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201604-03\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: Xen: Multiple vulnerabilities\n     Date: April 05, 2016\n     Bugs: #445254, #513832, #547202, #549200, #549950, #550658,\n           #553664, #553718, #555532, #556304, #561110, #564472,\n           #564932, #566798, #566838, #566842, #567962, #571552,\n           #571556, #574012\n       ID: 201604-03\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Xen, the worst of which\ncause a Denial of Service. \n\nBackground\n==========\n\nXen is a bare-metal hypervisor. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  app-emulation/xen           \u003c 4.6.0-r9               \u003e= 4.6.0-r9\n                                                         *\u003e= 4.5.2-r5\n  2  app-emulation/xen-pvgrub\n                                  \u003c 4.6.0                  Vulnerable!\n  3  app-emulation/xen-tools     \u003c 4.6.0-r9               \u003e= 4.6.0-r9\n                                                         *\u003e= 4.5.2-r5\n  4  app-emulation/pvgrub                                    \u003e= 4.6.0\n                                                            *\u003e= 4.5.2\n    -------------------------------------------------------------------\n     NOTE: Certain packages are still vulnerable. Users should migrate\n           to another package if one is available or wait for the\n           existing packages to be marked stable by their\n           architecture maintainers. \n    -------------------------------------------------------------------\n     4 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Xen. Please review the\nCVE identifiers referenced below for details. \n\nResolution\n==========\n\nAll Xen 4.5 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=app-emulation/xen-4.5.2-r5\"\n\nAll Xen 4.6 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=app-emulation/xen-4.6.0-r9\"\n\nAll Xen tools 4.5 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot -v \"\u003e=app-emulation/xen-tools-4.5.2-r5\"\n\nAll Xen tools 4.6 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot -v \"\u003e=app-emulation/xen-tools-4.6.0-r9\"\n\nAll Xen pvgrub users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=app-emulation/xen-pvgrub-4.6.0\"=\n\n\nReferences\n==========\n\n[  1 ] CVE-2012-3494\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3494\n[  2 ] CVE-2012-3495\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3495\n[  3 ] CVE-2012-3496\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3496\n[  4 ] CVE-2012-3497\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3497\n[  5 ] CVE-2012-3498\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3498\n[  6 ] CVE-2012-3515\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3515\n[  7 ] CVE-2012-4411\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4411\n[  8 ] CVE-2012-4535\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4535\n[  9 ] CVE-2012-4536\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4536\n[ 10 ] CVE-2012-4537\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4537\n[ 11 ] CVE-2012-4538\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4538\n[ 12 ] CVE-2012-4539\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4539\n[ 13 ] CVE-2012-6030\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6030\n[ 14 ] CVE-2012-6031\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6031\n[ 15 ] CVE-2012-6032\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6032\n[ 16 ] CVE-2012-6033\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6033\n[ 17 ] CVE-2012-6034\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6034\n[ 18 ] CVE-2012-6035\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6035\n[ 19 ] CVE-2012-6036\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6036\n[ 20 ] CVE-2015-2151\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2151\n[ 21 ] CVE-2015-3209\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3209\n[ 22 ] CVE-2015-3259\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3259\n[ 23 ] CVE-2015-3340\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3340\n[ 24 ] CVE-2015-3456\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3456\n[ 25 ] CVE-2015-4103\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4103\n[ 26 ] CVE-2015-4104\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4104\n[ 27 ] CVE-2015-4105\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4105\n[ 28 ] CVE-2015-4106\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4106\n[ 29 ] CVE-2015-4163\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4163\n[ 30 ] CVE-2015-4164\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4164\n[ 31 ] CVE-2015-5154\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5154\n[ 32 ] CVE-2015-7311\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7311\n[ 33 ] CVE-2015-7504\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7504\n[ 34 ] CVE-2015-7812\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7812\n[ 35 ] CVE-2015-7813\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7813\n[ 36 ] CVE-2015-7814\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7814\n[ 37 ] CVE-2015-7835\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7835\n[ 38 ] CVE-2015-7871\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871\n[ 39 ] CVE-2015-7969\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7969\n[ 40 ] CVE-2015-7970\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7970\n[ 41 ] CVE-2015-7971\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7971\n[ 42 ] CVE-2015-7972\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7972\n[ 43 ] CVE-2015-8339\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8339\n[ 44 ] CVE-2015-8340\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8340\n[ 45 ] CVE-2015-8341\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8341\n[ 46 ] CVE-2015-8550\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8550\n[ 47 ] CVE-2015-8551\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8551\n[ 48 ] CVE-2015-8552\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8552\n[ 49 ] CVE-2015-8554\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8554\n[ 50 ] CVE-2015-8555\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8555\n[ 51 ] CVE-2016-2270\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2270\n[ 52 ] CVE-2016-2271\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2271\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201604-03\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n\n--roWGDR0oQEDLX1s6lNAQV7ISgI2Pjo8Pc\n. ============================================================================\nUbuntu Security Notice USN-2783-1\nOctober 27, 2015\n\nntp vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 15.04\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in NTP. (CVE-2015-5146)\n\nMiroslav Lichvar discovered that NTP incorrectly handled logconfig\ndirectives. (CVE-2015-5194)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain statistics\ntypes. (CVE-2015-5195)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain file\npaths. (CVE-2015-5196, CVE-2015-7703)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain packets. (CVE-2015-5219)\n\nAanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that NTP\nincorrectly handled restarting after hitting a panic threshold. \n(CVE-2015-7691, CVE-2015-7692, CVE-2015-7702)\n\nIt was discovered that NTP incorrectly handled memory when processing\ncertain autokey messages. \n(CVE-2015-7701)\n\nAanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that NTP\nincorrectly handled rate limiting. A remote attacker could possibly use\nthis issue to cause clients to stop updating their clock. (CVE-2015-7704,\nCVE-2015-7705)\n\nYves Younan discovered that NTP incorrectly handled logfile and keyfile\ndirectives. (CVE-2015-7850)\n\nYves Younan and Aleksander Nikolich discovered that NTP incorrectly handled\nascii conversion. (CVE-2015-7852)\n\nYves Younan discovered that NTP incorrectly handled reference clock memory. \nA malicious refclock could possibly use this issue to cause NTP to crash,\nresulting in a denial of service, or possibly execute arbitrary code. \n(CVE-2015-7853)\n\nJohn D \"Doug\" Birdwell discovered that NTP incorrectly handled decoding\ncertain bogus values. (CVE-2015-7855)\n\nStephen Gray discovered that NTP incorrectly handled symmetric association\nauthentication. (CVE-2015-7871)\n\nIn the default installation, attackers would be isolated by the NTP\nAppArmor profile. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n  ntp                             1:4.2.6.p5+dfsg-3ubuntu8.1\n\nUbuntu 15.04:\n  ntp                             1:4.2.6.p5+dfsg-3ubuntu6.2\n\nUbuntu 14.04 LTS:\n  ntp                             1:4.2.6.p5+dfsg-3ubuntu2.14.04.5\n\nUbuntu 12.04 LTS:\n  ntp                             1:4.2.6.p3+dfsg-1ubuntu3.6\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n  http://www.ubuntu.com/usn/usn-2783-1\n  CVE-2015-5146, CVE-2015-5194, CVE-2015-5195, CVE-2015-5196,\n  CVE-2015-5219, CVE-2015-5300, CVE-2015-7691, CVE-2015-7692,\n  CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704,\n  CVE-2015-7705, CVE-2015-7850, CVE-2015-7852, CVE-2015-7853,\n  CVE-2015-7855, CVE-2015-7871\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu8.1\n  https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu6.2\n  https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.5\n  https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.6\n. \n\nCVE-2015-5194\n\n    It was found that ntpd could crash due to an uninitialized\n    variable when processing malformed logconfig configuration\n    commands. \n\nCVE-2015-5195\n\n    It was found that ntpd exits with a segmentation fault when a\n    statistics type that was not enabled during compilation (e.g. \n    timingstats) is referenced by the statistics or filegen\n    configuration command\n\nCVE-2015-5219\n\n    It was discovered that sntp program would hang in an infinite loop\n    when a crafted NTP packet was received, related to the conversion\n    of the precision value in the packet to double. \n\nCVE-2015-5300\n\n    It was found that ntpd did not correctly implement the -g option:\n\n    Normally, ntpd exits with a message to the system log if the offset\n    exceeds the panic threshold, which is 1000 s by default. This\n    option allows the time to be set to any value without restriction;\n    however, this can happen only once. If the threshold is exceeded\n    after that, ntpd will exit with a message to the system log. This\n    option can be used with the -q and -x options. \n\n    ntpd could actually step the clock multiple times by more than the\n    panic threshold if its clock discipline doesn\u0027t have enough time to\n    reach the sync state and stay there for at least one update. If a\n    man-in-the-middle attacker can control the NTP traffic since ntpd\n    was started (or maybe up to 15-30 minutes after that), they can\n    prevent the client from reaching the sync state and force it to step\n    its clock by any amount any number of times, which can be used by\n    attackers to expire certificates, etc. \n\n    This is contrary to what the documentation says. Normally, the\n    assumption is that an MITM attacker can step the clock more than the\n    panic threshold only once when ntpd starts and to make a larger\n    adjustment the attacker has to divide it into multiple smaller\n    steps, each taking 15 minutes, which is slow. \n\nCVE-2015-7701\n\n    A memory leak flaw was found in ntpd\u0027s CRYPTO_ASSOC. \n\nCVE-2015-7703\n\n    Miroslav Lichvar of Red Hat found that the :config command can be\n    used to set the pidfile and driftfile paths without any\n    restrictions. A remote attacker could use this flaw to overwrite a\n    file on the file system with a file containing the pid of the ntpd\n    process (immediately) or the current estimated drift of the system\n    clock (in hourly intervals). For example:\n\n    ntpq -c \u0027:config pidfile /tmp/ntp.pid\u0027\n    ntpq -c \u0027:config driftfile /tmp/ntp.drift\u0027\n\n    In Debian ntpd is configured to drop root privileges, which limits\n    the impact of this issue. \n\nCVE-2015-7704\n\n    If ntpd as an NTP client receives a Kiss-of-Death (KoD) packet\n    from the server to reduce its polling rate, it doesn\u0027t check if the\n    originate timestamp in the reply matches the transmit timestamp from\n    its request. An off-path attacker can send a crafted KoD packet to\n    the client, which will increase the client\u0027s polling interval to a\n    large value and effectively disable synchronization with the server. A\n    specially crafted configuration file could cause an endless loop\n    resulting in a denial of service. \n\nCVE-2015-7852\n\n    A potential off by one vulnerability exists in the cookedprint\n    functionality of ntpq. A specially crafted buffer could cause a\n    buffer overflow potentially resulting in null byte being written out\n    of bounds. \n\nCVE-2015-7871\n\n    An error handling logic error exists within ntpd that manifests due\n    to improper error condition handling associated with certain\n    crypto-NAK packets. An unauthenticated, off-path attacker can force\n    ntpd processes on targeted servers to peer with time sources of the\n    attacker\u0027s choosing by transmitting symmetric active crypto-NAK\n    packets to ntpd. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1:4.2.6.p5+dfsg-2+deb7u6. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1:4.2.6.p5+dfsg-7+deb8u1. \n\nFor the testing distribution (stretch), these problems have been fixed\nin version 1:4.2.8p4+dfsg-3. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:4.2.8p4+dfsg-3. \n\nWe recommend that you upgrade your ntp packages. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz:  Upgraded. \n  In addition to bug fixes and enhancements, this release fixes\n  several low and medium severity vulnerabilities. \n  For more information, see:\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9750\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5196\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p4-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p4-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p4-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p4-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p4-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p4-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 package:\n21dd14178fea17a88c9326c8672ecefd  ntp-4.2.8p4-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n8647479b2007b92ff8598184f2275263  ntp-4.2.8p4-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\ne0f122e8e271dc84db06202c03cc0288  ntp-4.2.8p4-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\ndb0aff04b72b3d8c96ca8c8e1ed36c05  ntp-4.2.8p4-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n5914e43e886e5ff88fefd30083493e30  ntp-4.2.8p4-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n4335c3bf2ae24afc5ad734e8d80b3e94  ntp-4.2.8p4-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n39b05698797b638b67130e0b170e0a4b  ntp-4.2.8p4-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\ndcf4a56ba1d013ee1c9d0e624e158709  ntp-4.2.8p4-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n1fd3a7beaf23303e2c211af377662614  ntp-4.2.8p4-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n438c3185aa8ec20d1c2b5e51786e4d41  ntp-4.2.8p4-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n81bfb2fed450cb26a51b5e1cee0d33ed  n/ntp-4.2.8p4-i586-1.txz\n\nSlackware x86_64 -current package:\n8bae4ad633af40d4d54b7686e4b225f9  n/ntp-4.2.8p4-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg ntp-4.2.8p4-i486-1_slack14.1.txz\n\nThen, restart the NTP daemon:\n\n# sh /etc/rc.d/rc.ntpd restart\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-7871"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007708"
          },
          {
            "db": "BID",
            "id": "77287"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7871"
          },
          {
            "db": "PACKETSTORM",
            "id": "137992"
          },
          {
            "db": "PACKETSTORM",
            "id": "138803"
          },
          {
            "db": "PACKETSTORM",
            "id": "134082"
          },
          {
            "db": "PACKETSTORM",
            "id": "136587"
          },
          {
            "db": "PACKETSTORM",
            "id": "134102"
          },
          {
            "db": "PACKETSTORM",
            "id": "134162"
          },
          {
            "db": "PACKETSTORM",
            "id": "134137"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2015-7871",
            "trust": 3.5
          },
          {
            "db": "BID",
            "id": "77287",
            "trust": 2.0
          },
          {
            "db": "SECTRACK",
            "id": "1033951",
            "trust": 1.7
          },
          {
            "db": "SIEMENS",
            "id": "SSA-497656",
            "trust": 1.7
          },
          {
            "db": "JVN",
            "id": "JVNVU96269392",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007708",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-103-11",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-574",
            "trust": 0.6
          },
          {
            "db": "JUNIPER",
            "id": "JSA10711",
            "trust": 0.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-094-04",
            "trust": 0.3
          },
          {
            "db": "TALOS",
            "id": "TALOS-2015-0069",
            "trust": 0.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-15-356-01",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7871",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "137992",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "138803",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "134082",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "136587",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "134102",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "134162",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "134137",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2015-7871"
          },
          {
            "db": "BID",
            "id": "77287"
          },
          {
            "db": "PACKETSTORM",
            "id": "137992"
          },
          {
            "db": "PACKETSTORM",
            "id": "138803"
          },
          {
            "db": "PACKETSTORM",
            "id": "134082"
          },
          {
            "db": "PACKETSTORM",
            "id": "136587"
          },
          {
            "db": "PACKETSTORM",
            "id": "134102"
          },
          {
            "db": "PACKETSTORM",
            "id": "134162"
          },
          {
            "db": "PACKETSTORM",
            "id": "134137"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-574"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007708"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7871"
          }
        ]
      },
      "id": "VAR-201708-0039",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.20833333
      },
      "last_update_date": "2026-03-09T20:32:56.842000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Bug\u00a01274265",
            "trust": 0.8,
            "url": "http://support.ntp.org/bin/view/Main/NtpBug2941"
          },
          {
            "title": "NTP Fixes for authentication bypassing vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=119786"
          },
          {
            "title": "Red Hat: CVE-2015-7871",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2015-7871"
          },
          {
            "title": "Amazon Linux AMI: ALAS-2015-607",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2015-607"
          },
          {
            "title": "Ubuntu Security Notice: ntp vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2783-1"
          },
          {
            "title": "Siemens Security Advisories: Siemens Security Advisory",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=e70fe4cd19746222a97e5da53d3d2b2a"
          },
          {
            "title": "Debian Security Advisories: DSA-3388-1 ntp -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=61fe4252a877d02aaea1c931efa0a305"
          },
          {
            "title": "Symantec Security Advisories: SA103 : October 2015 NTP Security Vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=f5e05389a60d3a56f2a0ad0ec21579d9"
          },
          {
            "title": "Cisco: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20151021-ntp"
          },
          {
            "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eb439566c9130adc92d21bc093204cf8"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2015-7871"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-574"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007708"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.0
          },
          {
            "problemtype": "Improper authentication (CWE-287) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007708"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7871"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.0,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274265"
          },
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/77287"
          },
          {
            "trust": 1.8,
            "url": "https://security.gentoo.org/glsa/201607-15"
          },
          {
            "trust": 1.8,
            "url": "https://security.gentoo.org/glsa/201604-03"
          },
          {
            "trust": 1.7,
            "url": "http://support.ntp.org/bin/view/main/ntpbug2941"
          },
          {
            "trust": 1.7,
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05270839"
          },
          {
            "trust": 1.7,
            "url": "http://www.securitytracker.com/id/1033951"
          },
          {
            "trust": 1.7,
            "url": "http://www.debian.org/security/2015/dsa-3388"
          },
          {
            "trust": 1.7,
            "url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
          },
          {
            "trust": 1.7,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7871"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu96269392/index.html"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7855"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7704"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7702"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7852"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7701"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7850"
          },
          {
            "trust": 0.4,
            "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05270839"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7705"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7703"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7691"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7853"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7692"
          },
          {
            "trust": 0.3,
            "url": "https://github.com/ntp-project/ntp/blob/stable/news#l295"
          },
          {
            "trust": 0.3,
            "url": "http://www.ntp.org/"
          },
          {
            "trust": 0.3,
            "url": "http://support.ntp.org/bin/view/main/securitynotice#recent_vulnerabilities"
          },
          {
            "trust": 0.3,
            "url": "http://talosintel.com/reports/talos-2015-0069/"
          },
          {
            "trust": 0.3,
            "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10711"
          },
          {
            "trust": 0.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-094-04"
          },
          {
            "trust": 0.3,
            "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151021-ntp"
          },
          {
            "trust": 0.3,
            "url": "http://learn.extremenetworks.com/rs/641-vmv-602/images/vn-2015-009_multiple_ntp_vulnerabilities.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://seclists.org/bugtraq/2015/oct/113"
          },
          {
            "trust": 0.3,
            "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099260"
          },
          {
            "trust": 0.3,
            "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099225"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7848"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7849"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7854"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7851"
          },
          {
            "trust": 0.2,
            "url": "https://security.gentoo.org/"
          },
          {
            "trust": 0.2,
            "url": "http://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.2,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7871"
          },
          {
            "trust": 0.2,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.2,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7702"
          },
          {
            "trust": 0.2,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7851"
          },
          {
            "trust": 0.2,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7701"
          },
          {
            "trust": 0.2,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7855"
          },
          {
            "trust": 0.2,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7704"
          },
          {
            "trust": 0.2,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7852"
          },
          {
            "trust": 0.2,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7850"
          },
          {
            "trust": 0.2,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7854"
          },
          {
            "trust": 0.2,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7849"
          },
          {
            "trust": 0.2,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7853"
          },
          {
            "trust": 0.2,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7871"
          },
          {
            "trust": 0.2,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7848"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5219"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5300"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5194"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5146"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5195"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5196"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9750"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/287.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.rapid7.com/db/modules/auxiliary/scanner/ntp/ntp_nak_to_the_future"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2015-7871"
          },
          {
            "trust": 0.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-15-356-01"
          },
          {
            "trust": 0.1,
            "url": "https://alas.aws.amazon.com/alas-2015-607.html"
          },
          {
            "trust": 0.1,
            "url": "https://usn.ubuntu.com/2783-1/"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7702"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1549"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7849"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7852"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7978"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8140"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7978"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1551"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2516"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7975"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7973"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7979"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8138"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8139"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8158"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4954"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4956"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7973"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7853"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7704"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8140"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7974"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7691"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8139"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4957"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7703"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7855"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4955"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7705"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2517"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1548"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1547"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8158"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7854"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1547"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2519"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2518"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7851"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7977"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7848"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7977"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1550"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7850"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7701"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7692"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8138"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7979"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7974"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4953"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7975"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7976"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7976"
          },
          {
            "trust": 0.1,
            "url": "http://www.hpe.com/support/security_bulletin_archive"
          },
          {
            "trust": 0.1,
            "url": "https://www.hpe.com/info/report-security-vulnerability"
          },
          {
            "trust": 0.1,
            "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
          },
          {
            "trust": 0.1,
            "url": "http://www.hpe.com/support/subscriber_choice"
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/patches/sa-15:25/ntp-93.patch.asc"
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/advisories/freebsd-sa-15:25.ntp.asc"
          },
          {
            "trust": 0.1,
            "url": "https://www.freebsd.org/handbook/makeworld.html."
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/patches/sa-15:25/ntp-102.patch.asc"
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/."
          },
          {
            "trust": 0.1,
            "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn"
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/patches/sa-15:25/ntp-93.patch.bz2"
          },
          {
            "trust": 0.1,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7703"
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/patches/sa-15:25/ntp-101.patch.bz2"
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/patches/sa-15:25/ntp-101.patch.asc"
          },
          {
            "trust": 0.1,
            "url": "https://security.freebsd.org/patches/sa-15:25/ntp-102.patch.bz2"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4536"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5154"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7504"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-4535"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4103"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4105"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4535"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6030"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7835"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8551"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4538"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8552"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6036"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-6036"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7814"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4106"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7970"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8550"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3456"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3497"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-4536"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-3495"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6031"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4106"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-4537"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-6034"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3259"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3340"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2151"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-4411"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7972"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-4538"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-6035"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3495"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4539"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-3494"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6033"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-6032"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4537"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6035"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6032"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7813"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-3515"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7971"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-3498"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2270"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3209"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-6031"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-6030"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3498"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-3497"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3494"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8555"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4163"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8340"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4104"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7311"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3259"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2151"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8339"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-6033"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8554"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4411"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6034"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4105"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8341"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-4539"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3340"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4164"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3515"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4103"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3496"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3209"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3456"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7969"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4104"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-3496"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2271"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7812"
          },
          {
            "trust": 0.1,
            "url": "http://www.ubuntu.com/usn/usn-2783-1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu8.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.5"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.6"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu6.2"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9751"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3405"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/"
          },
          {
            "trust": 0.1,
            "url": "http://slackware.com"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7705"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7691"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5196"
          },
          {
            "trust": 0.1,
            "url": "http://slackware.com/gpg-key"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9750"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7692"
          },
          {
            "trust": 0.1,
            "url": "http://osuosl.org)"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2015-7871"
          },
          {
            "db": "BID",
            "id": "77287"
          },
          {
            "db": "PACKETSTORM",
            "id": "137992"
          },
          {
            "db": "PACKETSTORM",
            "id": "138803"
          },
          {
            "db": "PACKETSTORM",
            "id": "134082"
          },
          {
            "db": "PACKETSTORM",
            "id": "136587"
          },
          {
            "db": "PACKETSTORM",
            "id": "134102"
          },
          {
            "db": "PACKETSTORM",
            "id": "134162"
          },
          {
            "db": "PACKETSTORM",
            "id": "134137"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-574"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007708"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7871"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2015-7871",
            "ident": null
          },
          {
            "db": "BID",
            "id": "77287",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "137992",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "138803",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "134082",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "136587",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "134102",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "134162",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "134137",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-574",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007708",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7871",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2017-08-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-7871",
            "ident": null
          },
          {
            "date": "2015-10-21T00:00:00",
            "db": "BID",
            "id": "77287",
            "ident": null
          },
          {
            "date": "2016-07-21T15:56:23",
            "db": "PACKETSTORM",
            "id": "137992",
            "ident": null
          },
          {
            "date": "2016-09-21T17:24:00",
            "db": "PACKETSTORM",
            "id": "138803",
            "ident": null
          },
          {
            "date": "2015-10-26T19:32:22",
            "db": "PACKETSTORM",
            "id": "134082",
            "ident": null
          },
          {
            "date": "2016-04-06T13:30:13",
            "db": "PACKETSTORM",
            "id": "136587",
            "ident": null
          },
          {
            "date": "2015-10-27T23:30:50",
            "db": "PACKETSTORM",
            "id": "134102",
            "ident": null
          },
          {
            "date": "2015-11-02T16:48:39",
            "db": "PACKETSTORM",
            "id": "134162",
            "ident": null
          },
          {
            "date": "2015-10-30T23:22:57",
            "db": "PACKETSTORM",
            "id": "134137",
            "ident": null
          },
          {
            "date": "2015-10-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201510-574",
            "ident": null
          },
          {
            "date": "2017-09-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-007708",
            "ident": null
          },
          {
            "date": "2017-08-07T20:29:00.997000",
            "db": "NVD",
            "id": "CVE-2015-7871",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-04-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-7871",
            "ident": null
          },
          {
            "date": "2017-05-23T16:24:00",
            "db": "BID",
            "id": "77287",
            "ident": null
          },
          {
            "date": "2021-04-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201510-574",
            "ident": null
          },
          {
            "date": "2021-04-16T09:06:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-007708",
            "ident": null
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2015-7871",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "134102"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-574"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "_id": null,
        "data": "NTP\u00a0 Authentication vulnerabilities in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007708"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201510-574"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201711-0007

    Vulnerability from variot - Updated: 2026-03-09 20:19

    A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. OpenSSL is prone to denial-of-service vulnerability. Successful exploitation of the issue will cause excessive memory or CPU resource consumption, resulting in a denial-of-service condition. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    ===================================================================== Red Hat Security Advisory

    Synopsis: Moderate: openssl security update Advisory ID: RHSA-2017:0286-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0286.html Issue date: 2017-02-20 CVE Names: CVE-2016-8610 CVE-2017-3731 =====================================================================

    1. Summary:

    An update for openssl is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.

    Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

    1. Description:

    OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.

    Security Fix(es):

    • An integer underflow leading to an out of bounds read flaw was found in OpenSSL. (CVE-2016-8610)

    • Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1384743 - CVE-2016-8610 SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS 1416852 - CVE-2017-3731 openssl: Truncated packet could crash via OOB read

    1. Package List:

    Red Hat Enterprise Linux Desktop (v. 6):

    Source: openssl-1.0.1e-48.el6_8.4.src.rpm

    i386: openssl-1.0.1e-48.el6_8.4.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm

    x86_64: openssl-1.0.1e-48.el6_8.4.i686.rpm openssl-1.0.1e-48.el6_8.4.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm

    Red Hat Enterprise Linux Desktop Optional (v. 6):

    i386: openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm openssl-devel-1.0.1e-48.el6_8.4.i686.rpm openssl-perl-1.0.1e-48.el6_8.4.i686.rpm openssl-static-1.0.1e-48.el6_8.4.i686.rpm

    x86_64: openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.4.i686.rpm openssl-devel-1.0.1e-48.el6_8.4.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.4.x86_64.rpm openssl-static-1.0.1e-48.el6_8.4.x86_64.rpm

    Red Hat Enterprise Linux HPC Node (v. 6):

    Source: openssl-1.0.1e-48.el6_8.4.src.rpm

    x86_64: openssl-1.0.1e-48.el6_8.4.i686.rpm openssl-1.0.1e-48.el6_8.4.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm

    Red Hat Enterprise Linux HPC Node Optional (v. 6):

    x86_64: openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.4.i686.rpm openssl-devel-1.0.1e-48.el6_8.4.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.4.x86_64.rpm openssl-static-1.0.1e-48.el6_8.4.x86_64.rpm

    Red Hat Enterprise Linux Server (v. 6):

    Source: openssl-1.0.1e-48.el6_8.4.src.rpm

    i386: openssl-1.0.1e-48.el6_8.4.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm openssl-devel-1.0.1e-48.el6_8.4.i686.rpm

    ppc64: openssl-1.0.1e-48.el6_8.4.ppc.rpm openssl-1.0.1e-48.el6_8.4.ppc64.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.ppc.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.ppc64.rpm openssl-devel-1.0.1e-48.el6_8.4.ppc.rpm openssl-devel-1.0.1e-48.el6_8.4.ppc64.rpm

    s390x: openssl-1.0.1e-48.el6_8.4.s390.rpm openssl-1.0.1e-48.el6_8.4.s390x.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.s390.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.s390x.rpm openssl-devel-1.0.1e-48.el6_8.4.s390.rpm openssl-devel-1.0.1e-48.el6_8.4.s390x.rpm

    x86_64: openssl-1.0.1e-48.el6_8.4.i686.rpm openssl-1.0.1e-48.el6_8.4.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.4.i686.rpm openssl-devel-1.0.1e-48.el6_8.4.x86_64.rpm

    Red Hat Enterprise Linux Server Optional (v. 6):

    i386: openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm openssl-perl-1.0.1e-48.el6_8.4.i686.rpm openssl-static-1.0.1e-48.el6_8.4.i686.rpm

    ppc64: openssl-debuginfo-1.0.1e-48.el6_8.4.ppc64.rpm openssl-perl-1.0.1e-48.el6_8.4.ppc64.rpm openssl-static-1.0.1e-48.el6_8.4.ppc64.rpm

    s390x: openssl-debuginfo-1.0.1e-48.el6_8.4.s390x.rpm openssl-perl-1.0.1e-48.el6_8.4.s390x.rpm openssl-static-1.0.1e-48.el6_8.4.s390x.rpm

    x86_64: openssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.4.x86_64.rpm openssl-static-1.0.1e-48.el6_8.4.x86_64.rpm

    Red Hat Enterprise Linux Workstation (v. 6):

    Source: openssl-1.0.1e-48.el6_8.4.src.rpm

    i386: openssl-1.0.1e-48.el6_8.4.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm openssl-devel-1.0.1e-48.el6_8.4.i686.rpm

    x86_64: openssl-1.0.1e-48.el6_8.4.i686.rpm openssl-1.0.1e-48.el6_8.4.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.4.i686.rpm openssl-devel-1.0.1e-48.el6_8.4.x86_64.rpm

    Red Hat Enterprise Linux Workstation Optional (v. 6):

    i386: openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm openssl-perl-1.0.1e-48.el6_8.4.i686.rpm openssl-static-1.0.1e-48.el6_8.4.i686.rpm

    x86_64: openssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.4.x86_64.rpm openssl-static-1.0.1e-48.el6_8.4.x86_64.rpm

    Red Hat Enterprise Linux Client (v. 7):

    Source: openssl-1.0.1e-60.el7_3.1.src.rpm

    x86_64: openssl-1.0.1e-60.el7_3.1.x86_64.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.i686.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.x86_64.rpm openssl-libs-1.0.1e-60.el7_3.1.i686.rpm openssl-libs-1.0.1e-60.el7_3.1.x86_64.rpm

    Red Hat Enterprise Linux Client Optional (v. 7):

    x86_64: openssl-debuginfo-1.0.1e-60.el7_3.1.i686.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.x86_64.rpm openssl-devel-1.0.1e-60.el7_3.1.i686.rpm openssl-devel-1.0.1e-60.el7_3.1.x86_64.rpm openssl-perl-1.0.1e-60.el7_3.1.x86_64.rpm openssl-static-1.0.1e-60.el7_3.1.i686.rpm openssl-static-1.0.1e-60.el7_3.1.x86_64.rpm

    Red Hat Enterprise Linux ComputeNode (v. 7):

    Source: openssl-1.0.1e-60.el7_3.1.src.rpm

    x86_64: openssl-1.0.1e-60.el7_3.1.x86_64.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.i686.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.x86_64.rpm openssl-libs-1.0.1e-60.el7_3.1.i686.rpm openssl-libs-1.0.1e-60.el7_3.1.x86_64.rpm

    Red Hat Enterprise Linux ComputeNode Optional (v. 7):

    x86_64: openssl-debuginfo-1.0.1e-60.el7_3.1.i686.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.x86_64.rpm openssl-devel-1.0.1e-60.el7_3.1.i686.rpm openssl-devel-1.0.1e-60.el7_3.1.x86_64.rpm openssl-perl-1.0.1e-60.el7_3.1.x86_64.rpm openssl-static-1.0.1e-60.el7_3.1.i686.rpm openssl-static-1.0.1e-60.el7_3.1.x86_64.rpm

    Red Hat Enterprise Linux Server (v. 7):

    Source: openssl-1.0.1e-60.el7_3.1.src.rpm

    aarch64: openssl-1.0.1e-60.el7_3.1.aarch64.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.aarch64.rpm openssl-devel-1.0.1e-60.el7_3.1.aarch64.rpm openssl-libs-1.0.1e-60.el7_3.1.aarch64.rpm

    ppc64: openssl-1.0.1e-60.el7_3.1.ppc64.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.ppc.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.ppc64.rpm openssl-devel-1.0.1e-60.el7_3.1.ppc.rpm openssl-devel-1.0.1e-60.el7_3.1.ppc64.rpm openssl-libs-1.0.1e-60.el7_3.1.ppc.rpm openssl-libs-1.0.1e-60.el7_3.1.ppc64.rpm

    ppc64le: openssl-1.0.1e-60.el7_3.1.ppc64le.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.ppc64le.rpm openssl-devel-1.0.1e-60.el7_3.1.ppc64le.rpm openssl-libs-1.0.1e-60.el7_3.1.ppc64le.rpm

    s390x: openssl-1.0.1e-60.el7_3.1.s390x.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.s390.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.s390x.rpm openssl-devel-1.0.1e-60.el7_3.1.s390.rpm openssl-devel-1.0.1e-60.el7_3.1.s390x.rpm openssl-libs-1.0.1e-60.el7_3.1.s390.rpm openssl-libs-1.0.1e-60.el7_3.1.s390x.rpm

    x86_64: openssl-1.0.1e-60.el7_3.1.x86_64.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.i686.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.x86_64.rpm openssl-devel-1.0.1e-60.el7_3.1.i686.rpm openssl-devel-1.0.1e-60.el7_3.1.x86_64.rpm openssl-libs-1.0.1e-60.el7_3.1.i686.rpm openssl-libs-1.0.1e-60.el7_3.1.x86_64.rpm

    Red Hat Enterprise Linux Server Optional (v. 7):

    aarch64: openssl-debuginfo-1.0.1e-60.el7_3.1.aarch64.rpm openssl-perl-1.0.1e-60.el7_3.1.aarch64.rpm openssl-static-1.0.1e-60.el7_3.1.aarch64.rpm

    ppc64: openssl-debuginfo-1.0.1e-60.el7_3.1.ppc.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.ppc64.rpm openssl-perl-1.0.1e-60.el7_3.1.ppc64.rpm openssl-static-1.0.1e-60.el7_3.1.ppc.rpm openssl-static-1.0.1e-60.el7_3.1.ppc64.rpm

    ppc64le: openssl-debuginfo-1.0.1e-60.el7_3.1.ppc64le.rpm openssl-perl-1.0.1e-60.el7_3.1.ppc64le.rpm openssl-static-1.0.1e-60.el7_3.1.ppc64le.rpm

    s390x: openssl-debuginfo-1.0.1e-60.el7_3.1.s390.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.s390x.rpm openssl-perl-1.0.1e-60.el7_3.1.s390x.rpm openssl-static-1.0.1e-60.el7_3.1.s390.rpm openssl-static-1.0.1e-60.el7_3.1.s390x.rpm

    x86_64: openssl-debuginfo-1.0.1e-60.el7_3.1.i686.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.x86_64.rpm openssl-perl-1.0.1e-60.el7_3.1.x86_64.rpm openssl-static-1.0.1e-60.el7_3.1.i686.rpm openssl-static-1.0.1e-60.el7_3.1.x86_64.rpm

    Red Hat Enterprise Linux Workstation (v. 7):

    Source: openssl-1.0.1e-60.el7_3.1.src.rpm

    x86_64: openssl-1.0.1e-60.el7_3.1.x86_64.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.i686.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.x86_64.rpm openssl-devel-1.0.1e-60.el7_3.1.i686.rpm openssl-devel-1.0.1e-60.el7_3.1.x86_64.rpm openssl-libs-1.0.1e-60.el7_3.1.i686.rpm openssl-libs-1.0.1e-60.el7_3.1.x86_64.rpm

    Red Hat Enterprise Linux Workstation Optional (v. 7):

    x86_64: openssl-debuginfo-1.0.1e-60.el7_3.1.i686.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.x86_64.rpm openssl-perl-1.0.1e-60.el7_3.1.x86_64.rpm openssl-static-1.0.1e-60.el7_3.1.i686.rpm openssl-static-1.0.1e-60.el7_3.1.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2016-8610 https://access.redhat.com/security/cve/CVE-2017-3731 https://access.redhat.com/security/updates/classification/#moderate https://www.openssl.org/news/secadv/20170126.txt

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iD8DBQFYqs1TXlSAg2UNWIIRAt7bAJ0ZCDFTFcNP3/qrBxA46aRJQAvxkACaA9Ak 1zK4rWazcUYTZw5zQhD4SXA= =I+Z7 -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.

    Security Fix(es):

    • A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-6304)

    • It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. (CVE-2016-0736)

    • It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. (CVE-2016-2161)

    • A timing attack flaw was found in OpenSSL that could allow a malicious user with local access to recover ECDSA P-256 private keys. (CVE-2016-8610)

    • It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)

    • A vulnerability was found in httpd's handling of the LimitRequestFields directive in mod_http2, affecting servers with HTTP/2 enabled. (CVE-2016-8740)

    Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and Shi Lei (Gear Team of Qihoo 360 Inc.) for reporting CVE-2016-8610. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6304. After installing the updated packages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/):

    1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth 1384743 - CVE-2016-8610 SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS 1401528 - CVE-2016-8740 httpd: Incomplete handling of LimitRequestFields directive in mod_http2 1406744 - CVE-2016-0736 httpd: Padding Oracle in Apache mod_session_crypto 1406753 - CVE-2016-2161 httpd: DoS vulnerability in mod_auth_digest 1406822 - CVE-2016-8743 httpd: Apache HTTP Request Parsing Whitespace Defects 1412120 - CVE-2016-7056 openssl: ECDSA P-256 timing attack key recovery

    1. JIRA issues fixed (https://issues.jboss.org/):

    JBCS-319 - Errata for httpd 2.4.23 SP1 RHEL 7

    Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647)

    • A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. Solution:

    Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).

    CVE-2016-8610

    It was discovered that no limit was imposed on alert packets during
    an SSL handshake.
    

    CVE-2017-3731

    Robert Swiecki discovered that the RC4-MD5 cipher when running on
    32 bit systems could be forced into an out-of-bounds read, resulting
    in denial of service.
    

    For the stable distribution (jessie), these problems have been fixed in version 1.0.1t-1+deb8u6.

    For the unstable distribution (sid), these problems have been fixed in version 1.1.0d-1 of the openssl source package and in version 1.0.2k-1 of the openssl1.0 source package.

    We recommend that you upgrade your openssl packages. 6) - i386, x86_64

    The following packages have been upgraded to a later upstream version: gnutls (2.12.23). (CVE-2016-8610)

    • Multiple flaws were found in the way gnutls processed OpenPGP certificates. An attacker could create specially crafted OpenPGP certificates which, when parsed by gnutls, would cause it to crash. Bugs fixed (https://bugzilla.redhat.com/):

    1320982 - ASSERT failure in gnutls-cli-debug 1321112 - DHE_DSS ciphers don't work with client certificates and OpenSSL using TLSv1.2 1323215 - gnutls-serv --http crashes with client certificates with NSS client 1326073 - GnuTLS prefers SHA-1 signatures in TLSv1.2 1326389 - GnuTLS server does not accept SHA-384 and SHA-512 Certificate Verify signatures despite advertising support for them 1326886 - GnuTLS server rejects connections that do not advertise support for SHA-1 signature algorithms 1327656 - gnutls-serv: closing connection without sending an Alert message 1328205 - gnutls-cli won't send certificates that don't match hashes in Certificate Request 1333521 - Provide ability to set the expected server name in gnutls-serv utility 1335924 - gnutls: Disable TLS connections with less than 1024-bit DH parameters 1337460 - Disable/remove export ciphersuites in GnuTLS 1384743 - CVE-2016-8610 SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS 1411836 - CVE-2017-5337 gnutls: Heap read overflow in read-packet.c 1412235 - CVE-2017-5335 gnutls: Out of memory while parsing crafted OpenPGP certificate 1412236 - CVE-2017-5336 gnutls: Stack overflow in cdk_pk_get_keyid 1415682 - Changes introduced by rebase to 2.12.23 break API and ABI compatibility for some libraries

    6.

    Ubuntu Security Notice USN-3183-2 March 20, 2017

    gnutls26 vulnerability

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 14.04 LTS
    • Ubuntu 12.04 LTS

    Summary:

    GnuTLS could be made to hang if it received specially crafted network traffic.

    Software Description: - gnutls26: GNU TLS library

    Details:

    USN-3183-1 fixed CVE-2016-8610 in GnuTLS in Ubuntu 16.04 LTS and Ubuntu 16.10. This update provides the corresponding update for Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.

    Original advisory details:

    Stefan Buehler discovered that GnuTLS incorrectly verified the serial length of OCSP responses. This issue only applied to Ubuntu 16.04 LTS. (CVE-2016-7444) Shi Lei discovered that GnuTLS incorrectly handled certain warning alerts. This issue has only been addressed in Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-8610) It was discovered that GnuTLS incorrectly decoded X.509 certificates with a Proxy Certificate Information extension. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2017-5334) It was discovered that GnuTLS incorrectly handled certain OpenPGP certificates. (CVE-2017-5335, CVE-2017-5336, CVE-2017-5337)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 14.04 LTS: libgnutls26 2.12.23-12ubuntu2.7

    Ubuntu 12.04 LTS: libgnutls26 2.12.14-5ubuntu3.14

    In general, a standard system update will make all the necessary changes

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "1.0.1"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "enterprise linux workstation",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "snapcenter server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "m12-2s",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujitsu",
            "version": "xcp3070"
          },
          {
            "_id": null,
            "model": "m12-1",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fujitsu",
            "version": "xcp3000"
          },
          {
            "_id": null,
            "model": "m10-4s",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fujitsu",
            "version": "xcp3000"
          },
          {
            "_id": null,
            "model": "m10-4",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujitsu",
            "version": "xcp3070"
          },
          {
            "_id": null,
            "model": "data ontap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "jboss enterprise application platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "6.0.0"
          },
          {
            "_id": null,
            "model": "e-series santricity os controller",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "netapp",
            "version": "11.40"
          },
          {
            "_id": null,
            "model": "smi-s provider",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "weblogic server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.1.3.0.0"
          },
          {
            "_id": null,
            "model": "m12-2s",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujitsu",
            "version": "xcp2361"
          },
          {
            "_id": null,
            "model": "enterprise linux workstation",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "enterprise linux server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "m12-2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujitsu",
            "version": "xcp2361"
          },
          {
            "_id": null,
            "model": "e-series santricity os controller",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "netapp",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "enterprise manager ops center",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.3.3"
          },
          {
            "_id": null,
            "model": "enterprise linux server aus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.3"
          },
          {
            "_id": null,
            "model": "oncommand unified manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "m12-2s",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fujitsu",
            "version": "xcp3000"
          },
          {
            "_id": null,
            "model": "enterprise linux server eus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.3"
          },
          {
            "_id": null,
            "model": "m10-4",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujitsu",
            "version": "xcp2361"
          },
          {
            "_id": null,
            "model": "m12-1",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujitsu",
            "version": "xcp3070"
          },
          {
            "_id": null,
            "model": "enterprise linux server tus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.6"
          },
          {
            "_id": null,
            "model": "core rdbms",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "18c"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "core rdbms",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.2.0.1"
          },
          {
            "_id": null,
            "model": "clustered data ontap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "m10-4",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fujitsu",
            "version": "xcp3000"
          },
          {
            "_id": null,
            "model": "enterprise linux server eus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.4"
          },
          {
            "_id": null,
            "model": "cn1610",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "application testing suite",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "13.3.0.1"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.1.0"
          },
          {
            "_id": null,
            "model": "adaptive access manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "11.1.2.3.0"
          },
          {
            "_id": null,
            "model": "weblogic server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.2.1.3.0"
          },
          {
            "_id": null,
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.58"
          },
          {
            "_id": null,
            "model": "storagegrid webscale",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "m10-4s",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujitsu",
            "version": "xcp2361"
          },
          {
            "_id": null,
            "model": "jd edwards enterpriseone tools",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "9.2"
          },
          {
            "_id": null,
            "model": "pan-os",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "paloaltonetworks",
            "version": "7.1.0"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.2h"
          },
          {
            "_id": null,
            "model": "enterprise linux server aus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.6"
          },
          {
            "_id": null,
            "model": "data ontap edge",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "retail predictive application server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "16.0.3"
          },
          {
            "_id": null,
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "pan-os",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "paloaltonetworks",
            "version": "7.1.10"
          },
          {
            "_id": null,
            "model": "enterprise linux server eus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.6"
          },
          {
            "_id": null,
            "model": "m10-1",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujitsu",
            "version": "xcp2361"
          },
          {
            "_id": null,
            "model": "enterprise linux server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "jboss enterprise application platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "6.4.0"
          },
          {
            "_id": null,
            "model": "weblogic server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "10.3.6.0.0"
          },
          {
            "_id": null,
            "model": "enterprise manager ops center",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.4.0"
          },
          {
            "_id": null,
            "model": "m12-2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujitsu",
            "version": "xcp3070"
          },
          {
            "_id": null,
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.57"
          },
          {
            "_id": null,
            "model": "oncommand balance",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise linux server eus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "storagegrid",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "retail predictive application server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "15.0.3"
          },
          {
            "_id": null,
            "model": "enterprise linux server tus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.3"
          },
          {
            "_id": null,
            "model": "m10-1",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fujitsu",
            "version": "xcp3000"
          },
          {
            "_id": null,
            "model": "timesten in-memory database",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "18.1.4.1.0"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "1.0.2"
          },
          {
            "_id": null,
            "model": "communications ip service activator",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "7.4.0"
          },
          {
            "_id": null,
            "model": "goldengate application adapters",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.3.2.1.0"
          },
          {
            "_id": null,
            "model": "clustered data ontap antivirus connector",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "weblogic server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.2.1.4.0"
          },
          {
            "_id": null,
            "model": "m10-4s",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujitsu",
            "version": "xcp3070"
          },
          {
            "_id": null,
            "model": "core rdbms",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "19c"
          },
          {
            "_id": null,
            "model": "communications analytics",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.1.1"
          },
          {
            "_id": null,
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "enterprise linux server aus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "redhat",
            "version": "7.4"
          },
          {
            "_id": null,
            "model": "m12-2",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "fujitsu",
            "version": "xcp3000"
          },
          {
            "_id": null,
            "model": "ontap select deploy",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "m10-1",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujitsu",
            "version": "xcp3070"
          },
          {
            "_id": null,
            "model": "host agent",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "core rdbms",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.1.0.2"
          },
          {
            "_id": null,
            "model": "snapdrive",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "communications ip service activator",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "7.3.4"
          },
          {
            "_id": null,
            "model": "service processor",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "pan-os",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "paloaltonetworks",
            "version": "7.0.0"
          },
          {
            "_id": null,
            "model": "core rdbms",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "11.2.0.4"
          },
          {
            "_id": null,
            "model": "m12-1",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "fujitsu",
            "version": "xcp2361"
          },
          {
            "_id": null,
            "model": "pan-os",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "paloaltonetworks",
            "version": "7.0.15"
          },
          {
            "_id": null,
            "model": "oncommand workflow automation",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "pan-os",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "paloaltonetworks",
            "version": "6.1.17"
          },
          {
            "_id": null,
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.56"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "openssl",
            "version": "1.0.2b"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "openssl",
            "version": "1.0.2"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "openssl",
            "version": "1.0.2a"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "openssl",
            "version": "1.0.2c"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "openssl",
            "version": "1.0.2d"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "16.10"
          },
          {
            "_id": null,
            "model": "linux lts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "16.04"
          },
          {
            "_id": null,
            "model": "linux lts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "14.04"
          },
          {
            "_id": null,
            "model": "linux lts i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "12.04"
          },
          {
            "_id": null,
            "model": "linux lts amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "12.04"
          },
          {
            "_id": null,
            "model": "jboss web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "0"
          },
          {
            "_id": null,
            "model": "jboss core services on rhel server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "70"
          },
          {
            "_id": null,
            "model": "jboss core services on rhel server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "60"
          },
          {
            "_id": null,
            "model": "pan-os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "paloaltonetworks",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "pan-os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "paloaltonetworks",
            "version": "7.0.15"
          },
          {
            "_id": null,
            "model": "pan-os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "paloaltonetworks",
            "version": "7.0.14"
          },
          {
            "_id": null,
            "model": "pan-os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "paloaltonetworks",
            "version": "7.0.13"
          },
          {
            "_id": null,
            "model": "pan-os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "paloaltonetworks",
            "version": "7.0.12"
          },
          {
            "_id": null,
            "model": "pan-os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "paloaltonetworks",
            "version": "7.0.11"
          },
          {
            "_id": null,
            "model": "pan-os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "paloaltonetworks",
            "version": "7.0.10"
          },
          {
            "_id": null,
            "model": "pan-os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "paloaltonetworks",
            "version": "7.0.5"
          },
          {
            "_id": null,
            "model": "pan-os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "paloaltonetworks",
            "version": "7.0.4"
          },
          {
            "_id": null,
            "model": "pan-os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "paloaltonetworks",
            "version": "7.0.1"
          },
          {
            "_id": null,
            "model": "pan-os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "paloaltonetworks",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "pan-os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "paloaltonetworks",
            "version": "7.0.9"
          },
          {
            "_id": null,
            "model": "pan-os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "paloaltonetworks",
            "version": "7.0.8"
          },
          {
            "_id": null,
            "model": "pan-os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "paloaltonetworks",
            "version": "7.0.7"
          },
          {
            "_id": null,
            "model": "pan-os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "paloaltonetworks",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "7"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "1.1"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "1.0.2"
          },
          {
            "_id": null,
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "project openssl 1.0.2h",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 1.0.2g",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 1.0.2f",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 1.0.2e",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 1.0.2d",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 1.0.2c",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 1.0.2b",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 1.0.2a",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1u",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1t",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1s",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1r",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1q",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1p",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1o",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1n",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1m",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1l",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1k",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1j",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1i",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1h",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1g",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1f",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1e",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1d",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1c",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1b",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 1.0.1a",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "1.0.1"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8zh",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8zg",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8zf",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8ze",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8zd",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8zc",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8zb",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8za",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8y",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8x"
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8w",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8u",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8t",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8s",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8r",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8q",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8p",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8o",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8n",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8m",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8l",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8g",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 0.9.8f",
            "scope": null,
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8v"
          },
          {
            "_id": null,
            "model": "vios",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "sterling connect:direct for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "netezza host management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.4.4"
          },
          {
            "_id": null,
            "model": "netezza host management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.4.3"
          },
          {
            "_id": null,
            "model": "netezza host management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.4.8.0"
          },
          {
            "_id": null,
            "model": "netezza host management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.4.6.0"
          },
          {
            "_id": null,
            "model": "netezza host management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.9.0"
          },
          {
            "_id": null,
            "model": "netezza host management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.8.0"
          },
          {
            "_id": null,
            "model": "netezza host management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.7.0"
          },
          {
            "_id": null,
            "model": "netezza host management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.6.0"
          },
          {
            "_id": null,
            "model": "netezza host management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.3"
          },
          {
            "_id": null,
            "model": "netezza host management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.2.0"
          },
          {
            "_id": null,
            "model": "netezza host management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3.10.0"
          },
          {
            "_id": null,
            "model": "netezza host management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.2.0.0"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.2.1"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.2.0"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.1.3"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.1.2"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.1.1"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.1.0"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.0.4"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.0.3"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.0.2"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.0.1"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.0.0"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0.9"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0.8"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0.6"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0.5"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0.4"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0.3"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0.2"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0.10"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0.1"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0.0"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.9"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.8"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.7"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.6"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.5"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.13"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.12"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.11"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.10"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.0"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.9"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.8"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.16"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.15"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.14"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.13"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.12"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.11"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.10"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "centos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "centos",
            "version": "6"
          },
          {
            "_id": null,
            "model": "pan-os",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "paloaltonetworks",
            "version": "7.0.16"
          },
          {
            "_id": null,
            "model": "project openssl 1.1.0b",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl 1.0.2j",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": "sterling connect:direct for unix 4.1.0.4.ifix085",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "netezza host management",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.4.9.0"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.2.2"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.1.4"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.0.5"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0.11"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0.14"
          },
          {
            "_id": null,
            "model": "datapower gateways",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.17"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "93841"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201610-726"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8610"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Shi Lei from Gear Team, Qihoo 360 Inc.",
        "sources": [
          {
            "db": "BID",
            "id": "93841"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201610-726"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2016-8610",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2016-8610",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-97430",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2016-8610",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-8610",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201610-726",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-97430",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2016-8610",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97430"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-8610"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201610-726"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8610"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. OpenSSL is prone to denial-of-service vulnerability. \nSuccessful exploitation of the issue will cause excessive memory or CPU resource consumption, resulting in a denial-of-service condition. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: openssl security update\nAdvisory ID:       RHSA-2017:0286-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2017-0286.html\nIssue date:        2017-02-20\nCVE Names:         CVE-2016-8610 CVE-2017-3731 \n=====================================================================\n\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 6 and\nRed Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nSecurity Fix(es):\n\n* An integer underflow leading to an out of bounds read flaw was found in\nOpenSSL. \n(CVE-2016-8610)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1384743 - CVE-2016-8610 SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS\n1416852 - CVE-2017-3731 openssl: Truncated packet could crash via OOB read\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.4.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-1.0.1e-48.el6_8.4.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.4.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.4.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.4.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.4.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.4.src.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-1.0.1e-48.el6_8.4.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.4.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.4.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.4.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.4.i686.rpm\n\nppc64:\nopenssl-1.0.1e-48.el6_8.4.ppc.rpm\nopenssl-1.0.1e-48.el6_8.4.ppc64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.4.ppc.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.4.ppc64.rpm\nopenssl-devel-1.0.1e-48.el6_8.4.ppc.rpm\nopenssl-devel-1.0.1e-48.el6_8.4.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-48.el6_8.4.s390.rpm\nopenssl-1.0.1e-48.el6_8.4.s390x.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.4.s390.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.4.s390x.rpm\nopenssl-devel-1.0.1e-48.el6_8.4.s390.rpm\nopenssl-devel-1.0.1e-48.el6_8.4.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-1.0.1e-48.el6_8.4.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.4.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-48.el6_8.4.ppc64.rpm\nopenssl-perl-1.0.1e-48.el6_8.4.ppc64.rpm\nopenssl-static-1.0.1e-48.el6_8.4.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-48.el6_8.4.s390x.rpm\nopenssl-perl-1.0.1e-48.el6_8.4.s390x.rpm\nopenssl-static-1.0.1e-48.el6_8.4.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.4.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.4.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.4.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-1.0.1e-48.el6_8.4.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.4.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.4.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.4.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-60.el7_3.1.src.rpm\n\nx86_64:\nopenssl-1.0.1e-60.el7_3.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-60.el7_3.1.i686.rpm\nopenssl-debuginfo-1.0.1e-60.el7_3.1.x86_64.rpm\nopenssl-libs-1.0.1e-60.el7_3.1.i686.rpm\nopenssl-libs-1.0.1e-60.el7_3.1.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-60.el7_3.1.i686.rpm\nopenssl-debuginfo-1.0.1e-60.el7_3.1.x86_64.rpm\nopenssl-devel-1.0.1e-60.el7_3.1.i686.rpm\nopenssl-devel-1.0.1e-60.el7_3.1.x86_64.rpm\nopenssl-perl-1.0.1e-60.el7_3.1.x86_64.rpm\nopenssl-static-1.0.1e-60.el7_3.1.i686.rpm\nopenssl-static-1.0.1e-60.el7_3.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-60.el7_3.1.src.rpm\n\nx86_64:\nopenssl-1.0.1e-60.el7_3.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-60.el7_3.1.i686.rpm\nopenssl-debuginfo-1.0.1e-60.el7_3.1.x86_64.rpm\nopenssl-libs-1.0.1e-60.el7_3.1.i686.rpm\nopenssl-libs-1.0.1e-60.el7_3.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-60.el7_3.1.i686.rpm\nopenssl-debuginfo-1.0.1e-60.el7_3.1.x86_64.rpm\nopenssl-devel-1.0.1e-60.el7_3.1.i686.rpm\nopenssl-devel-1.0.1e-60.el7_3.1.x86_64.rpm\nopenssl-perl-1.0.1e-60.el7_3.1.x86_64.rpm\nopenssl-static-1.0.1e-60.el7_3.1.i686.rpm\nopenssl-static-1.0.1e-60.el7_3.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-60.el7_3.1.src.rpm\n\naarch64:\nopenssl-1.0.1e-60.el7_3.1.aarch64.rpm\nopenssl-debuginfo-1.0.1e-60.el7_3.1.aarch64.rpm\nopenssl-devel-1.0.1e-60.el7_3.1.aarch64.rpm\nopenssl-libs-1.0.1e-60.el7_3.1.aarch64.rpm\n\nppc64:\nopenssl-1.0.1e-60.el7_3.1.ppc64.rpm\nopenssl-debuginfo-1.0.1e-60.el7_3.1.ppc.rpm\nopenssl-debuginfo-1.0.1e-60.el7_3.1.ppc64.rpm\nopenssl-devel-1.0.1e-60.el7_3.1.ppc.rpm\nopenssl-devel-1.0.1e-60.el7_3.1.ppc64.rpm\nopenssl-libs-1.0.1e-60.el7_3.1.ppc.rpm\nopenssl-libs-1.0.1e-60.el7_3.1.ppc64.rpm\n\nppc64le:\nopenssl-1.0.1e-60.el7_3.1.ppc64le.rpm\nopenssl-debuginfo-1.0.1e-60.el7_3.1.ppc64le.rpm\nopenssl-devel-1.0.1e-60.el7_3.1.ppc64le.rpm\nopenssl-libs-1.0.1e-60.el7_3.1.ppc64le.rpm\n\ns390x:\nopenssl-1.0.1e-60.el7_3.1.s390x.rpm\nopenssl-debuginfo-1.0.1e-60.el7_3.1.s390.rpm\nopenssl-debuginfo-1.0.1e-60.el7_3.1.s390x.rpm\nopenssl-devel-1.0.1e-60.el7_3.1.s390.rpm\nopenssl-devel-1.0.1e-60.el7_3.1.s390x.rpm\nopenssl-libs-1.0.1e-60.el7_3.1.s390.rpm\nopenssl-libs-1.0.1e-60.el7_3.1.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-60.el7_3.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-60.el7_3.1.i686.rpm\nopenssl-debuginfo-1.0.1e-60.el7_3.1.x86_64.rpm\nopenssl-devel-1.0.1e-60.el7_3.1.i686.rpm\nopenssl-devel-1.0.1e-60.el7_3.1.x86_64.rpm\nopenssl-libs-1.0.1e-60.el7_3.1.i686.rpm\nopenssl-libs-1.0.1e-60.el7_3.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\naarch64:\nopenssl-debuginfo-1.0.1e-60.el7_3.1.aarch64.rpm\nopenssl-perl-1.0.1e-60.el7_3.1.aarch64.rpm\nopenssl-static-1.0.1e-60.el7_3.1.aarch64.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-60.el7_3.1.ppc.rpm\nopenssl-debuginfo-1.0.1e-60.el7_3.1.ppc64.rpm\nopenssl-perl-1.0.1e-60.el7_3.1.ppc64.rpm\nopenssl-static-1.0.1e-60.el7_3.1.ppc.rpm\nopenssl-static-1.0.1e-60.el7_3.1.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.1e-60.el7_3.1.ppc64le.rpm\nopenssl-perl-1.0.1e-60.el7_3.1.ppc64le.rpm\nopenssl-static-1.0.1e-60.el7_3.1.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-60.el7_3.1.s390.rpm\nopenssl-debuginfo-1.0.1e-60.el7_3.1.s390x.rpm\nopenssl-perl-1.0.1e-60.el7_3.1.s390x.rpm\nopenssl-static-1.0.1e-60.el7_3.1.s390.rpm\nopenssl-static-1.0.1e-60.el7_3.1.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-60.el7_3.1.i686.rpm\nopenssl-debuginfo-1.0.1e-60.el7_3.1.x86_64.rpm\nopenssl-perl-1.0.1e-60.el7_3.1.x86_64.rpm\nopenssl-static-1.0.1e-60.el7_3.1.i686.rpm\nopenssl-static-1.0.1e-60.el7_3.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-60.el7_3.1.src.rpm\n\nx86_64:\nopenssl-1.0.1e-60.el7_3.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-60.el7_3.1.i686.rpm\nopenssl-debuginfo-1.0.1e-60.el7_3.1.x86_64.rpm\nopenssl-devel-1.0.1e-60.el7_3.1.i686.rpm\nopenssl-devel-1.0.1e-60.el7_3.1.x86_64.rpm\nopenssl-libs-1.0.1e-60.el7_3.1.i686.rpm\nopenssl-libs-1.0.1e-60.el7_3.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-60.el7_3.1.i686.rpm\nopenssl-debuginfo-1.0.1e-60.el7_3.1.x86_64.rpm\nopenssl-perl-1.0.1e-60.el7_3.1.x86_64.rpm\nopenssl-static-1.0.1e-60.el7_3.1.i686.rpm\nopenssl-static-1.0.1e-60.el7_3.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-8610\nhttps://access.redhat.com/security/cve/CVE-2017-3731\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://www.openssl.org/news/secadv/20170126.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFYqs1TXlSAg2UNWIIRAt7bAJ0ZCDFTFcNP3/qrBxA46aRJQAvxkACaA9Ak\n1zK4rWazcUYTZw5zQhD4SXA=\n=I+Z7\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nSecurity Fix(es):\n\n* A memory leak flaw was found in the way OpenSSL handled TLS status\nrequest extension data during session renegotiation. A remote attacker\ncould cause a TLS server using OpenSSL to consume an excessive amount of\nmemory and, possibly, exit unexpectedly after exhausting all available\nmemory, if it enabled OCSP stapling support. (CVE-2016-6304)\n\n* It was discovered that the mod_session_crypto module of httpd did not use\nany mechanisms to verify integrity of the encrypted session data stored in\nthe user\u0027s browser. (CVE-2016-0736)\n\n* It was discovered that the mod_auth_digest module of httpd did not\nproperly check for memory allocation failures. (CVE-2016-2161)\n\n* A timing attack flaw was found in OpenSSL that could allow a malicious\nuser with local access to recover ECDSA P-256 private keys. \n(CVE-2016-8610)\n\n* It was discovered that the HTTP parser in httpd incorrectly allowed\ncertain characters not permitted by the HTTP protocol specification to\nappear unencoded in HTTP request headers. If httpd was used in conjunction\nwith a proxy or backend server that interpreted those characters\ndifferently, a remote attacker could possibly use this flaw to inject data\ninto HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)\n\n* A vulnerability was found in httpd\u0027s handling of the LimitRequestFields\ndirective in mod_http2, affecting servers with HTTP/2 enabled. (CVE-2016-8740)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-6304\nand Shi Lei (Gear Team of Qihoo 360 Inc.) for reporting CVE-2016-8610. \nUpstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original\nreporter of CVE-2016-6304. After installing the updated\npackages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/):\n\n1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth\n1384743 - CVE-2016-8610 SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS\n1401528 - CVE-2016-8740 httpd: Incomplete handling of LimitRequestFields directive in mod_http2\n1406744 - CVE-2016-0736 httpd: Padding Oracle in Apache mod_session_crypto\n1406753 - CVE-2016-2161 httpd: DoS vulnerability in mod_auth_digest\n1406822 - CVE-2016-8743 httpd: Apache HTTP Request Parsing Whitespace Defects\n1412120 - CVE-2016-7056 openssl: ECDSA P-256 timing attack key recovery\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-319 - Errata for httpd 2.4.23 SP1 RHEL 7\n\n7. \n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies. If sendfile processing completed quickly, it was\npossible for the Processor to be added to the processor cache twice. This\ncould lead to invalid responses or information disclosure. (CVE-2017-5647)\n\n* A vulnerability was discovered in the error page mechanism in Tomcat\u0027s\nDefaultServlet implementation. A crafted HTTP request could cause undesired\nside effects, possibly including the removal or replacement of the custom\nerror page. Solution:\n\nBefore applying the update, back up your existing Red Hat JBoss Web Server\ninstallation (including all applications and configuration files). \n\nCVE-2016-8610\n\n    It was discovered that no limit was imposed on alert packets during\n    an SSL handshake. \n\nCVE-2017-3731\n\n    Robert Swiecki discovered that the RC4-MD5 cipher when running on\n    32 bit systems could be forced into an out-of-bounds read, resulting\n    in denial of service. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1t-1+deb8u6. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.1.0d-1 of the openssl source package and in version 1.0.2k-1\nof the openssl1.0 source package. \n\nWe recommend that you upgrade your openssl packages. 6) - i386, x86_64\n\n3. \n\nThe following packages have been upgraded to a later upstream version:\ngnutls (2.12.23). \n(CVE-2016-8610)\n\n* Multiple flaws were found in the way gnutls processed OpenPGP\ncertificates. An attacker could create specially crafted OpenPGP\ncertificates which, when parsed by gnutls, would cause it to crash. Bugs fixed (https://bugzilla.redhat.com/):\n\n1320982 - ASSERT failure in gnutls-cli-debug\n1321112 - DHE_DSS ciphers don\u0027t work with client certificates and OpenSSL using TLSv1.2\n1323215 - gnutls-serv --http crashes with client certificates with NSS client\n1326073 - GnuTLS prefers SHA-1 signatures in TLSv1.2\n1326389 - GnuTLS server does not accept SHA-384 and SHA-512 Certificate Verify signatures despite advertising support for them\n1326886 - GnuTLS server rejects connections that do not advertise support for SHA-1 signature algorithms\n1327656 - gnutls-serv: closing connection without sending an Alert message\n1328205 - gnutls-cli won\u0027t send certificates that don\u0027t match hashes in Certificate Request\n1333521 - Provide ability to set the expected server name in gnutls-serv utility\n1335924 - gnutls: Disable TLS connections with less than 1024-bit DH parameters\n1337460 - Disable/remove export ciphersuites in GnuTLS\n1384743 - CVE-2016-8610 SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS\n1411836 - CVE-2017-5337 gnutls: Heap read overflow in read-packet.c\n1412235 - CVE-2017-5335 gnutls: Out of memory while parsing crafted OpenPGP certificate\n1412236 - CVE-2017-5336 gnutls: Stack overflow in cdk_pk_get_keyid\n1415682 - Changes introduced by rebase to 2.12.23 break API and ABI compatibility for some libraries\n\n6. \n===========================================================================\nUbuntu Security Notice USN-3183-2\nMarch 20, 2017\n\ngnutls26 vulnerability\n===========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nGnuTLS could be made to hang if it received specially crafted network\ntraffic. \n\nSoftware Description:\n- gnutls26: GNU TLS library\n\nDetails:\n\nUSN-3183-1 fixed CVE-2016-8610 in GnuTLS in Ubuntu 16.04 LTS and Ubuntu\n16.10. This update provides the corresponding update for Ubuntu 12.04 LTS\nand Ubuntu 14.04 LTS. \n\nOriginal advisory details:\n\n Stefan Buehler discovered that GnuTLS incorrectly verified the serial\n length of OCSP responses. This issue only applied\n to Ubuntu 16.04 LTS. (CVE-2016-7444)\n  Shi Lei discovered that GnuTLS incorrectly handled certain warning alerts. This issue has only been addressed in\n Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-8610)\n  It was discovered that GnuTLS incorrectly decoded X.509 certificates with a\n Proxy Certificate Information extension. This issue only affected Ubuntu 16.04 LTS\n and Ubuntu 16.10. (CVE-2017-5334)\n  It was discovered that GnuTLS incorrectly handled certain OpenPGP\n certificates. (CVE-2017-5335, CVE-2017-5336, CVE-2017-5337)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n  libgnutls26                     2.12.23-12ubuntu2.7\n\nUbuntu 12.04 LTS:\n  libgnutls26                     2.12.14-5ubuntu3.14\n\nIn general, a standard system update will make all the necessary changes",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-8610"
          },
          {
            "db": "BID",
            "id": "93841"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97430"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-8610"
          },
          {
            "db": "PACKETSTORM",
            "id": "141173"
          },
          {
            "db": "PACKETSTORM",
            "id": "142848"
          },
          {
            "db": "PACKETSTORM",
            "id": "143874"
          },
          {
            "db": "PACKETSTORM",
            "id": "140781"
          },
          {
            "db": "PACKETSTORM",
            "id": "141752"
          },
          {
            "db": "PACKETSTORM",
            "id": "141708"
          },
          {
            "db": "PACKETSTORM",
            "id": "140890"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-8610",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "93841",
            "trust": 2.1
          },
          {
            "db": "SECTRACK",
            "id": "1037084",
            "trust": 1.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201610-726",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.2173",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "141173",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "141752",
            "trust": 0.2
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-92490",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-97430",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-8610",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "142848",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "143874",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "140781",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "141708",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "140890",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97430"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-8610"
          },
          {
            "db": "BID",
            "id": "93841"
          },
          {
            "db": "PACKETSTORM",
            "id": "141173"
          },
          {
            "db": "PACKETSTORM",
            "id": "142848"
          },
          {
            "db": "PACKETSTORM",
            "id": "143874"
          },
          {
            "db": "PACKETSTORM",
            "id": "140781"
          },
          {
            "db": "PACKETSTORM",
            "id": "141752"
          },
          {
            "db": "PACKETSTORM",
            "id": "141708"
          },
          {
            "db": "PACKETSTORM",
            "id": "140890"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201610-726"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8610"
          }
        ]
      },
      "id": "VAR-201711-0007",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97430"
          }
        ],
        "trust": 0.40555555
      },
      "last_update_date": "2026-03-09T20:19:58.494000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "OpenSSL Remediation measures for denial of service vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=65089"
          },
          {
            "title": "Red Hat: Moderate: openssl security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20170286 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.16 natives update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20171659 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: gnutls security, bug fix, and enhancement update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20170574 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.16 natives update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20171658 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 6",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20171414 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20171415 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 7",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20171413 - Security Advisory"
          },
          {
            "title": "Debian Security Advisories: DSA-3773-1 openssl -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=9f660812dd6a423f7e72aa57751d0031"
          },
          {
            "title": "Red Hat: CVE-2016-8610",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-8610"
          },
          {
            "title": "Amazon Linux AMI: ALAS-2017-803",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2017-803"
          },
          {
            "title": "Ubuntu Security Notice: gnutls26 vulnerability",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3183-2"
          },
          {
            "title": "Ubuntu Security Notice: gnutls26, gnutls28 vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3183-1"
          },
          {
            "title": "Ubuntu Security Notice: openssl vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3181-1"
          },
          {
            "title": "Red Hat: Important: Red Hat JBoss Web Server 3.1.0 Service Pack 1 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20171801 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat JBoss Web Server Service Pack 1 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20171802 - Security Advisory"
          },
          {
            "title": "Amazon Linux AMI: ALAS-2017-815",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2017-815"
          },
          {
            "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - January 2017",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=ecbe5f193404d1e9c62e8323118ae6cf"
          },
          {
            "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - January 2017",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=04299a624c15ae57f9f110f484bc5f66"
          },
          {
            "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2016",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6839c4d3fd328571c675c335d58b5591"
          },
          {
            "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - April 2017",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=d78b3379ca364568964f30138964c7e7"
          },
          {
            "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - April 2017",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=bf8deceb640f4a0fee008855afe6aa85"
          },
          {
            "title": "CVE-2016-8610-PoC",
            "trust": 0.1,
            "url": "https://github.com/cujanovic/CVE-2016-8610-PoC "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2016-8610"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201610-726"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-400",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-399",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97430"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8610"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.4,
            "url": "http://www.securityfocus.com/bid/93841"
          },
          {
            "trust": 2.1,
            "url": "http://seclists.org/oss-sec/2016/q4/224"
          },
          {
            "trust": 1.9,
            "url": "http://rhn.redhat.com/errata/rhsa-2017-0286.html"
          },
          {
            "trust": 1.9,
            "url": "http://rhn.redhat.com/errata/rhsa-2017-0574.html"
          },
          {
            "trust": 1.9,
            "url": "https://access.redhat.com/errata/rhsa-2017:1413"
          },
          {
            "trust": 1.9,
            "url": "https://access.redhat.com/errata/rhsa-2017:2493"
          },
          {
            "trust": 1.8,
            "url": "http://www.securitytracker.com/id/1037084"
          },
          {
            "trust": 1.8,
            "url": "https://www.debian.org/security/2017/dsa-3773"
          },
          {
            "trust": 1.8,
            "url": "https://security.freebsd.org/advisories/freebsd-sa-16:35.openssl.asc"
          },
          {
            "trust": 1.8,
            "url": "https://access.redhat.com/errata/rhsa-2017:1414"
          },
          {
            "trust": 1.8,
            "url": "http://rhn.redhat.com/errata/rhsa-2017-1415.html"
          },
          {
            "trust": 1.8,
            "url": "https://access.redhat.com/errata/rhsa-2017:1658"
          },
          {
            "trust": 1.8,
            "url": "http://rhn.redhat.com/errata/rhsa-2017-1659.html"
          },
          {
            "trust": 1.8,
            "url": "https://access.redhat.com/errata/rhsa-2017:1801"
          },
          {
            "trust": 1.8,
            "url": "https://access.redhat.com/errata/rhsa-2017:1802"
          },
          {
            "trust": 1.8,
            "url": "https://access.redhat.com/errata/rhsa-2017:2494"
          },
          {
            "trust": 1.8,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2016-8610"
          },
          {
            "trust": 1.8,
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=af58be768ebb690f78530f796e92b8ae5c9a4401"
          },
          {
            "trust": 1.8,
            "url": "https://security.360.cn/cve/cve-2016-8610/"
          },
          {
            "trust": 1.8,
            "url": "https://security.netapp.com/advisory/ntap-20171130-0001/"
          },
          {
            "trust": 1.8,
            "url": "https://security.paloaltonetworks.com/cve-2016-8610"
          },
          {
            "trust": 1.8,
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "trust": 1.8,
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "trust": 1.8,
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "trust": 1.8,
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "trust": 1.8,
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "trust": 1.8,
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "trust": 1.7,
            "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03897en_us"
          },
          {
            "trust": 0.9,
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401"
          },
          {
            "trust": 0.9,
            "url": "https://securityadvisories.paloaltonetworks.com/home/detail/87"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8610"
          },
          {
            "trust": 0.6,
            "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191553-1.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.2173/"
          },
          {
            "trust": 0.4,
            "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2016-8610"
          },
          {
            "trust": 0.4,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.3,
            "url": "http://openssl.org/"
          },
          {
            "trust": 0.3,
            "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory22.asc"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21994867"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21996760"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21997209"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3731"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7056"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2016-6304"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5337"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5336"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5335"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5334"
          },
          {
            "trust": 0.2,
            "url": "http://www.ubuntu.com/usn/usn-3183-1"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7444"
          },
          {
            "trust": 0.1,
            "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03897en_us"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/400.html"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/cujanovic/cve-2016-8610-poc"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49575"
          },
          {
            "trust": 0.1,
            "url": "https://usn.ubuntu.com/3183-2/"
          },
          {
            "trust": 0.1,
            "url": "https://www.openssl.org/news/secadv/20170126.txt"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2017-3731"
          },
          {
            "trust": 0.1,
            "url": "https://issues.jboss.org/):"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-8740"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-0736"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8743"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-8743"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2161"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8740"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-7056"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0736"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2016-2161"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2017-5664"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2017-5647"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5647"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/articles/3155411"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5664"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2017-5337"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2017-5336"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/6.9_release_notes/index.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/6.9_technical_notes/index.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2017-5335"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/gnutls26/2.12.23-12ubuntu2.7"
          },
          {
            "trust": 0.1,
            "url": "http://www.ubuntu.com/usn/usn-3183-2"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/gnutls26/2.12.14-5ubuntu3.14"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/gnutls28/3.4.10-4ubuntu1.2"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/gnutls26/2.12.23-12ubuntu2.6"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/gnutls28/3.5.3-5ubuntu1.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/gnutls26/2.12.14-5ubuntu3.13"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97430"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-8610"
          },
          {
            "db": "BID",
            "id": "93841"
          },
          {
            "db": "PACKETSTORM",
            "id": "141173"
          },
          {
            "db": "PACKETSTORM",
            "id": "142848"
          },
          {
            "db": "PACKETSTORM",
            "id": "143874"
          },
          {
            "db": "PACKETSTORM",
            "id": "140781"
          },
          {
            "db": "PACKETSTORM",
            "id": "141752"
          },
          {
            "db": "PACKETSTORM",
            "id": "141708"
          },
          {
            "db": "PACKETSTORM",
            "id": "140890"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201610-726"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8610"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-97430",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-8610",
            "ident": null
          },
          {
            "db": "BID",
            "id": "93841",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "141173",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "142848",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "143874",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "140781",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "141752",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "141708",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "140890",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201610-726",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8610",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2017-11-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97430",
            "ident": null
          },
          {
            "date": "2017-11-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2016-8610",
            "ident": null
          },
          {
            "date": "2016-10-24T00:00:00",
            "db": "BID",
            "id": "93841",
            "ident": null
          },
          {
            "date": "2017-02-20T22:47:10",
            "db": "PACKETSTORM",
            "id": "141173",
            "ident": null
          },
          {
            "date": "2017-06-07T22:47:57",
            "db": "PACKETSTORM",
            "id": "142848",
            "ident": null
          },
          {
            "date": "2017-08-22T05:29:02",
            "db": "PACKETSTORM",
            "id": "143874",
            "ident": null
          },
          {
            "date": "2017-01-30T16:58:54",
            "db": "PACKETSTORM",
            "id": "140781",
            "ident": null
          },
          {
            "date": "2017-03-21T14:50:40",
            "db": "PACKETSTORM",
            "id": "141752",
            "ident": null
          },
          {
            "date": "2017-03-20T23:36:43",
            "db": "PACKETSTORM",
            "id": "141708",
            "ident": null
          },
          {
            "date": "2017-02-02T02:05:34",
            "db": "PACKETSTORM",
            "id": "140890",
            "ident": null
          },
          {
            "date": "2016-10-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201610-726",
            "ident": null
          },
          {
            "date": "2017-11-13T22:29:00.203000",
            "db": "NVD",
            "id": "CVE-2016-8610",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2023-02-12T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97430",
            "ident": null
          },
          {
            "date": "2023-02-12T00:00:00",
            "db": "VULMON",
            "id": "CVE-2016-8610",
            "ident": null
          },
          {
            "date": "2017-08-22T08:11:00",
            "db": "BID",
            "id": "93841",
            "ident": null
          },
          {
            "date": "2023-02-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201610-726",
            "ident": null
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2016-8610",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "141173"
          },
          {
            "db": "PACKETSTORM",
            "id": "141752"
          },
          {
            "db": "PACKETSTORM",
            "id": "141708"
          },
          {
            "db": "PACKETSTORM",
            "id": "140890"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201610-726"
          }
        ],
        "trust": 1.0
      },
      "title": {
        "_id": null,
        "data": "OpenSSL Resource Management Error Vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201610-726"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "_id": null,
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201610-726"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202001-1866

    Vulnerability from variot - Updated: 2026-03-09 20:18

    xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. It exists that libxml2 incorrectly handled certain XML files. (CVE-2019-19956, CVE-2020-7595). Bugs fixed (https://bugzilla.redhat.com/):

    1914774 - CVE-2021-20178 ansible: user data leak in snmp_facts module 1915808 - CVE-2021-20180 ansible module: bitbucket_pipeline_variable exposes secured values 1916813 - CVE-2021-20191 ansible: multiple modules expose secured values 1925002 - CVE-2021-20228 ansible: basic.py no_log with fallback option 1939349 - CVE-2021-3447 ansible: multiple modules expose secured values


    1. Gentoo Linux Security Advisory GLSA 202010-04

                                           https://security.gentoo.org/
    

    Severity: Normal Title: libxml2: Multiple vulnerabilities Date: October 20, 2020 Bugs: #710748 ID: 202010-04


    Synopsis

    Multiple vulnerabilities have been found in libxml2, the worst of which could result in a Denial of Service condition.

    Background

    libxml2 is the XML (eXtended Markup Language) C parser and toolkit initially developed for the Gnome project.

    Affected packages

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
    

    1 dev-libs/libxml2 < 2.9.10 >= 2.9.10

    Description

    Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details.

    Impact

    Please review the referenced CVE identifiers for details.

    Workaround

    There is no known workaround at this time.

    Resolution

    All libxml2 users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.9.10"

    References

    [ 1 ] CVE-2019-20388 https://nvd.nist.gov/vuln/detail/CVE-2019-20388 [ 2 ] CVE-2020-7595 https://nvd.nist.gov/vuln/detail/CVE-2020-7595

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    https://security.gentoo.org/glsa/202010-04

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5

    . The compliance-operator image updates are now available for OpenShift Container Platform 4.6.

    Bug Fix(es):

    • Aggregator pod tries to parse ConfigMaps without results (BZ#1899479)

    • The compliancesuite object returns error with ocp4-cis tailored profile (BZ#1902251)

    • The compliancesuite does not trigger when there are multiple rhcos4 profiles added in scansettingbinding object (BZ#1902634)

    • [OCP v46] Not all remediations get applied through machineConfig although the status of all rules shows Applied in ComplianceRemediations object (BZ#1907414)

    • The profile parser pod deployment and associated profiles should get removed after upgrade the compliance operator (BZ#1908991)

    • Applying the "rhcos4-moderate" compliance profile leads to Ignition error "something else exists at that path" (BZ#1909081)

    • [OCP v46] Always update the default profilebundles on Compliance operator startup (BZ#1909122)

    • Solution:

    For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

    https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html

    Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/):

    1899479 - Aggregator pod tries to parse ConfigMaps without results 1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service 1902251 - The compliancesuite object returns error with ocp4-cis tailored profile 1902634 - The compliancesuite does not trigger when there are multiple rhcos4 profiles added in scansettingbinding object 1907414 - [OCP v46] Not all remediations get applied through machineConfig although the status of all rules shows Applied in ComplianceRemediations object 1908991 - The profile parser pod deployment and associated profiles should get removed after upgrade the compliance operator 1909081 - Applying the "rhcos4-moderate" compliance profile leads to Ignition error "something else exists at that path" 1909122 - [OCP v46] Always update the default profilebundles on Compliance operator startup

    1. Description:

    Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools.

    This advisory is intended to use with container images for Red Hat 3scale API Management 2.10.0. Solution:

    Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):

    1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash

    1. Solution:

    For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html

    1. Description:

    Red Hat OpenShift Do (odo) is a simple CLI tool for developers to create, build, and deploy applications on OpenShift. The odo tool is completely client-based and requires no server within the OpenShift cluster for deployment. It detects changes to local code and deploys it to the cluster automatically, giving instant feedback to validate changes in real-time. It supports multiple programming languages and frameworks.

    The advisory addresses the following issues:

    • Re-release of odo-init-image 1.1.3 for security updates

    • Solution:

    Download and install a new CLI binary by following the instructions linked from the References section. Bugs fixed (https://bugzilla.redhat.com/):

    1832983 - Release of 1.1.3 odo-init-image

    1. 8) - aarch64, ppc64le, s390x, x86_64

    2. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Moderate: libxml2 security and bug fix update Advisory ID: RHSA-2020:3996-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:3996 Issue date: 2020-09-29 CVE Names: CVE-2019-19956 CVE-2019-20388 CVE-2020-7595 ==================================================================== 1. Summary:

    An update for libxml2 is now available for Red Hat Enterprise Linux 7.

    Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

    1. Description:

    The libxml2 library is a development toolbox providing the implementation of various XML standards.

    Security Fix(es):

    • libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c (CVE-2019-19956)

    • libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c (CVE-2019-20388)

    • libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations (CVE-2020-7595)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    The desktop must be restarted (log out, then log back in) for this update to take effect.

    1. Package List:

    Red Hat Enterprise Linux Client (v. 7):

    Source: libxml2-2.9.1-6.el7.5.src.rpm

    x86_64: libxml2-2.9.1-6.el7.5.i686.rpm libxml2-2.9.1-6.el7.5.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7.5.i686.rpm libxml2-debuginfo-2.9.1-6.el7.5.x86_64.rpm libxml2-python-2.9.1-6.el7.5.x86_64.rpm

    Red Hat Enterprise Linux Client Optional (v. 7):

    x86_64: libxml2-debuginfo-2.9.1-6.el7.5.i686.rpm libxml2-debuginfo-2.9.1-6.el7.5.x86_64.rpm libxml2-devel-2.9.1-6.el7.5.i686.rpm libxml2-devel-2.9.1-6.el7.5.x86_64.rpm libxml2-static-2.9.1-6.el7.5.i686.rpm libxml2-static-2.9.1-6.el7.5.x86_64.rpm

    Red Hat Enterprise Linux ComputeNode (v. 7):

    Source: libxml2-2.9.1-6.el7.5.src.rpm

    x86_64: libxml2-2.9.1-6.el7.5.i686.rpm libxml2-2.9.1-6.el7.5.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7.5.i686.rpm libxml2-debuginfo-2.9.1-6.el7.5.x86_64.rpm libxml2-python-2.9.1-6.el7.5.x86_64.rpm

    Red Hat Enterprise Linux ComputeNode Optional (v. 7):

    x86_64: libxml2-debuginfo-2.9.1-6.el7.5.i686.rpm libxml2-debuginfo-2.9.1-6.el7.5.x86_64.rpm libxml2-devel-2.9.1-6.el7.5.i686.rpm libxml2-devel-2.9.1-6.el7.5.x86_64.rpm libxml2-static-2.9.1-6.el7.5.i686.rpm libxml2-static-2.9.1-6.el7.5.x86_64.rpm

    Red Hat Enterprise Linux Server (v. 7):

    Source: libxml2-2.9.1-6.el7.5.src.rpm

    ppc64: libxml2-2.9.1-6.el7.5.ppc.rpm libxml2-2.9.1-6.el7.5.ppc64.rpm libxml2-debuginfo-2.9.1-6.el7.5.ppc.rpm libxml2-debuginfo-2.9.1-6.el7.5.ppc64.rpm libxml2-devel-2.9.1-6.el7.5.ppc.rpm libxml2-devel-2.9.1-6.el7.5.ppc64.rpm libxml2-python-2.9.1-6.el7.5.ppc64.rpm

    ppc64le: libxml2-2.9.1-6.el7.5.ppc64le.rpm libxml2-debuginfo-2.9.1-6.el7.5.ppc64le.rpm libxml2-devel-2.9.1-6.el7.5.ppc64le.rpm libxml2-python-2.9.1-6.el7.5.ppc64le.rpm

    s390x: libxml2-2.9.1-6.el7.5.s390.rpm libxml2-2.9.1-6.el7.5.s390x.rpm libxml2-debuginfo-2.9.1-6.el7.5.s390.rpm libxml2-debuginfo-2.9.1-6.el7.5.s390x.rpm libxml2-devel-2.9.1-6.el7.5.s390.rpm libxml2-devel-2.9.1-6.el7.5.s390x.rpm libxml2-python-2.9.1-6.el7.5.s390x.rpm

    x86_64: libxml2-2.9.1-6.el7.5.i686.rpm libxml2-2.9.1-6.el7.5.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7.5.i686.rpm libxml2-debuginfo-2.9.1-6.el7.5.x86_64.rpm libxml2-devel-2.9.1-6.el7.5.i686.rpm libxml2-devel-2.9.1-6.el7.5.x86_64.rpm libxml2-python-2.9.1-6.el7.5.x86_64.rpm

    Red Hat Enterprise Linux Server Optional (v. 7):

    ppc64: libxml2-debuginfo-2.9.1-6.el7.5.ppc.rpm libxml2-debuginfo-2.9.1-6.el7.5.ppc64.rpm libxml2-static-2.9.1-6.el7.5.ppc.rpm libxml2-static-2.9.1-6.el7.5.ppc64.rpm

    ppc64le: libxml2-debuginfo-2.9.1-6.el7.5.ppc64le.rpm libxml2-static-2.9.1-6.el7.5.ppc64le.rpm

    s390x: libxml2-debuginfo-2.9.1-6.el7.5.s390.rpm libxml2-debuginfo-2.9.1-6.el7.5.s390x.rpm libxml2-static-2.9.1-6.el7.5.s390.rpm libxml2-static-2.9.1-6.el7.5.s390x.rpm

    x86_64: libxml2-debuginfo-2.9.1-6.el7.5.i686.rpm libxml2-debuginfo-2.9.1-6.el7.5.x86_64.rpm libxml2-static-2.9.1-6.el7.5.i686.rpm libxml2-static-2.9.1-6.el7.5.x86_64.rpm

    Red Hat Enterprise Linux Workstation (v. 7):

    Source: libxml2-2.9.1-6.el7.5.src.rpm

    x86_64: libxml2-2.9.1-6.el7.5.i686.rpm libxml2-2.9.1-6.el7.5.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7.5.i686.rpm libxml2-debuginfo-2.9.1-6.el7.5.x86_64.rpm libxml2-devel-2.9.1-6.el7.5.i686.rpm libxml2-devel-2.9.1-6.el7.5.x86_64.rpm libxml2-python-2.9.1-6.el7.5.x86_64.rpm

    Red Hat Enterprise Linux Workstation Optional (v. 7):

    x86_64: libxml2-debuginfo-2.9.1-6.el7.5.i686.rpm libxml2-debuginfo-2.9.1-6.el7.5.x86_64.rpm libxml2-static-2.9.1-6.el7.5.i686.rpm libxml2-static-2.9.1-6.el7.5.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2019-19956 https://access.redhat.com/security/cve/CVE-2019-20388 https://access.redhat.com/security/cve/CVE-2020-7595 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBX3OgG9zjgjWX9erEAQg9vhAAiDkPkj6VlpMKDvgVUY4eU83p4bCnZqos e9kVjDMJrHdYR5iXXc665LOYBG0yyDGdvVLeqxjI9S11UDypRyzy641kwBY6eCru 0yaA88aZ4YpQyIARmmK7cIMFe6JRWHOkEsOfMCtjpbkGLteXdzfUFgJnlRFB0Dai OVrZH3kGb5EbKvJGcWY7cqv5jQhpy802a4EhpHQ1q6vFAbO7D1T6vJlCyP0+ba5N ZoMyrCFWaX5TUjiwFkuyAiSZYyPyxo0+dhqgJaSU44BH4p5imV7c1oh10U7/7k+O Y30M2uLOuArD1ad0t2d23EVr8mRKUr+agoLWC8Pwuq2worTArE/395GKXv2Yvtv9 YCvvCNFIcnG5GaJloqhXkTZM2pCr0+n90WLrNZ0suPArycHU74ROfBNErWegvq2e gpFLyu3S1mpjcBG19Gjg1qgh7FKg57s7PbNzcETK5ParBQeZ4dHHpcr9voP52tYD SJ9ILV9unM5jya5Uwooa6GOFGistLQLntZd22zDcPahu0FxvQlyZFV4oInF0m/7h e/h8NgSwyJKNenZATlsOGmjdcMh95Unztu4bfK8S20/Ej8F/B2PE4Kxha2s0bxsC b9fFKBOIdTCeFi2lTyrctEGQl9ksrW/Va6+uQwe5lKQldwhB3of9QolUu7ud+gdx COt/fBH012Y=udpL -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Solution:

    See the documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/ 4.6/html/serverless_applications/index

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1874857 - CVE-2020-24553 golang: default Content-Type setting in net/http/cgi and net/http/fcgi could cause XSS 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1897643 - CVE-2020-28366 golang: malicious symbol names can lead to code execution at build time 1897646 - CVE-2020-28367 golang: improper validation of cgo flags can lead to code execution at build time 1906381 - Release of OpenShift Serverless Serving 1.12.0 1906382 - Release of OpenShift Serverless Eventing 1.12.0

    5

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "18.04"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "31"
          },
          {
            "_id": null,
            "model": "libxml2",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "xmlsoft",
            "version": "2.9.10"
          },
          {
            "_id": null,
            "model": "enterprise manager ops center",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.4.0.0"
          },
          {
            "_id": null,
            "model": "real user experience insight",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "13.3.1.0"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "19.10"
          },
          {
            "_id": null,
            "model": "mysql workbench",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.0.26"
          },
          {
            "_id": null,
            "model": "h300s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "h500e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "14.04"
          },
          {
            "_id": null,
            "model": "h410c",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "h500s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.58"
          },
          {
            "_id": null,
            "model": "h300e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "sinema remote connect server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "enterprise manager base platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "13.4.0.0"
          },
          {
            "_id": null,
            "model": "h700s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "real user experience insight",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "13.5.1.0"
          },
          {
            "_id": null,
            "model": "enterprise manager base platform",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "13.5.0.0"
          },
          {
            "_id": null,
            "model": "symantec netbackup",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "h700e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "steelstore cloud integrated storage",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "30"
          },
          {
            "_id": null,
            "model": "snapdrive",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "16.04"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "32"
          },
          {
            "_id": null,
            "model": "smi-s provider",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "h410s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "real user experience insight",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "13.4.1.0"
          },
          {
            "_id": null,
            "model": "clustered data ontap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "communications cloud native core network function cloud native environment",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "1.10.0"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "12.04"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-7595"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "162694"
          },
          {
            "db": "PACKETSTORM",
            "id": "162142"
          },
          {
            "db": "PACKETSTORM",
            "id": "161016"
          },
          {
            "db": "PACKETSTORM",
            "id": "162130"
          },
          {
            "db": "PACKETSTORM",
            "id": "159553"
          },
          {
            "db": "PACKETSTORM",
            "id": "161916"
          },
          {
            "db": "PACKETSTORM",
            "id": "159851"
          },
          {
            "db": "PACKETSTORM",
            "id": "159349"
          },
          {
            "db": "PACKETSTORM",
            "id": "160961"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202001-965"
          }
        ],
        "trust": 1.5
      },
      "cve": "CVE-2020-7595",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-7595",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-185720",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-7595",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-7595",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2020-7595",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202001-965",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-185720",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-7595",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-185720"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-7595"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202001-965"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-7595"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-7595"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. It exists that libxml2 incorrectly handled certain XML files. \n(CVE-2019-19956, CVE-2020-7595). Bugs fixed (https://bugzilla.redhat.com/):\n\n1914774 - CVE-2021-20178 ansible: user data leak in snmp_facts module\n1915808 - CVE-2021-20180 ansible module: bitbucket_pipeline_variable exposes secured values\n1916813 - CVE-2021-20191 ansible: multiple modules expose secured values\n1925002 - CVE-2021-20228 ansible: basic.py no_log with fallback option\n1939349 - CVE-2021-3447 ansible: multiple modules expose secured values\n\n5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202010-04\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: libxml2: Multiple vulnerabilities\n     Date: October 20, 2020\n     Bugs: #710748\n       ID: 202010-04\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in libxml2, the worst of which\ncould result in a Denial of Service condition. \n\nBackground\n==========\n\nlibxml2 is the XML (eXtended Markup Language) C parser and toolkit\ninitially developed for the Gnome project. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/libxml2             \u003c 2.9.10                  \u003e= 2.9.10\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in libxml2. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll libxml2 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/libxml2-2.9.10\"\n\nReferences\n==========\n\n[ 1 ] CVE-2019-20388\n      https://nvd.nist.gov/vuln/detail/CVE-2019-20388\n[ 2 ] CVE-2020-7595\n      https://nvd.nist.gov/vuln/detail/CVE-2020-7595\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202010-04\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n\n. \nThe compliance-operator image updates are now available for OpenShift\nContainer Platform 4.6. \n\nBug Fix(es):\n\n* Aggregator pod tries to parse ConfigMaps without results (BZ#1899479)\n\n* The compliancesuite object returns error with ocp4-cis tailored profile\n(BZ#1902251)\n\n* The compliancesuite does not trigger when there are multiple rhcos4\nprofiles added in scansettingbinding object (BZ#1902634)\n\n* [OCP v46] Not all remediations get applied through machineConfig although\nthe status of all rules shows Applied in ComplianceRemediations object\n(BZ#1907414)\n\n* The profile parser pod deployment and associated profiles should get\nremoved after upgrade the compliance operator (BZ#1908991)\n\n* Applying the \"rhcos4-moderate\" compliance profile leads to Ignition error\n\"something else exists at that path\" (BZ#1909081)\n\n* [OCP v46] Always update the default profilebundles on Compliance operator\nstartup (BZ#1909122)\n\n3. Solution:\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html. Bugs fixed (https://bugzilla.redhat.com/):\n\n1899479 - Aggregator pod tries to parse ConfigMaps without results\n1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service\n1902251 - The compliancesuite object returns error with ocp4-cis tailored profile\n1902634 - The compliancesuite does not trigger when there are multiple rhcos4 profiles added in scansettingbinding object\n1907414 - [OCP v46] Not all remediations get applied through machineConfig although the status of all rules shows Applied in ComplianceRemediations object\n1908991 - The profile parser pod deployment and associated profiles should get removed after upgrade the compliance operator\n1909081 - Applying the \"rhcos4-moderate\" compliance profile leads to Ignition error \"something else exists at that path\"\n1909122 - [OCP v46] Always update the default profilebundles on Compliance operator startup\n\n5. Description:\n\nRed Hat 3scale API Management delivers centralized API management features\nthrough a distributed, cloud-hosted layer. It includes built-in features to\nhelp in building a more successful API program, including access control,\nrate limits, payment gateway integration, and developer experience tools. \n\nThis advisory is intended to use with container images for Red Hat 3scale\nAPI Management 2.10.0. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n\n5. Solution:\n\nFor information on upgrading Ansible Tower, reference the Ansible Tower\nUpgrade and Migration Guide:\nhttps://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/\nindex.html\n\n4. Description:\n\nRed Hat OpenShift Do (odo) is a simple CLI tool for developers to create,\nbuild, and deploy applications on OpenShift. The odo tool is completely\nclient-based and requires no server within the OpenShift cluster for\ndeployment. It detects changes to local code and deploys it to the cluster\nautomatically, giving instant feedback to validate changes in real-time. It\nsupports multiple programming languages and frameworks. \n\nThe advisory addresses the following issues:\n\n* Re-release of odo-init-image 1.1.3 for security updates\n\n3. Solution:\n\nDownload and install a new CLI binary by following the instructions linked\nfrom the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1832983 - Release of 1.1.3 odo-init-image\n\n5. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: libxml2 security and bug fix update\nAdvisory ID:       RHSA-2020:3996-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2020:3996\nIssue date:        2020-09-29\nCVE Names:         CVE-2019-19956 CVE-2019-20388 CVE-2020-7595\n====================================================================\n1. Summary:\n\nAn update for libxml2 is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe libxml2 library is a development toolbox providing the implementation\nof various XML standards. \n\nSecurity Fix(es):\n\n* libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c\n(CVE-2019-19956)\n\n* libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c (CVE-2019-20388)\n\n* libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file\nsituations (CVE-2020-7595)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.9 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update\nto take effect. \n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nlibxml2-2.9.1-6.el7.5.src.rpm\n\nx86_64:\nlibxml2-2.9.1-6.el7.5.i686.rpm\nlibxml2-2.9.1-6.el7.5.x86_64.rpm\nlibxml2-debuginfo-2.9.1-6.el7.5.i686.rpm\nlibxml2-debuginfo-2.9.1-6.el7.5.x86_64.rpm\nlibxml2-python-2.9.1-6.el7.5.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nlibxml2-debuginfo-2.9.1-6.el7.5.i686.rpm\nlibxml2-debuginfo-2.9.1-6.el7.5.x86_64.rpm\nlibxml2-devel-2.9.1-6.el7.5.i686.rpm\nlibxml2-devel-2.9.1-6.el7.5.x86_64.rpm\nlibxml2-static-2.9.1-6.el7.5.i686.rpm\nlibxml2-static-2.9.1-6.el7.5.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nlibxml2-2.9.1-6.el7.5.src.rpm\n\nx86_64:\nlibxml2-2.9.1-6.el7.5.i686.rpm\nlibxml2-2.9.1-6.el7.5.x86_64.rpm\nlibxml2-debuginfo-2.9.1-6.el7.5.i686.rpm\nlibxml2-debuginfo-2.9.1-6.el7.5.x86_64.rpm\nlibxml2-python-2.9.1-6.el7.5.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nlibxml2-debuginfo-2.9.1-6.el7.5.i686.rpm\nlibxml2-debuginfo-2.9.1-6.el7.5.x86_64.rpm\nlibxml2-devel-2.9.1-6.el7.5.i686.rpm\nlibxml2-devel-2.9.1-6.el7.5.x86_64.rpm\nlibxml2-static-2.9.1-6.el7.5.i686.rpm\nlibxml2-static-2.9.1-6.el7.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nlibxml2-2.9.1-6.el7.5.src.rpm\n\nppc64:\nlibxml2-2.9.1-6.el7.5.ppc.rpm\nlibxml2-2.9.1-6.el7.5.ppc64.rpm\nlibxml2-debuginfo-2.9.1-6.el7.5.ppc.rpm\nlibxml2-debuginfo-2.9.1-6.el7.5.ppc64.rpm\nlibxml2-devel-2.9.1-6.el7.5.ppc.rpm\nlibxml2-devel-2.9.1-6.el7.5.ppc64.rpm\nlibxml2-python-2.9.1-6.el7.5.ppc64.rpm\n\nppc64le:\nlibxml2-2.9.1-6.el7.5.ppc64le.rpm\nlibxml2-debuginfo-2.9.1-6.el7.5.ppc64le.rpm\nlibxml2-devel-2.9.1-6.el7.5.ppc64le.rpm\nlibxml2-python-2.9.1-6.el7.5.ppc64le.rpm\n\ns390x:\nlibxml2-2.9.1-6.el7.5.s390.rpm\nlibxml2-2.9.1-6.el7.5.s390x.rpm\nlibxml2-debuginfo-2.9.1-6.el7.5.s390.rpm\nlibxml2-debuginfo-2.9.1-6.el7.5.s390x.rpm\nlibxml2-devel-2.9.1-6.el7.5.s390.rpm\nlibxml2-devel-2.9.1-6.el7.5.s390x.rpm\nlibxml2-python-2.9.1-6.el7.5.s390x.rpm\n\nx86_64:\nlibxml2-2.9.1-6.el7.5.i686.rpm\nlibxml2-2.9.1-6.el7.5.x86_64.rpm\nlibxml2-debuginfo-2.9.1-6.el7.5.i686.rpm\nlibxml2-debuginfo-2.9.1-6.el7.5.x86_64.rpm\nlibxml2-devel-2.9.1-6.el7.5.i686.rpm\nlibxml2-devel-2.9.1-6.el7.5.x86_64.rpm\nlibxml2-python-2.9.1-6.el7.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nlibxml2-debuginfo-2.9.1-6.el7.5.ppc.rpm\nlibxml2-debuginfo-2.9.1-6.el7.5.ppc64.rpm\nlibxml2-static-2.9.1-6.el7.5.ppc.rpm\nlibxml2-static-2.9.1-6.el7.5.ppc64.rpm\n\nppc64le:\nlibxml2-debuginfo-2.9.1-6.el7.5.ppc64le.rpm\nlibxml2-static-2.9.1-6.el7.5.ppc64le.rpm\n\ns390x:\nlibxml2-debuginfo-2.9.1-6.el7.5.s390.rpm\nlibxml2-debuginfo-2.9.1-6.el7.5.s390x.rpm\nlibxml2-static-2.9.1-6.el7.5.s390.rpm\nlibxml2-static-2.9.1-6.el7.5.s390x.rpm\n\nx86_64:\nlibxml2-debuginfo-2.9.1-6.el7.5.i686.rpm\nlibxml2-debuginfo-2.9.1-6.el7.5.x86_64.rpm\nlibxml2-static-2.9.1-6.el7.5.i686.rpm\nlibxml2-static-2.9.1-6.el7.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nlibxml2-2.9.1-6.el7.5.src.rpm\n\nx86_64:\nlibxml2-2.9.1-6.el7.5.i686.rpm\nlibxml2-2.9.1-6.el7.5.x86_64.rpm\nlibxml2-debuginfo-2.9.1-6.el7.5.i686.rpm\nlibxml2-debuginfo-2.9.1-6.el7.5.x86_64.rpm\nlibxml2-devel-2.9.1-6.el7.5.i686.rpm\nlibxml2-devel-2.9.1-6.el7.5.x86_64.rpm\nlibxml2-python-2.9.1-6.el7.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nlibxml2-debuginfo-2.9.1-6.el7.5.i686.rpm\nlibxml2-debuginfo-2.9.1-6.el7.5.x86_64.rpm\nlibxml2-static-2.9.1-6.el7.5.i686.rpm\nlibxml2-static-2.9.1-6.el7.5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-19956\nhttps://access.redhat.com/security/cve/CVE-2019-20388\nhttps://access.redhat.com/security/cve/CVE-2020-7595\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX3OgG9zjgjWX9erEAQg9vhAAiDkPkj6VlpMKDvgVUY4eU83p4bCnZqos\ne9kVjDMJrHdYR5iXXc665LOYBG0yyDGdvVLeqxjI9S11UDypRyzy641kwBY6eCru\n0yaA88aZ4YpQyIARmmK7cIMFe6JRWHOkEsOfMCtjpbkGLteXdzfUFgJnlRFB0Dai\nOVrZH3kGb5EbKvJGcWY7cqv5jQhpy802a4EhpHQ1q6vFAbO7D1T6vJlCyP0+ba5N\nZoMyrCFWaX5TUjiwFkuyAiSZYyPyxo0+dhqgJaSU44BH4p5imV7c1oh10U7/7k+O\nY30M2uLOuArD1ad0t2d23EVr8mRKUr+agoLWC8Pwuq2worTArE/395GKXv2Yvtv9\nYCvvCNFIcnG5GaJloqhXkTZM2pCr0+n90WLrNZ0suPArycHU74ROfBNErWegvq2e\ngpFLyu3S1mpjcBG19Gjg1qgh7FKg57s7PbNzcETK5ParBQeZ4dHHpcr9voP52tYD\nSJ9ILV9unM5jya5Uwooa6GOFGistLQLntZd22zDcPahu0FxvQlyZFV4oInF0m/7h\ne/h8NgSwyJKNenZATlsOGmjdcMh95Unztu4bfK8S20/Ej8F/B2PE4Kxha2s0bxsC\nb9fFKBOIdTCeFi2lTyrctEGQl9ksrW/Va6+uQwe5lKQldwhB3of9QolUu7ud+gdx\nCOt/fBH012Y=udpL\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Solution:\n\nSee the documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/\n4.6/html/serverless_applications/index\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1874857 - CVE-2020-24553 golang: default Content-Type setting in net/http/cgi and net/http/fcgi could cause XSS\n1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers\n1897643 - CVE-2020-28366 golang: malicious symbol names can lead to code execution at build time\n1897646 - CVE-2020-28367 golang: improper validation of cgo flags can lead to code execution at build time\n1906381 - Release of OpenShift Serverless Serving 1.12.0\n1906382 - Release of OpenShift Serverless Eventing 1.12.0\n\n5",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-7595"
          },
          {
            "db": "VULHUB",
            "id": "VHN-185720"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-7595"
          },
          {
            "db": "PACKETSTORM",
            "id": "162694"
          },
          {
            "db": "PACKETSTORM",
            "id": "162142"
          },
          {
            "db": "PACKETSTORM",
            "id": "159639"
          },
          {
            "db": "PACKETSTORM",
            "id": "161016"
          },
          {
            "db": "PACKETSTORM",
            "id": "162130"
          },
          {
            "db": "PACKETSTORM",
            "id": "159553"
          },
          {
            "db": "PACKETSTORM",
            "id": "161916"
          },
          {
            "db": "PACKETSTORM",
            "id": "159851"
          },
          {
            "db": "PACKETSTORM",
            "id": "159349"
          },
          {
            "db": "PACKETSTORM",
            "id": "160961"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-7595",
            "trust": 2.8
          },
          {
            "db": "SIEMENS",
            "id": "SSA-292794",
            "trust": 1.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-103-08",
            "trust": 1.8
          },
          {
            "db": "PACKETSTORM",
            "id": "159851",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "159349",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "161916",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "162694",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "159639",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202001-965",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0584",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.3732",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.1207",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.3535",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.2604",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.1744",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0902",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.4513",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.1242",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.1727",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.3364",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1564",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2162",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1826",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0234",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.3631",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0864",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0471",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0845",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.3868",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0986",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.3550",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0691",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.3248",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.4100",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.3102",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0319",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.1193",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0171",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.3072",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.0099",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1638",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4058",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "158168",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021041514",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021091331",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021052216",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022072097",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021111735",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-04827",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-185720",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-7595",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "162142",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "161016",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "162130",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "159553",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "160961",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-185720"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-7595"
          },
          {
            "db": "PACKETSTORM",
            "id": "162694"
          },
          {
            "db": "PACKETSTORM",
            "id": "162142"
          },
          {
            "db": "PACKETSTORM",
            "id": "159639"
          },
          {
            "db": "PACKETSTORM",
            "id": "161016"
          },
          {
            "db": "PACKETSTORM",
            "id": "162130"
          },
          {
            "db": "PACKETSTORM",
            "id": "159553"
          },
          {
            "db": "PACKETSTORM",
            "id": "161916"
          },
          {
            "db": "PACKETSTORM",
            "id": "159851"
          },
          {
            "db": "PACKETSTORM",
            "id": "159349"
          },
          {
            "db": "PACKETSTORM",
            "id": "160961"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202001-965"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-7595"
          }
        ]
      },
      "id": "VAR-202001-1866",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-185720"
          }
        ],
        "trust": 0.7003805
      },
      "last_update_date": "2026-03-09T20:18:55.809000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "libxml2 Security vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=109237"
          },
          {
            "title": "Debian CVElist Bug Report Logs: libxml2: CVE-2020-7595",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=8128495aba3a49b2f3e0b9ee0e8401af"
          },
          {
            "title": "Ubuntu Security Notice: libxml2 vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4274-1"
          },
          {
            "title": "Red Hat: Moderate: libxml2 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204479 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: libxml2 security and bug fix update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203996 - Security Advisory"
          },
          {
            "title": "Arch Linux Issues: ",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2020-7595 log"
          },
          {
            "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP3 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202646 - Security Advisory"
          },
          {
            "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP3 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202644 - Security Advisory"
          },
          {
            "title": "Amazon Linux AMI: ALAS-2020-1438",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2020-1438"
          },
          {
            "title": "Arch Linux Advisories: [ASA-202011-15] libxml2: multiple issues",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202011-15"
          },
          {
            "title": "Amazon Linux 2: ALAS2-2020-1534",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2020-1534"
          },
          {
            "title": "Siemens Security Advisories: Siemens Security Advisory",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=0d160980ab72db34060d62c89304b6f2"
          },
          {
            "title": "Red Hat: Moderate: Release of OpenShift Serverless 1.11.0",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20205149 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: security update - Red Hat Ansible Tower 3.6 runner release (CVE-2019-18874)",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204255 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: security update - Red Hat Ansible Tower 3.7 runner release (CVE-2019-18874)",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204254 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: Release of OpenShift Serverless 1.12.0",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210146 - Security Advisory"
          },
          {
            "title": "Red Hat: Low: OpenShift Container Platform 4.3.40 security and bug fix update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204264 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: OpenShift Container Platform 4.6 compliance-operator security and bug fix update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210190 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: OpenShift Container Platform 4.6 compliance-operator security and bug fix update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210436 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: Red Hat Quay v3.3.3 bug fix and security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210050 - Security Advisory"
          },
          {
            "title": "IBM: Security Bulletin:  IBM Security Guardium is affected by multiple vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3201548b0e11fd3ecd83fd36fc045a8e"
          },
          {
            "title": "Red Hat: Moderate: Red Hat OpenShift Container Storage 4.6.0 security, bug fix, enhancement update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20205605 - Security Advisory"
          },
          {
            "title": "Siemens Security Advisories: Siemens Security Advisory",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2020-7595"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202001-965"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-835",
            "trust": 1.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-185720"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-7595"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.5,
            "url": "https://usn.ubuntu.com/4274-1/"
          },
          {
            "trust": 2.4,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08"
          },
          {
            "trust": 2.4,
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "trust": 1.9,
            "url": "https://security.gentoo.org/glsa/202010-04"
          },
          {
            "trust": 1.8,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf"
          },
          {
            "trust": 1.8,
            "url": "https://security.netapp.com/advisory/ntap-20200702-0005/"
          },
          {
            "trust": 1.8,
            "url": "https://gitlab.gnome.org/gnome/libxml2/commit/0e1a49c89076"
          },
          {
            "trust": 1.8,
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "trust": 1.8,
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "trust": 1.8,
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "trust": 1.8,
            "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html"
          },
          {
            "trust": 1.8,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html"
          },
          {
            "trust": 1.5,
            "url": "https://access.redhat.com/security/cve/cve-2020-7595"
          },
          {
            "trust": 1.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545spoi3zppnpx4tfrive4jvrtjrkull/"
          },
          {
            "trust": 1.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5r55zr52rmbx24tqtwhciwkjvrv6yawi/"
          },
          {
            "trust": 1.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jdpf3aavkuakdyfmfksiqsvvs3eefpqh/"
          },
          {
            "trust": 1.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7595"
          },
          {
            "trust": 1.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20388"
          },
          {
            "trust": 0.9,
            "url": "https://access.redhat.com/security/cve/cve-2019-20388"
          },
          {
            "trust": 0.9,
            "url": "https://access.redhat.com/security/cve/cve-2019-19956"
          },
          {
            "trust": 0.9,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.9,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19956"
          },
          {
            "trust": 0.9,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.8,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5r55zr52rmbx24tqtwhciwkjvrv6yawi/"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545spoi3zppnpx4tfrive4jvrtjrkull/"
          },
          {
            "trust": 0.7,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jdpf3aavkuakdyfmfksiqsvvs3eefpqh/"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
          },
          {
            "trust": 0.7,
            "url": "https://access.redhat.com/security/cve/cve-2018-20843"
          },
          {
            "trust": 0.7,
            "url": "https://access.redhat.com/security/cve/cve-2019-15903"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/6455281"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.3535/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0902/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.3248/"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021052216"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2162/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.1727"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.1207"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-libxml2-vulnerabilities-cve-2019-19956-cve-2019-20388-cve-2020-7595/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-4/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0171/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.3072"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-bladecenter-advanced-management-module-amm-is-affected-by-vulnerabilities-in-libxml2/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.4100/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/6520474"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0845"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0691"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/162694/red-hat-security-advisory-2021-2021-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0099/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4058"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1638/"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/libxml2-infinite-loop-via-xmlstringlendecodeentities-31396"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.3868/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.1744"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022072097"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/158168/red-hat-security-advisory-2020-2646-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021111735"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0319/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0471/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.4513/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-network-security-is-affected-by-multiple-vulnerabilities-2/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0234/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0584"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-6/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.1193"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1564/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-flex-system-chassis-management-module-cmm-is-affected-by-vulnerabilities-in-libxml2/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0864"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.3732"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.0986"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-bootable-media-creator-bomc-is-affected-by-vulnerabilities-in-libxml2/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/159349/red-hat-security-advisory-2020-3996-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-6/"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021091331"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.2604"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/159851/red-hat-security-advisory-2020-4479-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.1242"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021041514"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1826/"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/159639/gentoo-linux-security-advisory-202010-04.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.3102/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.3550"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/161916/red-hat-security-advisory-2021-0949-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-rackswitch-firmware-products-are-affected-by-vulnerabilities-in-libxml2/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-5/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.3631/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.3364/"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20907"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2019-20907"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2020-1971"
          },
          {
            "trust": 0.5,
            "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.4,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17006"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5188"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-12749"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-12401"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1971"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-17006"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-11719"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-17023"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17023"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12243"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12749"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-6829"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-14866"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-8177"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-12403"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12400"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11756"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-11756"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-12243"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-12400"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-11727"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11719"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5094"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11727"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-5188"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-5094"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2019-17498"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17498"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2020-12402"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-20454"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19221"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19906"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-16168"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2020-9327"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2020-13630"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-20387"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5018"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20218"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-13050"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-14889"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2020-1730"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-16935"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-19906"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-13627"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-19221"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2020-6405"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2020-13631"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20387"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-5018"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2020-13632"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2020-14422"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13627"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14889"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16935"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2019-20218"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16168"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12402"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12401"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12403"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20916"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13631"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14422"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13632"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-8492"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13630"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1730"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-20916"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2017-12652"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17546"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14973"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-17546"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12652"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-14973"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-5313"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-1751"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-24659"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-1752"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-10029"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2019-19126"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19126"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/835.html"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949582"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20305"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.5/html/serverless_applications/index"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2018-1000858"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3115"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9327"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3114"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000858"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:2021"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8492"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6405"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3449"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3450"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:1079"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-8625"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-15999"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20228"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3156"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3447"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5313"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20191"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20180"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15999"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20178"
          },
          {
            "trust": 0.1,
            "url": "https://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "https://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17450"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9925"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9802"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9895"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8625"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:0190"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-15165"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14382"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8812"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-3899"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11068"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8819"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-3867"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8720"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9893"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8808"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18197"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-3902"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-18197"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-3900"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8743"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9805"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8820"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9807"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8769"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8710"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8813"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9850"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8710"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8811"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9803"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9862"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-1551"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-3885"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-17450"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-15503"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20807"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-10018"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1551"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8835"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8764"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8844"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-3865"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-3864"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14391"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-3862"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-3901"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8823"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-3895"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15165"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-11793"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8720"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9894"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8816"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9843"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8771"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-3897"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9806"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8814"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8743"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9915"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8815"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8625"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8783"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20807"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27813"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-11068"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8766"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-3868"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8846"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-3894"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-8782"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25211"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:1129"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12723"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25645"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25656"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-28374"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14351"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25705"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.10/html-single/installing_3scale/index"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-29661"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20265"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-0427"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14351"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-19532"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-12723"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-7053"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14040"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14040"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-9283"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0427"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19532"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1240"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-20386"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-18874"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12450"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2020:4255"
          },
          {
            "trust": 0.1,
            "url": "https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-14822"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14822"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20386"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18874"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-14365"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-5482"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5482"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2019-12450"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#low"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:0949"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8177"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.4/cli_reference/openshift_developer_cli/installing-odo.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6829"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2020:4479"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2020:3996"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1752"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:0146"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28362"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless_applications/index"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-24553"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24553"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10029"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24659"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1751"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-28366"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-28362"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28366"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28367"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-28367"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-185720"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-7595"
          },
          {
            "db": "PACKETSTORM",
            "id": "162694"
          },
          {
            "db": "PACKETSTORM",
            "id": "162142"
          },
          {
            "db": "PACKETSTORM",
            "id": "159639"
          },
          {
            "db": "PACKETSTORM",
            "id": "161016"
          },
          {
            "db": "PACKETSTORM",
            "id": "162130"
          },
          {
            "db": "PACKETSTORM",
            "id": "159553"
          },
          {
            "db": "PACKETSTORM",
            "id": "161916"
          },
          {
            "db": "PACKETSTORM",
            "id": "159851"
          },
          {
            "db": "PACKETSTORM",
            "id": "159349"
          },
          {
            "db": "PACKETSTORM",
            "id": "160961"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202001-965"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-7595"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-185720",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-7595",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "162694",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "162142",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "159639",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "161016",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "162130",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "159553",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "161916",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "159851",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "159349",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "160961",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202001-965",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2020-7595",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2020-01-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-185720",
            "ident": null
          },
          {
            "date": "2020-01-21T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-7595",
            "ident": null
          },
          {
            "date": "2021-05-19T14:19:18",
            "db": "PACKETSTORM",
            "id": "162694",
            "ident": null
          },
          {
            "date": "2021-04-09T15:06:13",
            "db": "PACKETSTORM",
            "id": "162142",
            "ident": null
          },
          {
            "date": "2020-10-20T20:13:39",
            "db": "PACKETSTORM",
            "id": "159639",
            "ident": null
          },
          {
            "date": "2021-01-19T14:45:45",
            "db": "PACKETSTORM",
            "id": "161016",
            "ident": null
          },
          {
            "date": "2021-04-08T14:00:00",
            "db": "PACKETSTORM",
            "id": "162130",
            "ident": null
          },
          {
            "date": "2020-10-14T16:52:18",
            "db": "PACKETSTORM",
            "id": "159553",
            "ident": null
          },
          {
            "date": "2021-03-22T15:36:55",
            "db": "PACKETSTORM",
            "id": "161916",
            "ident": null
          },
          {
            "date": "2020-11-04T15:29:08",
            "db": "PACKETSTORM",
            "id": "159851",
            "ident": null
          },
          {
            "date": "2020-09-30T15:43:22",
            "db": "PACKETSTORM",
            "id": "159349",
            "ident": null
          },
          {
            "date": "2021-01-15T15:06:55",
            "db": "PACKETSTORM",
            "id": "160961",
            "ident": null
          },
          {
            "date": "2020-01-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202001-965",
            "ident": null
          },
          {
            "date": "2020-01-21T23:15:13.867000",
            "db": "NVD",
            "id": "CVE-2020-7595",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2022-07-25T00:00:00",
            "db": "VULHUB",
            "id": "VHN-185720",
            "ident": null
          },
          {
            "date": "2023-11-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-7595",
            "ident": null
          },
          {
            "date": "2023-06-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202001-965",
            "ident": null
          },
          {
            "date": "2025-12-03T16:15:54.123000",
            "db": "NVD",
            "id": "CVE-2020-7595",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202001-965"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "libxml2 Security hole",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202001-965"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "_id": null,
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202001-965"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202108-2221

    Vulnerability from variot - Updated: 2026-03-09 20:13

    curl supports the -t command line option, known as CURLOPT_TELNETOPTIONSin libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending NEW_ENV variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application. cURL Exists in the use of uninitialized resources.Information may be obtained. Summary:

    An update is now available for OpenShift Logging 5.1. Solution:

    For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:

    https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html

    For Red Hat OpenShift Logging 5.1, see the following instructions to apply this update:

    https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value


    1. Gentoo Linux Security Advisory GLSA 202212-01

                                           https://security.gentoo.org/
    

    Severity: High Title: curl: Multiple Vulnerabilities Date: December 19, 2022 Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365 ID: 202212-01


    Synopsis

    Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution.

    Background

    A command line tool and library for transferring data with URLs.

    Affected packages

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
    

    1 net-misc/curl < 7.86.0 >= 7.86.0

    Description

    Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details.

    Impact

    Please review the referenced CVE identifiers for details.

    Workaround

    There is no known workaround at this time.

    Resolution

    All curl users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.86.0"

    References

    [ 1 ] CVE-2021-22922 https://nvd.nist.gov/vuln/detail/CVE-2021-22922 [ 2 ] CVE-2021-22923 https://nvd.nist.gov/vuln/detail/CVE-2021-22923 [ 3 ] CVE-2021-22925 https://nvd.nist.gov/vuln/detail/CVE-2021-22925 [ 4 ] CVE-2021-22926 https://nvd.nist.gov/vuln/detail/CVE-2021-22926 [ 5 ] CVE-2021-22945 https://nvd.nist.gov/vuln/detail/CVE-2021-22945 [ 6 ] CVE-2021-22946 https://nvd.nist.gov/vuln/detail/CVE-2021-22946 [ 7 ] CVE-2021-22947 https://nvd.nist.gov/vuln/detail/CVE-2021-22947 [ 8 ] CVE-2022-22576 https://nvd.nist.gov/vuln/detail/CVE-2022-22576 [ 9 ] CVE-2022-27774 https://nvd.nist.gov/vuln/detail/CVE-2022-27774 [ 10 ] CVE-2022-27775 https://nvd.nist.gov/vuln/detail/CVE-2022-27775 [ 11 ] CVE-2022-27776 https://nvd.nist.gov/vuln/detail/CVE-2022-27776 [ 12 ] CVE-2022-27779 https://nvd.nist.gov/vuln/detail/CVE-2022-27779 [ 13 ] CVE-2022-27780 https://nvd.nist.gov/vuln/detail/CVE-2022-27780 [ 14 ] CVE-2022-27781 https://nvd.nist.gov/vuln/detail/CVE-2022-27781 [ 15 ] CVE-2022-27782 https://nvd.nist.gov/vuln/detail/CVE-2022-27782 [ 16 ] CVE-2022-30115 https://nvd.nist.gov/vuln/detail/CVE-2022-30115 [ 17 ] CVE-2022-32205 https://nvd.nist.gov/vuln/detail/CVE-2022-32205 [ 18 ] CVE-2022-32206 https://nvd.nist.gov/vuln/detail/CVE-2022-32206 [ 19 ] CVE-2022-32207 https://nvd.nist.gov/vuln/detail/CVE-2022-32207 [ 20 ] CVE-2022-32208 https://nvd.nist.gov/vuln/detail/CVE-2022-32208 [ 21 ] CVE-2022-32221 https://nvd.nist.gov/vuln/detail/CVE-2022-32221 [ 22 ] CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 [ 23 ] CVE-2022-35260 https://nvd.nist.gov/vuln/detail/CVE-2022-35260 [ 24 ] CVE-2022-42915 https://nvd.nist.gov/vuln/detail/CVE-2022-42915 [ 25 ] CVE-2022-42916 https://nvd.nist.gov/vuln/detail/CVE-2022-42916

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    https://security.gentoo.org/glsa/202212-01

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5 . Description:

    Gatekeeper Operator v0.2

    Gatekeeper is an open source project that applies the OPA Constraint Framework to enforce policies on your Kubernetes clusters.

    This advisory contains the container images for Gatekeeper that include security updates, and container upgrades. For support options for any other use, see the Gatekeeper open source project website at: https://open-policy-agent.github.io/gatekeeper/website/docs/howto/.

    Security updates:

    • golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)

    • golang: crypto/elliptic IsOnCurve returns true for invalid field elements (CVE-2022-23806)

    • Solution:

    Before applying this update, make sure all previously released errata relevant to your system have been applied.

    The requirements to apply the upgraded images are different whether or not you used the operator. Complete the following steps, depending on your installation:

      • Upgrade gatekeeper operator: The gatekeeper operator that is installed by the gatekeeper operator policy has installPlanApproval set to Automatic. This setting means the operator will be upgraded automatically when there is a new version of the operator. No further action is required for upgrade. If you changed the setting for installPlanApproval to manual, then you must view each cluster to manually approve the upgrade to the operator.
      • Upgrade gatekeeper without the operator: The gatekeeper version is specified as part of the Gatekeeper CR in the gatekeeper operator policy. To upgrade the gatekeeper version: a) Determine the latest version of gatekeeper by visiting: https://catalog.redhat.com/software/containers/rhacm2/gatekeeper-rhel8/5fadb4a18d9a79d2f438a5d9. b) Click the tag dropdown, and find the latest static tag. An example tag is 'v3.3.0-1'. c) Edit the gatekeeper operator policy and update the image tag to use the latest static tag. For example, you might change this line to image: 'registry.redhat.io/rhacm2/gatekeeper-rhel8:v3.3.0-1'. Bugs fixed (https://bugzilla.redhat.com/):

    2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2053429 - CVE-2022-23806 golang: crypto/elliptic IsOnCurve returns true for invalid field elements

    1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6

    macOS Big Sur 11.6 addresses the following issues.

    CoreGraphics Available for: macOS Big Sur Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: An integer overflow was addressed with improved input validation. CVE-2021-30860: The Citizen Lab

    CUPS Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A permissions issue existed. This issue was addressed with improved permission validation. CVE-2021-30827: an anonymous researcher Entry added September 20, 2021

    CUPS Available for: macOS Big Sur Impact: A local user may be able to read arbitrary files as root Description: This issue was addressed with improved checks. CVE-2021-30828: an anonymous researcher Entry added September 20, 2021

    CUPS Available for: macOS Big Sur Impact: A local user may be able to execute arbitrary files Description: A URI parsing issue was addressed with improved parsing. CVE-2021-22925 Entry added September 20, 2021

    CVMS Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A memory corruption issue was addressed with improved state management. CVE-2021-30832: Mickey Jin (@patch1t) of Trend Micro Entry added September 20, 2021

    FontParser Available for: macOS Big Sur Impact: Processing a maliciously crafted dfont file may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab Entry added September 20, 2021

    Gatekeeper Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2021-30853: Gordon Long (@ethicalhax) of Box, Inc. Entry added September 20, 2021

    ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30847: Mike Zhang of Pangu Lab Entry added September 20, 2021

    Kernel Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30830: Zweig of Kunlun Lab Entry added September 20, 2021

    Kernel Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30865: Zweig of Kunlun Lab Entry added September 20, 2021

    Kernel Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2021-30857: Zweig of Kunlun Lab Entry added September 20, 2021

    Kernel Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2021-30859: Apple Entry added September 20, 2021

    libexpat Available for: macOS Big Sur Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed by updating expat to version 2.4.1. CVE-2013-0340: an anonymous researcher Entry added September 20, 2021

    Preferences Available for: macOS Big Sur Impact: An application may be able to access restricted files Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. CVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) Entry added September 20, 2021

    Sandbox Available for: macOS Big Sur Impact: A user may gain access to protected parts of the file system Description: An access issue was addressed with improved access restrictions. CVE-2021-30850: an anonymous researcher Entry added September 20, 2021

    SMB Available for: macOS Big Sur Impact: A local user may be able to read kernel memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30845: Peter Nguyen Vu Hoang of STAR Labs Entry added September 20, 2021

    SMB Available for: macOS Big Sur Impact: A remote attacker may be able to leak memory Description: A logic issue was addressed with improved state management. CVE-2021-30844: Peter Nguyen Vu Hoang of STAR Labs Entry added September 20, 2021

    WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A use after free issue was addressed with improved memory management. CVE-2021-30858: an anonymous researcher

    Additional recognition

    APFS We would like to acknowledge Koh M. Nakagawa of FFRI Security, Inc. for their assistance. Entry added September 20, 2021

    App Support We would like to acknowledge @CodeColorist, an anonymous researcher for their assistance. Entry added September 20, 2021

    CoreML We would like to acknowledge hjy79425575 working with Trend Micro Zero Day Initiative for their assistance. Entry added September 20, 2021

    CUPS We would like to acknowledge an anonymous researcher for their assistance. Entry added September 20, 2021

    Kernel We would like to acknowledge Anthony Steinhauser of Google's Safeside project for their assistance. Entry added September 20, 2021

    Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. Entry added September 20, 2021

    smbx We would like to acknowledge Zhongcheng Li (CK01) for their assistance. Entry added September 20, 2021

    Installation note:

    This update may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/

    Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

    This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFI888ACgkQeC9qKD1p rhi/Bg/9GiqXl8sxPjDpATJqneZ1GcAxWxBZgkFrcLV/cMwrVqniWsOeVHqHjMSY eJUkGehUtKsYE0g8Uk0qJqOUl3dxxGJpIDytOQJB3TFdd1BpZSK/tOChVem1JV1B +CMhqDnmR/u7bLqfCr1p6J5QJNHjTjgBA4RthdzZZ52pLGql7/2qfaJwpeHkheS4 5EKmch8zh0CGRqrUTg1HgY67ierNsz47jIU6n7UeMwjskRU3xM9VqJ9s4eKGAtSv 4Ry16pv0xUZ4cmL5EiLm2/eFbY8ByCji7jYPP0POBO4l518TGpaX2PaZBP9v0rrD t6cPEZHnsRaZ49OYak6z9iA8teKGSs6aCMuzSxExvlT8+YySf1o1nefbRH/tZMfn bwSO0ZyPsS9WYyuG/zX08U3CKOTkjqhLaOwVwte+cAeg2QS85aa9XPMG6PKcpyfu R7auxS92+Dg+R+97dAsI9TprSutCTw4iY8lyK9MVJSnh+zQSZEihUh4EaSufTHRC NlOSHvsTfXqsHaeed6sVKyX4ADHCUvRbCCIrqJKUs6waNd2T2XF7SzvgTSDJMHU9 4AL/jpnltTjDJTtMO999VZKNzYurrGiHvBs5zHWr91+eaHW8YGdsDERsX3BFYLe3 85i+Yge0iXlP7mT32cWxIw4AWDFITFiHnmV1/cdsCd2GIkqkhFw= =9bjT -----END PGP SIGNATURE-----

    . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ===================================================================== Red Hat Security Advisory

    Synopsis: Moderate: ACS 3.67 security and enhancement update Advisory ID: RHSA-2021:4902-01 Product: RHACS Advisory URL: https://access.redhat.com/errata/RHSA-2021:4902 Issue date: 2021-12-01 CVE Names: CVE-2018-20673 CVE-2019-5827 CVE-2019-13750 CVE-2019-13751 CVE-2019-17594 CVE-2019-17595 CVE-2019-18218 CVE-2019-19603 CVE-2019-20838 CVE-2020-12762 CVE-2020-13435 CVE-2020-14155 CVE-2020-16135 CVE-2020-24370 CVE-2020-27304 CVE-2021-3200 CVE-2021-3445 CVE-2021-3580 CVE-2021-3749 CVE-2021-3800 CVE-2021-3801 CVE-2021-20231 CVE-2021-20232 CVE-2021-20266 CVE-2021-22876 CVE-2021-22898 CVE-2021-22925 CVE-2021-23343 CVE-2021-23840 CVE-2021-23841 CVE-2021-27645 CVE-2021-28153 CVE-2021-29923 CVE-2021-32690 CVE-2021-33560 CVE-2021-33574 CVE-2021-35942 CVE-2021-36084 CVE-2021-36085 CVE-2021-36086 CVE-2021-36087 CVE-2021-39293 =====================================================================

    1. Summary:

    Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS).

    Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Description:

    The release of RHACS 3.67 provides the following new features, bug fixes, security patches and system changes:

    OpenShift Dedicated support

    RHACS 3.67 is thoroughly tested and supported on OpenShift Dedicated on Amazon Web Services and Google Cloud Platform.

    1. Use OpenShift OAuth server as an identity provider If you are using RHACS with OpenShift, you can now configure the built-in OpenShift OAuth server as an identity provider for RHACS.

    2. Enhancements for CI outputs Red Hat has improved the usability of RHACS CI integrations. CI outputs now show additional detailed information about the vulnerabilities and the security policies responsible for broken builds.

    3. Runtime Class policy criteria Users can now use RHACS to define the container runtime configuration that may be used to run a pod’s containers using the Runtime Class policy criteria.

    Security Fix(es):

    • civetweb: directory traversal when using the built-in example HTTP form-based file upload mechanism via the mg_handle_form_request API (CVE-2020-27304)

    • nodejs-axios: Regular expression denial of service in trim function (CVE-2021-3749)

    • nodejs-prismjs: ReDoS vulnerability (CVE-2021-3801)

    • golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)

    • helm: information disclosure vulnerability (CVE-2021-32690)

    • golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196) (CVE-2021-39293)

    • nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe (CVE-2021-23343)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    Bug Fixes The release of RHACS 3.67 includes the following bug fixes:

    1. Previously, when using RHACS with the Compliance Operator integration, RHACS did not respect or populate Compliance Operator TailoredProfiles. This has been fixed.

    2. Previously, the Alpine Linux package manager (APK) in Image policy looked for the presence of apk package in the image rather than the apk-tools package. This issue has been fixed.

    System changes The release of RHACS 3.67 includes the following system changes:

    1. Scanner now identifies vulnerabilities in Ubuntu 21.10 images.
    2. The Port exposure method policy criteria now include route as an exposure method.
    3. The OpenShift: Kubeadmin Secret Accessed security policy now allows the OpenShift Compliance Operator to check for the existence of the Kubeadmin secret without creating a violation.
    4. The OpenShift Compliance Operator integration now supports using TailoredProfiles.
    5. The RHACS Jenkins plugin now provides additional security information.
    6. When you enable the environment variable ROX_NETWORK_ACCESS_LOG for Central, the logs contain the Request URI and X-Forwarded-For header values.
    7. The default uid:gid pair for the Scanner image is now 65534:65534.
    8. RHACS adds a new default Scope Manager role that includes minimum permissions to create and modify access scopes.
    9. If microdnf is part of an image or shows up in process execution, RHACS reports it as a security violation for the Red Hat Package Manager in Image or the Red Hat Package Manager Execution security policies.
    10. In addition to manually uploading vulnerability definitions in offline mode, you can now upload definitions in online mode.
    11. You can now format the output of the following roxctl CLI commands in table, csv, or JSON format: image scan, image check & deployment check
    12. You can now use a regular expression for the deployment name while specifying policy exclusions

    13. Solution:

    To take advantage of these new features, fixes and changes, please upgrade Red Hat Advanced Cluster Security for Kubernetes to version 3.67.

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe 1978144 - CVE-2021-32690 helm: information disclosure vulnerability 1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet 1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function 2005445 - CVE-2021-3801 nodejs-prismjs: ReDoS vulnerability 2006044 - CVE-2021-39293 golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196) 2016640 - CVE-2020-27304 civetweb: directory traversal when using the built-in example HTTP form-based file upload mechanism via the mg_handle_form_request API

    1. JIRA issues fixed (https://issues.jboss.org/):

    RHACS-65 - Release RHACS 3.67.0

    1. References:

    https://access.redhat.com/security/cve/CVE-2018-20673 https://access.redhat.com/security/cve/CVE-2019-5827 https://access.redhat.com/security/cve/CVE-2019-13750 https://access.redhat.com/security/cve/CVE-2019-13751 https://access.redhat.com/security/cve/CVE-2019-17594 https://access.redhat.com/security/cve/CVE-2019-17595 https://access.redhat.com/security/cve/CVE-2019-18218 https://access.redhat.com/security/cve/CVE-2019-19603 https://access.redhat.com/security/cve/CVE-2019-20838 https://access.redhat.com/security/cve/CVE-2020-12762 https://access.redhat.com/security/cve/CVE-2020-13435 https://access.redhat.com/security/cve/CVE-2020-14155 https://access.redhat.com/security/cve/CVE-2020-16135 https://access.redhat.com/security/cve/CVE-2020-24370 https://access.redhat.com/security/cve/CVE-2020-27304 https://access.redhat.com/security/cve/CVE-2021-3200 https://access.redhat.com/security/cve/CVE-2021-3445 https://access.redhat.com/security/cve/CVE-2021-3580 https://access.redhat.com/security/cve/CVE-2021-3749 https://access.redhat.com/security/cve/CVE-2021-3800 https://access.redhat.com/security/cve/CVE-2021-3801 https://access.redhat.com/security/cve/CVE-2021-20231 https://access.redhat.com/security/cve/CVE-2021-20232 https://access.redhat.com/security/cve/CVE-2021-20266 https://access.redhat.com/security/cve/CVE-2021-22876 https://access.redhat.com/security/cve/CVE-2021-22898 https://access.redhat.com/security/cve/CVE-2021-22925 https://access.redhat.com/security/cve/CVE-2021-23343 https://access.redhat.com/security/cve/CVE-2021-23840 https://access.redhat.com/security/cve/CVE-2021-23841 https://access.redhat.com/security/cve/CVE-2021-27645 https://access.redhat.com/security/cve/CVE-2021-28153 https://access.redhat.com/security/cve/CVE-2021-29923 https://access.redhat.com/security/cve/CVE-2021-32690 https://access.redhat.com/security/cve/CVE-2021-33560 https://access.redhat.com/security/cve/CVE-2021-33574 https://access.redhat.com/security/cve/CVE-2021-35942 https://access.redhat.com/security/cve/CVE-2021-36084 https://access.redhat.com/security/cve/CVE-2021-36085 https://access.redhat.com/security/cve/CVE-2021-36086 https://access.redhat.com/security/cve/CVE-2021-36087 https://access.redhat.com/security/cve/CVE-2021-39293 https://access.redhat.com/security/updates/classification/#moderate

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBYafeGdzjgjWX9erEAQgZ8Q/9H5ov4ZfKZszdJu0WvRMetEt6DMU2RTZr Kjv4h4FnmsMDYYDocnkFvsRjcpdGxtoUShAqD6+FrTNXjPtA/v1tsQTJzhg4o50w tKa9T4aHfrYXjGvWgQXJJEGmGaYMYePUOv77x6pLfMB+FmgfOtb8kzOdNzAtqX3e lq8b2DrQuPSRiWkUgFM2hmS7OtUsqTIShqWu67HJdOY74qDN4DGp7GnG6inCrUjV x4/4X5Fb7JrAYiy57C5eZwYW61HmrG7YHk9SZTRYgRW0rfgLncVsny4lX1871Ch2 e8ttu0EJFM1EJyuCJwJd1Q+rhua6S1VSY+etLUuaYme5DtvozLXQTLUK31qAq/hK qnLYQjaSieea9j1dV6YNHjnvV0XGczyZYwzmys/CNVUxwvSHr1AJGmQ3zDeOt7Qz vguWmPzyiob3RtHjfUlUpPYeI6HVug801YK6FAoB9F2BW2uHVgbtKOwG5pl5urJt G4taizPtH8uJj5hem5nHnSE1sVGTiStb4+oj2LQonRkgLQ2h7tsX8Z8yWM/3TwUT PTBX9AIHwt8aCx7XxTeEIs0H9B1T9jYfy06o9H2547un9sBoT0Sm7fqKuJKic8N/ pJ2kXBiVJ9B4G+JjWe8rh1oC1yz5Q5/5HZ19VYBjHhYEhX4s9s2YsF1L1uMoT3NN T0pPNmsPGZY= =ux5P -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Summary:

    The Migration Toolkit for Containers (MTC) 1.5.2 is now available. Description:

    The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.

    Security Fix(es):

    • nodejs-immer: prototype pollution may lead to DoS or remote code execution (CVE-2021-3757)

    • mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:

    For details on how to install and use MTC, refer to:

    https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html

    1. Bugs fixed (https://bugzilla.redhat.com/):

    2000734 - CVE-2021-3757 nodejs-immer: prototype pollution may lead to DoS or remote code execution 2005438 - Combining Rsync and Stunnel in a single pod can degrade performance (1.5 backport) 2006842 - MigCluster CR remains in "unready" state and source registry is inaccessible after temporary shutdown of source cluster 2007429 - "oc describe" and "oc log" commands on "Migration resources" tree cannot be copied after failed migration 2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)

    1. Solution:

    See the Red Hat OpenShift Container Platform 4.6 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index See the Red Hat OpenShift Container Platform 4.7 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index See the Red Hat OpenShift Container Platform 4.8 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index See the Red Hat OpenShift Container Platform 4.9 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index

    4

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "h300s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "h410s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "macos",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "11.0.1"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.1.0"
          },
          {
            "_id": null,
            "model": "h700s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "macos",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "11.3"
          },
          {
            "_id": null,
            "model": "macos",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "11.3.1"
          },
          {
            "_id": null,
            "model": "sinema remote connect server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "macos",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "11.4"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.0.6"
          },
          {
            "_id": null,
            "model": "sinec infrastructure network services",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "1.0.1.1"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "9.0.0"
          },
          {
            "_id": null,
            "model": "macos",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "mysql server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.0.26"
          },
          {
            "_id": null,
            "model": "hci management node",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "macos",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "33"
          },
          {
            "_id": null,
            "model": "mysql server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "5.7.0"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "8.2.0"
          },
          {
            "_id": null,
            "model": "macos",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "11.5"
          },
          {
            "_id": null,
            "model": "solidfire",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "mysql server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.0.0"
          },
          {
            "_id": null,
            "model": "macos",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "macos",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "universal forwarder",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "splunk",
            "version": "8.2.12"
          },
          {
            "_id": null,
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.58"
          },
          {
            "_id": null,
            "model": "clustered data ontap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.57"
          },
          {
            "_id": null,
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "8.59"
          },
          {
            "_id": null,
            "model": "h500e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "h700e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "mysql server",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "5.7.35"
          },
          {
            "_id": null,
            "model": "h300e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "cloud backup",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.78.0"
          },
          {
            "_id": null,
            "model": "mac os x",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "10.15.7"
          },
          {
            "_id": null,
            "model": "h500s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "curl",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "haxx",
            "version": "7.7"
          },
          {
            "_id": null,
            "model": "macos",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apple",
            "version": "11.1"
          },
          {
            "_id": null,
            "model": "apple mac os x",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a2\u30c3\u30d7\u30eb",
            "version": null
          },
          {
            "_id": null,
            "model": "hci management node",
            "scope": null,
            "trust": 0.8,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": null,
            "trust": 0.8,
            "vendor": "fedora",
            "version": null
          },
          {
            "_id": null,
            "model": "macos",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a2\u30c3\u30d7\u30eb",
            "version": null
          },
          {
            "_id": null,
            "model": "mysql",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30aa\u30e9\u30af\u30eb",
            "version": null
          },
          {
            "_id": null,
            "model": "solidfire",
            "scope": null,
            "trust": 0.8,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "peoplesoft enterprise peopletools",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30aa\u30e9\u30af\u30eb",
            "version": null
          },
          {
            "_id": null,
            "model": "sinec infrastructure network services",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
            "version": null
          },
          {
            "_id": null,
            "model": "ontap",
            "scope": null,
            "trust": 0.8,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "curl",
            "scope": null,
            "trust": 0.8,
            "vendor": "haxx",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009763"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22925"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "165286"
          },
          {
            "db": "PACKETSTORM",
            "id": "165287"
          },
          {
            "db": "PACKETSTORM",
            "id": "166489"
          },
          {
            "db": "PACKETSTORM",
            "id": "165129"
          },
          {
            "db": "PACKETSTORM",
            "id": "165099"
          },
          {
            "db": "PACKETSTORM",
            "id": "165862"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-22925",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2021-22925",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-381399",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-22925",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2021-22925",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-22925",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-22925",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "VULHUB",
                "id": "VHN-381399",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381399"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009763"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22925"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application. cURL Exists in the use of uninitialized resources.Information may be obtained. Summary:\n\nAn update is now available for OpenShift Logging 5.1. Solution:\n\nFor OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.1, see the following instructions to apply\nthis update:\n\nhttps://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1944888 - CVE-2021-21409 netty: Request smuggling via content-length header\n2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data\n2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way\n2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value\n\n5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202212-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: curl: Multiple Vulnerabilities\n     Date: December 19, 2022\n     Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365\n       ID: 202212-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in curl, the worst of which\ncould result in arbitrary code execution. \n\nBackground\n=========\nA command line tool and library for transferring data with URLs. \n\nAffected packages\n================\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-misc/curl              \u003c 7.86.0                    \u003e= 7.86.0\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in curl. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll curl users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-misc/curl-7.86.0\"\n\nReferences\n=========\n[ 1 ] CVE-2021-22922\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22922\n[ 2 ] CVE-2021-22923\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22923\n[ 3 ] CVE-2021-22925\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22925\n[ 4 ] CVE-2021-22926\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22926\n[ 5 ] CVE-2021-22945\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22945\n[ 6 ] CVE-2021-22946\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22946\n[ 7 ] CVE-2021-22947\n      https://nvd.nist.gov/vuln/detail/CVE-2021-22947\n[ 8 ] CVE-2022-22576\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22576\n[ 9 ] CVE-2022-27774\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27774\n[ 10 ] CVE-2022-27775\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27775\n[ 11 ] CVE-2022-27776\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27776\n[ 12 ] CVE-2022-27779\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27779\n[ 13 ] CVE-2022-27780\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27780\n[ 14 ] CVE-2022-27781\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27781\n[ 15 ] CVE-2022-27782\n      https://nvd.nist.gov/vuln/detail/CVE-2022-27782\n[ 16 ] CVE-2022-30115\n      https://nvd.nist.gov/vuln/detail/CVE-2022-30115\n[ 17 ] CVE-2022-32205\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32205\n[ 18 ] CVE-2022-32206\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32206\n[ 19 ] CVE-2022-32207\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32207\n[ 20 ] CVE-2022-32208\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32208\n[ 21 ] CVE-2022-32221\n      https://nvd.nist.gov/vuln/detail/CVE-2022-32221\n[ 22 ] CVE-2022-35252\n      https://nvd.nist.gov/vuln/detail/CVE-2022-35252\n[ 23 ] CVE-2022-35260\n      https://nvd.nist.gov/vuln/detail/CVE-2022-35260\n[ 24 ] CVE-2022-42915\n      https://nvd.nist.gov/vuln/detail/CVE-2022-42915\n[ 25 ] CVE-2022-42916\n      https://nvd.nist.gov/vuln/detail/CVE-2022-42916\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202212-01\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. Description:\n\nGatekeeper Operator v0.2\n\nGatekeeper is an open source project that applies the OPA Constraint\nFramework to enforce policies on your Kubernetes clusters. \n\nThis advisory contains the container images for Gatekeeper that include\nsecurity updates, and container upgrades. For support options for any other use, see the Gatekeeper\nopen source project website at:\nhttps://open-policy-agent.github.io/gatekeeper/website/docs/howto/. \n\nSecurity updates:\n\n* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)\n\n* golang: crypto/elliptic IsOnCurve returns true for invalid field elements\n(CVE-2022-23806)\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThe requirements to apply the upgraded images are different whether or not\nyou\nused the operator. Complete the following steps, depending on your\ninstallation:\n\n- - Upgrade gatekeeper operator:\nThe gatekeeper operator that is installed by the gatekeeper operator policy\nhas\n`installPlanApproval` set to `Automatic`. This setting means the operator\nwill\nbe upgraded automatically when there is a new version of the operator. No\nfurther action is required for upgrade. If you changed the setting for\n`installPlanApproval` to `manual`, then you must view each cluster to\nmanually\napprove the upgrade to the operator. \n\n- - Upgrade gatekeeper without the operator:\nThe gatekeeper version is specified as part of the Gatekeeper CR in the\ngatekeeper operator policy. To upgrade the gatekeeper version:\na) Determine the latest version of gatekeeper by visiting:\nhttps://catalog.redhat.com/software/containers/rhacm2/gatekeeper-rhel8/5fadb4a18d9a79d2f438a5d9. \nb) Click the tag dropdown, and find the latest static tag. An example tag\nis\n\u0027v3.3.0-1\u0027. \nc) Edit the gatekeeper operator policy and update the image tag to use the\nlatest static tag. For example, you might change this line to image:\n\u0027registry.redhat.io/rhacm2/gatekeeper-rhel8:v3.3.0-1\u0027. Bugs fixed (https://bugzilla.redhat.com/):\n\n2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic\n2053429 - CVE-2022-23806 golang: crypto/elliptic IsOnCurve returns true for invalid field elements\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-09-20-7 Additional information for \nAPPLE-SA-2021-09-13-3 macOS Big Sur 11.6\n\nmacOS Big Sur 11.6 addresses the following issues. \n\nCoreGraphics\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted PDF may lead to arbitrary\ncode execution. Apple is aware of a report that this issue may have\nbeen actively exploited. \nDescription: An integer overflow was addressed with improved input\nvalidation. \nCVE-2021-30860: The Citizen Lab\n\nCUPS\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to elevate their privileges\nDescription: A permissions issue existed. This issue was addressed\nwith improved permission validation. \nCVE-2021-30827: an anonymous researcher\nEntry added September 20, 2021\n\nCUPS\nAvailable for: macOS Big Sur\nImpact: A local user may be able to read arbitrary files as root\nDescription: This issue was addressed with improved checks. \nCVE-2021-30828: an anonymous researcher\nEntry added September 20, 2021\n\nCUPS\nAvailable for: macOS Big Sur\nImpact: A local user may be able to execute arbitrary files\nDescription: A URI parsing issue was addressed with improved parsing. \nCVE-2021-22925\nEntry added September 20, 2021\n\nCVMS\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to elevate their privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-30832: Mickey Jin (@patch1t) of Trend Micro\nEntry added September 20, 2021\n\nFontParser\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted dfont file may lead to\narbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab\nEntry added September 20, 2021\n\nGatekeeper\nAvailable for: macOS Big Sur\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: This issue was addressed with improved checks. \nCVE-2021-30853: Gordon Long (@ethicalhax) of Box, Inc. \nEntry added September 20, 2021\n\nImageIO\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30847: Mike Zhang of Pangu Lab\nEntry added September 20, 2021\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2021-30830: Zweig of Kunlun Lab\nEntry added September 20, 2021\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-30865: Zweig of Kunlun Lab\nEntry added September 20, 2021\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A race condition was addressed with improved locking. \nCVE-2021-30857: Zweig of Kunlun Lab\nEntry added September 20, 2021\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2021-30859: Apple\nEntry added September 20, 2021\n\nlibexpat\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause a denial of service\nDescription: This issue was addressed by updating expat to version\n2.4.1. \nCVE-2013-0340: an anonymous researcher\nEntry added September 20, 2021\n\nPreferences\nAvailable for: macOS Big Sur\nImpact: An application may be able to access restricted files\nDescription: A validation issue existed in the handling of symlinks. \nThis issue was addressed with improved validation of symlinks. \nCVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\nEntry added September 20, 2021\n\nSandbox\nAvailable for: macOS Big Sur\nImpact: A user may gain access to protected parts of the file system\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2021-30850: an anonymous researcher\nEntry added September 20, 2021\n\nSMB\nAvailable for: macOS Big Sur\nImpact: A local user may be able to read kernel memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-30845: Peter Nguyen Vu Hoang of STAR Labs\nEntry added September 20, 2021\n\nSMB\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to leak memory\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30844: Peter Nguyen Vu Hoang of STAR Labs\nEntry added September 20, 2021\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution. Apple is aware of a report that this issue\nmay have been actively exploited. \nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-30858: an anonymous researcher\n\nAdditional recognition\n\nAPFS\nWe would like to acknowledge Koh M. Nakagawa of FFRI Security, Inc. \nfor their assistance. \nEntry added September 20, 2021\n\nApp Support\nWe would like to acknowledge @CodeColorist, an anonymous researcher\nfor their assistance. \nEntry added September 20, 2021\n\nCoreML\nWe would like to acknowledge hjy79425575 working with Trend Micro\nZero Day Initiative for their assistance. \nEntry added September 20, 2021\n\nCUPS\nWe would like to acknowledge an anonymous researcher for their\nassistance. \nEntry added September 20, 2021\n\nKernel\nWe would like to acknowledge Anthony Steinhauser of Google\u0027s Safeside\nproject for their assistance. \nEntry added September 20, 2021\n\nSandbox\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \nEntry added September 20, 2021\n\nsmbx\nWe would like to acknowledge Zhongcheng Li (CK01) for their\nassistance. \nEntry added September 20, 2021\n\nInstallation note:\n\nThis update may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFI888ACgkQeC9qKD1p\nrhi/Bg/9GiqXl8sxPjDpATJqneZ1GcAxWxBZgkFrcLV/cMwrVqniWsOeVHqHjMSY\neJUkGehUtKsYE0g8Uk0qJqOUl3dxxGJpIDytOQJB3TFdd1BpZSK/tOChVem1JV1B\n+CMhqDnmR/u7bLqfCr1p6J5QJNHjTjgBA4RthdzZZ52pLGql7/2qfaJwpeHkheS4\n5EKmch8zh0CGRqrUTg1HgY67ierNsz47jIU6n7UeMwjskRU3xM9VqJ9s4eKGAtSv\n4Ry16pv0xUZ4cmL5EiLm2/eFbY8ByCji7jYPP0POBO4l518TGpaX2PaZBP9v0rrD\nt6cPEZHnsRaZ49OYak6z9iA8teKGSs6aCMuzSxExvlT8+YySf1o1nefbRH/tZMfn\nbwSO0ZyPsS9WYyuG/zX08U3CKOTkjqhLaOwVwte+cAeg2QS85aa9XPMG6PKcpyfu\nR7auxS92+Dg+R+97dAsI9TprSutCTw4iY8lyK9MVJSnh+zQSZEihUh4EaSufTHRC\nNlOSHvsTfXqsHaeed6sVKyX4ADHCUvRbCCIrqJKUs6waNd2T2XF7SzvgTSDJMHU9\n4AL/jpnltTjDJTtMO999VZKNzYurrGiHvBs5zHWr91+eaHW8YGdsDERsX3BFYLe3\n85i+Yge0iXlP7mT32cWxIw4AWDFITFiHnmV1/cdsCd2GIkqkhFw=\n=9bjT\n-----END PGP SIGNATURE-----\n\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: ACS 3.67 security and enhancement update\nAdvisory ID:       RHSA-2021:4902-01\nProduct:           RHACS\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2021:4902\nIssue date:        2021-12-01\nCVE Names:         CVE-2018-20673 CVE-2019-5827 CVE-2019-13750 \n                   CVE-2019-13751 CVE-2019-17594 CVE-2019-17595 \n                   CVE-2019-18218 CVE-2019-19603 CVE-2019-20838 \n                   CVE-2020-12762 CVE-2020-13435 CVE-2020-14155 \n                   CVE-2020-16135 CVE-2020-24370 CVE-2020-27304 \n                   CVE-2021-3200 CVE-2021-3445 CVE-2021-3580 \n                   CVE-2021-3749 CVE-2021-3800 CVE-2021-3801 \n                   CVE-2021-20231 CVE-2021-20232 CVE-2021-20266 \n                   CVE-2021-22876 CVE-2021-22898 CVE-2021-22925 \n                   CVE-2021-23343 CVE-2021-23840 CVE-2021-23841 \n                   CVE-2021-27645 CVE-2021-28153 CVE-2021-29923 \n                   CVE-2021-32690 CVE-2021-33560 CVE-2021-33574 \n                   CVE-2021-35942 CVE-2021-36084 CVE-2021-36085 \n                   CVE-2021-36086 CVE-2021-36087 CVE-2021-39293 \n=====================================================================\n\n1. Summary:\n\nUpdated images are now available for Red Hat Advanced Cluster Security for\nKubernetes (RHACS). \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nThe release of RHACS 3.67 provides the following new features, bug fixes,\nsecurity patches and system changes:\n\nOpenShift Dedicated support\n\nRHACS 3.67 is thoroughly tested and supported on OpenShift Dedicated on\nAmazon Web Services and Google Cloud Platform. \n\n1. Use OpenShift OAuth server as an identity provider\nIf you are using RHACS with OpenShift, you can now configure the built-in\nOpenShift OAuth server as an identity provider for RHACS. \n\n2. Enhancements for CI outputs\nRed Hat has improved the usability of RHACS CI integrations. CI outputs now\nshow additional detailed information about the vulnerabilities and the\nsecurity policies responsible for broken builds. \n\n3. Runtime Class policy criteria\nUsers can now use RHACS to define the container runtime configuration that\nmay be used to run a pod\u2019s containers using the Runtime Class policy\ncriteria. \n\nSecurity Fix(es):\n\n* civetweb: directory traversal when using the built-in example HTTP\nform-based file upload mechanism via the mg_handle_form_request API\n(CVE-2020-27304)\n\n* nodejs-axios: Regular expression denial of service in trim function\n(CVE-2021-3749)\n\n* nodejs-prismjs: ReDoS vulnerability (CVE-2021-3801)\n\n* golang: net: incorrect parsing of extraneous zero characters at the\nbeginning of an IP address octet (CVE-2021-29923)\n\n* helm: information disclosure vulnerability (CVE-2021-32690)\n\n* golang: archive/zip: malformed archive may cause panic or memory\nexhaustion (incomplete fix of CVE-2021-33196) (CVE-2021-39293)\n\n* nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe\n(CVE-2021-23343)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fixes\nThe release of RHACS 3.67 includes the following bug fixes:\n\n1. Previously, when using RHACS with the Compliance Operator integration,\nRHACS did not respect or populate Compliance Operator TailoredProfiles. \nThis has been fixed. \n\n2. Previously, the Alpine Linux package manager (APK) in Image policy\nlooked for the presence of apk package in the image rather than the\napk-tools package. This issue has been fixed. \n\nSystem changes\nThe release of RHACS 3.67 includes the following system changes:\n\n1. Scanner now identifies vulnerabilities in Ubuntu 21.10 images. \n2. The Port exposure method policy criteria now include route as an\nexposure method. \n3. The OpenShift: Kubeadmin Secret Accessed security policy now allows the\nOpenShift Compliance Operator to check for the existence of the Kubeadmin\nsecret without creating a violation. \n4. The OpenShift Compliance Operator integration now supports using\nTailoredProfiles. \n5. The RHACS Jenkins plugin now provides additional security information. \n6. When you enable the environment variable ROX_NETWORK_ACCESS_LOG for\nCentral, the logs contain the Request URI and X-Forwarded-For header\nvalues. \n7. The default uid:gid pair for the Scanner image is now 65534:65534. \n8. RHACS adds a new default Scope Manager role that includes minimum\npermissions to create and modify access scopes. \n9. If microdnf is part of an image or shows up in process execution, RHACS\nreports it as a security violation for the Red Hat Package Manager in Image\nor the Red Hat Package Manager Execution security policies. \n10. In addition to manually uploading vulnerability definitions in offline\nmode, you can now upload definitions in online mode. \n11. You can now format the output of the following roxctl CLI commands in\ntable, csv, or JSON format: image scan, image check \u0026 deployment check\n12. You can now use a regular expression for the deployment name while\nspecifying policy exclusions\n\n3. Solution:\n\nTo take advantage of these new features, fixes and changes, please upgrade\nRed Hat Advanced Cluster Security for Kubernetes to version 3.67. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe\n1978144 - CVE-2021-32690 helm: information disclosure vulnerability\n1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet\n1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function\n2005445 - CVE-2021-3801 nodejs-prismjs: ReDoS vulnerability\n2006044 - CVE-2021-39293 golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196)\n2016640 - CVE-2020-27304 civetweb: directory traversal when using the built-in example HTTP form-based file upload mechanism via the mg_handle_form_request API\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nRHACS-65 - Release RHACS 3.67.0\n\n6. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-20673\nhttps://access.redhat.com/security/cve/CVE-2019-5827\nhttps://access.redhat.com/security/cve/CVE-2019-13750\nhttps://access.redhat.com/security/cve/CVE-2019-13751\nhttps://access.redhat.com/security/cve/CVE-2019-17594\nhttps://access.redhat.com/security/cve/CVE-2019-17595\nhttps://access.redhat.com/security/cve/CVE-2019-18218\nhttps://access.redhat.com/security/cve/CVE-2019-19603\nhttps://access.redhat.com/security/cve/CVE-2019-20838\nhttps://access.redhat.com/security/cve/CVE-2020-12762\nhttps://access.redhat.com/security/cve/CVE-2020-13435\nhttps://access.redhat.com/security/cve/CVE-2020-14155\nhttps://access.redhat.com/security/cve/CVE-2020-16135\nhttps://access.redhat.com/security/cve/CVE-2020-24370\nhttps://access.redhat.com/security/cve/CVE-2020-27304\nhttps://access.redhat.com/security/cve/CVE-2021-3200\nhttps://access.redhat.com/security/cve/CVE-2021-3445\nhttps://access.redhat.com/security/cve/CVE-2021-3580\nhttps://access.redhat.com/security/cve/CVE-2021-3749\nhttps://access.redhat.com/security/cve/CVE-2021-3800\nhttps://access.redhat.com/security/cve/CVE-2021-3801\nhttps://access.redhat.com/security/cve/CVE-2021-20231\nhttps://access.redhat.com/security/cve/CVE-2021-20232\nhttps://access.redhat.com/security/cve/CVE-2021-20266\nhttps://access.redhat.com/security/cve/CVE-2021-22876\nhttps://access.redhat.com/security/cve/CVE-2021-22898\nhttps://access.redhat.com/security/cve/CVE-2021-22925\nhttps://access.redhat.com/security/cve/CVE-2021-23343\nhttps://access.redhat.com/security/cve/CVE-2021-23840\nhttps://access.redhat.com/security/cve/CVE-2021-23841\nhttps://access.redhat.com/security/cve/CVE-2021-27645\nhttps://access.redhat.com/security/cve/CVE-2021-28153\nhttps://access.redhat.com/security/cve/CVE-2021-29923\nhttps://access.redhat.com/security/cve/CVE-2021-32690\nhttps://access.redhat.com/security/cve/CVE-2021-33560\nhttps://access.redhat.com/security/cve/CVE-2021-33574\nhttps://access.redhat.com/security/cve/CVE-2021-35942\nhttps://access.redhat.com/security/cve/CVE-2021-36084\nhttps://access.redhat.com/security/cve/CVE-2021-36085\nhttps://access.redhat.com/security/cve/CVE-2021-36086\nhttps://access.redhat.com/security/cve/CVE-2021-36087\nhttps://access.redhat.com/security/cve/CVE-2021-39293\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYafeGdzjgjWX9erEAQgZ8Q/9H5ov4ZfKZszdJu0WvRMetEt6DMU2RTZr\nKjv4h4FnmsMDYYDocnkFvsRjcpdGxtoUShAqD6+FrTNXjPtA/v1tsQTJzhg4o50w\ntKa9T4aHfrYXjGvWgQXJJEGmGaYMYePUOv77x6pLfMB+FmgfOtb8kzOdNzAtqX3e\nlq8b2DrQuPSRiWkUgFM2hmS7OtUsqTIShqWu67HJdOY74qDN4DGp7GnG6inCrUjV\nx4/4X5Fb7JrAYiy57C5eZwYW61HmrG7YHk9SZTRYgRW0rfgLncVsny4lX1871Ch2\ne8ttu0EJFM1EJyuCJwJd1Q+rhua6S1VSY+etLUuaYme5DtvozLXQTLUK31qAq/hK\nqnLYQjaSieea9j1dV6YNHjnvV0XGczyZYwzmys/CNVUxwvSHr1AJGmQ3zDeOt7Qz\nvguWmPzyiob3RtHjfUlUpPYeI6HVug801YK6FAoB9F2BW2uHVgbtKOwG5pl5urJt\nG4taizPtH8uJj5hem5nHnSE1sVGTiStb4+oj2LQonRkgLQ2h7tsX8Z8yWM/3TwUT\nPTBX9AIHwt8aCx7XxTeEIs0H9B1T9jYfy06o9H2547un9sBoT0Sm7fqKuJKic8N/\npJ2kXBiVJ9B4G+JjWe8rh1oC1yz5Q5/5HZ19VYBjHhYEhX4s9s2YsF1L1uMoT3NN\nT0pPNmsPGZY=\n=ux5P\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.5.2 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. \n\nSecurity Fix(es):\n\n* nodejs-immer: prototype pollution may lead to DoS or remote code\nexecution (CVE-2021-3757)\n\n* mig-controller: incorrect namespaces handling may lead to not authorized\nusage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2000734 - CVE-2021-3757 nodejs-immer: prototype pollution may lead to DoS or remote code execution\n2005438 - Combining Rsync and Stunnel in a single pod can degrade performance (1.5 backport)\n2006842 - MigCluster CR remains in \"unready\" state and source registry is inaccessible after temporary shutdown of source cluster\n2007429 - \"oc describe\" and \"oc log\" commands on \"Migration resources\" tree cannot be copied after failed migration\n2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)\n\n5. Solution:\n\nSee the Red Hat OpenShift Container Platform 4.6 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.7 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.8 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.9 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index\n\n4",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-22925"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009763"
          },
          {
            "db": "VULHUB",
            "id": "VHN-381399"
          },
          {
            "db": "PACKETSTORM",
            "id": "165286"
          },
          {
            "db": "PACKETSTORM",
            "id": "165287"
          },
          {
            "db": "PACKETSTORM",
            "id": "170303"
          },
          {
            "db": "PACKETSTORM",
            "id": "166489"
          },
          {
            "db": "PACKETSTORM",
            "id": "164249"
          },
          {
            "db": "PACKETSTORM",
            "id": "164246"
          },
          {
            "db": "PACKETSTORM",
            "id": "165129"
          },
          {
            "db": "PACKETSTORM",
            "id": "165099"
          },
          {
            "db": "PACKETSTORM",
            "id": "165862"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-22925",
            "trust": 3.6
          },
          {
            "db": "HACKERONE",
            "id": "1223882",
            "trust": 1.9
          },
          {
            "db": "SIEMENS",
            "id": "SSA-389290",
            "trust": 1.1
          },
          {
            "db": "SIEMENS",
            "id": "SSA-484086",
            "trust": 1.1
          },
          {
            "db": "JVN",
            "id": "JVNVU91709091",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU99030761",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-069-09",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009763",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "165862",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "165099",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "166489",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "165129",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "170303",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "165096",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "165135",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "165209",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166051",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166308",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "165633",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "165002",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "164886",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "165758",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "166309",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-381399",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "165286",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "165287",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "164249",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "164246",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381399"
          },
          {
            "db": "PACKETSTORM",
            "id": "165286"
          },
          {
            "db": "PACKETSTORM",
            "id": "165287"
          },
          {
            "db": "PACKETSTORM",
            "id": "170303"
          },
          {
            "db": "PACKETSTORM",
            "id": "166489"
          },
          {
            "db": "PACKETSTORM",
            "id": "164249"
          },
          {
            "db": "PACKETSTORM",
            "id": "164246"
          },
          {
            "db": "PACKETSTORM",
            "id": "165129"
          },
          {
            "db": "PACKETSTORM",
            "id": "165099"
          },
          {
            "db": "PACKETSTORM",
            "id": "165862"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009763"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22925"
          }
        ]
      },
      "id": "VAR-202108-2221",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381399"
          }
        ],
        "trust": 0.7003805
      },
      "last_update_date": "2026-03-09T20:13:33.055000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Oracle\u00a0Critical\u00a0Patch\u00a0Update\u00a0Advisory\u00a0-\u00a0October\u00a02021 Siemens Siemens\u00a0Security\u00a0Advisory",
            "trust": 0.8,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009763"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-908",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-200",
            "trust": 1.0
          },
          {
            "problemtype": "Use of uninitialized resources (CWE-908) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381399"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009763"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22925"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.9,
            "url": "https://hackerone.com/reports/1223882"
          },
          {
            "trust": 1.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
          },
          {
            "trust": 1.2,
            "url": "https://security.gentoo.org/glsa/202212-01"
          },
          {
            "trust": 1.1,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
          },
          {
            "trust": 1.1,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
          },
          {
            "trust": 1.1,
            "url": "https://security.netapp.com/advisory/ntap-20210902-0003/"
          },
          {
            "trust": 1.1,
            "url": "https://support.apple.com/kb/ht212804"
          },
          {
            "trust": 1.1,
            "url": "https://support.apple.com/kb/ht212805"
          },
          {
            "trust": 1.1,
            "url": "http://seclists.org/fulldisclosure/2021/sep/39"
          },
          {
            "trust": 1.1,
            "url": "http://seclists.org/fulldisclosure/2021/sep/40"
          },
          {
            "trust": 1.1,
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "trust": 1.1,
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/frucw2uvnyudzf72dqlfqr4pjec6cf7v/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu91709091/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu99030761/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-069-09"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2021-3200"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2020-13435"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2019-5827"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2020-24370"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2019-13751"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2019-19603"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2019-17594"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2020-12762"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2021-36086"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2021-22898"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2020-16135"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2021-36084"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2021-3800"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2021-36087"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2021-3445"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2021-22925"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2021-20232"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2019-20838"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2021-22876"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2021-20231"
          },
          {
            "trust": 0.6,
            "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2020-14155"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2021-36085"
          },
          {
            "trust": 0.6,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2021-33560"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2019-17595"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2021-28153"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2019-13750"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2019-18218"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/cve/cve-2021-3580"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.6,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2021-27645"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2021-33574"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2021-35942"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2021-20266"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-3712"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/cve/cve-2021-42574"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20231"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20232"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20673"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2020-14145"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14145"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-23841"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2018-20673"
          },
          {
            "trust": 0.3,
            "url": "https://access.redhat.com/security/cve/cve-2021-23840"
          },
          {
            "trust": 0.3,
            "url": "https://issues.jboss.org/):"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-28153"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20266"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2018-25013"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-009"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25012"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-35522"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-35524"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25013"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25009"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-43527"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2018-25014"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2018-25012"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-35521"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35524"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-3572"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-3778"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35522"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-37136"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-44228"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-17541"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-36331"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-31535"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35523"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-36330"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-36332"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25010"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-17541"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25014"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-37137"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-21409"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-3481"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2018-25009"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2018-25010"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2020-35523"
          },
          {
            "trust": 0.2,
            "url": "https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-3426"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-3796"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36330"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35521"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33560"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3445"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3200"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3580"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30830"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30832"
          },
          {
            "trust": 0.2,
            "url": "https://support.apple.com/kb/ht201222"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30828"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0340"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30841"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30855"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30843"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30844"
          },
          {
            "trust": 0.2,
            "url": "https://support.apple.com/downloads/"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30859"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30829"
          },
          {
            "trust": 0.2,
            "url": "https://www.apple.com/support/security/pgp/"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30857"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30850"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30865"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30827"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30847"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30842"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30860"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23841"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-39293"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/cve/cve-2021-29923"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23840"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27645"
          },
          {
            "trust": 0.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/frucw2uvnyudzf72dqlfqr4pjec6cf7v/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:5128"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-20317"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-43267"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36331"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:5127"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22922"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27782"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27776"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27779"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30115"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22576"
          },
          {
            "trust": 0.1,
            "url": "https://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-35260"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22926"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27781"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22945"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32208"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32207"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27774"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27775"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32205"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27780"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-35252"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42916"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42915"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22923"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32221"
          },
          {
            "trust": 0.1,
            "url": "https://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36084"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23177"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23219"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:1081"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-24407"
          },
          {
            "trust": 0.1,
            "url": "https://open-policy-agent.github.io/gatekeeper/website/docs/howto/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3999"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-31566"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23308"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3521"
          },
          {
            "trust": 0.1,
            "url": "https://catalog.redhat.com/software/containers/rhacm2/gatekeeper-rhel8/5fadb4a18d9a79d2f438a5d9."
          },
          {
            "trust": 0.1,
            "url": "https://open-policy-agent.github.io/gatekeeper/website/docs/howto/."
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-43565"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31566"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23177"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3521"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23218"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2022-23806"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29622"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/ht212805."
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30783"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30713"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30835"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30858"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30853"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30845"
          },
          {
            "trust": 0.1,
            "url": "https://support.apple.com/ht212804."
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-23343"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27304"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-32690"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3749"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:4902"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23343"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-27304"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3801"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27218"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33938"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3757"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33930"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33928"
          },
          {
            "trust": 0.1,
            "url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:4848"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-37750"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-27218"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-22947"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3948"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3733"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-33929"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-36222"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-3620"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-22946"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2022:0434"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33574"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-29923"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2021-38297"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-381399"
          },
          {
            "db": "PACKETSTORM",
            "id": "165286"
          },
          {
            "db": "PACKETSTORM",
            "id": "165287"
          },
          {
            "db": "PACKETSTORM",
            "id": "170303"
          },
          {
            "db": "PACKETSTORM",
            "id": "166489"
          },
          {
            "db": "PACKETSTORM",
            "id": "164249"
          },
          {
            "db": "PACKETSTORM",
            "id": "164246"
          },
          {
            "db": "PACKETSTORM",
            "id": "165129"
          },
          {
            "db": "PACKETSTORM",
            "id": "165099"
          },
          {
            "db": "PACKETSTORM",
            "id": "165862"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009763"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22925"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-381399",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "165286",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "165287",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "170303",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "166489",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164249",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "164246",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "165129",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "165099",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "165862",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009763",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2021-22925",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-08-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-381399",
            "ident": null
          },
          {
            "date": "2021-12-15T15:20:33",
            "db": "PACKETSTORM",
            "id": "165286",
            "ident": null
          },
          {
            "date": "2021-12-15T15:20:43",
            "db": "PACKETSTORM",
            "id": "165287",
            "ident": null
          },
          {
            "date": "2022-12-19T13:48:31",
            "db": "PACKETSTORM",
            "id": "170303",
            "ident": null
          },
          {
            "date": "2022-03-28T15:52:16",
            "db": "PACKETSTORM",
            "id": "166489",
            "ident": null
          },
          {
            "date": "2021-09-22T16:35:10",
            "db": "PACKETSTORM",
            "id": "164249",
            "ident": null
          },
          {
            "date": "2021-09-22T16:33:18",
            "db": "PACKETSTORM",
            "id": "164246",
            "ident": null
          },
          {
            "date": "2021-12-02T16:06:16",
            "db": "PACKETSTORM",
            "id": "165129",
            "ident": null
          },
          {
            "date": "2021-11-30T14:44:48",
            "db": "PACKETSTORM",
            "id": "165099",
            "ident": null
          },
          {
            "date": "2022-02-04T17:26:39",
            "db": "PACKETSTORM",
            "id": "165862",
            "ident": null
          },
          {
            "date": "2022-05-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-009763",
            "ident": null
          },
          {
            "date": "2021-08-05T21:15:11.467000",
            "db": "NVD",
            "id": "CVE-2021-22925",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2023-01-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-381399",
            "ident": null
          },
          {
            "date": "2025-09-19T08:29:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-009763",
            "ident": null
          },
          {
            "date": "2024-03-27T15:11:42.063000",
            "db": "NVD",
            "id": "CVE-2021-22925",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "165129"
          }
        ],
        "trust": 0.1
      },
      "title": {
        "_id": null,
        "data": "cURL\u00a0 Vulnerability in using uninitialized resources in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009763"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "code execution",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "165286"
          },
          {
            "db": "PACKETSTORM",
            "id": "165287"
          },
          {
            "db": "PACKETSTORM",
            "id": "165099"
          }
        ],
        "trust": 0.3
      }
    }