ID

VAR-202010-1327

CVE

CVE-2020-3864

TITLE

WebKitGTK and WebKit Access control error vulnerability

DESCRIPTION

A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin. WebKitGTK is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google). Security vulnerabilities exist in WebKitGTK versions prior to 2.26.4 and WPE WebKit versions prior to 2.26.4. An attacker could exploit this vulnerability to interact with objects in other domains. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API. These updated images include numerous security fixes, bug fixes, and enhancements. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1806266 - Require an extension to the cephfs subvolume commands, that can return metadata regarding a subvolume 1813506 - Dockerfile not compatible with docker and buildah 1817438 - OSDs not distributed uniformly across OCS nodes on a 9-node AWS IPI setup 1817850 - [BAREMETAL] rook-ceph-operator does not reconcile when osd deployment is deleted when performed node replacement 1827157 - OSD hitting default CPU limit on AWS i3en.2xlarge instances limiting performance 1829055 - [RFE] add insecureEdgeTerminationPolicy: Redirect to noobaa mgmt route (http to https) 1833153 - add a variable for sleep time of rook operator between checks of downed OSD+Node. 1836299 - NooBaa Operator deploys with HPA that fires maxreplicas alerts by default 1842254 - [NooBaa] Compression stats do not add up when compression id disabled 1845976 - OCS 4.5 Independent mode: must-gather commands fails to collect ceph command outputs from external cluster 1849771 - [RFE] Account created by OBC should have same permissions as bucket owner 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1854500 - [tracker-rhcs bug 1838931] mgr/volumes: add command to return metadata of a subvolume snapshot 1854501 - [Tracker-rhcs bug 1848494 ]pybind/mgr/volumes: Add the ability to keep snapshots of subvolumes independent of the source subvolume 1854503 - [tracker-rhcs-bug 1848503] cephfs: Provide alternatives to increase the total cephfs subvolume snapshot counts to greater than the current 400 across a Cephfs volume 1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS 1858195 - [GSS] registry pod stuck in ContainerCreating due to pvc from cephfs storage class fail to mount 1859183 - PV expansion is failing in retry loop in pre-existing PV after upgrade to OCS 4.5 (i.e. if the PV spec does not contain expansion params) 1859229 - Rook should delete extra MON PVCs in case first reconcile takes too long and rook skips "b" and "c" (spawned from Bug 1840084#c14) 1859478 - OCS 4.6 : Upon deployment, CSI Pods in CLBO with error - flag provided but not defined: -metadatastorage 1860022 - OCS 4.6 Deployment: LBP CSV and pod should not be deployed since ob/obc CRDs are owned from OCS 4.5 onwards 1860034 - OCS 4.6 Deployment in ocs-ci : Toolbox pod in ContainerCreationError due to key admin-secret not found 1860670 - OCS 4.5 Uninstall External: Openshift-storage namespace in Terminating state as CephObjectStoreUser had finalizers remaining 1860848 - Add validation for rgw-pool-prefix in the ceph-external-cluster-details-exporter script 1861780 - [Tracker BZ1866386][IBM s390x] Mount Failed for CEPH while running couple of OCS test cases. 1865938 - CSIDrivers missing in OCS 4.6 1867024 - [ocs-operator] operator v4.6.0-519.ci is in Installing state 1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs 1868060 - [External Cluster] Noobaa-default-backingstore PV in released state upon OCS 4.5 uninstall (Secret not found) 1868703 - [rbd] After volume expansion, the new size is not reflected on the pod 1869411 - capture full crash information from ceph 1870061 - [RHEL][IBM] OCS un-install should make the devices raw 1870338 - OCS 4.6 must-gather : ocs-must-gather-xxx-helper pod in ContainerCreationError (couldn't find key admin-secret) 1870631 - OCS 4.6 Deployment : RGW pods went into 'CrashLoopBackOff' state on Z Platform 1872119 - Updates don't work on StorageClass which will keep PV expansion disabled for upgraded cluster 1872696 - [ROKS][RFE]NooBaa Configure IBM COS as default backing store 1873864 - Noobaa: On an baremetal RHCOS cluster, some backingstores are stuck in PROGRESSING state with INVALID_ENDPOINT TemporaryError 1874606 - CVE-2020-7720 nodejs-node-forge: prototype pollution via the util.setPath function 1875476 - Change noobaa logo in the noobaa UI 1877339 - Incorrect use of logr 1877371 - NooBaa UI warning message on Deploy Kubernetes Pool process - typo and shown number is incorrect 1878153 - OCS 4.6 must-gather: collect node information under cluster_scoped_resources/oc_output directory 1878714 - [FIPS enabled] BadDigest error on file upload to noobaa bucket 1878853 - [External Mode] ceph-external-cluster-details-exporter.py does not tolerate TLS enabled RGW 1879008 - ocs-osd-removal job fails because it can't find admin-secret in rook-ceph-mon secret 1879072 - Deployment with encryption at rest is failing to bring up OSD pods 1879919 - [External] Upgrade mechanism from OCS 4.5 to OCS 4.6 needs to be fixed 1880255 - Collect rbd info and subvolume info and snapshot info command output 1881028 - CVE-2020-8237 nodejs-json-bigint: Prototype pollution via `__proto__` assignment could result in DoS 1881071 - [External] Upgrade mechanism from OCS 4.5 to OCS 4.6 needs to be fixed 1882397 - MCG decompression problem with snappy on s390x arch 1883253 - CSV doesn't contain values required for UI to enable minimal deployment and cluster encryption 1883398 - Update csi sidecar containers in rook 1883767 - Using placement strategies in cluster-service.yaml causes ocs-operator to crash 1883810 - [External mode] RGW metrics is not available after OCS upgrade from 4.5 to 4.6 1883927 - Deployment with encryption at rest is failing to bring up OSD pods 1885175 - Handle disappeared underlying device for encrypted OSD 1885428 - panic seen in rook-ceph during uninstall - "close of closed channel" 1885648 - [Tracker for https://bugzilla.redhat.com/show_bug.cgi?id=1885700] FSTYPE for localvolumeset devices shows up as ext2 after uninstall 1885971 - ocs-storagecluster-cephobjectstore doesn't report true state of RGW 1886308 - Default VolumeSnapshot Classes not created in External Mode 1886348 - osd removal job failed with status "Error" 1886551 - Clone creation failed after timeout of 5 hours of Azure platrom for 3 CephFS PVCs ( PVC sizes: 1, 25 and 100 GB) 1886709 - [External] RGW storageclass disappears after upgrade from OCS 4.5 to 4.6 1886859 - OCS 4.6: Uninstall stuck indefinitely if any Ceph pods are in Pending state before uninstall 1886873 - [OCS 4.6 External/Internal Uninstall] - Storage Cluster deletion stuck indefinitely, "failed to delete object store", remaining users: [noobaa-ceph-objectstore-user] 1888583 - [External] When deployment is attempted without specifying the monitoring-endpoint while generating JSON, the CSV is stuck in installing state 1888593 - [External] Add validation for monitoring-endpoint and port in the exporter script 1888614 - [External] Unreachable monitoring-endpoint used during deployment causes ocs-operator to crash 1889441 - Traceback error message while running OCS 4.6 must-gather 1889683 - [GSS] Noobaa Problem when setting public access to a bucket 1889866 - Post node power off/on, an unused MON PVC still stays back in the cluster 1890183 - [External] ocs-operator logs are filled with "failed to reconcile metrics exporter" 1890638 - must-gather helper pod should be deleted after collecting ceph crash info 1890971 - [External] RGW metrics are not available if anything else except 9283 is provided as the monitoring-endpoint-port 1891856 - ocs-metrics-exporter pod should have tolerations for OCS taint 1892206 - [GSS] Ceph image/version mismatch 1892234 - clone #95 creation failed for CephFS PVC ( 10 GB PVC size) during multiple clones creation test 1893624 - Must Gather is not collecting the tar file from NooBaa diagnose 1893691 - OCS4.6 must_gather failes to complete in 600sec 1893714 - Bad response for upload an object with encryption 1895402 - Mon pods didn't get upgraded in 720 second timeout from OCS 4.5 upgrade to 4.6 1896298 - [RFE] Monitoring for Namespace buckets and resources 1896831 - Clone#452 for RBD PVC ( PVC size 1 GB) failed to be created for 600 secs 1898521 - [CephFS] Deleting cephfsplugin pod along with app pods will make PV remain in Released state after deleting the PVC 1902627 - must-gather should wait for debug pods to be in ready state 1904171 - RGW Service is unavailable for a short period during upgrade to OCS 4.6 5. Solution: Download the release images via: quay.io/redhat/quay:v3.3.3 quay.io/redhat/clair-jwt:v3.3.3 quay.io/redhat/quay-builder:v3.3.3 quay.io/redhat/clair:v3.3.3 4. Bugs fixed (https://bugzilla.redhat.com/): 1905758 - CVE-2020-27831 quay: email notifications authorization bypass 1905784 - CVE-2020-27832 quay: persistent XSS in repository notification display 5. JIRA issues fixed (https://issues.jboss.org/): PROJQUAY-1124 - NVD feed is broken for latest Clair v2 version 6. The compliance-operator image updates are now available for OpenShift Container Platform 4.6. This advisory provides the following updates among others: * Enhances profile parsing time. * Fixes excessive resource consumption from the Operator. * Fixes default content image. * Fixes outdated remediation handling. Solution: For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/): 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1918990 - ComplianceSuite scans use quay content image for initContainer 1919135 - [OCP v46] The autoApplyRemediation pauses the machineConfigPool if there is outdated complianceRemediation object present 1919846 - After remediation applied, the compliancecheckresults still reports Failed status for some rules 1920999 - Compliance operator is not displayed when disconnected mode is selected in the OpenShift Web-Console. Bugs fixed (https://bugzilla.redhat.com/): 1732329 - Virtual Machine is missing documentation of its properties in yaml editor 1783192 - Guest kernel panic when start RHEL6.10 guest with q35 machine type and virtio disk in cnv 1791753 - [RFE] [SSP] Template validator should check validations in template's parent template 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1848954 - KMP missing CA extensions in cabundle of mutatingwebhookconfiguration 1848956 - KMP requires downtime for CA stabilization during certificate rotation 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1853911 - VM with dot in network name fails to start with unclear message 1854098 - NodeNetworkState on workers doesn't have "status" key due to nmstate-handler pod failure to run "nmstatectl show" 1856347 - SR-IOV : Missing network name for sriov during vm setup 1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS 1859235 - Common Templates - after upgrade there are 2 common templates per each os-workload-flavor combination 1860714 - No API information from `oc explain` 1860992 - CNV upgrade - users are not removed from privileged SecurityContextConstraints 1864577 - [v2v][RHV to CNV non migratable source VM fails to import to Ceph-rbd / File system due to overhead required for Filesystem 1866593 - CDI is not handling vm disk clone 1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs 1868817 - Container-native Virtualization 2.6.0 Images 1873771 - Improve the VMCreationFailed error message caused by VM low memory 1874812 - SR-IOV: Guest Agent expose link-local ipv6 address for sometime and then remove it 1878499 - DV import doesn't recover from scratch space PVC deletion 1879108 - Inconsistent naming of "oc virt" command in help text 1881874 - openshift-cnv namespace is getting stuck if the user tries to delete it while CNV is running 1883232 - Webscale: kubevirt/CNV datavolume importer pod inability to disable sidecar injection if namespace has sidecar injection enabled but VM Template does NOT 1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability 1885153 - [v2v][RHV to CNv VM import] Wrong Network mapping do not show a relevant error message 1885418 - [openshift-cnv] issues with memory overhead calculation when limits are used 1887398 - [openshift-cnv][CNV] nodes need to exist and be labeled first, *before* the NodeNetworkConfigurationPolicy is applied 1889295 - [v2v][VMware to CNV VM import API] diskMappings: volumeMode Block is not passed on to PVC request. 1891285 - Common templates and kubevirt-config cm - update machine-type 1891440 - [v2v][VMware to CNV VM import API]Source VM with no network interface fail with unclear error 1892227 - [SSP] cluster scoped resources are not being reconciled 1893278 - openshift-virtualization-os-images namespace not seen by user 1893646 - [HCO] Pod placement configuration - dry run is not performed for all the configuration stanza 1894428 - Message for VMI not migratable is not clear enough 1894824 - [v2v][VM import] Pick the smallest template for the imported VM, and not always Medium 1894897 - [v2v][VMIO] VMimport CR is not reported as failed when target VM is deleted during the import 1895414 - Virt-operator is accepting updates to the placement of its workload components even with running VMs 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1898072 - Add Fedora33 to Fedora common templates 1898840 - [v2v] VM import VMWare to CNV Import 63 chars vm name should not fail 1899558 - CNV 2.6 - nmstate fails to set state 1901480 - VM disk io can't worked if namespace have label kubemacpool 1902046 - Not possible to edit CDIConfig (through CDI CR / CDIConfig) 1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service 1903014 - hco-webhook pod in CreateContainerError 1903585 - [v2v] Windows 2012 VM imported from RHV goes into Windows repair mode 1904797 - [VMIO][vmware] A migrated RHEL/Windows VM starts in emergency mode/safe mode when target storage is NFS and target namespace is NOT "default" 1906199 - [CNV-2.5] CNV Tries to Install on Windows Workers 1907151 - kubevirt version is not reported correctly via virtctl 1907352 - VM/VMI link changes to `kubevirt.io~v1~VirtualMachineInstance` on CNV 2.6 1907691 - [CNV] Configuring NodeNetworkConfigurationPolicy caused "Internal error occurred" for creating datavolume 1907988 - VM loses dynamic IP address of its default interface after migration 1908363 - Applying NodeNetworkConfigurationPolicy for different NIC than default disables br-ex bridge and nodes lose connectivity 1908421 - [v2v] [VM import RHV to CNV] Windows imported VM boot failed: INACCESSIBLE BOOT DEVICE error 1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference 1909458 - [V2V][VMware to CNV VM import via api using VMIO] VM import to Ceph RBD/BLOCK fails on "qemu-img: /data/disk.img" error 1910857 - Provide a mechanism to enable the HotplugVolumes feature gate via HCO 1911118 - Windows VMI LiveMigration / shutdown fails on 'XML error: non unique alias detected: ua-') 1911396 - Set networkInterfaceMultiqueue false in rhel 6 template for e1000e interface 1911662 - el6 guests don't work properly if virtio bus is specified on various devices 1912908 - Allow using "scsi" bus for disks in template validation 1913248 - Creating vlan interface on top of a bond device via NodeNetworkConfigurationPolicy fails 1913320 - Informative message needed with virtctl image-upload, that additional step is needed from the user 1913717 - Users should have read permitions for golden images data volumes 1913756 - Migrating to Ceph-RBD + Block fails when skipping zeroes 1914177 - CNV does not preallocate blank file data volumes 1914608 - Obsolete CPU models (kubevirt-cpu-plugin-configmap) are set on worker nodes 1914947 - HPP golden images - DV shoudld not be created with WaitForFirstConsumer 1917908 - [VMIO] vmimport pod fail to create when using ceph-rbd/block 1917963 - [CNV 2.6] Unable to install CNV disconnected - requires kvm-info-nfd-plugin which is not mirrored 1919391 - CVE-2021-20206 containernetworking-cni: Arbitrary path injection via type field in CNI configuration 1920576 - HCO can report ready=true when it failed to create a CR for a component operator 1920610 - e2e-aws-4.7-cnv consistently failing on Hyperconverged Cluster Operator 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923979 - kubernetes-nmstate: nmstate-handler pod crashes when configuring bridge device using ip tool 1927373 - NoExecute taint violates pdb; VMIs are not live migrated 1931376 - VMs disconnected from nmstate-defined bridge after CNV-2.5.4->CNV-2.6.0 upgrade 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: webkitgtk4 security, bug fix, and enhancement update Advisory ID: RHSA-2020:4035-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4035 Issue date: 2020-09-29 CVE Names: CVE-2019-6237 CVE-2019-6251 CVE-2019-8506 CVE-2019-8524 CVE-2019-8535 CVE-2019-8536 CVE-2019-8544 CVE-2019-8551 CVE-2019-8558 CVE-2019-8559 CVE-2019-8563 CVE-2019-8571 CVE-2019-8583 CVE-2019-8584 CVE-2019-8586 CVE-2019-8587 CVE-2019-8594 CVE-2019-8595 CVE-2019-8596 CVE-2019-8597 CVE-2019-8601 CVE-2019-8607 CVE-2019-8608 CVE-2019-8609 CVE-2019-8610 CVE-2019-8611 CVE-2019-8615 CVE-2019-8619 CVE-2019-8622 CVE-2019-8623 CVE-2019-8625 CVE-2019-8644 CVE-2019-8649 CVE-2019-8658 CVE-2019-8666 CVE-2019-8669 CVE-2019-8671 CVE-2019-8672 CVE-2019-8673 CVE-2019-8674 CVE-2019-8676 CVE-2019-8677 CVE-2019-8678 CVE-2019-8679 CVE-2019-8680 CVE-2019-8681 CVE-2019-8683 CVE-2019-8684 CVE-2019-8686 CVE-2019-8687 CVE-2019-8688 CVE-2019-8689 CVE-2019-8690 CVE-2019-8707 CVE-2019-8710 CVE-2019-8719 CVE-2019-8720 CVE-2019-8726 CVE-2019-8733 CVE-2019-8735 CVE-2019-8743 CVE-2019-8763 CVE-2019-8764 CVE-2019-8765 CVE-2019-8766 CVE-2019-8768 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8821 CVE-2019-8822 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2019-11070 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-10018 CVE-2020-11793 ==================================================================== 1. Summary: An update for webkitgtk4 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch 3. Description: WebKitGTK+ is port of the WebKit portable web rendering engine to the GTK+ platform. These packages provide WebKitGTK+ for GTK+ 3. The following packages have been upgraded to a later upstream version: webkitgtk4 (2.28.2). (BZ#1817144) Security Fix(es): * webkitgtk: Multiple security issues (CVE-2019-6237, CVE-2019-6251, CVE-2019-8506, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623, CVE-2019-8625, CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8674, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690, CVE-2019-8707, CVE-2019-8710, CVE-2019-8719, CVE-2019-8720, CVE-2019-8726, CVE-2019-8733, CVE-2019-8735, CVE-2019-8743, CVE-2019-8763, CVE-2019-8764, CVE-2019-8765, CVE-2019-8766, CVE-2019-8768, CVE-2019-8769, CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823, CVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2019-11070, CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885, CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900, CVE-2020-3901, CVE-2020-3902, CVE-2020-10018, CVE-2020-11793) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1667409 - CVE-2019-6251 webkitgtk: processing maliciously crafted web content lead to URI spoofing 1709289 - CVE-2019-11070 webkitgtk: HTTP proxy setting deanonymization information disclosure 1719199 - CVE-2019-8506 webkitgtk: malicous web content leads to arbitrary code execution 1719209 - CVE-2019-8524 webkitgtk: malicious web content leads to arbitrary code execution 1719210 - CVE-2019-8535 webkitgtk: malicious crafted web content leads to arbitrary code execution 1719213 - CVE-2019-8536 webkitgtk: malicious crafted web content leads to arbitrary code execution 1719224 - CVE-2019-8544 webkitgtk: malicious crafted web content leads to arbitrary we content 1719231 - CVE-2019-8558 webkitgtk: malicious crafted web content leads to arbitrary code execution 1719235 - CVE-2019-8559 webkitgtk: malicious web content leads to arbitrary code execution 1719237 - CVE-2019-8563 webkitgtk: malicious web content leads to arbitrary code execution 1719238 - CVE-2019-8551 webkitgtk: malicious web content leads to cross site scripting 1811721 - CVE-2020-10018 webkitgtk: Use-after-free issue in accessibility/AXObjectCache.cpp 1816678 - CVE-2019-8846 webkitgtk: Use after free issue may lead to remote code execution 1816684 - CVE-2019-8835 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution 1816686 - CVE-2019-8844 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution 1817144 - Rebase WebKitGTK to 2.28 1829369 - CVE-2020-11793 webkitgtk: use-after-free via crafted web content 1876462 - CVE-2020-3885 webkitgtk: Incorrect processing of file URLs 1876463 - CVE-2020-3894 webkitgtk: Race condition allows reading of restricted memory 1876465 - CVE-2020-3895 webkitgtk: Memory corruption triggered by a malicious web content 1876468 - CVE-2020-3897 webkitgtk: Type confusion leading to arbitrary code execution 1876470 - CVE-2020-3899 webkitgtk: Memory consumption issue leading to arbitrary code execution 1876472 - CVE-2020-3900 webkitgtk: Memory corruption triggered by a malicious web content 1876473 - CVE-2020-3901 webkitgtk: Type confusion leading to arbitrary code execution 1876476 - CVE-2020-3902 webkitgtk: Input validation issue leading to cross-site script attack 1876516 - CVE-2020-3862 webkitgtk: Denial of service via incorrect memory handling 1876518 - CVE-2020-3864 webkitgtk: Non-unique security origin for DOM object contexts 1876521 - CVE-2020-3865 webkitgtk: Incorrect security check for a top-level DOM object context 1876522 - CVE-2020-3867 webkitgtk: Incorrect state management leading to universal cross-site scripting 1876523 - CVE-2020-3868 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876536 - CVE-2019-8710 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876537 - CVE-2019-8743 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876540 - CVE-2019-8764 webkitgtk: Incorrect state management leading to universal cross-site scripting 1876542 - CVE-2019-8765 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876543 - CVE-2019-8766 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876545 - CVE-2019-8782 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876548 - CVE-2019-8783 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876549 - CVE-2019-8808 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876550 - CVE-2019-8811 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876552 - CVE-2019-8812 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876553 - CVE-2019-8813 webkitgtk: Incorrect state management leading to universal cross-site scripting 1876554 - CVE-2019-8814 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876555 - CVE-2019-8815 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876556 - CVE-2019-8816 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876590 - CVE-2019-8819 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876591 - CVE-2019-8820 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876592 - CVE-2019-8821 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876593 - CVE-2019-8822 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876594 - CVE-2019-8823 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876607 - CVE-2019-8625 webkitgtk: Incorrect state management leading to universal cross-site scripting 1876608 - CVE-2019-8674 webkitgtk: Incorrect state management leading to universal cross-site scripting 1876609 - CVE-2019-8707 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876610 - CVE-2019-8719 webkitgtk: Incorrect state management leading to universal cross-site scripting 1876611 - CVE-2019-8720 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876612 - CVE-2019-8726 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876613 - CVE-2019-8733 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876614 - CVE-2019-8735 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876615 - CVE-2019-8763 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876616 - CVE-2019-8768 webkitgtk: Browsing history could not be deleted 1876617 - CVE-2019-8769 webkitgtk: Websites could reveal browsing history 1876619 - CVE-2019-8771 webkitgtk: Violation of iframe sandboxing policy 1876626 - CVE-2019-8644 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876628 - CVE-2019-8649 webkitgtk: Incorrect state management leading to universal cross-site scripting 1876629 - CVE-2019-8658 webkitgtk: Incorrect state management leading to universal cross-site scripting 1876630 - CVE-2019-8666 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876631 - CVE-2019-8669 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876632 - CVE-2019-8671 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876634 - CVE-2019-8672 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876643 - CVE-2019-8673 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876644 - CVE-2019-8676 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876645 - CVE-2019-8677 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876646 - CVE-2019-8678 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876647 - CVE-2019-8679 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876648 - CVE-2019-8680 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876650 - CVE-2019-8681 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876651 - CVE-2019-8683 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876652 - CVE-2019-8684 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876653 - CVE-2019-8686 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876655 - CVE-2019-8687 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876656 - CVE-2019-8688 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876657 - CVE-2019-8689 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876664 - CVE-2019-8690 webkitgtk: Incorrect state management leading to universal cross-site scripting 1876880 - CVE-2019-6237 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876881 - CVE-2019-8571 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876882 - CVE-2019-8583 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876883 - CVE-2019-8584 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876884 - CVE-2019-8586 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876887 - CVE-2019-8587 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876891 - CVE-2019-8594 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876892 - CVE-2019-8595 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876893 - CVE-2019-8596 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876894 - CVE-2019-8597 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876895 - CVE-2019-8601 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876897 - CVE-2019-8607 webkitgtk: Out-of-bounds read leading to memory disclosure 1876898 - CVE-2019-8608 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876899 - CVE-2019-8609 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1876900 - CVE-2019-8610 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1877045 - CVE-2019-8615 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1877046 - CVE-2019-8611 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1877047 - CVE-2019-8619 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1877048 - CVE-2019-8622 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 1877049 - CVE-2019-8623 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: webkitgtk4-2.28.2-2.el7.src.rpm x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm x86_64: webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: webkitgtk4-2.28.2-2.el7.src.rpm x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm x86_64: webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: webkitgtk4-2.28.2-2.el7.src.rpm ppc64: webkitgtk4-2.28.2-2.el7.ppc.rpm webkitgtk4-2.28.2-2.el7.ppc64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc64.rpm webkitgtk4-jsc-2.28.2-2.el7.ppc.rpm webkitgtk4-jsc-2.28.2-2.el7.ppc64.rpm ppc64le: webkitgtk4-2.28.2-2.el7.ppc64le.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc64le.rpm webkitgtk4-devel-2.28.2-2.el7.ppc64le.rpm webkitgtk4-jsc-2.28.2-2.el7.ppc64le.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.ppc64le.rpm s390x: webkitgtk4-2.28.2-2.el7.s390.rpm webkitgtk4-2.28.2-2.el7.s390x.rpm webkitgtk4-debuginfo-2.28.2-2.el7.s390.rpm webkitgtk4-debuginfo-2.28.2-2.el7.s390x.rpm webkitgtk4-jsc-2.28.2-2.el7.s390.rpm webkitgtk4-jsc-2.28.2-2.el7.s390x.rpm x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm ppc64: webkitgtk4-debuginfo-2.28.2-2.el7.ppc.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc64.rpm webkitgtk4-devel-2.28.2-2.el7.ppc.rpm webkitgtk4-devel-2.28.2-2.el7.ppc64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.ppc.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.ppc64.rpm s390x: webkitgtk4-debuginfo-2.28.2-2.el7.s390.rpm webkitgtk4-debuginfo-2.28.2-2.el7.s390x.rpm webkitgtk4-devel-2.28.2-2.el7.s390.rpm webkitgtk4-devel-2.28.2-2.el7.s390x.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.s390.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.s390x.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: webkitgtk4-2.28.2-2.el7.src.rpm x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-6237 https://access.redhat.com/security/cve/CVE-2019-6251 https://access.redhat.com/security/cve/CVE-2019-8506 https://access.redhat.com/security/cve/CVE-2019-8524 https://access.redhat.com/security/cve/CVE-2019-8535 https://access.redhat.com/security/cve/CVE-2019-8536 https://access.redhat.com/security/cve/CVE-2019-8544 https://access.redhat.com/security/cve/CVE-2019-8551 https://access.redhat.com/security/cve/CVE-2019-8558 https://access.redhat.com/security/cve/CVE-2019-8559 https://access.redhat.com/security/cve/CVE-2019-8563 https://access.redhat.com/security/cve/CVE-2019-8571 https://access.redhat.com/security/cve/CVE-2019-8583 https://access.redhat.com/security/cve/CVE-2019-8584 https://access.redhat.com/security/cve/CVE-2019-8586 https://access.redhat.com/security/cve/CVE-2019-8587 https://access.redhat.com/security/cve/CVE-2019-8594 https://access.redhat.com/security/cve/CVE-2019-8595 https://access.redhat.com/security/cve/CVE-2019-8596 https://access.redhat.com/security/cve/CVE-2019-8597 https://access.redhat.com/security/cve/CVE-2019-8601 https://access.redhat.com/security/cve/CVE-2019-8607 https://access.redhat.com/security/cve/CVE-2019-8608 https://access.redhat.com/security/cve/CVE-2019-8609 https://access.redhat.com/security/cve/CVE-2019-8610 https://access.redhat.com/security/cve/CVE-2019-8611 https://access.redhat.com/security/cve/CVE-2019-8615 https://access.redhat.com/security/cve/CVE-2019-8619 https://access.redhat.com/security/cve/CVE-2019-8622 https://access.redhat.com/security/cve/CVE-2019-8623 https://access.redhat.com/security/cve/CVE-2019-8625 https://access.redhat.com/security/cve/CVE-2019-8644 https://access.redhat.com/security/cve/CVE-2019-8649 https://access.redhat.com/security/cve/CVE-2019-8658 https://access.redhat.com/security/cve/CVE-2019-8666 https://access.redhat.com/security/cve/CVE-2019-8669 https://access.redhat.com/security/cve/CVE-2019-8671 https://access.redhat.com/security/cve/CVE-2019-8672 https://access.redhat.com/security/cve/CVE-2019-8673 https://access.redhat.com/security/cve/CVE-2019-8674 https://access.redhat.com/security/cve/CVE-2019-8676 https://access.redhat.com/security/cve/CVE-2019-8677 https://access.redhat.com/security/cve/CVE-2019-8678 https://access.redhat.com/security/cve/CVE-2019-8679 https://access.redhat.com/security/cve/CVE-2019-8680 https://access.redhat.com/security/cve/CVE-2019-8681 https://access.redhat.com/security/cve/CVE-2019-8683 https://access.redhat.com/security/cve/CVE-2019-8684 https://access.redhat.com/security/cve/CVE-2019-8686 https://access.redhat.com/security/cve/CVE-2019-8687 https://access.redhat.com/security/cve/CVE-2019-8688 https://access.redhat.com/security/cve/CVE-2019-8689 https://access.redhat.com/security/cve/CVE-2019-8690 https://access.redhat.com/security/cve/CVE-2019-8707 https://access.redhat.com/security/cve/CVE-2019-8710 https://access.redhat.com/security/cve/CVE-2019-8719 https://access.redhat.com/security/cve/CVE-2019-8720 https://access.redhat.com/security/cve/CVE-2019-8726 https://access.redhat.com/security/cve/CVE-2019-8733 https://access.redhat.com/security/cve/CVE-2019-8735 https://access.redhat.com/security/cve/CVE-2019-8743 https://access.redhat.com/security/cve/CVE-2019-8763 https://access.redhat.com/security/cve/CVE-2019-8764 https://access.redhat.com/security/cve/CVE-2019-8765 https://access.redhat.com/security/cve/CVE-2019-8766 https://access.redhat.com/security/cve/CVE-2019-8768 https://access.redhat.com/security/cve/CVE-2019-8769 https://access.redhat.com/security/cve/CVE-2019-8771 https://access.redhat.com/security/cve/CVE-2019-8782 https://access.redhat.com/security/cve/CVE-2019-8783 https://access.redhat.com/security/cve/CVE-2019-8808 https://access.redhat.com/security/cve/CVE-2019-8811 https://access.redhat.com/security/cve/CVE-2019-8812 https://access.redhat.com/security/cve/CVE-2019-8813 https://access.redhat.com/security/cve/CVE-2019-8814 https://access.redhat.com/security/cve/CVE-2019-8815 https://access.redhat.com/security/cve/CVE-2019-8816 https://access.redhat.com/security/cve/CVE-2019-8819 https://access.redhat.com/security/cve/CVE-2019-8820 https://access.redhat.com/security/cve/CVE-2019-8821 https://access.redhat.com/security/cve/CVE-2019-8822 https://access.redhat.com/security/cve/CVE-2019-8823 https://access.redhat.com/security/cve/CVE-2019-8835 https://access.redhat.com/security/cve/CVE-2019-8844 https://access.redhat.com/security/cve/CVE-2019-8846 https://access.redhat.com/security/cve/CVE-2019-11070 https://access.redhat.com/security/cve/CVE-2020-3862 https://access.redhat.com/security/cve/CVE-2020-3864 https://access.redhat.com/security/cve/CVE-2020-3865 https://access.redhat.com/security/cve/CVE-2020-3867 https://access.redhat.com/security/cve/CVE-2020-3868 https://access.redhat.com/security/cve/CVE-2020-3885 https://access.redhat.com/security/cve/CVE-2020-3894 https://access.redhat.com/security/cve/CVE-2020-3895 https://access.redhat.com/security/cve/CVE-2020-3897 https://access.redhat.com/security/cve/CVE-2020-3899 https://access.redhat.com/security/cve/CVE-2020-3900 https://access.redhat.com/security/cve/CVE-2020-3901 https://access.redhat.com/security/cve/CVE-2020-3902 https://access.redhat.com/security/cve/CVE-2020-10018 https://access.redhat.com/security/cve/CVE-2020-11793 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX3OjINzjgjWX9erEAQjqsg/9FnSEJ3umFx0gtnsZIVRP9YxMIVZhVQ8z rNnK/LGQWq1nPlNC5OF60WRcWA7cC74lh1jl/+xU6p+9JXTq9y9hQTd7Fcf+6T01 RYj2zJe6kGBY/53rhZJKCdb9zNXz1CkqsuvTPqVGIabUWTTlsBFnd6l4GK6QL4kM XVQZyWtmSfmLII4Ocdav9WocJzH6o1TbEo+O9Fm6WjdVOK+/+VzPki0/dW50CQAK R8u5tTXZR5m52RLmvhs/LTv3yUnmhEkhvrR0TtuR8KRfcP1/ytNwn3VidFefuAO1 PWrgpjIPWy/kbtZaZWK4fBblYj6bKCVD1SiBKQcOfCq0f16aqRP2niFoDXdAy467 eGu0JHkRsIRCLG2rY+JfOau5KtLRhRr0iRe5AhOVpAtUelzjAvEQEcVv4GmZXcwX rXfeagSjWzdo8Mf55d7pjORXAKhGdO3FQSeiCvzq9miZq3NBX4Jm4raobeskw/rJ 1ONqg4fE7Gv7rks8QOy5xErwI8Ut1TGJAgYOD8rmRptr05hBWQFJCfmoc4KpxsMe PJoRag0AZfYxYoMe5avMcGCYHosU63z3wS7gao9flj37NkEi6M134vGmCpPNmpGr w5HQly9SO3mD0a92xOUn42rrXq841ZkVu89fR6j9wBn8NAKLWH6eUjZkVMNmLRzh PKg+HFNkMjk=dS3G -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor. Bugs fixed (https://bugzilla.redhat.com/): 1823765 - nfd-workers crash under an ipv6 environment 1838802 - mysql8 connector from operatorhub does not work with metering operator 1838845 - Metering operator can't connect to postgres DB from Operator Hub 1841883 - namespace-persistentvolumeclaim-usage query returns unexpected values 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1868294 - NFD operator does not allow customisation of nfd-worker.conf 1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration 1890672 - NFD is missing a build flag to build correctly 1890741 - path to the CA trust bundle ConfigMap is broken in report operator 1897346 - NFD worker pods not scheduler on a 3 node master/worker cluster 1898373 - Metering operator failing upgrade from 4.4 to 4.6 channel 1900125 - FIPS error while generating RSA private key for CA 1906129 - OCP 4.7: Node Feature Discovery (NFD) Operator in CrashLoopBackOff when deployed from OperatorHub 1908492 - OCP 4.7: Node Feature Discovery (NFD) Operator Custom Resource Definition file in olm-catalog is not in sync with the one in manifests dir leading to failed deployment from OperatorHub 1913837 - The CI and ART 4.7 metering images are not mirrored 1914869 - OCP 4.7 NFD - Operand configuration options for NodeFeatureDiscovery are empty, no supported image for ppc64le 1916010 - olm skip range is set to the wrong range 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923998 - NFD Operator is failing to update and remains in Replacing state 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4627-1 security@debian.org https://www.debian.org/security/ Alberto Garcia February 17, 2020 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : webkit2gtk CVE ID : CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 The following vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2020-3862 Srikanth Gatta discovered that a malicious website may be able to cause a denial of service. CVE-2020-3867 An anonymous researcher discovered that processing maliciously crafted web content may lead to universal cross site scripting. For the stable distribution (buster), these problems have been fixed in version 2.26.4-1~deb10u1. We recommend that you upgrade your webkit2gtk packages. For the detailed security status of webkit2gtk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/webkit2gtk Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl5K+WoACgkQEMKTtsN8 TjbGnQ/7BirfUXyMQ9++MbcuusVvlTEl4ka9pCSb9/+H5YYrNM73gBMdATwVR0ka jSOi2DQZwalJPSEBEy4tg8EmLHVY2qWbJ9gqYjaj6xmz3o2ZPTHlTiEMHdLf2SMp 6EbTo3E8NVHJhSSk+/wthB0ajV2/1it6yUFzPZo50PmbJb4Eh7q9iurO2Hdkd+L9 UXDOFsbYBbaCg7F+08ax1tE73Xa0B61YzJISqWFdLsn3R1a1OoasV1zeK9Gj4AYw sfl8Le5un8zYCKx0sjR6DhZPh998rebOi9RHPiwHQnvRob2gPMFBRGiKiBROGIz3 RAeZ1dMg1vKKV87TpPWpsXHRkXo9wfD+gGULHbriqwdW8YFHGGqB6uZL90IxMDIl EjB9vpVRbDyofkSLg4KOnifYTVntq7nlu62c5s5AooH44TxmLSppcty/fNsKd9Dn r1r8x72OFWRNQT/2dAbcMOYUXXvldNxOriuj4EthPHkL0UDnYbnu2P5rdPMFi4W7 mYIS7qOLPgc6DJ6hfBFIFV84x/jVVorPUdHDH+1yIhHbpGPPGXJlHtkh8eCSOmue zZDmNTRLNwroAkPiGJvPWyfR8VbeX0ok5hWVrjV1zyeIgrFyS6+gGdQt370hbK6g dV+ADko8mhB8cekjVmAW9FT2BZH4Lu/gyoB72LvKGPqC9O93R8k=nQjm -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202003-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WebkitGTK+: Multiple vulnerabilities Date: March 15, 2020 Bugs: #699156, #706374, #709612 ID: 202003-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to arbitrary code execution. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.26.4 >= 2.26.4 Description =========== Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details. Impact ====== A remote attacker could execute arbitrary code, cause a Denial of Service condition, bypass intended memory-read restrictions, conduct a timing side-channel attack to bypass the Same Origin Policy or obtain sensitive information. Workaround ========== There is no known workaround at this time. Resolution ========== All WebkitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.26.4" References ========== [ 1 ] CVE-2019-8625 https://nvd.nist.gov/vuln/detail/CVE-2019-8625 [ 2 ] CVE-2019-8674 https://nvd.nist.gov/vuln/detail/CVE-2019-8674 [ 3 ] CVE-2019-8707 https://nvd.nist.gov/vuln/detail/CVE-2019-8707 [ 4 ] CVE-2019-8710 https://nvd.nist.gov/vuln/detail/CVE-2019-8710 [ 5 ] CVE-2019-8719 https://nvd.nist.gov/vuln/detail/CVE-2019-8719 [ 6 ] CVE-2019-8720 https://nvd.nist.gov/vuln/detail/CVE-2019-8720 [ 7 ] CVE-2019-8726 https://nvd.nist.gov/vuln/detail/CVE-2019-8726 [ 8 ] CVE-2019-8733 https://nvd.nist.gov/vuln/detail/CVE-2019-8733 [ 9 ] CVE-2019-8735 https://nvd.nist.gov/vuln/detail/CVE-2019-8735 [ 10 ] CVE-2019-8743 https://nvd.nist.gov/vuln/detail/CVE-2019-8743 [ 11 ] CVE-2019-8763 https://nvd.nist.gov/vuln/detail/CVE-2019-8763 [ 12 ] CVE-2019-8764 https://nvd.nist.gov/vuln/detail/CVE-2019-8764 [ 13 ] CVE-2019-8765 https://nvd.nist.gov/vuln/detail/CVE-2019-8765 [ 14 ] CVE-2019-8766 https://nvd.nist.gov/vuln/detail/CVE-2019-8766 [ 15 ] CVE-2019-8768 https://nvd.nist.gov/vuln/detail/CVE-2019-8768 [ 16 ] CVE-2019-8769 https://nvd.nist.gov/vuln/detail/CVE-2019-8769 [ 17 ] CVE-2019-8771 https://nvd.nist.gov/vuln/detail/CVE-2019-8771 [ 18 ] CVE-2019-8782 https://nvd.nist.gov/vuln/detail/CVE-2019-8782 [ 19 ] CVE-2019-8783 https://nvd.nist.gov/vuln/detail/CVE-2019-8783 [ 20 ] CVE-2019-8808 https://nvd.nist.gov/vuln/detail/CVE-2019-8808 [ 21 ] CVE-2019-8811 https://nvd.nist.gov/vuln/detail/CVE-2019-8811 [ 22 ] CVE-2019-8812 https://nvd.nist.gov/vuln/detail/CVE-2019-8812 [ 23 ] CVE-2019-8813 https://nvd.nist.gov/vuln/detail/CVE-2019-8813 [ 24 ] CVE-2019-8814 https://nvd.nist.gov/vuln/detail/CVE-2019-8814 [ 25 ] CVE-2019-8815 https://nvd.nist.gov/vuln/detail/CVE-2019-8815 [ 26 ] CVE-2019-8816 https://nvd.nist.gov/vuln/detail/CVE-2019-8816 [ 27 ] CVE-2019-8819 https://nvd.nist.gov/vuln/detail/CVE-2019-8819 [ 28 ] CVE-2019-8820 https://nvd.nist.gov/vuln/detail/CVE-2019-8820 [ 29 ] CVE-2019-8821 https://nvd.nist.gov/vuln/detail/CVE-2019-8821 [ 30 ] CVE-2019-8822 https://nvd.nist.gov/vuln/detail/CVE-2019-8822 [ 31 ] CVE-2019-8823 https://nvd.nist.gov/vuln/detail/CVE-2019-8823 [ 32 ] CVE-2019-8835 https://nvd.nist.gov/vuln/detail/CVE-2019-8835 [ 33 ] CVE-2019-8844 https://nvd.nist.gov/vuln/detail/CVE-2019-8844 [ 34 ] CVE-2019-8846 https://nvd.nist.gov/vuln/detail/CVE-2019-8846 [ 35 ] CVE-2020-3862 https://nvd.nist.gov/vuln/detail/CVE-2020-3862 [ 36 ] CVE-2020-3864 https://nvd.nist.gov/vuln/detail/CVE-2020-3864 [ 37 ] CVE-2020-3865 https://nvd.nist.gov/vuln/detail/CVE-2020-3865 [ 38 ] CVE-2020-3867 https://nvd.nist.gov/vuln/detail/CVE-2020-3867 [ 39 ] CVE-2020-3868 https://nvd.nist.gov/vuln/detail/CVE-2020-3868 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202003-22 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

access control error

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2025-08-12T21:00:37.907000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE