ID

VAR-202103-0920

CVE

CVE-2021-27363

TITLE

Ubuntu Security Notice USN-4887-1

DESCRIPTION

An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. 7.3) - x86_64 3. Bug Fix(es): * Enable CI and changelog for GitLab workflow (BZ#1930933) 4. Bug Fix(es): * Documentation is referencing deprecated API for Service Export - Submariner (BZ#1936528) * Importing of cluster fails due to error/typo in generated command (BZ#1936642) * RHACM 2.2.2 images (BZ#1938215) * 2.2 clusterlifecycle fails to allow provision `fips: true` clusters on aws, vsphere (BZ#1941778) 3. Bugs fixed (https://bugzilla.redhat.com/): 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension 1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag 1914238 - CVE-2020-29529 go-slug: partial protection against zip slip attacks 1928937 - CVE-2021-23337 nodejs-lodash: command injection via template 1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions 1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash() 1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate 1936528 - Documentation is referencing deprecated API for Service Export - Submariner 1936642 - Importing of cluster fails due to error/typo in generated command 1938215 - RHACM 2.2.2 images 1941778 - 2.2 clusterlifecycle fails to allow provision `fips: true` clusters on aws, vsphere 1942178 - CVE-2021-21321 fastify-reply-from: crafted URL allows prefix scape of the proxied backend service 1942182 - CVE-2021-21322 fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2021:1272-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1272 Issue date: 2021-04-20 CVE Names: CVE-2021-3347 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder EUS (v. 8.2) - aarch64, ppc64le, x86_64 Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64 3. Security Fix(es): * kernel: Use after free via PI futex state (CVE-2021-3347) * kernel: out-of-bounds read in libiscsi module (CVE-2021-27364) * kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365) * kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * System Crash / Core dump while deleting VMs (BZ#1897687) * various patches to stabilize the OPAL error log processing and the powernv dump processing (ESS) (BZ#1907302) * Unable to receive the signal registered using mq_notify(). (BZ#1926111) * SCTP "Address already in use" when no active endpoints from RHEL 8.2 onwards (BZ#1927522) * enable CONFIG_RANDOM_TRUST_CPU (BZ#1928027) * [mm] mm, oom: remove oom_lock from oom_reaper (BZ#1929739) * Configuring the system with non-RT kernel will hang the system (BZ#1930737) * fNIC driver needs a patch fix that addresses crash (BZ#1932460) * OVS mistakenly using local IP as tun_dst for VXLAN packets (?) (BZ#1944670) Enhancement(s): * mlx5: Hairpin Support in Switch Mode (BZ#1924690) * Trace mode enablement in IMC to facilitate perf-kvm support (perf:) (BZ#1929696) * ice: Enable Flow Director Support (BZ#1930780) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1922249 - CVE-2021-3347 kernel: Use after free via PI futex state 1930078 - CVE-2021-27365 kernel: heap buffer overflow in the iSCSI subsystem 1930079 - CVE-2021-27363 kernel: iscsi: unrestricted access to sessions and handles 1930080 - CVE-2021-27364 kernel: out-of-bounds read in libiscsi module 6. Package List: Red Hat Enterprise Linux BaseOS EUS (v. 8.2): Source: kernel-4.18.0-193.51.1.el8_2.src.rpm aarch64: bpftool-4.18.0-193.51.1.el8_2.aarch64.rpm bpftool-debuginfo-4.18.0-193.51.1.el8_2.aarch64.rpm kernel-4.18.0-193.51.1.el8_2.aarch64.rpm kernel-core-4.18.0-193.51.1.el8_2.aarch64.rpm kernel-cross-headers-4.18.0-193.51.1.el8_2.aarch64.rpm kernel-debug-4.18.0-193.51.1.el8_2.aarch64.rpm kernel-debug-core-4.18.0-193.51.1.el8_2.aarch64.rpm kernel-debug-debuginfo-4.18.0-193.51.1.el8_2.aarch64.rpm kernel-debug-devel-4.18.0-193.51.1.el8_2.aarch64.rpm kernel-debug-modules-4.18.0-193.51.1.el8_2.aarch64.rpm kernel-debug-modules-extra-4.18.0-193.51.1.el8_2.aarch64.rpm kernel-debuginfo-4.18.0-193.51.1.el8_2.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-193.51.1.el8_2.aarch64.rpm kernel-devel-4.18.0-193.51.1.el8_2.aarch64.rpm kernel-headers-4.18.0-193.51.1.el8_2.aarch64.rpm kernel-modules-4.18.0-193.51.1.el8_2.aarch64.rpm kernel-modules-extra-4.18.0-193.51.1.el8_2.aarch64.rpm kernel-tools-4.18.0-193.51.1.el8_2.aarch64.rpm kernel-tools-debuginfo-4.18.0-193.51.1.el8_2.aarch64.rpm kernel-tools-libs-4.18.0-193.51.1.el8_2.aarch64.rpm perf-4.18.0-193.51.1.el8_2.aarch64.rpm perf-debuginfo-4.18.0-193.51.1.el8_2.aarch64.rpm python3-perf-4.18.0-193.51.1.el8_2.aarch64.rpm python3-perf-debuginfo-4.18.0-193.51.1.el8_2.aarch64.rpm noarch: kernel-abi-whitelists-4.18.0-193.51.1.el8_2.noarch.rpm kernel-doc-4.18.0-193.51.1.el8_2.noarch.rpm ppc64le: bpftool-4.18.0-193.51.1.el8_2.ppc64le.rpm bpftool-debuginfo-4.18.0-193.51.1.el8_2.ppc64le.rpm kernel-4.18.0-193.51.1.el8_2.ppc64le.rpm kernel-core-4.18.0-193.51.1.el8_2.ppc64le.rpm kernel-cross-headers-4.18.0-193.51.1.el8_2.ppc64le.rpm kernel-debug-4.18.0-193.51.1.el8_2.ppc64le.rpm kernel-debug-core-4.18.0-193.51.1.el8_2.ppc64le.rpm kernel-debug-debuginfo-4.18.0-193.51.1.el8_2.ppc64le.rpm kernel-debug-devel-4.18.0-193.51.1.el8_2.ppc64le.rpm kernel-debug-modules-4.18.0-193.51.1.el8_2.ppc64le.rpm kernel-debug-modules-extra-4.18.0-193.51.1.el8_2.ppc64le.rpm kernel-debuginfo-4.18.0-193.51.1.el8_2.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-193.51.1.el8_2.ppc64le.rpm kernel-devel-4.18.0-193.51.1.el8_2.ppc64le.rpm kernel-headers-4.18.0-193.51.1.el8_2.ppc64le.rpm kernel-modules-4.18.0-193.51.1.el8_2.ppc64le.rpm kernel-modules-extra-4.18.0-193.51.1.el8_2.ppc64le.rpm kernel-tools-4.18.0-193.51.1.el8_2.ppc64le.rpm kernel-tools-debuginfo-4.18.0-193.51.1.el8_2.ppc64le.rpm kernel-tools-libs-4.18.0-193.51.1.el8_2.ppc64le.rpm perf-4.18.0-193.51.1.el8_2.ppc64le.rpm perf-debuginfo-4.18.0-193.51.1.el8_2.ppc64le.rpm python3-perf-4.18.0-193.51.1.el8_2.ppc64le.rpm python3-perf-debuginfo-4.18.0-193.51.1.el8_2.ppc64le.rpm s390x: bpftool-4.18.0-193.51.1.el8_2.s390x.rpm bpftool-debuginfo-4.18.0-193.51.1.el8_2.s390x.rpm kernel-4.18.0-193.51.1.el8_2.s390x.rpm kernel-core-4.18.0-193.51.1.el8_2.s390x.rpm kernel-cross-headers-4.18.0-193.51.1.el8_2.s390x.rpm kernel-debug-4.18.0-193.51.1.el8_2.s390x.rpm kernel-debug-core-4.18.0-193.51.1.el8_2.s390x.rpm kernel-debug-debuginfo-4.18.0-193.51.1.el8_2.s390x.rpm kernel-debug-devel-4.18.0-193.51.1.el8_2.s390x.rpm kernel-debug-modules-4.18.0-193.51.1.el8_2.s390x.rpm kernel-debug-modules-extra-4.18.0-193.51.1.el8_2.s390x.rpm kernel-debuginfo-4.18.0-193.51.1.el8_2.s390x.rpm kernel-debuginfo-common-s390x-4.18.0-193.51.1.el8_2.s390x.rpm kernel-devel-4.18.0-193.51.1.el8_2.s390x.rpm kernel-headers-4.18.0-193.51.1.el8_2.s390x.rpm kernel-modules-4.18.0-193.51.1.el8_2.s390x.rpm kernel-modules-extra-4.18.0-193.51.1.el8_2.s390x.rpm kernel-tools-4.18.0-193.51.1.el8_2.s390x.rpm kernel-tools-debuginfo-4.18.0-193.51.1.el8_2.s390x.rpm kernel-zfcpdump-4.18.0-193.51.1.el8_2.s390x.rpm kernel-zfcpdump-core-4.18.0-193.51.1.el8_2.s390x.rpm kernel-zfcpdump-debuginfo-4.18.0-193.51.1.el8_2.s390x.rpm kernel-zfcpdump-devel-4.18.0-193.51.1.el8_2.s390x.rpm kernel-zfcpdump-modules-4.18.0-193.51.1.el8_2.s390x.rpm kernel-zfcpdump-modules-extra-4.18.0-193.51.1.el8_2.s390x.rpm perf-4.18.0-193.51.1.el8_2.s390x.rpm perf-debuginfo-4.18.0-193.51.1.el8_2.s390x.rpm python3-perf-4.18.0-193.51.1.el8_2.s390x.rpm python3-perf-debuginfo-4.18.0-193.51.1.el8_2.s390x.rpm x86_64: bpftool-4.18.0-193.51.1.el8_2.x86_64.rpm bpftool-debuginfo-4.18.0-193.51.1.el8_2.x86_64.rpm kernel-4.18.0-193.51.1.el8_2.x86_64.rpm kernel-core-4.18.0-193.51.1.el8_2.x86_64.rpm kernel-cross-headers-4.18.0-193.51.1.el8_2.x86_64.rpm kernel-debug-4.18.0-193.51.1.el8_2.x86_64.rpm kernel-debug-core-4.18.0-193.51.1.el8_2.x86_64.rpm kernel-debug-debuginfo-4.18.0-193.51.1.el8_2.x86_64.rpm kernel-debug-devel-4.18.0-193.51.1.el8_2.x86_64.rpm kernel-debug-modules-4.18.0-193.51.1.el8_2.x86_64.rpm kernel-debug-modules-extra-4.18.0-193.51.1.el8_2.x86_64.rpm kernel-debuginfo-4.18.0-193.51.1.el8_2.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-193.51.1.el8_2.x86_64.rpm kernel-devel-4.18.0-193.51.1.el8_2.x86_64.rpm kernel-headers-4.18.0-193.51.1.el8_2.x86_64.rpm kernel-modules-4.18.0-193.51.1.el8_2.x86_64.rpm kernel-modules-extra-4.18.0-193.51.1.el8_2.x86_64.rpm kernel-tools-4.18.0-193.51.1.el8_2.x86_64.rpm kernel-tools-debuginfo-4.18.0-193.51.1.el8_2.x86_64.rpm kernel-tools-libs-4.18.0-193.51.1.el8_2.x86_64.rpm perf-4.18.0-193.51.1.el8_2.x86_64.rpm perf-debuginfo-4.18.0-193.51.1.el8_2.x86_64.rpm python3-perf-4.18.0-193.51.1.el8_2.x86_64.rpm python3-perf-debuginfo-4.18.0-193.51.1.el8_2.x86_64.rpm Red Hat CodeReady Linux Builder EUS (v. 8.2): aarch64: bpftool-debuginfo-4.18.0-193.51.1.el8_2.aarch64.rpm kernel-debug-debuginfo-4.18.0-193.51.1.el8_2.aarch64.rpm kernel-debuginfo-4.18.0-193.51.1.el8_2.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-193.51.1.el8_2.aarch64.rpm kernel-tools-debuginfo-4.18.0-193.51.1.el8_2.aarch64.rpm kernel-tools-libs-devel-4.18.0-193.51.1.el8_2.aarch64.rpm perf-debuginfo-4.18.0-193.51.1.el8_2.aarch64.rpm python3-perf-debuginfo-4.18.0-193.51.1.el8_2.aarch64.rpm ppc64le: bpftool-debuginfo-4.18.0-193.51.1.el8_2.ppc64le.rpm kernel-debug-debuginfo-4.18.0-193.51.1.el8_2.ppc64le.rpm kernel-debuginfo-4.18.0-193.51.1.el8_2.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-193.51.1.el8_2.ppc64le.rpm kernel-tools-debuginfo-4.18.0-193.51.1.el8_2.ppc64le.rpm kernel-tools-libs-devel-4.18.0-193.51.1.el8_2.ppc64le.rpm perf-debuginfo-4.18.0-193.51.1.el8_2.ppc64le.rpm python3-perf-debuginfo-4.18.0-193.51.1.el8_2.ppc64le.rpm x86_64: bpftool-debuginfo-4.18.0-193.51.1.el8_2.x86_64.rpm kernel-debug-debuginfo-4.18.0-193.51.1.el8_2.x86_64.rpm kernel-debuginfo-4.18.0-193.51.1.el8_2.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-193.51.1.el8_2.x86_64.rpm kernel-tools-debuginfo-4.18.0-193.51.1.el8_2.x86_64.rpm kernel-tools-libs-devel-4.18.0-193.51.1.el8_2.x86_64.rpm perf-debuginfo-4.18.0-193.51.1.el8_2.x86_64.rpm python3-perf-debuginfo-4.18.0-193.51.1.el8_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3347 https://access.redhat.com/security/cve/CVE-2021-27363 https://access.redhat.com/security/cve/CVE-2021-27364 https://access.redhat.com/security/cve/CVE-2021-27365 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYH7U19zjgjWX9erEAQg+fg/+JMZC3jCnmmsPYlffgIe96rR5+HJZ55ic dbaHM3i1X1kGIYxjWgX8L3b+cMYRpfxZpasXMmgvEn93ml7BiD2Bx7VpQ05Wdo2D zLlfh7G/P9IBe4Fk97sz0lYkp1rgdU8TxpCqO84X9mrBTKU3TU27bLWNJ8/DDPwW F6gkwiGIsNmiEpbRE2Y8uvULpH+7anKfWrSdw4rtDKJ2jQcI1PguEaCL/VrxtpGW UZ1Tlv3AemqKz9gsChPQFnDPW+cgPW2j9Nh42oJFxbmfzXRvEQ/7tupVmjlrAh+9 M5sL4P4OFnE6yV76R5i0ZJ2Tfw6SoOu1HUot2p8y1O+POoiX5H5lNTDejl6H82Gy O9ZQ58y3ZLniTtOPt7xdI36KZQm/Lr0tGLsEw7DDprRxYekPQ7cVpbgN6D5PvNOb EAuA4pF0JLObF4MwhY33UIQvfNH6WV2Wbq87LnypzDwmRUeYLWhg5orlF33kz8pR PBF/E/Z/vOJF7yuxROvFHDnNEPmps2wcJqdf1UdE0QD29F2biQ4MhCicCwiFwFGH wxFHdykdoZY9URt7TjvgOaaHuZKoyrzcJTpzqxijxJFVNEhqQEnHMyIEQSKTesz6 NsyeTS1R8S0sig608M/GoKj4ODenJAIo14ZLGa+sYsadBXlf+gyiCqM38eMMMsJe V5/znOSDjsI= =sqZK -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHBA-2021:1427 All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor 3. Solution: For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1887664 - CVE-2020-25649 jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) 1941768 - Reports that has specified a retention should not be requeued in the sync handler 1954163 - Placeholder bug for OCP 4.6.0 extras release 5. Linux kernel vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 20.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 ESM Summary Several security issues were fixed in the kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-27170) Piotr Krysiuk discovered that the BPF subsystem in the Linux kernel did not properly compute a speculative execution limit on pointer arithmetic in some situations. A local attacker could use this to expose sensitive information (kernel memory). A local attacker could use this to cause a denial of service (system crash). (CVE-2020-29372) It was discovered that the memory management subsystem in the Linux kernel did not properly handle copy-on-write operations in some situations. A local attacker could possibly use this to gain unintended write access to read-only memory pages. (CVE-2020-29374) De4dCr0w of 360 Alpha Lab discovered that the BPF verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker could use this to expose sensitive information (kernel memory) or possibly execute arbitrary code. (CVE-2021-3444) Adam Nichols discovered that the iSCSI subsystem in the Linux kernel did not properly restrict access to iSCSI transport handles. A local attacker could use this to cause a denial of service or expose sensitive information (kernel pointer addresses). A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-27365) Update instructions The problem can be corrected by updating your kernel livepatch to the following versions: Ubuntu 18.04 LTS aws - 75.2 generic - 75.2 gke - 75.2 gkeop - 75.2 lowlatency - 75.2 oem - 75.2 Ubuntu 20.04 LTS aws - 75.2 azure - 75.2 gcp - 75.2 generic - 75.2 gke - 75.2 gkeop - 75.2 lowlatency - 75.2 Ubuntu 16.04 LTS aws - 75.3 azure - 75.2 generic - 75.3 lowlatency - 75.3 Ubuntu 14.04 ESM generic - 75.3 lowlatency - 75.3 Support Information Kernels older than the levels listed below do not receive livepatch updates. If you are running a kernel version earlier than the one listed below, please upgrade your kernel as soon as possible. Ubuntu 18.04 LTS linux-aws - 4.15.0-1054 linux-gke-4.15 - 4.15.0-1076 linux-gke-5.4 - 5.4.0-1009 linux-gkeop-5.4 - 5.4.0-1007 linux-hwe-5.4 - 5.4.0-26 linux-oem - 4.15.0-1063 linux - 4.15.0-69 Ubuntu 20.04 LTS linux-aws - 5.4.0-1009 linux-azure - 5.4.0-1010 linux-gcp - 5.4.0-1009 linux-gke - 5.4.0-1033 linux-gkeop - 5.4.0-1009 linux-oem - 5.4.0-26 linux - 5.4.0-26 Ubuntu 16.04 LTS linux-aws - 4.4.0-1098 linux-azure - 4.15.0-1063 linux-hwe - 4.15.0-69 linux - 4.4.0-168 Ubuntu 14.04 ESM linux-lts-xenial - 4.4.0-168 References - CVE-2020-27170 - CVE-2020-27171 - CVE-2020-29372 - CVE-2020-29374 - CVE-2021-3444 - CVE-2021-27363 - CVE-2021-27364 - CVE-2021-27365 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce . Description: Red Hat Advanced Cluster Management for Kubernetes 2.1.6 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. Bug fixes: * RHACM 2.1.6 images (BZ#1940581) * When generating the import cluster string, it can include unescaped characters (BZ#1934184) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1929338 - CVE-2020-35149 mquery: Code injection via merge or clone operation 1934184 - When generating the import cluster string, it can include unescaped characters 1940581 - RHACM 2.1.6 images 5

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

overflow

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2025-11-23T23:16:21.553000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE