VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202001-1965 No CVE ZTE ZXR10 1800-2S router has arbitrary file reading vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
ZTE ZXR10 1800-2S router is a multi-service intelligent router produced by ZTE Corporation. The ZTE ZXR10 1800-2S router has an arbitrary file reading vulnerability. An attacker can use this vulnerability to access arbitrary files by sending a malicious request.
VAR-202002-0572 CVE-2020-1789 plural Huawei Product authentication vulnerabilities CVSS V2: 4.6
CVSS V3: 6.8
Severity: MEDIUM
Huawei OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X products with version 1.0.1.21(SP3) have an insufficient authentication vulnerability. The software does not require a strong credential when the user trying to do certain operations. Successful exploit could allow an attacker to pass the authentication and do certain operations by a weak credential. plural Huawei The product contains an authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. OSCA-550AX is a 55-inch smart screen launched by Huawei's glory brand. OSCA-550A is the first 55-inch terminal smart screen using Huawei Hongmeng operating system launched by Honor. The vulnerability stems from the system's failure to require users to provide authentication credentials that meet complexity requirements
VAR-202001-1742 CVE-2020-6960 plural MAXPRO VMS and NVR In SQL Injection vulnerabilities CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch contain an SQL injection vulnerability that could give an attacker remote unauthenticated access to the web user interface with administrator-level privileges. plural MAXPRO VMS and NVR To SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Honeywell Maxpro VMS & NVR is a Honeywell security solution. Multiple Honeywell products have SQL injection vulnerabilities that could be exploited by an attacker to gain unauthorized access to the Web user interface
VAR-202001-1741 CVE-2020-6959 MAXPRO VMS and NVR Product Unreliable Data Deserialization Vulnerability CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch are vulnerable to an unsafe deserialization of untrusted data. An attacker may be able to remotely modify deserialized data without authentication using a specially crafted web request, resulting in remote code execution. MAXPRO VMS and NVR The product contains a vulnerability in the deserialization of unreliable data.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Honeywell Maxpro VMS & NVR is a Honeywell security solution. Multiple Honeywell products have code problem vulnerabilities
VAR-202001-0554 CVE-2019-14907 samba  Vulnerable to out-of-bounds reading CVSS V2: 2.6
CVSS V3: 6.5
Severity: MEDIUM
All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless). samba Contains an out-of-bounds read vulnerability.Denial of service operation (DoS) May be in a state. Samba is a set of free software developed by the Samba team that enables the UNIX series of operating systems to connect with the SMB/CIFS network protocol of the Microsoft Windows operating system. The software supports sharing printers, transferring data files and so on. A buffer error vulnerability exists in Samba versions 4.9.x prior to 4.9.18, 4.10.x prior to 4.10.12, and 4.11.x prior to 4.11.5. An attacker could exploit this vulnerability by sending a specially crafted string to cause a long-lived process to terminate. ========================================================================== Ubuntu Security Notice USN-4244-1 January 21, 2020 samba vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.10 - Ubuntu 19.04 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Samba. Software Description: - samba: SMB/CIFS file, print, and login server for Unix Details: It was discovered that Samba did not automatically replicate ACLs set to inherit down a subtree on AD Directory, contrary to expectations. This issue was only addressed in Ubuntu 18.04 LTS, Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-14907) Christian Naumer discovered that Samba incorrectly handled DNS zone scavenging. This issue could possibly result in some incorrect data being written to the DB. This issue only applied to Ubuntu 19.04 and Ubuntu 19.10. (CVE-2019-19344) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10: samba 2:4.10.7+dfsg-0ubuntu2.4 Ubuntu 19.04: samba 2:4.10.0+dfsg-0ubuntu2.8 Ubuntu 18.04 LTS: samba 2:4.7.6+dfsg~ubuntu-0ubuntu2.15 Ubuntu 16.04 LTS: samba 2:4.3.11+dfsg-0ubuntu0.16.04.25 In general, a standard system update will make all the necessary changes. The Windows Explorer did not display the DFS redirects properly and instead of showing the redirects as directories, Samba displayed the redirects as files. With this fix, the Samba's vfs_glusterfs module has been fixed so that DFS redirects now work as expected. For details on migrating Samba/CTDB configuration files, refer to: https://access.redhat.com/solutions/4311261 5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202003-52 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Samba: Multiple vulnerabilities Date: March 25, 2020 Bugs: #664316, #672140, #686036, #693558, #702928, #706144 ID: 202003-52 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Samba, the worst of which could lead to remote code execution. Background ========== Samba is a suite of SMB and CIFS client/server programs. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-fs/samba < 4.11.6 *>= 4.9.18 *>= 4.10.13 *>= 4.11.6 Description =========== Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code, cause a Denial of Service condition, conduct a man-in-the-middle attack, or obtain sensitive information. Workaround ========== There is no known workaround at this time. Resolution ========== All Samba 4.9.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-fs/samba-4.9.18" All Samba 4.10.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-fs/samba-4.10.13" All Samba 4.11.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-fs/samba-4.11.6" References ========== [ 1 ] CVE-2018-10858 https://nvd.nist.gov/vuln/detail/CVE-2018-10858 [ 2 ] CVE-2018-10918 https://nvd.nist.gov/vuln/detail/CVE-2018-10918 [ 3 ] CVE-2018-10919 https://nvd.nist.gov/vuln/detail/CVE-2018-10919 [ 4 ] CVE-2018-1139 https://nvd.nist.gov/vuln/detail/CVE-2018-1139 [ 5 ] CVE-2018-1140 https://nvd.nist.gov/vuln/detail/CVE-2018-1140 [ 6 ] CVE-2018-14629 https://nvd.nist.gov/vuln/detail/CVE-2018-14629 [ 7 ] CVE-2018-16841 https://nvd.nist.gov/vuln/detail/CVE-2018-16841 [ 8 ] CVE-2018-16851 https://nvd.nist.gov/vuln/detail/CVE-2018-16851 [ 9 ] CVE-2018-16852 https://nvd.nist.gov/vuln/detail/CVE-2018-16852 [ 10 ] CVE-2018-16853 https://nvd.nist.gov/vuln/detail/CVE-2018-16853 [ 11 ] CVE-2018-16857 https://nvd.nist.gov/vuln/detail/CVE-2018-16857 [ 12 ] CVE-2018-16860 https://nvd.nist.gov/vuln/detail/CVE-2018-16860 [ 13 ] CVE-2019-10197 https://nvd.nist.gov/vuln/detail/CVE-2019-10197 [ 14 ] CVE-2019-14861 https://nvd.nist.gov/vuln/detail/CVE-2019-14861 [ 15 ] CVE-2019-14870 https://nvd.nist.gov/vuln/detail/CVE-2019-14870 [ 16 ] CVE-2019-14902 https://nvd.nist.gov/vuln/detail/CVE-2019-14902 [ 17 ] CVE-2019-14907 https://nvd.nist.gov/vuln/detail/CVE-2019-14907 [ 18 ] CVE-2019-19344 https://nvd.nist.gov/vuln/detail/CVE-2019-19344 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202003-52 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: samba security, bug fix, and enhancement update Advisory ID: RHSA-2020:3981-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:3981 Issue date: 2020-09-29 CVE Names: CVE-2019-14907 ==================================================================== 1. Summary: An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Resilient Storage (v. 7) - ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba (4.10.16). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the smb service will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1737888 - Libwbclient alternatives manual setting lost 1776333 - CLI tools printing "Unable to initialize messaging context" running as non root 1785121 - Rebase Samba to the the latest 4.10.x maintenance release 1791207 - CVE-2019-14907 samba: Crash after failed character conversion at log level 3 or above 1791823 - wbinfo -K doesn't work for users of trusted domains/forests 1801496 - Missing directories in ctdb package 1813017 - Can't get 'log events generated from smbclient' 1828354 - After adding "additional dns hostname" to smb.conf it does not generate /etc/krb5.keytab with the proper SPN. 1828924 - Fix 'require_membership_of' documentation in pam_winbind manpages 1831986 - unprivileged user should be able to read-only to gencache.tdb instead of permission denied 1836427 - net ads join use of netbios+realm breaks GSSAPI authentication 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: samba-4.10.16-5.el7.src.rpm noarch: samba-common-4.10.16-5.el7.noarch.rpm x86_64: libsmbclient-4.10.16-5.el7.i686.rpm libsmbclient-4.10.16-5.el7.x86_64.rpm libwbclient-4.10.16-5.el7.i686.rpm libwbclient-4.10.16-5.el7.x86_64.rpm samba-client-4.10.16-5.el7.x86_64.rpm samba-client-libs-4.10.16-5.el7.i686.rpm samba-client-libs-4.10.16-5.el7.x86_64.rpm samba-common-libs-4.10.16-5.el7.i686.rpm samba-common-libs-4.10.16-5.el7.x86_64.rpm samba-common-tools-4.10.16-5.el7.x86_64.rpm samba-debuginfo-4.10.16-5.el7.i686.rpm samba-debuginfo-4.10.16-5.el7.x86_64.rpm samba-krb5-printing-4.10.16-5.el7.x86_64.rpm samba-libs-4.10.16-5.el7.i686.rpm samba-libs-4.10.16-5.el7.x86_64.rpm samba-winbind-4.10.16-5.el7.x86_64.rpm samba-winbind-clients-4.10.16-5.el7.x86_64.rpm samba-winbind-modules-4.10.16-5.el7.i686.rpm samba-winbind-modules-4.10.16-5.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: samba-pidl-4.10.16-5.el7.noarch.rpm x86_64: libsmbclient-devel-4.10.16-5.el7.i686.rpm libsmbclient-devel-4.10.16-5.el7.x86_64.rpm libwbclient-devel-4.10.16-5.el7.i686.rpm libwbclient-devel-4.10.16-5.el7.x86_64.rpm samba-4.10.16-5.el7.x86_64.rpm samba-dc-4.10.16-5.el7.x86_64.rpm samba-dc-libs-4.10.16-5.el7.x86_64.rpm samba-debuginfo-4.10.16-5.el7.i686.rpm samba-debuginfo-4.10.16-5.el7.x86_64.rpm samba-devel-4.10.16-5.el7.i686.rpm samba-devel-4.10.16-5.el7.x86_64.rpm samba-python-4.10.16-5.el7.i686.rpm samba-python-4.10.16-5.el7.x86_64.rpm samba-python-test-4.10.16-5.el7.x86_64.rpm samba-test-4.10.16-5.el7.x86_64.rpm samba-test-libs-4.10.16-5.el7.i686.rpm samba-test-libs-4.10.16-5.el7.x86_64.rpm samba-vfs-glusterfs-4.10.16-5.el7.x86_64.rpm samba-winbind-krb5-locator-4.10.16-5.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: samba-4.10.16-5.el7.src.rpm noarch: samba-common-4.10.16-5.el7.noarch.rpm x86_64: libsmbclient-4.10.16-5.el7.i686.rpm libsmbclient-4.10.16-5.el7.x86_64.rpm libwbclient-4.10.16-5.el7.i686.rpm libwbclient-4.10.16-5.el7.x86_64.rpm samba-client-4.10.16-5.el7.x86_64.rpm samba-client-libs-4.10.16-5.el7.i686.rpm samba-client-libs-4.10.16-5.el7.x86_64.rpm samba-common-libs-4.10.16-5.el7.i686.rpm samba-common-libs-4.10.16-5.el7.x86_64.rpm samba-common-tools-4.10.16-5.el7.x86_64.rpm samba-debuginfo-4.10.16-5.el7.i686.rpm samba-debuginfo-4.10.16-5.el7.x86_64.rpm samba-libs-4.10.16-5.el7.i686.rpm samba-libs-4.10.16-5.el7.x86_64.rpm samba-winbind-4.10.16-5.el7.x86_64.rpm samba-winbind-clients-4.10.16-5.el7.x86_64.rpm samba-winbind-modules-4.10.16-5.el7.i686.rpm samba-winbind-modules-4.10.16-5.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: samba-pidl-4.10.16-5.el7.noarch.rpm x86_64: libsmbclient-devel-4.10.16-5.el7.i686.rpm libsmbclient-devel-4.10.16-5.el7.x86_64.rpm libwbclient-devel-4.10.16-5.el7.i686.rpm libwbclient-devel-4.10.16-5.el7.x86_64.rpm samba-4.10.16-5.el7.x86_64.rpm samba-dc-4.10.16-5.el7.x86_64.rpm samba-dc-libs-4.10.16-5.el7.x86_64.rpm samba-debuginfo-4.10.16-5.el7.i686.rpm samba-debuginfo-4.10.16-5.el7.x86_64.rpm samba-devel-4.10.16-5.el7.i686.rpm samba-devel-4.10.16-5.el7.x86_64.rpm samba-krb5-printing-4.10.16-5.el7.x86_64.rpm samba-python-4.10.16-5.el7.i686.rpm samba-python-4.10.16-5.el7.x86_64.rpm samba-python-test-4.10.16-5.el7.x86_64.rpm samba-test-4.10.16-5.el7.x86_64.rpm samba-test-libs-4.10.16-5.el7.i686.rpm samba-test-libs-4.10.16-5.el7.x86_64.rpm samba-vfs-glusterfs-4.10.16-5.el7.x86_64.rpm samba-winbind-krb5-locator-4.10.16-5.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: samba-4.10.16-5.el7.src.rpm noarch: samba-common-4.10.16-5.el7.noarch.rpm ppc64: libsmbclient-4.10.16-5.el7.ppc.rpm libsmbclient-4.10.16-5.el7.ppc64.rpm libwbclient-4.10.16-5.el7.ppc.rpm libwbclient-4.10.16-5.el7.ppc64.rpm samba-4.10.16-5.el7.ppc64.rpm samba-client-4.10.16-5.el7.ppc64.rpm samba-client-libs-4.10.16-5.el7.ppc.rpm samba-client-libs-4.10.16-5.el7.ppc64.rpm samba-common-libs-4.10.16-5.el7.ppc.rpm samba-common-libs-4.10.16-5.el7.ppc64.rpm samba-common-tools-4.10.16-5.el7.ppc64.rpm samba-debuginfo-4.10.16-5.el7.ppc.rpm samba-debuginfo-4.10.16-5.el7.ppc64.rpm samba-krb5-printing-4.10.16-5.el7.ppc64.rpm samba-libs-4.10.16-5.el7.ppc.rpm samba-libs-4.10.16-5.el7.ppc64.rpm samba-winbind-4.10.16-5.el7.ppc64.rpm samba-winbind-clients-4.10.16-5.el7.ppc64.rpm samba-winbind-modules-4.10.16-5.el7.ppc.rpm samba-winbind-modules-4.10.16-5.el7.ppc64.rpm ppc64le: libsmbclient-4.10.16-5.el7.ppc64le.rpm libwbclient-4.10.16-5.el7.ppc64le.rpm samba-4.10.16-5.el7.ppc64le.rpm samba-client-4.10.16-5.el7.ppc64le.rpm samba-client-libs-4.10.16-5.el7.ppc64le.rpm samba-common-libs-4.10.16-5.el7.ppc64le.rpm samba-common-tools-4.10.16-5.el7.ppc64le.rpm samba-debuginfo-4.10.16-5.el7.ppc64le.rpm samba-krb5-printing-4.10.16-5.el7.ppc64le.rpm samba-libs-4.10.16-5.el7.ppc64le.rpm samba-winbind-4.10.16-5.el7.ppc64le.rpm samba-winbind-clients-4.10.16-5.el7.ppc64le.rpm samba-winbind-modules-4.10.16-5.el7.ppc64le.rpm s390x: libsmbclient-4.10.16-5.el7.s390.rpm libsmbclient-4.10.16-5.el7.s390x.rpm libwbclient-4.10.16-5.el7.s390.rpm libwbclient-4.10.16-5.el7.s390x.rpm samba-4.10.16-5.el7.s390x.rpm samba-client-4.10.16-5.el7.s390x.rpm samba-client-libs-4.10.16-5.el7.s390.rpm samba-client-libs-4.10.16-5.el7.s390x.rpm samba-common-libs-4.10.16-5.el7.s390.rpm samba-common-libs-4.10.16-5.el7.s390x.rpm samba-common-tools-4.10.16-5.el7.s390x.rpm samba-debuginfo-4.10.16-5.el7.s390.rpm samba-debuginfo-4.10.16-5.el7.s390x.rpm samba-krb5-printing-4.10.16-5.el7.s390x.rpm samba-libs-4.10.16-5.el7.s390.rpm samba-libs-4.10.16-5.el7.s390x.rpm samba-winbind-4.10.16-5.el7.s390x.rpm samba-winbind-clients-4.10.16-5.el7.s390x.rpm samba-winbind-modules-4.10.16-5.el7.s390.rpm samba-winbind-modules-4.10.16-5.el7.s390x.rpm x86_64: libsmbclient-4.10.16-5.el7.i686.rpm libsmbclient-4.10.16-5.el7.x86_64.rpm libwbclient-4.10.16-5.el7.i686.rpm libwbclient-4.10.16-5.el7.x86_64.rpm samba-4.10.16-5.el7.x86_64.rpm samba-client-4.10.16-5.el7.x86_64.rpm samba-client-libs-4.10.16-5.el7.i686.rpm samba-client-libs-4.10.16-5.el7.x86_64.rpm samba-common-libs-4.10.16-5.el7.i686.rpm samba-common-libs-4.10.16-5.el7.x86_64.rpm samba-common-tools-4.10.16-5.el7.x86_64.rpm samba-debuginfo-4.10.16-5.el7.i686.rpm samba-debuginfo-4.10.16-5.el7.x86_64.rpm samba-krb5-printing-4.10.16-5.el7.x86_64.rpm samba-libs-4.10.16-5.el7.i686.rpm samba-libs-4.10.16-5.el7.x86_64.rpm samba-python-4.10.16-5.el7.i686.rpm samba-python-4.10.16-5.el7.x86_64.rpm samba-winbind-4.10.16-5.el7.x86_64.rpm samba-winbind-clients-4.10.16-5.el7.x86_64.rpm samba-winbind-modules-4.10.16-5.el7.i686.rpm samba-winbind-modules-4.10.16-5.el7.x86_64.rpm Red Hat Enterprise Linux Server Resilient Storage (v. 7): ppc64le: ctdb-4.10.16-5.el7.ppc64le.rpm ctdb-tests-4.10.16-5.el7.ppc64le.rpm samba-debuginfo-4.10.16-5.el7.ppc64le.rpm s390x: ctdb-4.10.16-5.el7.s390x.rpm ctdb-tests-4.10.16-5.el7.s390x.rpm samba-debuginfo-4.10.16-5.el7.s390x.rpm x86_64: ctdb-4.10.16-5.el7.x86_64.rpm ctdb-tests-4.10.16-5.el7.x86_64.rpm samba-debuginfo-4.10.16-5.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: samba-pidl-4.10.16-5.el7.noarch.rpm ppc64: libsmbclient-devel-4.10.16-5.el7.ppc.rpm libsmbclient-devel-4.10.16-5.el7.ppc64.rpm libwbclient-devel-4.10.16-5.el7.ppc.rpm libwbclient-devel-4.10.16-5.el7.ppc64.rpm samba-dc-4.10.16-5.el7.ppc64.rpm samba-dc-libs-4.10.16-5.el7.ppc64.rpm samba-debuginfo-4.10.16-5.el7.ppc.rpm samba-debuginfo-4.10.16-5.el7.ppc64.rpm samba-devel-4.10.16-5.el7.ppc.rpm samba-devel-4.10.16-5.el7.ppc64.rpm samba-python-4.10.16-5.el7.ppc.rpm samba-python-4.10.16-5.el7.ppc64.rpm samba-python-test-4.10.16-5.el7.ppc64.rpm samba-test-4.10.16-5.el7.ppc64.rpm samba-test-libs-4.10.16-5.el7.ppc.rpm samba-test-libs-4.10.16-5.el7.ppc64.rpm samba-winbind-krb5-locator-4.10.16-5.el7.ppc64.rpm ppc64le: libsmbclient-devel-4.10.16-5.el7.ppc64le.rpm libwbclient-devel-4.10.16-5.el7.ppc64le.rpm samba-dc-4.10.16-5.el7.ppc64le.rpm samba-dc-libs-4.10.16-5.el7.ppc64le.rpm samba-debuginfo-4.10.16-5.el7.ppc64le.rpm samba-devel-4.10.16-5.el7.ppc64le.rpm samba-python-4.10.16-5.el7.ppc64le.rpm samba-python-test-4.10.16-5.el7.ppc64le.rpm samba-test-4.10.16-5.el7.ppc64le.rpm samba-test-libs-4.10.16-5.el7.ppc64le.rpm samba-winbind-krb5-locator-4.10.16-5.el7.ppc64le.rpm s390x: libsmbclient-devel-4.10.16-5.el7.s390.rpm libsmbclient-devel-4.10.16-5.el7.s390x.rpm libwbclient-devel-4.10.16-5.el7.s390.rpm libwbclient-devel-4.10.16-5.el7.s390x.rpm samba-dc-4.10.16-5.el7.s390x.rpm samba-dc-libs-4.10.16-5.el7.s390x.rpm samba-debuginfo-4.10.16-5.el7.s390.rpm samba-debuginfo-4.10.16-5.el7.s390x.rpm samba-devel-4.10.16-5.el7.s390.rpm samba-devel-4.10.16-5.el7.s390x.rpm samba-python-4.10.16-5.el7.s390.rpm samba-python-4.10.16-5.el7.s390x.rpm samba-python-test-4.10.16-5.el7.s390x.rpm samba-test-4.10.16-5.el7.s390x.rpm samba-test-libs-4.10.16-5.el7.s390.rpm samba-test-libs-4.10.16-5.el7.s390x.rpm samba-winbind-krb5-locator-4.10.16-5.el7.s390x.rpm x86_64: libsmbclient-devel-4.10.16-5.el7.i686.rpm libsmbclient-devel-4.10.16-5.el7.x86_64.rpm libwbclient-devel-4.10.16-5.el7.i686.rpm libwbclient-devel-4.10.16-5.el7.x86_64.rpm samba-dc-4.10.16-5.el7.x86_64.rpm samba-dc-libs-4.10.16-5.el7.x86_64.rpm samba-debuginfo-4.10.16-5.el7.i686.rpm samba-debuginfo-4.10.16-5.el7.x86_64.rpm samba-devel-4.10.16-5.el7.i686.rpm samba-devel-4.10.16-5.el7.x86_64.rpm samba-python-test-4.10.16-5.el7.x86_64.rpm samba-test-4.10.16-5.el7.x86_64.rpm samba-test-libs-4.10.16-5.el7.i686.rpm samba-test-libs-4.10.16-5.el7.x86_64.rpm samba-vfs-glusterfs-4.10.16-5.el7.x86_64.rpm samba-winbind-krb5-locator-4.10.16-5.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: samba-4.10.16-5.el7.src.rpm noarch: samba-common-4.10.16-5.el7.noarch.rpm x86_64: libsmbclient-4.10.16-5.el7.i686.rpm libsmbclient-4.10.16-5.el7.x86_64.rpm libwbclient-4.10.16-5.el7.i686.rpm libwbclient-4.10.16-5.el7.x86_64.rpm samba-4.10.16-5.el7.x86_64.rpm samba-client-4.10.16-5.el7.x86_64.rpm samba-client-libs-4.10.16-5.el7.i686.rpm samba-client-libs-4.10.16-5.el7.x86_64.rpm samba-common-libs-4.10.16-5.el7.i686.rpm samba-common-libs-4.10.16-5.el7.x86_64.rpm samba-common-tools-4.10.16-5.el7.x86_64.rpm samba-debuginfo-4.10.16-5.el7.i686.rpm samba-debuginfo-4.10.16-5.el7.x86_64.rpm samba-krb5-printing-4.10.16-5.el7.x86_64.rpm samba-libs-4.10.16-5.el7.i686.rpm samba-libs-4.10.16-5.el7.x86_64.rpm samba-python-4.10.16-5.el7.i686.rpm samba-python-4.10.16-5.el7.x86_64.rpm samba-winbind-4.10.16-5.el7.x86_64.rpm samba-winbind-clients-4.10.16-5.el7.x86_64.rpm samba-winbind-modules-4.10.16-5.el7.i686.rpm samba-winbind-modules-4.10.16-5.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: samba-pidl-4.10.16-5.el7.noarch.rpm x86_64: libsmbclient-devel-4.10.16-5.el7.i686.rpm libsmbclient-devel-4.10.16-5.el7.x86_64.rpm libwbclient-devel-4.10.16-5.el7.i686.rpm libwbclient-devel-4.10.16-5.el7.x86_64.rpm samba-dc-4.10.16-5.el7.x86_64.rpm samba-dc-libs-4.10.16-5.el7.x86_64.rpm samba-debuginfo-4.10.16-5.el7.i686.rpm samba-debuginfo-4.10.16-5.el7.x86_64.rpm samba-devel-4.10.16-5.el7.i686.rpm samba-devel-4.10.16-5.el7.x86_64.rpm samba-python-test-4.10.16-5.el7.x86_64.rpm samba-test-4.10.16-5.el7.x86_64.rpm samba-test-libs-4.10.16-5.el7.i686.rpm samba-test-libs-4.10.16-5.el7.x86_64.rpm samba-vfs-glusterfs-4.10.16-5.el7.x86_64.rpm samba-winbind-krb5-locator-4.10.16-5.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-14907 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX3OhAdzjgjWX9erEAQiKmg//Zm9RRxpptm9hbO8JP2LaIP6kkQrv18HL a/jBhSlHnueskPF4aiJ5vlncq4rZ702MwyFeudzYX7qTuDQY5XvzxiA6Q9E8r/J0 eQicSIc/rexQUBiKmnDg6qdK24eW81BYl6ieIqdqw8W5hnXGTChamgOpvhPIyRx+ ZuLep8AH0v1Ond7o4Vxxs2B8tpKh/bQ+jcMF3wZg8DhsqbWeOQAqkCz/glfD1Am2 gUdfwSVmPyPoCP9flNiULVWnAwTb9JqSIiaPCdqLwusm/BcA1Lpl1D829L0kmpTi cnlKi18hjgFLjij/6dobEfjpUq7b+2HWBuAu8ng2R1hU/v9fxxlnp9vZT6EWns2E +1v6HSdnQrCA31s7SX4LvXHyNte1NIaht+uNfptl0J2PSowRCzBD516fQGoglJIH 4gI5Lb5/w2zEgP09bLP8blP0CztyeKA+T5RGXU/U3zHrCbJx3MK5fgeHeAHhB0EC YKRuNpXXKynv+DSM+OysZOe+X53/oBG8c4qgKT9O+ifgcB+tiLzcOJXq3odGCnv6 yPfkDhF2hBtOPdvOvig7T8MsFVyEO0Cpm963iagz7P1yiR9C/ZW0lJ2unHse6J3k sNCwGHNwTCMwF5cO74vFO9ro/Jys4Vb8+81mVnm9aHSG3/BiLqLRHMxcpAVc6eXG NXdH6tbOksI=Mk7x -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Bugs fixed (https://bugzilla.redhat.com/): 1710980 - [RFE] Add support for Kerberos KCM credential cache in pam_winbind/winbindd 1746225 - CVE-2019-10197 samba: Combination of parameters and permissions can allow user to escape from the share path definition 1754409 - Rebase Samba to 4.11.x 1754575 - samba: Remove NSS wins and winbind dependency on librt/libpthread as workaround for glibc defect
VAR-202001-1866 CVE-2020-7595 libxml2  Infinite loop vulnerability in CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. libxml2 is a function library written in C language for parsing XML documents. There is a security vulnerability in the xmlStringLenDecodeEntities of the parser.c file in libxml2 version 2.9.10. It exists that libxml2 incorrectly handled certain XML files. (CVE-2019-19956, CVE-2020-7595). Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API. Users are directed to the Red Hat OpenShift Container Storage Release Notes for information on the most significant of these changes: https://access.redhat.com/documentation/en-us/red_hat_openshift_container_s torage/4.6/html/4.6_release_notes/index All Red Hat OpenShift Container Storage users are advised to upgrade to these updated images. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 1806266 - Require an extension to the cephfs subvolume commands, that can return metadata regarding a subvolume 1813506 - Dockerfile not compatible with docker and buildah 1817438 - OSDs not distributed uniformly across OCS nodes on a 9-node AWS IPI setup 1817850 - [BAREMETAL] rook-ceph-operator does not reconcile when osd deployment is deleted when performed node replacement 1827157 - OSD hitting default CPU limit on AWS i3en.2xlarge instances limiting performance 1829055 - [RFE] add insecureEdgeTerminationPolicy: Redirect to noobaa mgmt route (http to https) 1833153 - add a variable for sleep time of rook operator between checks of downed OSD+Node. 1836299 - NooBaa Operator deploys with HPA that fires maxreplicas alerts by default 1842254 - [NooBaa] Compression stats do not add up when compression id disabled 1845976 - OCS 4.5 Independent mode: must-gather commands fails to collect ceph command outputs from external cluster 1849771 - [RFE] Account created by OBC should have same permissions as bucket owner 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1854500 - [tracker-rhcs bug 1838931] mgr/volumes: add command to return metadata of a subvolume snapshot 1854501 - [Tracker-rhcs bug 1848494 ]pybind/mgr/volumes: Add the ability to keep snapshots of subvolumes independent of the source subvolume 1854503 - [tracker-rhcs-bug 1848503] cephfs: Provide alternatives to increase the total cephfs subvolume snapshot counts to greater than the current 400 across a Cephfs volume 1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS 1858195 - [GSS] registry pod stuck in ContainerCreating due to pvc from cephfs storage class fail to mount 1859183 - PV expansion is failing in retry loop in pre-existing PV after upgrade to OCS 4.5 (i.e. if the PV spec does not contain expansion params) 1859229 - Rook should delete extra MON PVCs in case first reconcile takes too long and rook skips "b" and "c" (spawned from Bug 1840084#c14) 1859478 - OCS 4.6 : Upon deployment, CSI Pods in CLBO with error - flag provided but not defined: -metadatastorage 1860022 - OCS 4.6 Deployment: LBP CSV and pod should not be deployed since ob/obc CRDs are owned from OCS 4.5 onwards 1860034 - OCS 4.6 Deployment in ocs-ci : Toolbox pod in ContainerCreationError due to key admin-secret not found 1860670 - OCS 4.5 Uninstall External: Openshift-storage namespace in Terminating state as CephObjectStoreUser had finalizers remaining 1860848 - Add validation for rgw-pool-prefix in the ceph-external-cluster-details-exporter script 1861780 - [Tracker BZ1866386][IBM s390x] Mount Failed for CEPH while running couple of OCS test cases. 1865938 - CSIDrivers missing in OCS 4.6 1867024 - [ocs-operator] operator v4.6.0-519.ci is in Installing state 1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs 1868060 - [External Cluster] Noobaa-default-backingstore PV in released state upon OCS 4.5 uninstall (Secret not found) 1868703 - [rbd] After volume expansion, the new size is not reflected on the pod 1869411 - capture full crash information from ceph 1870061 - [RHEL][IBM] OCS un-install should make the devices raw 1870338 - OCS 4.6 must-gather : ocs-must-gather-xxx-helper pod in ContainerCreationError (couldn't find key admin-secret) 1870631 - OCS 4.6 Deployment : RGW pods went into 'CrashLoopBackOff' state on Z Platform 1872119 - Updates don't work on StorageClass which will keep PV expansion disabled for upgraded cluster 1872696 - [ROKS][RFE]NooBaa Configure IBM COS as default backing store 1873864 - Noobaa: On an baremetal RHCOS cluster, some backingstores are stuck in PROGRESSING state with INVALID_ENDPOINT TemporaryError 1874606 - CVE-2020-7720 nodejs-node-forge: prototype pollution via the util.setPath function 1875476 - Change noobaa logo in the noobaa UI 1877339 - Incorrect use of logr 1877371 - NooBaa UI warning message on Deploy Kubernetes Pool process - typo and shown number is incorrect 1878153 - OCS 4.6 must-gather: collect node information under cluster_scoped_resources/oc_output directory 1878714 - [FIPS enabled] BadDigest error on file upload to noobaa bucket 1878853 - [External Mode] ceph-external-cluster-details-exporter.py does not tolerate TLS enabled RGW 1879008 - ocs-osd-removal job fails because it can't find admin-secret in rook-ceph-mon secret 1879072 - Deployment with encryption at rest is failing to bring up OSD pods 1879919 - [External] Upgrade mechanism from OCS 4.5 to OCS 4.6 needs to be fixed 1880255 - Collect rbd info and subvolume info and snapshot info command output 1881028 - CVE-2020-8237 nodejs-json-bigint: Prototype pollution via `__proto__` assignment could result in DoS 1881071 - [External] Upgrade mechanism from OCS 4.5 to OCS 4.6 needs to be fixed 1882397 - MCG decompression problem with snappy on s390x arch 1883253 - CSV doesn't contain values required for UI to enable minimal deployment and cluster encryption 1883398 - Update csi sidecar containers in rook 1883767 - Using placement strategies in cluster-service.yaml causes ocs-operator to crash 1883810 - [External mode] RGW metrics is not available after OCS upgrade from 4.5 to 4.6 1883927 - Deployment with encryption at rest is failing to bring up OSD pods 1885175 - Handle disappeared underlying device for encrypted OSD 1885428 - panic seen in rook-ceph during uninstall - "close of closed channel" 1885648 - [Tracker for https://bugzilla.redhat.com/show_bug.cgi?id=1885700] FSTYPE for localvolumeset devices shows up as ext2 after uninstall 1885971 - ocs-storagecluster-cephobjectstore doesn't report true state of RGW 1886308 - Default VolumeSnapshot Classes not created in External Mode 1886348 - osd removal job failed with status "Error" 1886551 - Clone creation failed after timeout of 5 hours of Azure platrom for 3 CephFS PVCs ( PVC sizes: 1, 25 and 100 GB) 1886709 - [External] RGW storageclass disappears after upgrade from OCS 4.5 to 4.6 1886859 - OCS 4.6: Uninstall stuck indefinitely if any Ceph pods are in Pending state before uninstall 1886873 - [OCS 4.6 External/Internal Uninstall] - Storage Cluster deletion stuck indefinitely, "failed to delete object store", remaining users: [noobaa-ceph-objectstore-user] 1888583 - [External] When deployment is attempted without specifying the monitoring-endpoint while generating JSON, the CSV is stuck in installing state 1888593 - [External] Add validation for monitoring-endpoint and port in the exporter script 1888614 - [External] Unreachable monitoring-endpoint used during deployment causes ocs-operator to crash 1889441 - Traceback error message while running OCS 4.6 must-gather 1889683 - [GSS] Noobaa Problem when setting public access to a bucket 1889866 - Post node power off/on, an unused MON PVC still stays back in the cluster 1890183 - [External] ocs-operator logs are filled with "failed to reconcile metrics exporter" 1890638 - must-gather helper pod should be deleted after collecting ceph crash info 1890971 - [External] RGW metrics are not available if anything else except 9283 is provided as the monitoring-endpoint-port 1891856 - ocs-metrics-exporter pod should have tolerations for OCS taint 1892206 - [GSS] Ceph image/version mismatch 1892234 - clone #95 creation failed for CephFS PVC ( 10 GB PVC size) during multiple clones creation test 1893624 - Must Gather is not collecting the tar file from NooBaa diagnose 1893691 - OCS4.6 must_gather failes to complete in 600sec 1893714 - Bad response for upload an object with encryption 1895402 - Mon pods didn't get upgraded in 720 second timeout from OCS 4.5 upgrade to 4.6 1896298 - [RFE] Monitoring for Namespace buckets and resources 1896831 - Clone#452 for RBD PVC ( PVC size 1 GB) failed to be created for 600 secs 1898521 - [CephFS] Deleting cephfsplugin pod along with app pods will make PV remain in Released state after deleting the PVC 1902627 - must-gather should wait for debug pods to be in ready state 1904171 - RGW Service is unavailable for a short period during upgrade to OCS 4.6 5. Bug Fix(es): * NVD feed fixed in Clair-v2 (clair-jwt image) 3. Solution: Download the release images via: quay.io/redhat/quay:v3.3.3 quay.io/redhat/clair-jwt:v3.3.3 quay.io/redhat/quay-builder:v3.3.3 quay.io/redhat/clair:v3.3.3 4. Bugs fixed (https://bugzilla.redhat.com/): 1905758 - CVE-2020-27831 quay: email notifications authorization bypass 1905784 - CVE-2020-27832 quay: persistent XSS in repository notification display 5. Bugs fixed (https://bugzilla.redhat.com/): 1914774 - CVE-2021-20178 ansible: user data leak in snmp_facts module 1915808 - CVE-2021-20180 ansible module: bitbucket_pipeline_variable exposes secured values 1916813 - CVE-2021-20191 ansible: multiple modules expose secured values 1925002 - CVE-2021-20228 ansible: basic.py no_log with fallback option 1939349 - CVE-2021-3447 ansible: multiple modules expose secured values 5. Bug Fix(es): * Aggregator pod tries to parse ConfigMaps without results (BZ#1899479) * The compliancesuite object returns error with ocp4-cis tailored profile (BZ#1902251) * The compliancesuite does not trigger when there are multiple rhcos4 profiles added in scansettingbinding object (BZ#1902634) * [OCP v46] Not all remediations get applied through machineConfig although the status of all rules shows Applied in ComplianceRemediations object (BZ#1907414) * The profile parser pod deployment and associated profiles should get removed after upgrade the compliance operator (BZ#1908991) * Applying the "rhcos4-moderate" compliance profile leads to Ignition error "something else exists at that path" (BZ#1909081) * [OCP v46] Always update the default profilebundles on Compliance operator startup (BZ#1909122) 3. Bugs fixed (https://bugzilla.redhat.com/): 1899479 - Aggregator pod tries to parse ConfigMaps without results 1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service 1902251 - The compliancesuite object returns error with ocp4-cis tailored profile 1902634 - The compliancesuite does not trigger when there are multiple rhcos4 profiles added in scansettingbinding object 1907414 - [OCP v46] Not all remediations get applied through machineConfig although the status of all rules shows Applied in ComplianceRemediations object 1908991 - The profile parser pod deployment and associated profiles should get removed after upgrade the compliance operator 1909081 - Applying the "rhcos4-moderate" compliance profile leads to Ignition error "something else exists at that path" 1909122 - [OCP v46] Always update the default profilebundles on Compliance operator startup 5. Bugs fixed (https://bugzilla.redhat.com/): 1732329 - Virtual Machine is missing documentation of its properties in yaml editor 1783192 - Guest kernel panic when start RHEL6.10 guest with q35 machine type and virtio disk in cnv 1791753 - [RFE] [SSP] Template validator should check validations in template's parent template 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1848954 - KMP missing CA extensions in cabundle of mutatingwebhookconfiguration 1848956 - KMP requires downtime for CA stabilization during certificate rotation 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1853911 - VM with dot in network name fails to start with unclear message 1854098 - NodeNetworkState on workers doesn't have "status" key due to nmstate-handler pod failure to run "nmstatectl show" 1856347 - SR-IOV : Missing network name for sriov during vm setup 1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS 1859235 - Common Templates - after upgrade there are 2 common templates per each os-workload-flavor combination 1860714 - No API information from `oc explain` 1860992 - CNV upgrade - users are not removed from privileged SecurityContextConstraints 1864577 - [v2v][RHV to CNV non migratable source VM fails to import to Ceph-rbd / File system due to overhead required for Filesystem 1866593 - CDI is not handling vm disk clone 1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs 1868817 - Container-native Virtualization 2.6.0 Images 1873771 - Improve the VMCreationFailed error message caused by VM low memory 1874812 - SR-IOV: Guest Agent expose link-local ipv6 address for sometime and then remove it 1878499 - DV import doesn't recover from scratch space PVC deletion 1879108 - Inconsistent naming of "oc virt" command in help text 1881874 - openshift-cnv namespace is getting stuck if the user tries to delete it while CNV is running 1883232 - Webscale: kubevirt/CNV datavolume importer pod inability to disable sidecar injection if namespace has sidecar injection enabled but VM Template does NOT 1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability 1885153 - [v2v][RHV to CNv VM import] Wrong Network mapping do not show a relevant error message 1885418 - [openshift-cnv] issues with memory overhead calculation when limits are used 1887398 - [openshift-cnv][CNV] nodes need to exist and be labeled first, *before* the NodeNetworkConfigurationPolicy is applied 1889295 - [v2v][VMware to CNV VM import API] diskMappings: volumeMode Block is not passed on to PVC request. 1891285 - Common templates and kubevirt-config cm - update machine-type 1891440 - [v2v][VMware to CNV VM import API]Source VM with no network interface fail with unclear error 1892227 - [SSP] cluster scoped resources are not being reconciled 1893278 - openshift-virtualization-os-images namespace not seen by user 1893646 - [HCO] Pod placement configuration - dry run is not performed for all the configuration stanza 1894428 - Message for VMI not migratable is not clear enough 1894824 - [v2v][VM import] Pick the smallest template for the imported VM, and not always Medium 1894897 - [v2v][VMIO] VMimport CR is not reported as failed when target VM is deleted during the import 1895414 - Virt-operator is accepting updates to the placement of its workload components even with running VMs 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1898072 - Add Fedora33 to Fedora common templates 1898840 - [v2v] VM import VMWare to CNV Import 63 chars vm name should not fail 1899558 - CNV 2.6 - nmstate fails to set state 1901480 - VM disk io can't worked if namespace have label kubemacpool 1902046 - Not possible to edit CDIConfig (through CDI CR / CDIConfig) 1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service 1903014 - hco-webhook pod in CreateContainerError 1903585 - [v2v] Windows 2012 VM imported from RHV goes into Windows repair mode 1904797 - [VMIO][vmware] A migrated RHEL/Windows VM starts in emergency mode/safe mode when target storage is NFS and target namespace is NOT "default" 1906199 - [CNV-2.5] CNV Tries to Install on Windows Workers 1907151 - kubevirt version is not reported correctly via virtctl 1907352 - VM/VMI link changes to `kubevirt.io~v1~VirtualMachineInstance` on CNV 2.6 1907691 - [CNV] Configuring NodeNetworkConfigurationPolicy caused "Internal error occurred" for creating datavolume 1907988 - VM loses dynamic IP address of its default interface after migration 1908363 - Applying NodeNetworkConfigurationPolicy for different NIC than default disables br-ex bridge and nodes lose connectivity 1908421 - [v2v] [VM import RHV to CNV] Windows imported VM boot failed: INACCESSIBLE BOOT DEVICE error 1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference 1909458 - [V2V][VMware to CNV VM import via api using VMIO] VM import to Ceph RBD/BLOCK fails on "qemu-img: /data/disk.img" error 1910857 - Provide a mechanism to enable the HotplugVolumes feature gate via HCO 1911118 - Windows VMI LiveMigration / shutdown fails on 'XML error: non unique alias detected: ua-') 1911396 - Set networkInterfaceMultiqueue false in rhel 6 template for e1000e interface 1911662 - el6 guests don't work properly if virtio bus is specified on various devices 1912908 - Allow using "scsi" bus for disks in template validation 1913248 - Creating vlan interface on top of a bond device via NodeNetworkConfigurationPolicy fails 1913320 - Informative message needed with virtctl image-upload, that additional step is needed from the user 1913717 - Users should have read permitions for golden images data volumes 1913756 - Migrating to Ceph-RBD + Block fails when skipping zeroes 1914177 - CNV does not preallocate blank file data volumes 1914608 - Obsolete CPU models (kubevirt-cpu-plugin-configmap) are set on worker nodes 1914947 - HPP golden images - DV shoudld not be created with WaitForFirstConsumer 1917908 - [VMIO] vmimport pod fail to create when using ceph-rbd/block 1917963 - [CNV 2.6] Unable to install CNV disconnected - requires kvm-info-nfd-plugin which is not mirrored 1919391 - CVE-2021-20206 containernetworking-cni: Arbitrary path injection via type field in CNI configuration 1920576 - HCO can report ready=true when it failed to create a CR for a component operator 1920610 - e2e-aws-4.7-cnv consistently failing on Hyperconverged Cluster Operator 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923979 - kubernetes-nmstate: nmstate-handler pod crashes when configuring bridge device using ip tool 1927373 - NoExecute taint violates pdb; VMIs are not live migrated 1931376 - VMs disconnected from nmstate-defined bridge after CNV-2.5.4->CNV-2.6.0 upgrade 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP3 security update Advisory ID: RHSA-2020:2646-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2020:2646 Issue date: 2020-06-22 CVE Names: CVE-2018-20843 CVE-2019-0196 CVE-2019-0197 CVE-2019-15903 CVE-2019-19956 CVE-2019-20388 CVE-2020-1934 CVE-2020-7595 CVE-2020-11080 ==================================================================== 1. Summary: Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 3 zip release for RHEL 6, RHEL 7 and Microsoft Windows is available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 3 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 2 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Security fix(es): * httpd: mod_http2: read-after-free on a string compare (CVE-2019-0196) * httpd: mod_http2: possible crash on late upgrade (CVE-2019-0197) * httpd: mod_proxy_ftp use of uninitialized value (CVE-2020-1934) * nghttp2: overly large SETTINGS frames can lead to DoS (CVE-2020-11080) * libxml2: There's a memory leak in xmlParseBalancedChunkMemoryRecover in parser.c that could result in a crash (CVE-2019-19956) * libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c (CVE-2019-20388) * libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations (CVE-2020-7595) * expat: large number of colons in input makes parser consume high amount of resources, leading to DoS (CVE-2018-20843) * expat: heap-based buffer over-read via crafted XML input (CVE-2019-15903) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link for the update. You must be logged in to download the update. 4. Bugs fixed (https://bugzilla.redhat.com/): 1695030 - CVE-2019-0196 httpd: mod_http2: read-after-free on a string compare 1695042 - CVE-2019-0197 httpd: mod_http2: possible crash on late upgrade 1723723 - CVE-2018-20843 expat: large number of colons in input makes parser consume high amount of resources, leading to DoS 1752592 - CVE-2019-15903 expat: heap-based buffer over-read via crafted XML input 1788856 - CVE-2019-19956 libxml2: There's a memory leak in xmlParseBalancedChunkMemoryRecover in parser.c that could result in a crash 1799734 - CVE-2019-20388 libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c 1799786 - CVE-2020-7595 libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations 1820772 - CVE-2020-1934 httpd: mod_proxy_ftp use of uninitialized value 1844929 - CVE-2020-11080 nghttp2: overly large SETTINGS frames can lead to DoS 5. JIRA issues fixed (https://issues.jboss.org/): JBCS-941 - Upgrade mod_cluster native to 1.3.13 6. References: https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2019-0196 https://access.redhat.com/security/cve/CVE-2019-0197 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-19956 https://access.redhat.com/security/cve/CVE-2019-20388 https://access.redhat.com/security/cve/CVE-2020-1934 https://access.redhat.com/security/cve/CVE-2020-7595 https://access.redhat.com/security/cve/CVE-2020-11080 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp&downloadType=securityPatches&version=2.4.37 https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.37/ 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXvCtftzjgjWX9erEAQi0RQ//elNlWif7YvdgM7i5dah3UaSbzJORlXa3 kEQHQBggfPGyf0VqHJNE6abbkj35lZub5q/WDXzfexJ32yHxuCKWK2iTE0tXelbM sQi3rAC5/d8sEfXzP6qte/0ebnjje3V+/gWjJbsV+gRXOWhEZ2t7UJ6BGgUiR8RD Xbs98D5fizDpjqKiZhZqhYLU4f7LTqW40LRCgida3gS6Gynk6wWJTd5n0IxaCJxM x5t4pj082/741gaKGgSmDpLz5j4rav048KoXBB7ptcAxiyk28igmlnbu9zpEQWHe rrpKfzCqV7FVOgUAp8zerYQYQ5svnQvWIS07CoW11TNQGP3SORTq3e4Ijw9OMc1W JQKeWo8HdO+sebeZ/Xo8R50tAKQA+vz9WCsCF6kjq/UdJOSQzIj4ZvEq3gXZa3fu +9pGatG5KhNeGNODQLE1K9mGMvh3oipgN654/zf/Hunr70oKGdOhVcx1l6+XgH97 pCUL0STv0GnSYPS7Vk9+wWnKlp3kUOfdXpiG2bfVfyqABRJGp252CTSjZMUyBnKu 4+tUrDvIBin6qyG5YI9koznx9wxZ8bi89ELEciTyp6Ts/aggpmKoOHsRZIwFtZzl L+MpTZAmGMIRRZyy5I7S8oZ5Mkp++frVRwW3NGDZVecT+ROADZR/0RZDKqFJHoi7 CpnvOIE/NGQ\x9eNt -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor. Solution: For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/): 1823765 - nfd-workers crash under an ipv6 environment 1838802 - mysql8 connector from operatorhub does not work with metering operator 1838845 - Metering operator can't connect to postgres DB from Operator Hub 1841883 - namespace-persistentvolumeclaim-usage query returns unexpected values 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1868294 - NFD operator does not allow customisation of nfd-worker.conf 1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration 1890672 - NFD is missing a build flag to build correctly 1890741 - path to the CA trust bundle ConfigMap is broken in report operator 1897346 - NFD worker pods not scheduler on a 3 node master/worker cluster 1898373 - Metering operator failing upgrade from 4.4 to 4.6 channel 1900125 - FIPS error while generating RSA private key for CA 1906129 - OCP 4.7: Node Feature Discovery (NFD) Operator in CrashLoopBackOff when deployed from OperatorHub 1908492 - OCP 4.7: Node Feature Discovery (NFD) Operator Custom Resource Definition file in olm-catalog is not in sync with the one in manifests dir leading to failed deployment from OperatorHub 1913837 - The CI and ART 4.7 metering images are not mirrored 1914869 - OCP 4.7 NFD - Operand configuration options for NodeFeatureDiscovery are empty, no supported image for ppc64le 1916010 - olm skip range is set to the wrong range 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923998 - NFD Operator is failing to update and remains in Replacing state 5. Solution: See the documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/ 4.6/html/serverless_applications/index 4. Bugs fixed (https://bugzilla.redhat.com/): 1874857 - CVE-2020-24553 golang: default Content-Type setting in net/http/cgi and net/http/fcgi could cause XSS 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1897643 - CVE-2020-28366 golang: malicious symbol names can lead to code execution at build time 1897646 - CVE-2020-28367 golang: improper validation of cgo flags can lead to code execution at build time 1906381 - Release of OpenShift Serverless Serving 1.12.0 1906382 - Release of OpenShift Serverless Eventing 1.12.0 5
VAR-202001-1810 CVE-2020-7249 SMC Networks SMC D3G0804W cross-site scripting vulnerability CVSS V2: 3.5
CVSS V3: 4.8
Severity: MEDIUM
SMC D3G0804W 3.5.2.5-LAT_GA devices allow XSS via the SSID field on the WiFi Network Configuration page (after a successful login to the admin account). SMC D3G0804W The device contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. SMC Networks SMC D3G0804W is a wireless router made by SMC Networks in the United States. SMC Networks SMC D3G0804W 3.5.2.5-LAT_GA version has a cross-site scripting vulnerability. The vulnerability stems from the lack of correct verification of client data in WEB applications. An attacker can use this vulnerability to execute client code
VAR-202001-1785 CVE-2020-7240 Meinberg Lantime M300 and M1000 In the device OS Command injection vulnerability CVSS V2: 9.0
CVSS V3: 8.8
Severity: HIGH
Meinberg Lantime M300 and M1000 devices allow attackers (with privileges to configure a device) to execute arbitrary OS commands by editing the /config/netconf.cmd script (aka Extended Network Configuration). Note: According to the description, the vulnerability requires a fully authenticated super-user account using a webUI function that allows super users to edit a script supposed to execute OS commands. The given weakness enumeration (CWE-78) is not applicable in this case as it refers to abusing functions/input fields not supposed to be accepting OS commands by using 'Special Elements. ** Unsettled ** This issue has not been confirmed as a vulnerability. Meinberg Lantime M300 and M1000 Devices include: OS A command injection vulnerability exists. Vendors are challenging this vulnerability. See below for details NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2020-7240Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Meinberg Funkuhren Lantime M300 and Meinberg Funkuhren Lantime M1000 are both rack-mounted time servers of the German company Meinberg Funkuhren. There are security holes in Meinberg Funkuhren Lantime M300 and Meinberg Funkuhren Lantime M1000
VAR-202002-0578 CVE-2020-1812 HUAWEI P30 Authentication vulnerabilities in smartphones CVSS V2: 6.8
CVSS V3: 7.8
Severity: HIGH
HUAWEI P30 smartphones with versions earlier than 10.0.0.173(C00E73R1P11) have an improper authentication vulnerability. Due to improperly validation of certain application, an attacker should trick the user into installing a malicious application to exploit this vulnerability. Successful exploit could allow the attacker to bypass the authentication to perform unauthorized operations. HUAWEI P30 Smartphones contain authentication vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The Huawei P30 is a smartphone from China's Huawei
VAR-202002-0613 CVE-2020-1853 GaussDB 200 Past Traversal Vulnerability in CVSS V2: 4.0
CVSS V3: 6.5
Severity: MEDIUM
GaussDB 200 with version of 6.5.1 have a path traversal vulnerability. Due to insufficient input path validation, an authenticated attacker can traverse directories and download files to a specific directory. Successful exploit may cause information leakage. GaussDB 200 Exists in a past traversal vulnerability.Information may be obtained. Huawei GaussDB 200 is a distributed parallel relational database system developed by China Huawei (Huawei) based on the open source database Postgres-XC
VAR-202002-0577 CVE-2020-1811 GaussDB 200 Injection vulnerabilities in CVSS V2: 6.5
CVSS V3: 8.8
Severity: HIGH
GaussDB 200 with version of 6.5.1 have a command injection vulnerability. Due to insufficient input validation, remote attackers with low permissions could exploit this vulnerability by sending crafted commands to the affected device. Successful exploit could allow an attacker to execute commands. GaussDB 200 There is an injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Huawei GaussDB 200 is a distributed parallel relational database system developed by China Huawei (Huawei) based on the open source database Postgres-XC
VAR-202001-1986 No CVE Eastland Technology KGW3101 Serial Port Server Denial of Service Vulnerability CVSS V2: 4.9
CVSS V3: -
Severity: MEDIUM
Beijing Dongtu Technology Co., Ltd. is a company focusing on industrial Internet technology and industry. There is a denial of service vulnerability in the Dongtu Technology KGW3101 serial server. An attacker can use this vulnerability to cause the device's web process to restart.
VAR-202001-1979 No CVE Seagate Central Storage Remote Code Execution Vulnerability CVSS V2: 6.0
CVSS V3: -
Severity: MEDIUM
Seagate Central Storage is a home network hard drive made by Seagate, suitable for home and small office use. Seagate Central Storage has a remote code execution vulnerability that could be exploited by an attacker to execute code.
VAR-202001-1780 CVE-2020-7235 UHP UHP-100 Cross-site scripting vulnerability in devices CVSS V2: 4.3
CVSS V3: 6.1
Severity: MEDIUM
UHP UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3 devices allow XSS via cB3?ta= (profile title). UHP UHP-100 The device contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. UHP-100 is a high-performance router designed for large-scale deployment in broadband VSAT networks. UHP-100 3.4.1.15, 3.4.2.4, 3.4.3 have cross-site scripting vulnerabilities. The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code
VAR-202001-1776 CVE-2020-7231 Evoko Home  Vulnerabilities in information disclosure through error messages CVSS V2: 5.0
CVSS V3: 5.3
Severity: MEDIUM
Evoko Home 1.31 devices provide different error messages for failed login requests depending on whether the username is valid. Evoko Home Contains an information disclosure vulnerability through error messages.Information may be obtained
VAR-202001-1781 CVE-2020-7236 UHP UHP-100 Cross-Site Scripting Vulnerability CVSS V2: 4.3
CVSS V3: 6.1
Severity: MEDIUM
UHP UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3 devices allow XSS via cw2?td= (Site Name field of the Site Setup section). UHP UHP-100 The device contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. UHP-100 is a high-performance router designed for large-scale deployment in broadband VSAT networks. UHP UHP-100 Cross-site scripting vulnerabilities exist in versions 3.4.1.15, 3.4.2.4, and 3.4.3. The vulnerability stems from the lack of proper verification of client data by web applications. Attackers can use this vulnerability to execute client code
VAR-202001-1779 CVE-2020-7234 Ruckus ZoneFlex R310 Cross-Site Scripting Vulnerability CVSS V2: 3.5
CVSS V3: 4.8
Severity: MEDIUM
Ruckus ZoneFlex R310 104.0.0.0.1347 devices allow Stored XSS via the SSID field on the Configuration > Radio 2.4G > Wireless X screen (after a successful login to the super account). Ruckus ZoneFlex The device contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. Ruckus ZoneFlex R310 is an indoor 802.11ac Wi-Fi access point. The vulnerability stems from the lack of proper verification of client data by web applications. Attackers can use this vulnerability to execute client code
VAR-202001-1777 CVE-2020-7232 Evoko Home Information Disclosure Vulnerability CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
Evoko Home devices 1.31 through 1.37 allow remote attackers to obtain sensitive information (such as usernames and password hashes) via a WebSocket request, as demonstrated by the sockjs/224/uf1psgff/websocket URI at a wss:// URL. Evoko Home The device contains an information disclosure vulnerability.Information may be obtained. Evoko Home is a smart home device. There are security vulnerabilities in Evoko Home version 1.31
VAR-202001-1958 No CVE DIGI PortServer TS 1 TCP Protocol Denial of Service Vulnerability CVSS V2: 4.9
CVSS V3: -
Severity: MEDIUM
PortServer TS series terminal server can provide simple, reliable and cost-effective serial network connection. A denial of service vulnerability exists in the DIGI PortServer TS 1 TCP protocol. An attacker could use the vulnerability to launch a denial of service attack.
VAR-202001-1773 CVE-2020-7227 Westermo MRD-315 Information Disclosure Vulnerability CVSS V2: 4.0
CVSS V3: 6.5
Severity: MEDIUM
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, backup.asp, sys-power.asp, ifaces-wls.asp, ifaces-wls-pkt.asp, and ifaces-wls-pkt-adv.asp. Westermo MRD-315 The device contains an information disclosure vulnerability.Information may be obtained. Westermo MRD-315 is a 3G wireless router from Westermo, Sweden. The vulnerability stems from configuration errors in the network system or product during operation. An attacker could use the vulnerability to obtain sensitive information about the affected components