VARIoT IoT vulnerabilities database

NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the custom NVIDIA API used in the mount system service where user data could be overridden, which may lead to code execution, denial of service, or information disclosure. NVIDIA SHIELD TV is a game console device from NVIDIA. NVIDIA Shield TV has a security hole

Select Dell Client Commercial and Consumer platforms contain an Improper Access Vulnerability. An unauthenticated attacker with physical access to the system could potentially bypass intended Secure Boot restrictions to run unsigned and untrusted code on expansion cards installed in the system during platform boot. Refer to https://www.dell.com/support/article/us/en/04/sln317683/dsa-2019-043-dell-client-improper-access-control-vulnerability?lang=en for versions affected by this vulnerability. Dell G3 3579 and other products are Dell products of the United States. The Dell G3 3579 is a laptop. ChengMing 3977 is a desktop computer. Embedded Box PC 5000 is an embedded box computer

PHPOK is a set of enterprise station CMS system developed using PHP + MYSQL language. There is a SQL injection vulnerability in the or *** _ co ***. Php file in the PHPOK enterprise website building system background. A remote attacker could use this vulnerability to obtain sensitive database information.

The web interface of the D-Link DVA-5592 20180823 is vulnerable to an authentication bypass that allows an unauthenticated user to have access to sensitive information such as the Wi-Fi password and the phone number (if VoIP is in use). D-Link DVA-5592 Contains an information disclosure vulnerability.Information may be obtained. D-Link DVA-5592 is a wireless router from D-Link Corporation of Taiwan, China. The vulnerability stems from the lack of correct validation of client data in WEB applications. TCL Communication Alcatel LINKZONE is a portable 4G wireless router from China TCL Communication (TCL Communication)

The web interface of the D-Link DVA-5592 20180823 is vulnerable to XSS because HTML form parameters are directly reflected. D-Link DVA-5592 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-Link DVA-5592 is a wireless router from D-Link Corporation of Taiwan, China. A cross-site scripting vulnerability exists in the web interface in D-Link DVA-5592 20180823, which could allow an attacker to execute client-side code. The vulnerability stems from the lack of correct validation of client data in WEB applications

In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290). cPanel Contains an information disclosure vulnerability.Information may be obtained. cPanel is a set of web-based automated hosting platform for cPanel. The platform is primarily used to automate the management of websites and servers. The vulnerability stems from errors in the configuration of the network system or product during operation. An unauthorized attacker can exploit the vulnerability to obtain sensitive information about the affected component

A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 and CP100 (All versions < V8.01), Siemens Power Meters Series 9410 (All versions < V2.2.1), Siemens Power Meters Series 9810 (All versions). An unauthenticated attacker with network access to the device could potentially insert arbitrary code which is executed before firmware verification in the device. At the time of advisory publication no public exploitation of this security vulnerability was known. SIPROTEC 5 The device contains an access control vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. The SiemensSIPROTEC5 is a multi-function relay. There is a security hole in SiemensSIPROTEC5

The web interface of Alcatel LINKZONE MW40-V-V1.0 MW40_LU_02.00_02 devices is vulnerable to an authentication bypass that allows an unauthenticated user to have access to the web interface without knowing the administrator's password. Alcatel LINKZONE The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TCL Communication Alcatel LINKZONE is a portable 4G wireless router of China TCL Communication (TCL Communication) company

A type confusion vulnerability may be exploited when LAquis SCADA 4.3.1.71 processes a specially crafted project file. This may allow an attacker to execute remote code. The attacker must have local access to the system. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). LAquis SCADA Contains an illegal type conversion vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of LQS files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. A security vulnerability exists in the LCDS LAquis SCADA version 4.3.1.71

Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. A maliciously crafted Arena file opened by an unsuspecting user may result in the application crashing or the execution of arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of project files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. 9502-Ax) version 16.00.00 and earlier

Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain an INFORMATION EXPOSURE CWE-200. A maliciously crafted Arena file opened by an unsuspecting user may result in the limited exposure of information related to the targeted workstation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of project files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. 9502-Ax) 16.00.00 and earlier versions. The vulnerability stems from network system or product configuration errors during operation

In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, allowing remote code execution. Advantech WebAccess HMI Designer Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of MCR files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Advantech WebAccess HMI Designer is a human machine interface (HMI) runtime development software. The product has functions such as data transmission, menu editing and text editing. There is a buffer error vulnerability in Advantech WebAccess HMI Designer 2.1.9.23 and earlier versions, the vulnerability is due to the fact that the program does not correctly verify the data submitted by the user

Fuji Electric FRENIC Loader 3.5.0.0 and prior is vulnerable to an out-of-bounds read vulnerability, which may allow an attacker to read limited information from the device. Fuji Electric FRENIC Loader Contains an out-of-bounds vulnerability.Information may be obtained. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of FN1 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process

Processing a specially crafted project file in LAquis SCADA 4.3.1.71 may trigger an out-of-bounds read, which may allow an attacker to obtain sensitive information. The attacker must have local access to the system. A CVSS v3 base score of 2.5 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). LAquis SCADA Contains an out-of-bounds vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of LQS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read before the start of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. A buffer overflow vulnerability exists in the LCDS LAquis SCADA version 4.3.1.71. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow

An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System. plural 3S-Smart CODESYS There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. 3S-Smart Software Solutions CODESYS Control for BeagleBone and CODESYS Control are a set of industrial control program programming software from Germany 3S-Smart Software Solutions. A security vulnerability exists in several 3S-Smart Software Solutions products. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor announcement

An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a denial-of-service condition. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System. plural 3S-Smart CODESYS The product contains a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. 3S-Smart Software Solutions CODESYS Control for BeagleBone and CODESYS Control are a set of industrial control program programming software from Germany 3S-Smart Software Solutions. There are security holes in several 3S-Smart Software Solutions products

On the Alcatel-Lucent Enterprise (ALE) 8008 Cloud Edition Deskphone VoIP phone with firmware 1.50.13, a command injection (missing input validation) issue in the password change field for the Change Password interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request. ALE 8008 Cloud Edition Deskphone VoIP is a cloud-based desktop IP phone from ALE, France. This vulnerability originates from the network system or The product did not properly filter the special elements, and an attacker could use this vulnerability to execute illegal commands

On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection (missing input validation) issue in the NTP server IP address field for the "Time Service Settings web" interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request. Polycom Obihai Obi1022 VoIP phone Has a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Polycom Obihai Obi1022 VoIP phone is an IP phone of American Polycom (Polycom) company. A command injection vulnerability exists in the Polycom Obihai Obi1022 VoIP phone with firmware version 5.1.11. This vulnerability stems from the fact that the network system or product does not correctly filter special elements in the process of constructing executable commands from external input data. Attackers can exploit this vulnerability to execute illegal commands

A potential security vulnerability has been identified in HP2910al-48G version W.15.14.0016. The attack exploits an xss injection by setting the attack vector in one of the switch persistent configuration fields (management URL, location, contact). But admin privileges are required to configure these fields thereby reducing the likelihood of exploit. HPE Aruba has provided firmware updates to resolve the vulnerability in HP 2910-48G al Switch. Please update to W.15.14.0017. HP2910al-48G Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. HP 2910al-48G is an Ethernet switch from Hewlett Packard Enterprise (HPE). An arbitrary command execution vulnerability exists in the HP 2910al-48G W.15.14.0016 version. Attackers can use this vulnerability to execute arbitrary commands

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. PHP EXIF Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by PHPGroup and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. A buffer error vulnerability exists in PHP 7.1.x prior to 7.1.31, 7.2.x prior to 7.2.21, and 7.3.x prior to 7.3.8. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. PHP is prone to a heap-based buffer-overflow vulnerability. Failed exploits will result in denial-of-service conditions. PHP versions before 7.3.8 are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-10-29-10 Additional information for APPLE-SA-2019-10-07-1 macOS Catalina 10.15 macOS Catalina 10.15 addresses the following: AMD Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8748: Lilang Wu and Moony Li of TrendMicro Mobile Security Research Team apache_mod_php Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Multiple issues in PHP Description: Multiple issues were addressed by updating to PHP version 7.3.8. CVE-2019-11041 CVE-2019-11042 Audio Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2019-8706: Yu Zhou of Ant-financial Light-Year Security Lab Entry added October 29, 2019 Books Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Parsing a maliciously crafted iBooks file may lead to a persistent denial-of-service Description: A resource exhaustion issue was addressed with improved input validation. CVE-2019-8774: Gertjan Franken imec-DistriNet of KU Leuven Entry added October 29, 2019 CFNetwork Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: This issue was addressed with improved checks. CVE-2019-8753: Łukasz Pilorz of Standard Chartered GBS Poland Entry added October 29, 2019 CoreAudio Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing a maliciously crafted movie may result in the disclosure of process memory Description: A memory corruption issue was addressed with improved validation. CVE-2019-8705: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative CoreCrypto Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing a large input may lead to a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2019-8741: Nicky Mouha of NIST Entry added October 29, 2019 CoreMedia Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2019-8825: Found by GWP-ASan in Google Chrome Entry added October 29, 2019 Crash Reporter Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: The "Share Mac Analytics" setting may not be disabled when a user deselects the switch to share analytics Description: A race condition existed when reading and writing user preferences. This was addressed with improved state handling. CVE-2019-8757: William Cerniuk of Core Development, LLC CUPS Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An input validation issue was addressed with improved input validation. CVE-2019-8736: Pawel Gocyla of ING Tech Poland (ingtechpoland.com) Entry added October 29, 2019 CUPS Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing a maliciously crafted string may lead to heap corruption Description: A memory consumption issue was addressed with improved memory handling. CVE-2019-8767: Stephen Zeisberg Entry added October 29, 2019 CUPS Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved validation. CVE-2019-8737: Pawel Gocyla of ING Tech Poland (ingtechpoland.com) Entry added October 29, 2019 File Quarantine Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A malicious application may be able to elevate privileges Description: This issue was addressed by removing the vulnerable code. CVE-2019-8509: CodeColorist of Ant-Financial LightYear Labs Entry added October 29, 2019 Foundation Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8746: Natalie Silvanovich and Samuel Groß of Google Project Zero Entry added October 29, 2019 Graphics Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing a malicious shader may result in unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2018-12152: Piotr Bania of Cisco Talos CVE-2018-12153: Piotr Bania of Cisco Talos CVE-2018-12154: Piotr Bania of Cisco Talos Entry added October 29, 2019 Intel Graphics Driver Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8758: Lilang Wu and Moony Li of Trend Micro IOGraphics Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A malicious application may be able to determine kernel memory layout Description: A logic issue was addressed with improved restrictions. CVE-2019-8755: Lilang Wu and Moony Li of Trend Micro IOGraphics Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8759: another of 360 Nirvan Team Entry added October 29, 2019 Kernel Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A local app may be able to read a persistent account identifier Description: A validation issue was addressed with improved logic. CVE-2019-8809: Apple Entry added October 29, 2019 Kernel Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2019-8709: derrek (@derrekr6) [confirmed]derrek (@derrekr6) CVE-2019-8781: Linus Henze (pinauten.de) Entry added October 29, 2019 Kernel Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8717: Jann Horn of Google Project Zero Kernel Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A malicious application may be able to determine kernel memory layout Description: A memory corruption issue existed in the handling of IPv6 packets. This issue was addressed with improved memory management. CVE-2019-8744: Zhuo Liang of Qihoo 360 Vulcan Team Entry added October 29, 2019 libxml2 Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Multiple issues in libxml2 Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2019-8749: found by OSS-Fuzz CVE-2019-8756: found by OSS-Fuzz Entry added October 29, 2019 libxslt Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Multiple issues in libxslt Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2019-8750: found by OSS-Fuzz Entry added October 29, 2019 mDNSResponder Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An attacker in physical proximity may be able to passively observe device names in AWDL communications Description: This issue was resolved by replacing device names with a random identifier. CVE-2019-8799: David Kreitschmann and Milan Stute of Secure Mobile Networking Lab at Technische Universität Darmstadt Entry added October 29, 2019 Menus Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2019-8826: Found by GWP-ASan in Google Chrome Entry added October 29, 2019 Notes Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A local user may be able to view a user's locked notes Description: The contents of locked notes sometimes appeared in search results. This issue was addressed with improved data cleanup. CVE-2019-8730: Jamie Blumberg (@jamie_blumberg) of Virginia Polytechnic Institute and State University PDFKit Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An attacker may be able to exfiltrate the contents of an encrypted PDF Description: An issue existed in the handling of links in encrypted PDFs. This issue was addressed by adding a confirmation prompt. CVE-2019-8772: Jens Müller of Ruhr University Bochum, Fabian Ising of FH Münster University of Applied Sciences, Vladislav Mladenov of Ruhr University Bochum, Christian Mainka of Ruhr University Bochum, Sebastian Schinzel of FH Münster University of Applied Sciences, and Jörg Schwenk of Ruhr University Bochum PluginKit Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A local user may be able to check for the existence of arbitrary files Description: A logic issue was addressed with improved restrictions. CVE-2019-8708: an anonymous researcher Entry added October 29, 2019 PluginKit Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8715: an anonymous researcher Entry added October 29, 2019 SharedFileList Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A malicious application may be able to access recent documents Description: The issue was addressed with improved permissions logic. CVE-2019-8770: Stanislav Zinukhov of Parallels International GmbH sips Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8701: Simon Huang(@HuangShaomang), Rong Fan(@fanrong1992) and pjf of IceSword Lab of Qihoo 360 UIFoundation Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Parsing a maliciously crafted text file may lead to disclosure of user information Description: This issue was addressed with improved checks. CVE-2019-8761: Renee Trisberg of SpectX Entry added October 29, 2019 UIFoundation Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8745: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative WebKit Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A user may be unable to delete browsing history items Description: "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. CVE-2019-8768: Hugo S. Diaz (coldpointblue) WebKit Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Visiting a maliciously crafted website may reveal browsing history Description: An issue existed in the drawing of web page elements. The issue was addressed with improved logic. CVE-2019-8769: Piérre Reimertz (@reimertz) Additional recognition AppleRTC We would like to acknowledge Vitaly Cheptsov for their assistance. Audio We would like to acknowledge riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative for their assistance. boringssl We would like to acknowledge Nimrod Aviram of Tel Aviv University, Robert Merget of Ruhr University Bochum, Juraj Somorovsky of Ruhr University Bochum and Thijs Alkemade (@xnyhps) of Computest for their assistance. Finder We would like to acknowledge Csaba Fitzl (@theevilbit) for their assistance. Gatekeeper We would like to acknowledge Csaba Fitzl (@theevilbit) for their assistance. Identity Service We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance. Kernel We would like to acknowledge Brandon Azad of Google Project Zero for their assistance. mDNSResponder We would like to acknowledge Gregor Lang of e.solutions GmbH for their assistance. python We would like to acknowledge an anonymous researcher for their assistance. Safari Data Importing We would like to acknowledge Kent Zoya for their assistance. Simple certificate enrollment protocol (SCEP) We would like to acknowledge an anonymous researcher for their assistance. Telephony We would like to acknowledge Phil Stokes from SentinelOne for their assistance. VPN We would like to acknowledge Royce Gawron of Second Son Consulting, Inc. for their assistance. Installation note: macOS Catalina 10.15 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl24s4QACgkQBz4uGe3y 0M0s3w//QZG0JsE1BjWJ3mwKoSn/I1V0SLryV9UxJeibPfhyF6VJEYk63jZxZ5ki 48vM7iKE3nAHamNFOMtUvyzEdO6VGNZ1uiuSu9nkyziEERapHJSLcEh83p2JhWV/ SEsBB3bsT4l3V9ZYxk/9DX6ynCTzKLZTynw6Yo2PMYiMpavD5sfZ6v8U53qdZ+LX SNuw+vRTsvu3YlFkUStTdQ64sT72yGII0c8iFpSb2AWv7IgbypB5lW4/MRQjrzoc 9yMhvMgXcgAlzoH5GpGE2EflbekcQxudxDh1t0o7f8OASRPTljNjL4oiKXBMhiAM iUgDn7duE9LqupfSWK5WOUkF+XRV0qTaLCTDWaCzVa5YsApvSVPhbmoFqKXSQG8T U6SxQviqzJ06sD1jqm2sZ/LnD5xMEXhQvNx89oJrTRsCU/o0fy4tRhHp52aJoF7E Wvr1kTlo6SGm6NjkmZVoKj6962/0XUYSOt8gR+L/sF7N6URUG+1Ko2jx8zhYHMEO ju+Hw0TFHd+8mP29oOEIsIpuRpCp9jjgEJDdu7mGqJ1Py2Gs0uGeHEZd6DJhKggA IvdJu4Q9usjWaxQ9H3m2I/xEqw78sMEEFgCYfLTC0gf2ChaiGZuhKipcF04c81kM bOGmjuyJrajD/2rY9EHrqtCm5b2079YAIxUAmTOkT0uP2WmlZoM= =bhin -----END PGP SIGNATURE----- . ========================================================================= Ubuntu Security Notice USN-4097-2 August 13, 2019 php5 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM - Ubuntu 12.04 ESM Summary: PHP could be made to crash or execute arbitrary code if it received specially crafted image. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that PHP incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2019-11041, CVE-2019-11042) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.29+esm5 php5-cgi 5.5.9+dfsg-1ubuntu4.29+esm5 php5-cli 5.5.9+dfsg-1ubuntu4.29+esm5 php5-fpm 5.5.9+dfsg-1ubuntu4.29+esm5 php5-xmlrpc 5.5.9+dfsg-1ubuntu4.29+esm5 Ubuntu 12.04 ESM: libapache2-mod-php5 5.3.10-1ubuntu3.39 php5-cgi 5.3.10-1ubuntu3.39 php5-cli 5.3.10-1ubuntu3.39 php5-fpm 5.3.10-1ubuntu3.39 php5-xmlrpc 5.3.10-1ubuntu3.39 In general, a standard system update will make all the necessary changes. For the stable distribution (buster), these problems have been fixed in version 7.3.9-1~deb10u1. We recommend that you upgrade your php7.3 packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: php:7.2 security, bug fix, and enhancement update Advisory ID: RHSA-2020:1624-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1624 Issue date: 2020-04-28 CVE Names: CVE-2018-20783 CVE-2019-9020 CVE-2019-9021 CVE-2019-9022 CVE-2019-9023 CVE-2019-9024 CVE-2019-9637 CVE-2019-9638 CVE-2019-9639 CVE-2019-9640 CVE-2019-11034 CVE-2019-11035 CVE-2019-11036 CVE-2019-11039 CVE-2019-11040 CVE-2019-11041 CVE-2019-11042 ==================================================================== 1. Summary: An update for the php:7.2 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php (7.2.24). (BZ#1726981) Security Fix(es): * php: Invalid memory access in function xmlrpc_decode() (CVE-2019-9020) * php: File rename across filesystems may allow unwanted access during processing (CVE-2019-9637) * php: Uninitialized read in exif_process_IFD_in_MAKERNOTE (CVE-2019-9638) * php: Uninitialized read in exif_process_IFD_in_MAKERNOTE (CVE-2019-9639) * php: Invalid read in exif_process_SOFn() (CVE-2019-9640) * php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers() (CVE-2019-11039) * php: Buffer over-read in exif_read_data() (CVE-2019-11040) * php: Buffer over-read in PHAR reading functions (CVE-2018-20783) * php: Heap-based buffer over-read in PHAR reading functions (CVE-2019-9021) * php: memcpy with negative length via crafted DNS response (CVE-2019-9022) * php: Heap-based buffer over-read in mbstring regular expression functions (CVE-2019-9023) * php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c (CVE-2019-9024) * php: Heap buffer overflow in function exif_process_IFD_TAG() (CVE-2019-11034) * php: Heap buffer overflow in function exif_iif_add_value() (CVE-2019-11035) * php: Buffer over-read in exif_process_IFD_TAG() leading to information disclosure (CVE-2019-11036) * php: Heap buffer over-read in exif_scan_thumbnail() (CVE-2019-11041) * php: Heap buffer over-read in exif_process_user_comment() (CVE-2019-11042) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1680545 - CVE-2018-20783 php: Buffer over-read in PHAR reading functions 1685123 - CVE-2019-9020 php: Invalid memory access in function xmlrpc_decode() 1685132 - CVE-2019-9021 php: Heap-based buffer over-read in PHAR reading functions 1685398 - CVE-2019-9023 php: Heap-based buffer over-read in mbstring regular expression functions 1685404 - CVE-2019-9024 php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c 1685412 - CVE-2019-9022 php: memcpy with negative length via crafted DNS response 1688897 - CVE-2019-9637 php: File rename across filesystems may allow unwanted access during processing 1688922 - CVE-2019-9638 php: Uninitialized read in exif_process_IFD_in_MAKERNOTE 1688934 - CVE-2019-9639 php: Uninitialized read in exif_process_IFD_in_MAKERNOTE 1688939 - CVE-2019-9640 php: Invalid read in exif_process_SOFn() 1702246 - CVE-2019-11035 php: Heap buffer overflow in function exif_iif_add_value() 1702256 - CVE-2019-11034 php: Heap buffer overflow in function exif_process_IFD_TAG() 1707299 - CVE-2019-11036 php: Buffer over-read in exif_process_IFD_TAG() leading to information disclosure 1724152 - CVE-2019-11039 php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers() 1724154 - CVE-2019-11040 php: Buffer over-read in exif_read_data() 1739459 - CVE-2019-11041 php: Heap buffer over-read in exif_scan_thumbnail() 1739465 - CVE-2019-11042 php: Heap buffer over-read in exif_process_user_comment() 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: libzip-1.5.1-2.module+el8.1.0+3202+af5476b9.src.rpm php-7.2.24-1.module+el8.2.0+4601+7c76a223.src.rpm php-pear-1.10.5-9.module+el8.1.0+3202+af5476b9.src.rpm php-pecl-apcu-5.1.12-2.module+el8.1.0+3202+af5476b9.src.rpm php-pecl-zip-1.15.3-1.module+el8.1.0+3186+20164e6f.src.rpm aarch64: libzip-1.5.1-2.module+el8.1.0+3202+af5476b9.aarch64.rpm libzip-debuginfo-1.5.1-2.module+el8.1.0+3202+af5476b9.aarch64.rpm libzip-debugsource-1.5.1-2.module+el8.1.0+3202+af5476b9.aarch64.rpm libzip-devel-1.5.1-2.module+el8.1.0+3202+af5476b9.aarch64.rpm libzip-tools-1.5.1-2.module+el8.1.0+3202+af5476b9.aarch64.rpm libzip-tools-debuginfo-1.5.1-2.module+el8.1.0+3202+af5476b9.aarch64.rpm php-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-bcmath-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-bcmath-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-cli-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-cli-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-common-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-common-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-dba-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-dba-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-dbg-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-dbg-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-debugsource-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-devel-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-embedded-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-embedded-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-enchant-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-enchant-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-fpm-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-fpm-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-gd-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-gd-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-gmp-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-gmp-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-intl-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-intl-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-json-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-json-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-ldap-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-ldap-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-mbstring-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-mbstring-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-mysqlnd-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-mysqlnd-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-odbc-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-odbc-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-opcache-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-opcache-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-pdo-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-pdo-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-pecl-apcu-5.1.12-2.module+el8.1.0+3202+af5476b9.aarch64.rpm php-pecl-apcu-debuginfo-5.1.12-2.module+el8.1.0+3202+af5476b9.aarch64.rpm php-pecl-apcu-debugsource-5.1.12-2.module+el8.1.0+3202+af5476b9.aarch64.rpm php-pecl-apcu-devel-5.1.12-2.module+el8.1.0+3202+af5476b9.aarch64.rpm php-pecl-zip-1.15.3-1.module+el8.1.0+3186+20164e6f.aarch64.rpm php-pecl-zip-debuginfo-1.15.3-1.module+el8.1.0+3186+20164e6f.aarch64.rpm php-pecl-zip-debugsource-1.15.3-1.module+el8.1.0+3186+20164e6f.aarch64.rpm php-pgsql-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-pgsql-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-process-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-process-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-recode-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-recode-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-snmp-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-snmp-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-soap-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-soap-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-xml-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-xml-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-xmlrpc-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm php-xmlrpc-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.aarch64.rpm noarch: apcu-panel-5.1.12-2.module+el8.1.0+3202+af5476b9.noarch.rpm php-pear-1.10.5-9.module+el8.1.0+3202+af5476b9.noarch.rpm ppc64le: libzip-1.5.1-2.module+el8.1.0+3202+af5476b9.ppc64le.rpm libzip-debuginfo-1.5.1-2.module+el8.1.0+3202+af5476b9.ppc64le.rpm libzip-debugsource-1.5.1-2.module+el8.1.0+3202+af5476b9.ppc64le.rpm libzip-devel-1.5.1-2.module+el8.1.0+3202+af5476b9.ppc64le.rpm libzip-tools-1.5.1-2.module+el8.1.0+3202+af5476b9.ppc64le.rpm libzip-tools-debuginfo-1.5.1-2.module+el8.1.0+3202+af5476b9.ppc64le.rpm php-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-bcmath-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-bcmath-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-cli-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-cli-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-common-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-common-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-dba-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-dba-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-dbg-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-dbg-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-debugsource-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-devel-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-embedded-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-embedded-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-enchant-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-enchant-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-fpm-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-fpm-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-gd-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-gd-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-gmp-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-gmp-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-intl-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-intl-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-json-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-json-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-ldap-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-ldap-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-mbstring-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-mbstring-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-mysqlnd-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-mysqlnd-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-odbc-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-odbc-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-opcache-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-opcache-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-pdo-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-pdo-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-pecl-apcu-5.1.12-2.module+el8.1.0+3202+af5476b9.ppc64le.rpm php-pecl-apcu-debuginfo-5.1.12-2.module+el8.1.0+3202+af5476b9.ppc64le.rpm php-pecl-apcu-debugsource-5.1.12-2.module+el8.1.0+3202+af5476b9.ppc64le.rpm php-pecl-apcu-devel-5.1.12-2.module+el8.1.0+3202+af5476b9.ppc64le.rpm php-pecl-zip-1.15.3-1.module+el8.1.0+3186+20164e6f.ppc64le.rpm php-pecl-zip-debuginfo-1.15.3-1.module+el8.1.0+3186+20164e6f.ppc64le.rpm php-pecl-zip-debugsource-1.15.3-1.module+el8.1.0+3186+20164e6f.ppc64le.rpm php-pgsql-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-pgsql-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-process-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-process-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-recode-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-recode-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-snmp-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-snmp-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-soap-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-soap-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-xml-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-xml-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-xmlrpc-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm php-xmlrpc-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.ppc64le.rpm s390x: libzip-1.5.1-2.module+el8.1.0+3202+af5476b9.s390x.rpm libzip-debuginfo-1.5.1-2.module+el8.1.0+3202+af5476b9.s390x.rpm libzip-debugsource-1.5.1-2.module+el8.1.0+3202+af5476b9.s390x.rpm libzip-devel-1.5.1-2.module+el8.1.0+3202+af5476b9.s390x.rpm libzip-tools-1.5.1-2.module+el8.1.0+3202+af5476b9.s390x.rpm libzip-tools-debuginfo-1.5.1-2.module+el8.1.0+3202+af5476b9.s390x.rpm php-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-bcmath-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-bcmath-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-cli-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-cli-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-common-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-common-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-dba-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-dba-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-dbg-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-dbg-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-debugsource-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-devel-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-embedded-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-embedded-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-enchant-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-enchant-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-fpm-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-fpm-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-gd-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-gd-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-gmp-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-gmp-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-intl-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-intl-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-json-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-json-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-ldap-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-ldap-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-mbstring-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-mbstring-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-mysqlnd-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-mysqlnd-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-odbc-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-odbc-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-opcache-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-opcache-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-pdo-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-pdo-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-pecl-apcu-5.1.12-2.module+el8.1.0+3202+af5476b9.s390x.rpm php-pecl-apcu-debuginfo-5.1.12-2.module+el8.1.0+3202+af5476b9.s390x.rpm php-pecl-apcu-debugsource-5.1.12-2.module+el8.1.0+3202+af5476b9.s390x.rpm php-pecl-apcu-devel-5.1.12-2.module+el8.1.0+3202+af5476b9.s390x.rpm php-pecl-zip-1.15.3-1.module+el8.1.0+3186+20164e6f.s390x.rpm php-pecl-zip-debuginfo-1.15.3-1.module+el8.1.0+3186+20164e6f.s390x.rpm php-pecl-zip-debugsource-1.15.3-1.module+el8.1.0+3186+20164e6f.s390x.rpm php-pgsql-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-pgsql-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-process-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-process-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-recode-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-recode-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-snmp-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-snmp-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-soap-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-soap-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-xml-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-xml-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-xmlrpc-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm php-xmlrpc-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.s390x.rpm x86_64: libzip-1.5.1-2.module+el8.1.0+3202+af5476b9.x86_64.rpm libzip-debuginfo-1.5.1-2.module+el8.1.0+3202+af5476b9.x86_64.rpm libzip-debugsource-1.5.1-2.module+el8.1.0+3202+af5476b9.x86_64.rpm libzip-devel-1.5.1-2.module+el8.1.0+3202+af5476b9.x86_64.rpm libzip-tools-1.5.1-2.module+el8.1.0+3202+af5476b9.x86_64.rpm libzip-tools-debuginfo-1.5.1-2.module+el8.1.0+3202+af5476b9.x86_64.rpm php-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-bcmath-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-bcmath-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-cli-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-cli-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-common-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-common-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-dba-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-dba-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-dbg-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-dbg-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-debugsource-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-devel-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-embedded-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-embedded-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-enchant-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-enchant-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-fpm-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-fpm-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-gd-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-gd-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-gmp-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-gmp-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-intl-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-intl-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-json-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-json-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-ldap-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-ldap-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-mbstring-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-mbstring-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-mysqlnd-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-mysqlnd-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-odbc-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-odbc-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-opcache-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-opcache-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-pdo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-pdo-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-pecl-apcu-5.1.12-2.module+el8.1.0+3202+af5476b9.x86_64.rpm php-pecl-apcu-debuginfo-5.1.12-2.module+el8.1.0+3202+af5476b9.x86_64.rpm php-pecl-apcu-debugsource-5.1.12-2.module+el8.1.0+3202+af5476b9.x86_64.rpm php-pecl-apcu-devel-5.1.12-2.module+el8.1.0+3202+af5476b9.x86_64.rpm php-pecl-zip-1.15.3-1.module+el8.1.0+3186+20164e6f.x86_64.rpm php-pecl-zip-debuginfo-1.15.3-1.module+el8.1.0+3186+20164e6f.x86_64.rpm php-pecl-zip-debugsource-1.15.3-1.module+el8.1.0+3186+20164e6f.x86_64.rpm php-pgsql-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-pgsql-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-process-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-process-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-recode-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-recode-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-snmp-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-snmp-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-soap-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-soap-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-xml-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-xml-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-xmlrpc-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm php-xmlrpc-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-20783 https://access.redhat.com/security/cve/CVE-2019-9020 https://access.redhat.com/security/cve/CVE-2019-9021 https://access.redhat.com/security/cve/CVE-2019-9022 https://access.redhat.com/security/cve/CVE-2019-9023 https://access.redhat.com/security/cve/CVE-2019-9024 https://access.redhat.com/security/cve/CVE-2019-9637 https://access.redhat.com/security/cve/CVE-2019-9638 https://access.redhat.com/security/cve/CVE-2019-9639 https://access.redhat.com/security/cve/CVE-2019-9640 https://access.redhat.com/security/cve/CVE-2019-11034 https://access.redhat.com/security/cve/CVE-2019-11035 https://access.redhat.com/security/cve/CVE-2019-11036 https://access.redhat.com/security/cve/CVE-2019-11039 https://access.redhat.com/security/cve/CVE-2019-11040 https://access.redhat.com/security/cve/CVE-2019-11041 https://access.redhat.com/security/cve/CVE-2019-11042 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.2_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXqhV2NzjgjWX9erEAQhuFQ//Xr5xXBn2sMittp/bPkcHf3GY4d+S6WjT RepuFpyZusC+t8yFAfRjOQz4yN2LJMrN9c4rZC3KYevXddfnFCjT7Gatdo1WGMOX uvpBzstgWjfLRdiO9LcS/+4dQlVLcByvfN0ywL+xkJjfWrBSIwdFrmK0p1VMs3Yf O+m1Bc6tOCHGn2wzUWZKNcQWflzWpKR1uAMjjYeF8whX8S9oj0pcHchyMQMLNr/P PkJz11Hi+iQJjPSrfanc2hSo4RY90uuvpgXtRNBly4Gt5L9OeLka+kDI4tDVsdUC k67RG8QInsRJRprrNhNGwL+KW77ei+9SHBXwyrJyJPVS36ZY8Sngk4NnqXE+VEC2 AFAciI3q6wkBy3owrniwoFA5/jdzpGZZaFMMLNJIg4A9Pz/opf4lVmaRaoDPEbG1 3hv/eMaW+by8l1FsYF/Mg8YFBJKLupS052TnZYN81c7j4b5dVhsLwkj9wKvWp8HP gEB9SltCJSxXdCf25EnBYNzk/S6WmLim9N/cZt6cdyhBNlrRUJDNtq4Ch90YCH2P jWEaw5Xh50w1geWkrHPAT0brWAtDFwyGmCdY8l90YevtPUQqgaH9i4Z++5xEROLp aWro+4n+L1gyZP8SvIyd/mxqtRiO3yBV3epgnQLR5lrXRqAdSrFnz1DEulQ+h/Z/ 2DDJKKNRHeA|N3 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce