VARIoT IoT vulnerabilities database

TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the minAddress parameter. TP-LINK Technologies of TL-WR840N Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the httpRemotePort parameter. TP-LINK Technologies of TL-WR840N Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

In Apache APISIX before 2.13.0, when decoding JSON with duplicate keys, lua-cjson will choose the last occurred value as the result. By passing a JSON with a duplicate key, the attacker can bypass the body_schema validation in the request-validation plugin. For example, `{"string_payload":"bad","string_payload":"good"}` can be used to hide the "bad" input. Systems satisfy three conditions below are affected by this attack: 1. use body_schema validation in the request-validation plugin 2. upstream application uses a special JSON library that chooses the first occurred value, like jsoniter or gojay 3. upstream application does not validate the input anymore. The fix in APISIX is to re-encode the validated JSON input back into the request body at the side of APISIX. Improper Input Validation vulnerability in __COMPONENT__ of Apache APISIX allows an attacker to __IMPACT__. This issue affects Apache APISIX Apache APISIX version 2.12.1 and prior versions. (DoS) It may be in a state. Apache Apisix is a cloud-native microservice API gateway service of the Apache Foundation. The software is implemented based on OpenResty and etcd, with dynamic routing and plug-in hot loading, suitable for API management under the microservice system

TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the DNSServers parameter. TP-LINK Technologies of TL-WR840N Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TP-LINK TL-WR840N is a wireless router. Attackers can use this vulnerability to cause program failure, system downtime, restart and other consequences

D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp. of D-Link Japan Co., Ltd. dir-820l There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link Dir-820L is a dual-band wireless router from China D-Link company. D-Link DIR-820L 1.05B03 has security vulnerabilities, and no detailed vulnerability details are currently provided

In DLink DAP-1360 F1 firmware version <=v6.10 in the "webupg" binary, an attacker can use the "file" parameter to execute arbitrary system commands when the parameter is "name=deleteFile" after being authorized. of D-Link Japan Co., Ltd. dap-1360f1 There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAP-1360 is a router from China D-Link company. There is a security vulnerability in DLink DAP-1360 F1 firmware

NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to admin_account.cgi. of netgear R8500 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR R8500 is a wireless router from Netgear

NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to password.cgi. of netgear R8500 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR R8500 is a wireless router from Netgear

NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameter. of netgear R8500 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR R8500 is a wireless router from Netgear

Incorrect permissions in the Bluetooth Services in the Fortessa FTBTLD Smart Lock as of 12-13-2022 allows a remote attacker to disable the lock via an unauthenticated edit to the lock name. cef of fortessa ftbtld A firmware vulnerability related to improper default permissions exists.Information is tampered with and service operation is interrupted (DoS) It may be in a state

Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rockwell Automation The following vulnerabilities exist in multiple products provided by . * Mistake of type (CWE-843) - CVE-2022-1096If the vulnerability is exploited, it may be affected as follows. It was * by a local third party Chromium Web Browser vulnerabilities are used to cause denial of service ( DoS ) - CVE-2022-1096. ========================================================================= Ubuntu Security Notice USN-5350-1 March 28, 2022 chromium-browser vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: Chromium could be made to execute arbitrary code if it received a specially crafted input. Software Description: - chromium-browser: Chromium web browser, open-source version of Chrome Details: It was discovered that Chromium incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: chromium-browser 99.0.4844.84-0ubuntu0.18.04.1 This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5350-1 CVE-2022-1096 Package Information: https://launchpad.net/ubuntu/+source/chromium-browser/99.0.4844.84-0ubuntu0.18.04.1 . For the stable distribution (bullseye), this problem has been fixed in version 99.0.4844.84-1~deb11u1. We recommend that you upgrade your chromium packages. For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmJBXaAACgkQEMKTtsN8 TjbazQ/+IzYVZN+0pj9UBLmTcMNsaUt7Hh0G1D0NsJ8yKbQ6Kan11TcOBvzkQLER E5YbdLOfVaY/OZQRRyjtjzc/WwySaC0AKKg76rYd4bo4186szqPrTApKYz+Fb+Tw 9BCzzYxVQp4nPxcxdMo2PDrCXJg4Ux/ia9dUZFbSZOF8TccxU/1nAB89nS0jCECW OhjqKHM4vcpyPF+ztnGT8Lce+wy3TwTQ/CJM3GaKLK3RF8dT9y0Ae6PP902eOw+x CKbG9EsqB47K5v7Jrbm7LfaxxF1hs7l3kiaupk5YNxgIlHV0i/dpHT39zhSFEFdZ 4F2+lpzJpvKjz9kx2iyJcNYScxMTbWKQQrEYrcNFp3wE3vPl4ndASKrOniTta6ub H2j0Jp/O0pcQTLrsVTlSPvzVgSqTBjobgsIw4JWBSeDLpaDWNQR/dhxfoCQCUvA4 SDEby7l+buKPbipoCvupeyk+cQIM+yjXKc0OZDpHGekK8NsViD5rGIVyhKmFvWcC PajYlmZu68s49eg14hrpXudTcrLL+fFkKgxI5f0Eat0BLFsW7mFl6cvEzX+ErPKT 38XlAdtsO7FGq3DerKJhAyWzZbTPBpcXtPvguIytoxl3QXxcNBvcRgeZOjqMeIhW QqFsYamZq7zcDKYon9Zljtkz1/ai1viBejcvqJK5DqePtvz4AJA= =ZIch -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-25 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities Date: August 14, 2022 Bugs: #828519, #834477, #835397, #836011, #836381, #836777, #838049, #838433, #841371, #843728, #847370, #851003, #853643, #773040, #787950, #800181, #810781, #815397, #829161, #835761, #836830, #847613, #853229, #837497, #838682, #843035, #848864, #851009, #854372 ID: 202208-25 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Background ========= Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-qt/qtwebengine < 5.15.5_p20220618>= 5.15.5_p20220618 2 www-client/chromium < 103.0.5060.53 >= 103.0.5060.53 3 www-client/google-chrome < 103.0.5060.53 >= 103.0.5060.53 4 www-client/microsoft-edge < 101.0.1210.47 >= 101.0.1210.47 Description ========== Multiple vulnerabilities have been discovered in Chromium and its derivatives. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/chromium-103.0.5060.53" All Chromium binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/chromium-bin-103.0.5060.53" All Google Chrome users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/google-chrome-103.0.5060.53" All Microsoft Edge users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/chromium-103.0.5060.53" All QtWebEngine users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">\xdev-qt/qtwebengine-5.15.5_p20220618" References ========= [ 1 ] CVE-2021-4052 https://nvd.nist.gov/vuln/detail/CVE-2021-4052 [ 2 ] CVE-2021-4053 https://nvd.nist.gov/vuln/detail/CVE-2021-4053 [ 3 ] CVE-2021-4054 https://nvd.nist.gov/vuln/detail/CVE-2021-4054 [ 4 ] CVE-2021-4055 https://nvd.nist.gov/vuln/detail/CVE-2021-4055 [ 5 ] CVE-2021-4056 https://nvd.nist.gov/vuln/detail/CVE-2021-4056 [ 6 ] CVE-2021-4057 https://nvd.nist.gov/vuln/detail/CVE-2021-4057 [ 7 ] CVE-2021-4058 https://nvd.nist.gov/vuln/detail/CVE-2021-4058 [ 8 ] CVE-2021-4059 https://nvd.nist.gov/vuln/detail/CVE-2021-4059 [ 9 ] CVE-2021-4061 https://nvd.nist.gov/vuln/detail/CVE-2021-4061 [ 10 ] CVE-2021-4062 https://nvd.nist.gov/vuln/detail/CVE-2021-4062 [ 11 ] CVE-2021-4063 https://nvd.nist.gov/vuln/detail/CVE-2021-4063 [ 12 ] CVE-2021-4064 https://nvd.nist.gov/vuln/detail/CVE-2021-4064 [ 13 ] CVE-2021-4065 https://nvd.nist.gov/vuln/detail/CVE-2021-4065 [ 14 ] CVE-2021-4066 https://nvd.nist.gov/vuln/detail/CVE-2021-4066 [ 15 ] CVE-2021-4067 https://nvd.nist.gov/vuln/detail/CVE-2021-4067 [ 16 ] CVE-2021-4068 https://nvd.nist.gov/vuln/detail/CVE-2021-4068 [ 17 ] CVE-2021-4078 https://nvd.nist.gov/vuln/detail/CVE-2021-4078 [ 18 ] CVE-2021-4079 https://nvd.nist.gov/vuln/detail/CVE-2021-4079 [ 19 ] CVE-2021-30551 https://nvd.nist.gov/vuln/detail/CVE-2021-30551 [ 20 ] CVE-2022-0789 https://nvd.nist.gov/vuln/detail/CVE-2022-0789 [ 21 ] CVE-2022-0790 https://nvd.nist.gov/vuln/detail/CVE-2022-0790 [ 22 ] CVE-2022-0791 https://nvd.nist.gov/vuln/detail/CVE-2022-0791 [ 23 ] CVE-2022-0792 https://nvd.nist.gov/vuln/detail/CVE-2022-0792 [ 24 ] CVE-2022-0793 https://nvd.nist.gov/vuln/detail/CVE-2022-0793 [ 25 ] CVE-2022-0794 https://nvd.nist.gov/vuln/detail/CVE-2022-0794 [ 26 ] CVE-2022-0795 https://nvd.nist.gov/vuln/detail/CVE-2022-0795 [ 27 ] CVE-2022-0796 https://nvd.nist.gov/vuln/detail/CVE-2022-0796 [ 28 ] CVE-2022-0797 https://nvd.nist.gov/vuln/detail/CVE-2022-0797 [ 29 ] CVE-2022-0798 https://nvd.nist.gov/vuln/detail/CVE-2022-0798 [ 30 ] CVE-2022-0799 https://nvd.nist.gov/vuln/detail/CVE-2022-0799 [ 31 ] CVE-2022-0800 https://nvd.nist.gov/vuln/detail/CVE-2022-0800 [ 32 ] CVE-2022-0801 https://nvd.nist.gov/vuln/detail/CVE-2022-0801 [ 33 ] CVE-2022-0802 https://nvd.nist.gov/vuln/detail/CVE-2022-0802 [ 34 ] CVE-2022-0803 https://nvd.nist.gov/vuln/detail/CVE-2022-0803 [ 35 ] CVE-2022-0804 https://nvd.nist.gov/vuln/detail/CVE-2022-0804 [ 36 ] CVE-2022-0805 https://nvd.nist.gov/vuln/detail/CVE-2022-0805 [ 37 ] CVE-2022-0806 https://nvd.nist.gov/vuln/detail/CVE-2022-0806 [ 38 ] CVE-2022-0807 https://nvd.nist.gov/vuln/detail/CVE-2022-0807 [ 39 ] CVE-2022-0808 https://nvd.nist.gov/vuln/detail/CVE-2022-0808 [ 40 ] CVE-2022-0809 https://nvd.nist.gov/vuln/detail/CVE-2022-0809 [ 41 ] CVE-2022-0971 https://nvd.nist.gov/vuln/detail/CVE-2022-0971 [ 42 ] CVE-2022-0972 https://nvd.nist.gov/vuln/detail/CVE-2022-0972 [ 43 ] CVE-2022-0973 https://nvd.nist.gov/vuln/detail/CVE-2022-0973 [ 44 ] CVE-2022-0974 https://nvd.nist.gov/vuln/detail/CVE-2022-0974 [ 45 ] CVE-2022-0975 https://nvd.nist.gov/vuln/detail/CVE-2022-0975 [ 46 ] CVE-2022-0976 https://nvd.nist.gov/vuln/detail/CVE-2022-0976 [ 47 ] CVE-2022-0977 https://nvd.nist.gov/vuln/detail/CVE-2022-0977 [ 48 ] CVE-2022-0978 https://nvd.nist.gov/vuln/detail/CVE-2022-0978 [ 49 ] CVE-2022-0979 https://nvd.nist.gov/vuln/detail/CVE-2022-0979 [ 50 ] CVE-2022-0980 https://nvd.nist.gov/vuln/detail/CVE-2022-0980 [ 51 ] CVE-2022-1096 https://nvd.nist.gov/vuln/detail/CVE-2022-1096 [ 52 ] CVE-2022-1125 https://nvd.nist.gov/vuln/detail/CVE-2022-1125 [ 53 ] CVE-2022-1127 https://nvd.nist.gov/vuln/detail/CVE-2022-1127 [ 54 ] CVE-2022-1128 https://nvd.nist.gov/vuln/detail/CVE-2022-1128 [ 55 ] CVE-2022-1129 https://nvd.nist.gov/vuln/detail/CVE-2022-1129 [ 56 ] CVE-2022-1130 https://nvd.nist.gov/vuln/detail/CVE-2022-1130 [ 57 ] CVE-2022-1131 https://nvd.nist.gov/vuln/detail/CVE-2022-1131 [ 58 ] CVE-2022-1132 https://nvd.nist.gov/vuln/detail/CVE-2022-1132 [ 59 ] CVE-2022-1133 https://nvd.nist.gov/vuln/detail/CVE-2022-1133 [ 60 ] CVE-2022-1134 https://nvd.nist.gov/vuln/detail/CVE-2022-1134 [ 61 ] CVE-2022-1135 https://nvd.nist.gov/vuln/detail/CVE-2022-1135 [ 62 ] CVE-2022-1136 https://nvd.nist.gov/vuln/detail/CVE-2022-1136 [ 63 ] CVE-2022-1137 https://nvd.nist.gov/vuln/detail/CVE-2022-1137 [ 64 ] CVE-2022-1138 https://nvd.nist.gov/vuln/detail/CVE-2022-1138 [ 65 ] CVE-2022-1139 https://nvd.nist.gov/vuln/detail/CVE-2022-1139 [ 66 ] CVE-2022-1141 https://nvd.nist.gov/vuln/detail/CVE-2022-1141 [ 67 ] CVE-2022-1142 https://nvd.nist.gov/vuln/detail/CVE-2022-1142 [ 68 ] CVE-2022-1143 https://nvd.nist.gov/vuln/detail/CVE-2022-1143 [ 69 ] CVE-2022-1144 https://nvd.nist.gov/vuln/detail/CVE-2022-1144 [ 70 ] CVE-2022-1145 https://nvd.nist.gov/vuln/detail/CVE-2022-1145 [ 71 ] CVE-2022-1146 https://nvd.nist.gov/vuln/detail/CVE-2022-1146 [ 72 ] CVE-2022-1232 https://nvd.nist.gov/vuln/detail/CVE-2022-1232 [ 73 ] CVE-2022-1305 https://nvd.nist.gov/vuln/detail/CVE-2022-1305 [ 74 ] CVE-2022-1306 https://nvd.nist.gov/vuln/detail/CVE-2022-1306 [ 75 ] CVE-2022-1307 https://nvd.nist.gov/vuln/detail/CVE-2022-1307 [ 76 ] CVE-2022-1308 https://nvd.nist.gov/vuln/detail/CVE-2022-1308 [ 77 ] CVE-2022-1309 https://nvd.nist.gov/vuln/detail/CVE-2022-1309 [ 78 ] CVE-2022-1310 https://nvd.nist.gov/vuln/detail/CVE-2022-1310 [ 79 ] CVE-2022-1311 https://nvd.nist.gov/vuln/detail/CVE-2022-1311 [ 80 ] CVE-2022-1312 https://nvd.nist.gov/vuln/detail/CVE-2022-1312 [ 81 ] CVE-2022-1313 https://nvd.nist.gov/vuln/detail/CVE-2022-1313 [ 82 ] CVE-2022-1314 https://nvd.nist.gov/vuln/detail/CVE-2022-1314 [ 83 ] CVE-2022-1364 https://nvd.nist.gov/vuln/detail/CVE-2022-1364 [ 84 ] CVE-2022-1477 https://nvd.nist.gov/vuln/detail/CVE-2022-1477 [ 85 ] CVE-2022-1478 https://nvd.nist.gov/vuln/detail/CVE-2022-1478 [ 86 ] CVE-2022-1479 https://nvd.nist.gov/vuln/detail/CVE-2022-1479 [ 87 ] CVE-2022-1480 https://nvd.nist.gov/vuln/detail/CVE-2022-1480 [ 88 ] CVE-2022-1481 https://nvd.nist.gov/vuln/detail/CVE-2022-1481 [ 89 ] CVE-2022-1482 https://nvd.nist.gov/vuln/detail/CVE-2022-1482 [ 90 ] CVE-2022-1483 https://nvd.nist.gov/vuln/detail/CVE-2022-1483 [ 91 ] CVE-2022-1484 https://nvd.nist.gov/vuln/detail/CVE-2022-1484 [ 92 ] CVE-2022-1485 https://nvd.nist.gov/vuln/detail/CVE-2022-1485 [ 93 ] CVE-2022-1486 https://nvd.nist.gov/vuln/detail/CVE-2022-1486 [ 94 ] CVE-2022-1487 https://nvd.nist.gov/vuln/detail/CVE-2022-1487 [ 95 ] CVE-2022-1488 https://nvd.nist.gov/vuln/detail/CVE-2022-1488 [ 96 ] CVE-2022-1489 https://nvd.nist.gov/vuln/detail/CVE-2022-1489 [ 97 ] CVE-2022-1490 https://nvd.nist.gov/vuln/detail/CVE-2022-1490 [ 98 ] CVE-2022-1491 https://nvd.nist.gov/vuln/detail/CVE-2022-1491 [ 99 ] CVE-2022-1492 https://nvd.nist.gov/vuln/detail/CVE-2022-1492 [ 100 ] CVE-2022-1493 https://nvd.nist.gov/vuln/detail/CVE-2022-1493 [ 101 ] CVE-2022-1494 https://nvd.nist.gov/vuln/detail/CVE-2022-1494 [ 102 ] CVE-2022-1495 https://nvd.nist.gov/vuln/detail/CVE-2022-1495 [ 103 ] CVE-2022-1496 https://nvd.nist.gov/vuln/detail/CVE-2022-1496 [ 104 ] CVE-2022-1497 https://nvd.nist.gov/vuln/detail/CVE-2022-1497 [ 105 ] CVE-2022-1498 https://nvd.nist.gov/vuln/detail/CVE-2022-1498 [ 106 ] CVE-2022-1499 https://nvd.nist.gov/vuln/detail/CVE-2022-1499 [ 107 ] CVE-2022-1500 https://nvd.nist.gov/vuln/detail/CVE-2022-1500 [ 108 ] CVE-2022-1501 https://nvd.nist.gov/vuln/detail/CVE-2022-1501 [ 109 ] CVE-2022-1633 https://nvd.nist.gov/vuln/detail/CVE-2022-1633 [ 110 ] CVE-2022-1634 https://nvd.nist.gov/vuln/detail/CVE-2022-1634 [ 111 ] CVE-2022-1635 https://nvd.nist.gov/vuln/detail/CVE-2022-1635 [ 112 ] CVE-2022-1636 https://nvd.nist.gov/vuln/detail/CVE-2022-1636 [ 113 ] CVE-2022-1637 https://nvd.nist.gov/vuln/detail/CVE-2022-1637 [ 114 ] CVE-2022-1639 https://nvd.nist.gov/vuln/detail/CVE-2022-1639 [ 115 ] CVE-2022-1640 https://nvd.nist.gov/vuln/detail/CVE-2022-1640 [ 116 ] CVE-2022-1641 https://nvd.nist.gov/vuln/detail/CVE-2022-1641 [ 117 ] CVE-2022-1853 https://nvd.nist.gov/vuln/detail/CVE-2022-1853 [ 118 ] CVE-2022-1854 https://nvd.nist.gov/vuln/detail/CVE-2022-1854 [ 119 ] CVE-2022-1855 https://nvd.nist.gov/vuln/detail/CVE-2022-1855 [ 120 ] CVE-2022-1856 https://nvd.nist.gov/vuln/detail/CVE-2022-1856 [ 121 ] CVE-2022-1857 https://nvd.nist.gov/vuln/detail/CVE-2022-1857 [ 122 ] CVE-2022-1858 https://nvd.nist.gov/vuln/detail/CVE-2022-1858 [ 123 ] CVE-2022-1859 https://nvd.nist.gov/vuln/detail/CVE-2022-1859 [ 124 ] CVE-2022-1860 https://nvd.nist.gov/vuln/detail/CVE-2022-1860 [ 125 ] CVE-2022-1861 https://nvd.nist.gov/vuln/detail/CVE-2022-1861 [ 126 ] CVE-2022-1862 https://nvd.nist.gov/vuln/detail/CVE-2022-1862 [ 127 ] CVE-2022-1863 https://nvd.nist.gov/vuln/detail/CVE-2022-1863 [ 128 ] CVE-2022-1864 https://nvd.nist.gov/vuln/detail/CVE-2022-1864 [ 129 ] CVE-2022-1865 https://nvd.nist.gov/vuln/detail/CVE-2022-1865 [ 130 ] CVE-2022-1866 https://nvd.nist.gov/vuln/detail/CVE-2022-1866 [ 131 ] CVE-2022-1867 https://nvd.nist.gov/vuln/detail/CVE-2022-1867 [ 132 ] CVE-2022-1868 https://nvd.nist.gov/vuln/detail/CVE-2022-1868 [ 133 ] CVE-2022-1869 https://nvd.nist.gov/vuln/detail/CVE-2022-1869 [ 134 ] CVE-2022-1870 https://nvd.nist.gov/vuln/detail/CVE-2022-1870 [ 135 ] CVE-2022-1871 https://nvd.nist.gov/vuln/detail/CVE-2022-1871 [ 136 ] CVE-2022-1872 https://nvd.nist.gov/vuln/detail/CVE-2022-1872 [ 137 ] CVE-2022-1873 https://nvd.nist.gov/vuln/detail/CVE-2022-1873 [ 138 ] CVE-2022-1874 https://nvd.nist.gov/vuln/detail/CVE-2022-1874 [ 139 ] CVE-2022-1875 https://nvd.nist.gov/vuln/detail/CVE-2022-1875 [ 140 ] CVE-2022-1876 https://nvd.nist.gov/vuln/detail/CVE-2022-1876 [ 141 ] CVE-2022-2007 https://nvd.nist.gov/vuln/detail/CVE-2022-2007 [ 142 ] CVE-2022-2010 https://nvd.nist.gov/vuln/detail/CVE-2022-2010 [ 143 ] CVE-2022-2011 https://nvd.nist.gov/vuln/detail/CVE-2022-2011 [ 144 ] CVE-2022-2156 https://nvd.nist.gov/vuln/detail/CVE-2022-2156 [ 145 ] CVE-2022-2157 https://nvd.nist.gov/vuln/detail/CVE-2022-2157 [ 146 ] CVE-2022-2158 https://nvd.nist.gov/vuln/detail/CVE-2022-2158 [ 147 ] CVE-2022-2160 https://nvd.nist.gov/vuln/detail/CVE-2022-2160 [ 148 ] CVE-2022-2161 https://nvd.nist.gov/vuln/detail/CVE-2022-2161 [ 149 ] CVE-2022-2162 https://nvd.nist.gov/vuln/detail/CVE-2022-2162 [ 150 ] CVE-2022-2163 https://nvd.nist.gov/vuln/detail/CVE-2022-2163 [ 151 ] CVE-2022-2164 https://nvd.nist.gov/vuln/detail/CVE-2022-2164 [ 152 ] CVE-2022-2165 https://nvd.nist.gov/vuln/detail/CVE-2022-2165 [ 153 ] CVE-2022-22021 https://nvd.nist.gov/vuln/detail/CVE-2022-22021 [ 154 ] CVE-2022-24475 https://nvd.nist.gov/vuln/detail/CVE-2022-24475 [ 155 ] CVE-2022-24523 https://nvd.nist.gov/vuln/detail/CVE-2022-24523 [ 156 ] CVE-2022-26891 https://nvd.nist.gov/vuln/detail/CVE-2022-26891 [ 157 ] CVE-2022-26894 https://nvd.nist.gov/vuln/detail/CVE-2022-26894 [ 158 ] CVE-2022-26895 https://nvd.nist.gov/vuln/detail/CVE-2022-26895 [ 159 ] CVE-2022-26900 https://nvd.nist.gov/vuln/detail/CVE-2022-26900 [ 160 ] CVE-2022-26905 https://nvd.nist.gov/vuln/detail/CVE-2022-26905 [ 161 ] CVE-2022-26908 https://nvd.nist.gov/vuln/detail/CVE-2022-26908 [ 162 ] CVE-2022-26909 https://nvd.nist.gov/vuln/detail/CVE-2022-26909 [ 163 ] CVE-2022-26912 https://nvd.nist.gov/vuln/detail/CVE-2022-26912 [ 164 ] CVE-2022-29144 https://nvd.nist.gov/vuln/detail/CVE-2022-29144 [ 165 ] CVE-2022-29146 https://nvd.nist.gov/vuln/detail/CVE-2022-29146 [ 166 ] CVE-2022-29147 https://nvd.nist.gov/vuln/detail/CVE-2022-29147 [ 167 ] CVE-2022-30127 https://nvd.nist.gov/vuln/detail/CVE-2022-30127 [ 168 ] CVE-2022-30128 https://nvd.nist.gov/vuln/detail/CVE-2022-30128 [ 169 ] CVE-2022-30192 https://nvd.nist.gov/vuln/detail/CVE-2022-30192 [ 170 ] CVE-2022-33638 https://nvd.nist.gov/vuln/detail/CVE-2022-33638 [ 171 ] CVE-2022-33639 https://nvd.nist.gov/vuln/detail/CVE-2022-33639 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202208-25 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. Bugs fixed (https://bugzilla.redhat.com/): 2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-05-16-2 macOS Monterey 12.4 macOS Monterey 12.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213257. AMD Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26772: an anonymous researcher AMD Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow issue was addressed with improved memory handling. CVE-2022-26741: ABC Research s.r.o CVE-2022-26742: ABC Research s.r.o CVE-2022-26749: ABC Research s.r.o CVE-2022-26750: ABC Research s.r.o CVE-2022-26752: ABC Research s.r.o CVE-2022-26753: ABC Research s.r.o CVE-2022-26754: ABC Research s.r.o apache Available for: macOS Monterey Impact: Multiple issues in apache Description: Multiple issues were addressed by updating apache to version 2.4.53. CVE-2021-44224 CVE-2021-44790 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 AppleGraphicsControl Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-26698: Qi Sun of Trend Micro AVEVideoEncoder Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26736: an anonymous researcher CVE-2022-26737: an anonymous researcher CVE-2022-26738: an anonymous researcher CVE-2022-26739: an anonymous researcher CVE-2022-26740: an anonymous researcher Contacts Available for: macOS Monterey Impact: A plug-in may be able to inherit the application's permissions and access user data Description: This issue was addressed with improved checks. CVE-2022-26694: Wojciech Reguła (@_r3ggi) of SecuRing CVMS Available for: macOS Monterey Impact: A malicious application may be able to gain root privileges Description: A memory initialization issue was addressed. CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori DriverKit Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de) ImageIO Available for: macOS Monterey Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow issue was addressed with improved input validation. CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend Micro Zero Day Initiative ImageIO Available for: macOS Monterey Impact: Photo location information may persist after it is removed with Preview Inspector Description: A logic issue was addressed with improved state management. CVE-2022-26725: Andrew Williams and Avi Drissman of Google Intel Graphics Driver Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26720: Liu Long of Ant Security Light-Year Lab Intel Graphics Driver Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26769: Antonio Zekic (@antoniozekic) Intel Graphics Driver Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26770: Liu Long of Ant Security Light-Year Lab Intel Graphics Driver Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro Zero Day Initiative Intel Graphics Driver Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26756: Jack Dates of RET2 Systems, Inc IOKit Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab IOMobileFrameBuffer Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26768: an anonymous researcher Kernel Available for: macOS Monterey Impact: An attacker that has already achieved code execution in macOS Recovery may be able to escalate to kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26743: Jordy Zomer (@pwningsystems) Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg) Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-26757: Ned Williamson of Google Project Zero Kernel Available for: macOS Monterey Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations Description: A memory corruption issue was addressed with improved validation. CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de) Kernel Available for: macOS Monterey Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: A race condition was addressed with improved state handling. CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de) LaunchServices Available for: macOS Monterey Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions on third-party applications. CVE-2022-26706: Arsenii Kostromin (0x3c3e) LaunchServices Available for: macOS Monterey Impact: A malicious application may be able to bypass Privacy preferences Description: The issue was addressed with additional permissions checks. CVE-2022-26767: Wojciech Reguła (@_r3ggi) of SecuRing libresolv Available for: macOS Monterey Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms) of the Google Security Team CVE-2022-26708: Max Shavrick (@_mxms) of the Google Security Team libresolv Available for: macOS Monterey Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow was addressed with improved input validation. CVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team LibreSSL Available for: macOS Monterey Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2022-0778 libxml2 Available for: macOS Monterey Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-23308 OpenSSL Available for: macOS Monterey Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: This issue was addressed with improved checks. CVE-2022-0778 PackageKit Available for: macOS Monterey Impact: A malicious application may be able to modify protected parts of the file system Description: This issue was addressed by removing the vulnerable code. CVE-2022-26712: Mickey Jin (@patch1t) PackageKit Available for: macOS Monterey Impact: A malicious application may be able to modify protected parts of the file system Description: This issue was addressed with improved entitlements. CVE-2022-26727: Mickey Jin (@patch1t) Preview Available for: macOS Monterey Impact: A plug-in may be able to inherit the application's permissions and access user data Description: This issue was addressed with improved checks. CVE-2022-26693: Wojciech Reguła (@_r3ggi) of SecuRing Printing Available for: macOS Monterey Impact: A malicious application may be able to bypass Privacy preferences Description: This issue was addressed by removing the vulnerable code. CVE-2022-26746: @gorelics Safari Private Browsing Available for: macOS Monterey Impact: A malicious website may be able to track users in Safari private browsing mode Description: A logic issue was addressed with improved state management. CVE-2022-26731: an anonymous researcher Security Available for: macOS Monterey Impact: A malicious app may be able to bypass signature validation Description: A certificate parsing issue was addressed with improved checks. CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de) SMB Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs SMB Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26718: Peter Nguyễn Vũ Hoàng of STAR Labs SMB Available for: macOS Monterey Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26723: Felix Poulin-Belanger SoftwareUpdate Available for: macOS Monterey Impact: A malicious application may be able to access restricted files Description: This issue was addressed with improved entitlements. CVE-2022-26728: Mickey Jin (@patch1t) Spotlight Available for: macOS Monterey Impact: An app may be able to gain elevated privileges Description: A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks. CVE-2022-26704: an anonymous researcher TCC Available for: macOS Monterey Impact: An app may be able to capture a user's screen Description: This issue was addressed with improved checks. CVE-2022-26726: an anonymous researcher Tcl Available for: macOS Monterey Impact: A malicious application may be able to break out of its sandbox Description: This issue was addressed with improved environment sanitization. CVE-2022-26755: Arsenii Kostromin (0x3c3e) WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 238178 CVE-2022-26700: ryuzaki WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 236950 CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab WebKit Bugzilla: 237475 CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab WebKit Bugzilla: 238171 CVE-2022-26717: Jeonghoon Shin of Theori WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 238183 CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab WebKit Bugzilla: 238699 CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech WebRTC Available for: macOS Monterey Impact: Video self-preview in a webRTC call may be interrupted if the user answers a phone call Description: A logic issue in the handling of concurrent media was addressed with improved state handling. WebKit Bugzilla: 237524 CVE-2022-22677: an anonymous researcher Wi-Fi Available for: macOS Monterey Impact: A malicious application may disclose restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2022-26745: an anonymous researcher Wi-Fi Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2022-26761: Wang Yu of Cyberserval Wi-Fi Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2022-26762: Wang Yu of Cyberserval zip Available for: macOS Monterey Impact: Processing a maliciously crafted file may lead to a denial of service Description: A denial of service issue was addressed with improved state handling. CVE-2022-0530 zlib Available for: macOS Monterey Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2018-25032: Tavis Ormandy zsh Available for: macOS Monterey Impact: A remote attacker may be able to cause arbitrary code execution Description: This issue was addressed by updating to zsh version 5.8.1. CVE-2021-45444 Additional recognition AppleMobileFileIntegrity We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance. Bluetooth We would like to acknowledge Jann Horn of Project Zero for their assistance. Calendar We would like to acknowledge Eugene Lim of Government Technology Agency of Singapore for their assistance. FaceTime We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance. FileVault We would like to acknowledge Benjamin Adolphi of Promon Germany GmbH for their assistance. Login Window We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. Photo Booth We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance. System Preferences We would like to acknowledge Mohammad Tausif Siddiqui (@toshsiddiqui), an anonymous researcher for their assistance. WebKit We would like to acknowledge James Lee, an anonymous researcher for their assistance. Wi-Fi We would like to acknowledge Dana Morrison for their assistance. macOS Monterey 12.4 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p rhigoQ//cTnC2MOYau+vO6pv8PHMbeEWPPvtsGpemCNz4iChXRhVOHKxgMQAHEgg Ejpxvw5D1jg12wroXypL8ADOD1V20OA7u5A20Lip1NIDL145692jPfmGuNxqkRnI DyoykhUogRL8Yvzkd5P8D3Jlo0EzCa4ZhO4tqBwbrGQZRb7gHclMPtzlgt15ZIma mH42QGRkJcK8v4MWNIxvibnQPwx3we2k4T8FajBvoCxYinMOlg/j16hFREj8Src+ rQwKPV6JHiBBQ3LQpGeBlJrFLH72CyHbCu8IqWFYvvDXsT5Gr9JoagW7+g/9+8Wc 402HjkY4wOZrxIBtlaUlNFZuB1mtIv8amHn9AaVOK/7GALSP6MQzA+U3HUqd3hYV J23pw6iRWBTZZSmO31kdEGU/X9uDkDKJL6QxUfzVXPVmOs0VNMmOJUdTRKf3tdsa 5qnPcjowRONgltX8NqIP0q4aJPr1WigtFGyASIr3me/t9Ft7Kss4gJt7YLDsN6MZ opD8hTRHSAXAAYsA57omyo/DnmajHIbUGVEujzAh/DOEYxgT9aaaAHnkNuaQgIbs Z5g/dfhDaJodyk0q7BIeK+RPbkvrJvnoBWkRnAUaSgYMX14DQdExlBEvbpcPg71f LHzUlUewIuuP/57huTz/b4vEEke0JUwrWk6T1ACbndL3FsPIOX4= =jaCZ -----END PGP SIGNATURE----- . 9) - aarch64, ppc64le, s390x, x86_64 3. Description: The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Bugs fixed (https://bugzilla.redhat.com/): 2067945 - CVE-2018-25032 zlib: A flaw found in zlib when compressing (not decompressing) certain inputs 6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Virtualization security, bug fix, and enhancement update [ovirt-4.5.0] Advisory ID: RHSA-2022:4896-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2022:4896 Issue date: 2022-06-03 CVE Names: CVE-2018-25032 CVE-2021-4028 CVE-2021-4083 CVE-2022-0778 CVE-2022-1271 CVE-2022-24903 CVE-2022-25636 ==================================================================== 1. Summary: An update for imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: RHEL 8-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64 Red Hat Virtualization 4 Hypervisor for RHEL 8 - x86_64 3. Description: The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Security Fix(es): * kernel: use-after-free in RDMA listen() (CVE-2021-4028) * kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083) * kernel: heap out of bounds write in nf_dup_netdev.c (CVE-2022-25636) * openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778) * zlib: A flaw found in zlib when compressing (not decompressing) certain inputs (CVE-2018-25032) * gzip: arbitrary-file-write vulnerability (CVE-2022-1271) * rsyslog: Heap-based overflow in TCP syslog server (CVE-2022-24903) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fixes: * elfutils package has been update within RHV-H Channel to match the same version released in RHEL (BZ#2038081) * Rebase package(s) to version 1.2.24 For highlights, important fixes, or notable enhancements: see bugs in "Depend On". (BZ#2057338) * Rebase package(s) to version: 4.5.0 Highlights, important fixes, or notable enhancements: (BZ#2057342) * Rebase package(s) to version anaconda-33.16.6.6-1.el8 For highlights and important bug fixes: include UI change for blocking installation if root password is not set. (BZ#1899821) * Red hat Virtualization Host has been rebased on Red Hat Enterprise Linux 8.6 (BZ#1997074) * Previously, concurrent executions of LV refresh (lvchange) failed. This hindered simultaneous starts of virtual machines that have thin-provisioned disks based on the same disk on a block storage domain. In this release, concurrent execution of LV refresh has been fixed in LVM2. (BZ#2020497) * Red Hat Virtualization Host has been rebased on latest Ceph 4.3 (BZ#2090138) * In previous releases systemtap package could have been installed on top of RHV-H from RHV-H channel. With 4.4 SP1 systemtap package installation is not supported anymore (BZ#2052963) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/2974891 5. Bugs fixed (https://bugzilla.redhat.com/): 1899821 - RHVH 4.4.3 anaconda UI proceeds to begin installation without root password provided 1997074 - Rebase RHV-H on RHEL 8.6 2020497 - Need to include lvm2-2.03.14-1.el8 2027201 - CVE-2021-4028 kernel: use-after-free in RDMA listen() 2029923 - CVE-2021-4083 kernel: fget: check that the fd still exists after getting a ref to it 2038081 - Upgrade elfutils to elfutils-0.186-1.el8 2052963 - [DOC] systemtap support dropped in RHV-H 4.4 SP1 2056334 - [RHVH-4.5.0] On UEFI machines, RHVH enters emergency mode when upgraded to 4.5.0 2056745 - sssd-ad can't be installed due to missing deps libsss_idmap 2056830 - CVE-2022-25636 kernel: heap out of bounds write in nf_dup_netdev.c 2057338 - Upgrade imgbased to 1.2.24 2057342 - Upgrade redhat-release-virtualization-host to 4.5.0 2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates 2067945 - CVE-2018-25032 zlib: A flaw found in zlib when compressing (not decompressing) certain inputs 2073310 - CVE-2022-1271 gzip: arbitrary-file-write vulnerability 2081353 - CVE-2022-24903 rsyslog: Heap-based overflow in TCP syslog server 2086834 - Cannot install sssd daemon needed for AD Authentication 2090138 - Rebase RHV-H on Ceph 4.3 6. Package List: Red Hat Virtualization 4 Hypervisor for RHEL 8: Source: elfutils-0.186-1.el8.src.rpm redhat-virtualization-host-4.5.0-202205291010_8.6.src.rpm x86_64: elfutils-debuginfo-0.186-1.el8.x86_64.rpm elfutils-debuginfod-client-0.186-1.el8.x86_64.rpm elfutils-debuginfod-client-debuginfo-0.186-1.el8.x86_64.rpm elfutils-debuginfod-debuginfo-0.186-1.el8.x86_64.rpm elfutils-debugsource-0.186-1.el8.x86_64.rpm elfutils-devel-0.186-1.el8.x86_64.rpm elfutils-libelf-debuginfo-0.186-1.el8.x86_64.rpm elfutils-libs-debuginfo-0.186-1.el8.x86_64.rpm redhat-virtualization-host-image-update-4.5.0-202205291010_8.6.x86_64.rpm RHEL 8-based RHEV-H for RHEV 4 (build requirements): Source: imgbased-1.2.24-1.el8ev.src.rpm ovirt-node-ng-4.4.2-1.el8ev.src.rpm redhat-release-virtualization-host-4.5.0-5.el8ev.src.rpm redhat-virtualization-host-productimg-4.5.0-2.el8.src.rpm noarch: imgbased-1.2.24-1.el8ev.noarch.rpm ovirt-node-ng-nodectl-4.4.2-1.el8ev.noarch.rpm python3-imgbased-1.2.24-1.el8ev.noarch.rpm python3-ovirt-node-ng-nodectl-4.4.2-1.el8ev.noarch.rpm redhat-virtualization-host-image-update-placeholder-4.5.0-5.el8ev.noarch.rpm x86_64: redhat-release-virtualization-host-4.5.0-5.el8ev.x86_64.rpm redhat-release-virtualization-host-content-4.5.0-5.el8ev.x86_64.rpm redhat-virtualization-host-productimg-4.5.0-2.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-25032 https://access.redhat.com/security/cve/CVE-2021-4028 https://access.redhat.com/security/cve/CVE-2021-4083 https://access.redhat.com/security/cve/CVE-2022-0778 https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/cve/CVE-2022-24903 https://access.redhat.com/security/cve/CVE-2022-25636 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. 7.4) - x86_64 3. Description: The zlib packages provide a general-purpose lossless data compression library that is used by many different programs. Solution: For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html For Red Hat OpenShift Logging 5.4, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html 4. Bugs fixed (https://bugzilla.redhat.com/): 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling 2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter 5. JIRA issues fixed (https://issues.jboss.org/): LOG-2437 - EO shouldn't grant cluster-wide permission to system:serviceaccount:openshift-monitoring:prometheus-k8s when ES cluster is deployed. [openshift-logging 5.4] LOG-2442 - Log file metric exporter not working with /var/log/pods LOG-2448 - Audit and journald logs cannot be viewed from LokiStack, when logs are forwarded with Vector as collector. This advisory contains the following OpenShift Virtualization 4.11.0 images: RHEL-8-CNV-4.11 ==============hostpath-provisioner-container-v4.11.0-21 kubevirt-tekton-tasks-operator-container-v4.11.0-29 kubevirt-template-validator-container-v4.11.0-17 bridge-marker-container-v4.11.0-26 hostpath-csi-driver-container-v4.11.0-21 cluster-network-addons-operator-container-v4.11.0-26 ovs-cni-marker-container-v4.11.0-26 virtio-win-container-v4.11.0-16 ovs-cni-plugin-container-v4.11.0-26 kubemacpool-container-v4.11.0-26 hostpath-provisioner-operator-container-v4.11.0-24 cnv-containernetworking-plugins-container-v4.11.0-26 kubevirt-ssp-operator-container-v4.11.0-54 virt-cdi-uploadserver-container-v4.11.0-59 virt-cdi-cloner-container-v4.11.0-59 virt-cdi-operator-container-v4.11.0-59 virt-cdi-importer-container-v4.11.0-59 virt-cdi-uploadproxy-container-v4.11.0-59 virt-cdi-controller-container-v4.11.0-59 virt-cdi-apiserver-container-v4.11.0-59 kubevirt-tekton-tasks-modify-vm-template-container-v4.11.0-7 kubevirt-tekton-tasks-create-vm-from-template-container-v4.11.0-7 kubevirt-tekton-tasks-copy-template-container-v4.11.0-7 checkup-framework-container-v4.11.0-67 kubevirt-tekton-tasks-cleanup-vm-container-v4.11.0-7 kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.0-7 kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.0-7 kubevirt-tekton-tasks-disk-virt-customize-container-v4.11.0-7 vm-network-latency-checkup-container-v4.11.0-67 kubevirt-tekton-tasks-create-datavolume-container-v4.11.0-7 hyperconverged-cluster-webhook-container-v4.11.0-95 cnv-must-gather-container-v4.11.0-62 hyperconverged-cluster-operator-container-v4.11.0-95 kubevirt-console-plugin-container-v4.11.0-83 virt-controller-container-v4.11.0-105 virt-handler-container-v4.11.0-105 virt-operator-container-v4.11.0-105 virt-launcher-container-v4.11.0-105 virt-artifacts-server-container-v4.11.0-105 virt-api-container-v4.11.0-105 libguestfs-tools-container-v4.11.0-105 hco-bundle-registry-container-v4.11.0-587 Security Fix(es): * golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716) * kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798) * golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561) * golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717) * prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698) * golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772) * golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773) * golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806) * golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675) * golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921) * golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191) * golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 1937609 - VM cannot be restarted 1945593 - Live migration should be blocked for VMs with host devices 1968514 - [RFE] Add cancel migration action to virtctl 1993109 - CNV MacOS Client not signed 1994604 - [RFE] - Add a feature to virtctl to print out a message if virtctl is a different version than the server side 2001385 - no "name" label in virt-operator pod 2009793 - KBase to clarify nested support status is missing 2010318 - with sysprep config data as cfgmap volume and as cdrom disk a windows10 VMI fails to LiveMigrate 2025276 - No permissions when trying to clone to a different namespace (as Kubeadmin) 2025401 - [TEST ONLY] [CNV+OCS/ODF] Virtualization poison pill implemenation 2026357 - Migration in sequence can be reported as failed even when it succeeded 2029349 - cluster-network-addons-operator does not serve metrics through HTTPS 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error 2031857 - Add annotation for URL to download the image 2033077 - KubeVirtComponentExceedsRequestedMemory Prometheus Rule is Failing to Evaluate 2035344 - kubemacpool-mac-controller-manager not ready 2036676 - NoReadyVirtController and NoReadyVirtOperator are never triggered 2039976 - Pod stuck in "Terminating" state when removing VM with kernel boot and container disks 2040766 - A crashed Windows VM cannot be restarted with virtctl or the UI 2041467 - [SSP] Support custom DataImportCron creating in custom namespaces 2042402 - LiveMigration with postcopy misbehave when failure occurs 2042809 - sysprep disk requires autounattend.xml if an unattend.xml exists 2045086 - KubeVirtComponentExceedsRequestedMemory Prometheus Rule is Failing to Evaluate 2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter 2047186 - When entering to a RH supported template, it changes the project (namespace) to ?OpenShift? 2051899 - 4.11.0 containers 2052094 - [rhel9-cnv] VM fails to start, virt-handler error msg: Couldn't configure ip nat rules 2052466 - Event does not include reason for inability to live migrate 2052689 - Overhead Memory consumption calculations are incorrect 2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements 2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString 2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control 2056467 - virt-template-validator pods getting scheduled on the same node 2057157 - [4.10.0] HPP-CSI-PVC fails to bind PVC when node fqdn is long 2057310 - qemu-guest-agent does not report information due to selinux denials 2058149 - cluster-network-addons-operator deployment's MULTUS_IMAGE is pointing to brew image 2058925 - Must-gather: for vms with longer name, gather_vms_details fails to collect qemu, dump xml logs 2059121 - [CNV-4.11-rhel9] virt-handler pod CrashLoopBackOff state 2060485 - virtualMachine with duplicate interfaces name causes MACs to be rejected by Kubemacpool 2060585 - [SNO] Failed to find the virt-controller leader pod 2061208 - Cannot delete network Interface if VM has multiqueue for networking enabled. 2061723 - Prevent new DataImportCron to manage DataSource if multiple DataImportCron pointing to same DataSource 2063540 - [CNV-4.11] Authorization Failed When Cloning Source Namespace 2063792 - No DataImportCron for CentOS 7 2064034 - On an upgraded cluster NetworkAddonsConfig seems to be reconciling in a loop 2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server 2064857 - CVE-2022-24921 golang: regexp: stack exhaustion via a deeply nested expression 2064936 - Migration of vm from VMware reports pvc not large enough 2065014 - Feature Highlights in CNV 4.10 contains links to 4.7 2065019 - "Running VMs per template" in the new overview tab counts VMs that are not running 2066768 - [CNV-4.11-HCO] User Cannot List Resource "namespaces" in API group 2067246 - [CNV]: Unable to ssh to Virtual Machine post changing Flavor tiny to custom 2069287 - Two annotations for VM Template provider name 2069388 - [CNV-4.11] kubemacpool-mac-controller - TLS handshake error 2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass 2070864 - non-privileged user cannot see catalog tiles 2071488 - "Migrate Node to Node" is confusing. 2071549 - [rhel-9] unable to create a non-root virt-launcher based VM 2071611 - Metrics documentation generators are missing metrics/recording rules 2071921 - Kubevirt RPM is not being built 2073669 - [rhel-9] VM fails to start 2073679 - [rhel-8] VM fails to start: missing virt-launcher-monitor downstream 2073982 - [CNV-4.11-RHEL9] 'virtctl' binary fails with 'rc1' with 'virtctl version' command 2074337 - VM created from registry cannot be started 2075200 - VLAN filtering cannot be configured with Intel X710 2075409 - [CNV-4.11-rhel9] hco-operator and hco-webhook pods CrashLoopBackOff 2076292 - Upgrade from 4.10.1->4.11 using nightly channel, is not completing with error "could not complete the upgrade process. KubeVirt is not with the expected version. Check KubeVirt observed version in the status field of its CR" 2076379 - must-gather: ruletables and qemu logs collected as a part of gather_vm_details scripts are zero bytes file 2076790 - Alert SSPDown is constantly in Firing state 2076908 - clicking on a template in the Running VMs per Template card leads to 404 2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode 2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar 2078700 - Windows template boot source should be blank 2078703 - [RFE] Please hide the user defined password when customizing cloud-init 2078709 - VM conditions column have wrong key/values 2078728 - Common template rootDisk is not named correctly 2079366 - rootdisk is not able to edit 2079674 - Configuring preferred node affinity in the console results in wrong yaml and unschedulable VM 2079783 - Actions are broken in topology view 2080132 - virt-launcher logs live migration in nanoseconds if the migration is stuck 2080155 - [RFE] Provide the progress of VM migration in the source virt launcher pod 2080547 - Metrics kubevirt_hco_out_of_band_modifications_count, does not reflect correct modification count when label is added to priorityclass/kubevirt-cluster-critical in a loop 2080833 - Missing cloud init script editor in the scripts tab 2080835 - SSH key is set using cloud init script instead of new api 2081182 - VM SSH command generated by UI points at api VIP 2081202 - cloud-init for Windows VM generated with corrupted "undefined" section 2081409 - when viewing a common template details page, user need to see the message "can't edit common template" on all tabs 2081671 - SSH service created outside the UI is not discoverable 2081831 - [RFE] Improve disk hotplug UX 2082008 - LiveMigration fails due to loss of connection to destination host 2082164 - Migration progress timeout expects absolute progress 2082912 - [CNV-4.11] HCO Being Unable to Reconcile State 2083093 - VM overview tab is crashed 2083097 - ?Mount Windows drivers disk? should not show when the template is not ?windows? 2083100 - Something keeps loading in the ?node selector? modal 2083101 - ?Restore default settings? never become available while editing CPU/Memory 2083135 - VM fails to schedule with vTPM in spec 2083256 - SSP Reconcile logging improvement when CR resources are changed 2083595 - [RFE] Disable VM descheduler if the VM is not live migratable 2084102 - [e2e] Many elements are lacking proper selector like 'data-test-id' or 'data-test' 2084122 - [4.11]Clone from filesystem to block on storage api with the same size fails 2084418 - ?Invalid SSH public key format? appears when drag ssh key file to ?Authorized SSH Key? field 2084431 - User credentials for ssh is not in correct format 2084476 - The Virtual Machine Authorized SSH Key is not shown in the scripts tab. 2084532 - Console is crashed while detaching disk 2084610 - Newly added Kubevirt-plugin pod is missing resources.requests values (cpu/memory) 2085320 - Tolerations rules is not adding correctly 2085322 - Not able to stop/restart VM if the VM is staying in "Starting" 2086272 - [dark mode] Titles in Overview tab not visible enough in dark mode 2086278 - Cloud init script edit add " hostname='' " when is should not be added 2086281 - [dark mode] Helper text in Scripts tab not visible enough on dark mode 2086286 - [dark mode] The contrast of the Labels and edit labels not look good in the dark mode 2086293 - [dark mode] Titles in Parameters tab not visible enough in dark mode 2086294 - [dark mode] Can't see the number inside the donut chart in VMs per template card 2086303 - non-priv user can't create VM when namespace is not selected 2086479 - some modals use ?Save? and some modals use ?Submit? 2086486 - cluster overview getting started card include old information 2086488 - Cannot cancel vm migration if the migration pod is not schedulable in the backend 2086769 - Missing vm.kubevirt.io/template.namespace label when creating VM with the wizard 2086803 - When clonnig a template we need to update vm labels and annotaions to match new template 2086825 - VM restore PVC uses exact source PVC request size 2086849 - Create from YAML example is not runnable 2087188 - When VM is stopped - adding disk failed to show 2087189 - When VM is stopped - adding disk failed to show 2087232 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed 2087546 - "Quick Starts" is missing in Getting started card 2087547 - Activity and Status card are missing in Virtualization Overview 2087559 - template in "VMs per template" should take user to vm list page 2087566 - Remove the ?auto upload? label from template in the catalog if the auto-upload boot source not exists 2087570 - Page title should be ?VirtualMachines? and not ?Virtual Machines? 2087577 - "VMs per template" load time is a bit long 2087578 - Terminology "VM" should be "Virtual Machine" in all places 2087582 - Remove VMI and MTV from the navigation 2087583 - [RFE] Show more info about boot source in template list 2087584 - Template provider should not be mandatory 2087587 - Improve the descriptive text in the kebab menu of template 2087589 - Red icons shows in storage disk source selection without a good reason 2087590 - [REF] "Upload a new file to a PVC" should not open the form in a new tab 2087593 - "Boot method" is not a good name in overview tab 2087603 - Align details card for single VM overview with the design doc 2087616 - align the utilization card of single VM overview with the design 2087701 - [RFE] Missing a link to VMI from running VM details page 2087717 - Message when editing template boot source is wrong 2088034 - Virtualization Overview crashes when a VirtualMachine has no labels 2088355 - disk modal shows all storage classes as default 2088361 - Attached disk keeps in loading status when add disk to a power off VM by non-privileged user 2088379 - Create VM from catalog does not respect the storageclass of the template's boot source 2088407 - Missing create button in the template list 2088471 - [HPP] hostpath-provisioner-csi does not comply with restricted security context 2088472 - Golden Images import cron jobs are not getting updated on upgrade to 4.11 2088477 - [4.11.z] VMSnapshot restore fails to provision volume with size mismatch error 2088849 - "dataimportcrontemplate.kubevirt.io/enable" field does not do any validation 2089078 - ConsolePlugin kubevirt-plugin is not getting reconciled by hco 2089271 - Virtualization appears twice in sidebar 2089327 - add network modal crash when no networks available 2089376 - Virtual Machine Template without dataVolumeTemplates gets blank page 2089477 - [RFE] Allow upload source when adding VM disk 2089700 - Drive column in Disks card of Overview page has duplicated values 2089745 - When removing all disks from customize wizard app crashes 2089789 - Add windows drivers disk is missing when template is not windows 2089825 - Top consumers card on Virtualization Overview page should keep display parameters as set by user 2089836 - Card titles on single VM Overview page does not have hyperlinks to relevant pages 2089840 - Cant create snapshot if VM is without disks 2089877 - Utilization card on single VM overview - timespan menu lacks 5min option 2089932 - Top consumers card on single VM overview - View by resource dropdown menu needs an update 2089942 - Utilization card on single VM overview - trend charts at the bottom should be linked to proper metrics 2089954 - Details card on single VM overview - VNC console has grey padding 2089963 - Details card on single VM overview - Operating system info is not available 2089967 - Network Interfaces card on single VM overview - name tooltip lacks info 2089970 - Network Interfaces card on single VM overview - IP tooltip 2089972 - Disks card on single VM overview -typo 2089979 - Single VM Details - CPU|Memory edit icon misplaced 2089982 - Single VM Details - SSH modal has redundant VM name 2090035 - Alert card is missing in single VM overview 2090036 - OS should be "Operating system" and host should be "hostname" in single vm overview 2090037 - Add template link in single vm overview details card 2090038 - The update field under the version in overview should be consistent with the operator page 2090042 - Move the edit button close to the text for "boot order" and "ssh access" 2090043 - "No resource selected" in vm boot order 2090046 - Hardware devices section In the VM details and Template details should be aligned with catalog page 2090048 - "Boot mode" should be editable while VM is running 2090054 - Services ?kubernetes" and "openshift" should not be listing in vm details 2090055 - Add link to vm template in vm details page 2090056 - "Something went wrong" shows on VM "Environment" tab 2090057 - "?" icon is too big in environment and disk tab 2090059 - Failed to add configmap in environment tab due to validate error 2090064 - Miss "remote desktop" in console dropdown list for windows VM 2090066 - [RFE] Improve guest login credentials 2090068 - Make the "name" and "Source" column wider in vm disk tab 2090131 - Key's value in "add affinity rule" modal is too small 2090350 - memory leak in virt-launcher process 2091003 - SSH service is not deleted along the VM 2091058 - After VM gets deleted, the user is redirected to a page with a different namespace 2091309 - While disabling a golden image via HCO, user should not be required to enter the whole spec. 2091406 - wrong template namespace label when creating a vm with wizard 2091754 - Scheduling and scripts tab should be editable while the VM is running 2091755 - Change bottom "Save" to "Apply" on cloud-init script form 2091756 - The root disk of cloned template should be editable 2091758 - "OS" should be "Operating system" in template filter 2091760 - The provider should be empty if it's not set during cloning 2091761 - Miss "Edit labels" and "Edit annotations" in template kebab button 2091762 - Move notification above the tabs in template details page 2091764 - Clone a template should lead to the template details 2091765 - "Edit bootsource" is keeping in load in template actions dropdown 2091766 - "Are you sure you want to leave this page?" pops up when click the "Templates" link 2091853 - On Snapshot tab of single VM "Restore" button should move to the kebab actions together with the Delete 2091863 - BootSource edit modal should list affected templates 2091868 - Catalog list view has two columns named "BootSource" 2091889 - Devices should be editable for customize template 2091897 - username is missing in the generated ssh command 2091904 - VM is not started if adding "Authorized SSH Key" during vm creation 2091911 - virt-launcher pod remains as NonRoot after LiveMigrating VM from NonRoot to Root 2091940 - SSH is not enabled in vm details after restart the VM 2091945 - delete a template should lead to templates list 2091946 - Add disk modal shows wrong units 2091982 - Got a lot of "Reconciler error" in cdi-deployment log after adding custom DataImportCron to hco 2092048 - When Boot from CD is checked in customized VM creation - Disk source should be Blank 2092052 - Virtualization should be omitted in Calatog breadcrumbs 2092071 - Getting started card in Virtualization overview can not be hidden. 2092079 - Error message stays even when problematic field is dismissed 2092158 - PrometheusRule kubevirt-hyperconverged-prometheus-rule is not getting reconciled by HCO 2092228 - Ensure Machine Type for new VMs is 8.6 2092230 - [RFE] Add indication/mark to deprecated template 2092306 - VM is stucking with WaitingForVolumeBinding if creating via "Boot from CD" 2092337 - os is empty in VM details page 2092359 - [e2e] data-test-id includes all pvc name 2092654 - [RFE] No obvious way to delete the ssh key from the VM 2092662 - No url example for rhel and windows template 2092663 - no hyperlink for URL example in disk source "url" 2092664 - no hyperlink to the cdi uploadproxy URL 2092781 - Details card should be removed for non admins. 2092783 - Top consumers' card should be removed for non admins. 2092787 - Operators links should be removed from Getting started card 2092789 - "Learn more about Operators" link should lead to the Red Hat documentation 2092951 - ?Edit BootSource? action should have more explicit information when disabled 2093282 - Remove links to 'all-namespaces/' for non-privileged user 2093691 - Creation flow drawer left padding is broken 2093713 - Required fields in creation flow should be highlighted if empty 2093715 - Optional parameters section in creation flow is missing bottom padding 2093716 - CPU|Memory modal button should say "Restore template settings? 2093772 - Add a service in environment it reminds a pending change in boot order 2093773 - Console crashed if adding a service without serial number 2093866 - Cannot create vm from the template `vm-template-example` 2093867 - OS for template 'vm-template-example' should matching the version of the image 2094202 - Cloud-init username field should have hint 2094207 - Cloud-init password field should have auto-generate option 2094208 - SSH key input is missing validation 2094217 - YAML view should reflect shanges in SSH form 2094222 - "?" icon should be placed after red asterisk in required fields 2094323 - Workload profile should be editable in template details page 2094405 - adding resource on enviornment isnt showing on disks list when vm is running 2094440 - Utilization pie charts figures are not based on current data 2094451 - PVC selection in VM creation flow does not work for non-priv user 2094453 - CD Source selection in VM creation flow is missing Upload option 2094465 - Typo in Source tooltip 2094471 - Node selector modal for non-privileged user 2094481 - Tolerations modal for non-privileged user 2094486 - Add affinity rule modal 2094491 - Affinity rules modal button 2094495 - Descheduler modal has same text in two lines 2094646 - [e2e] Elements on scheduling tab are missing proper data-test-id 2094665 - Dedicated Resources modal for non-privileged user 2094678 - Secrets and ConfigMaps can't be added to Windows VM 2094727 - Creation flow should have VM info in header row 2094807 - hardware devices dropdown has group title even with no devices in cluster 2094813 - Cloudinit password is seen in wizard 2094848 - Details card on Overview page - 'View details' link is missing 2095125 - OS is empty in the clone modal 2095129 - "undefined" appears in rootdisk line in clone modal 2095224 - affinity modal for non-privileged users 2095529 - VM migration cancelation in kebab action should have shorter name 2095530 - Column sizes in VM list view 2095532 - Node column in VM list view is visible to non-privileged user 2095537 - Utilization card information should display pie charts as current data and sparkline charts as overtime 2095570 - Details tab of VM should not have Node info for non-privileged user 2095573 - Disks created as environment or scripts should have proper label 2095953 - VNC console controls layout 2095955 - VNC console tabs 2096166 - Template "vm-template-example" is binding with namespace "default" 2096206 - Inconsistent capitalization in Template Actions 2096208 - Templates in the catalog list is not sorted 2096263 - Incorrectly displaying units for Disks size or Memory field in various places 2096333 - virtualization overview, related operators title is not aligned 2096492 - Cannot create vm from a cloned template if its boot source is edited 2096502 - "Restore template settings" should be removed from template CPU editor 2096510 - VM can be created without any disk 2096511 - Template shows "no Boot Source" and label "Source available" at the same time 2096620 - in templates list, edit boot reference kebab action opens a modal with different title 2096781 - Remove boot source provider while edit boot source reference 2096801 - vnc thumbnail in virtual machine overview should be active on page load 2096845 - Windows template's scripts tab is crashed 2097328 - virtctl guestfs shouldn't required uid = 0 2097370 - missing titles for optional parameters in wizard customization page 2097465 - Count is not updating for 'prometheusrule' component when metrics kubevirt_hco_out_of_band_modifications_count executed 2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP 2098134 - "Workload profile" column is not showing completely in template list 2098135 - Workload is not showing correct in catalog after change the template's workload 2098282 - Javascript error when changing boot source of custom template to be an uploaded file 2099443 - No "Quick create virtualmachine" button for template 'vm-template-example' 2099533 - ConsoleQuickStart for HCO CR's VM is missing 2099535 - The cdi-uploadproxy certificate url should be opened in a new tab 2099539 - No storage option for upload while editing a disk 2099566 - Cloudinit should be replaced by cloud-init in all places 2099608 - "DynamicB" shows in vm-example disk size 2099633 - Doc links needs to be updated 2099639 - Remove user line from the ssh command section 2099802 - Details card link shouldn't be hard-coded 2100054 - Windows VM with WSL2 guest fails to migrate 2100284 - Virtualization overview is crashed 2100415 - HCO is taking too much time for reconciling kubevirt-plugin deployment 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS 2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode 2101192 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP 2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page 2101454 - Cannot add PVC boot source to template in 'Edit Boot Source Reference' view as a non-priv user 2101485 - Cloudinit should be replaced by cloud-init in all places 2101628 - non-priv user cannot load dataSource while edit template's rootdisk 2101954 - [4.11]Smart clone and csi clone leaves tmp unbound PVC and ObjectTransfer 2102076 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page 2102116 - [e2e] elements on Template Scheduling tab are missing proper data-test-id 2102117 - [e2e] elements on VM Scripts tab are missing proper data-test-id 2102122 - non-priv user cannot load dataSource while edit template's rootdisk 2102124 - Cannot add PVC boot source to template in 'Edit Boot Source Reference' view as a non-priv user 2102125 - vm clone modal is displaying DV size instead of PVC size 2102127 - Cannot add NIC to VM template as non-priv user 2102129 - All templates are labeling "source available" in template list page 2102131 - The number of hardware devices is not correct in vm overview tab 2102135 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode 2102143 - vm clone modal is displaying DV size instead of PVC size 2102256 - Add button moved to right 2102448 - VM disk is deleted by uncheck "Delete disks (1x)" on delete modal 2102543 - Add button moved to right 2102544 - VM disk is deleted by uncheck "Delete disks (1x)" on delete modal 2102545 - VM filter has two "Other" checkboxes which are triggered together 2104617 - Storage status report "OpenShift Data Foundation is not available" even the operator is installed 2106175 - All pages are crashed after visit Virtualization -> Overview 2106258 - All pages are crashed after visit Virtualization -> Overview 2110178 - [Docs] Text repetition in Virtual Disk Hot plug instructions 2111359 - kubevirt plugin console is crashed after creating a vm with 2 nics 2111562 - kubevirt plugin console crashed after visit vmi page 2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs 5. Summary: The Migration Toolkit for Containers (MTC) 1.7.2 is now available. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/): 2007557 - CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes 2038898 - [UI] ?Update Repository? option not getting disabled after adding the Replication Repository details to the MTC web console 2040693 - ?Replication repository? wizard has no validation for name length 2040695 - [MTC UI] ?Add Cluster? wizard stucks when the cluster name length is more than 63 characters 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2048537 - Exposed route host to image registry? connecting successfully to invalid registry ?xyz.com? 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak 2055658 - [MTC UI] Cancel button on ?Migrations? page does not disappear when migration gets Failed/Succeeded with warnings 2056962 - [MTC UI] UI shows the wrong migration type info after changing the target namespace 2058172 - [MTC UI] Successful Rollback is not showing the green success icon in the ?Last State? field. 2058529 - [MTC UI] Migrations Plan is missing the type for the state migration performed before upgrade 2061335 - [MTC UI] ?Update cluster? button is not getting disabled 2062266 - MTC UI does not display logs properly [OADP-BL] 2062862 - [MTC UI] Clusters page behaving unexpectedly on deleting the remote cluster?s service account secret from backend 2074675 - HPAs of DeploymentConfigs are not being updated when migration from Openshift 3.x to Openshift 4.x 2076593 - Velero pod log missing from UI drop down 2076599 - Velero pod log missing from downloaded logs folder [OADP-BL] 2078459 - [MTC UI] Storageclass conversion plan is adding migstorage reference in migplan 2079252 - [MTC] Rsync options logs not visible in log-reader pod 2082221 - Don't allow Storage class conversion migration if source cluster has only one storage class defined [UI] 2082225 - non-numeric user when launching stage pods [OADP-BL] 2088022 - Default CPU requests on Velero/Restic are too demanding making scheduling fail in certain environments 2088026 - Cloud propagation phase in migration controller is not doing anything due to missing labels on Velero pods 2089126 - [MTC] Migration controller cannot find Velero Pod because of wrong labels 2089411 - [MTC] Log reader pod is missing velero and restic pod logs [OADP-BL] 2089859 - [Crane] DPA CR is missing the required flag - Migration is getting failed at the EnsureCloudSecretPropagated phase due to the missing secret VolumeMounts 2090317 - [MTC] mig-operator failed to create a DPA CR due to null values are passed instead of int [OADP-BL] 2096939 - Fix legacy operator.yml inconsistencies and errors 2100486 - [MTC UI] Target storage class field is not getting respected when clusters don't have replication repo configured

Two Buffer Overflow vulnerabilities exists in T10 V2_Firmware V4.1.8cu.5207_B20210320 in the http_request_parse function when processing host data in the HTTP request process. TOTOLINK of t10 v2 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TotoLink T10 is a wireless network system router from TotoLink, a Taiwanese company. No detailed vulnerability details are currently available

Improper neutralization of special elements used in a command ('Command Injection') vulnerability in File service functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-2 allows remote authenticated users to execute arbitrary commands via unspecified vectors. Synology Inc. of DiskStation Manager Contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors. Synology Inc. of DiskStation Manager and DiskStation Manager Unified Controller Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior

Netgear is a computer network equipment developer founded in 1996 and headquartered in San Jose, California. DGND3700v2 is a wireless router under Netgear. Netgear DGND3700v2 command execution vulnerability, attacker can use this vulnerability to gain server privileges.

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetLanInfo. Shenzhen Tenda Technology Co.,Ltd. (DoS) It may be in a state. Tenda M3 is an access controller from Tenda, a Chinese company. for constructing commands. Attackers can use this vulnerability to execute arbitrary commands

An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. Bug Fix(es): * Failed to reboot after crash trigger (BZ#2060747) * conntrack entries linger around after test (BZ#2066357) * Enable nested virtualization (BZ#2079070) * slub corruption during LPM of hnv interface (BZ#2081251) * sleeping function called from invalid context at kernel/locking/spinlock_rt.c:35 (BZ#2082091) * Backport request of "genirq: use rcu in kstat_irqs_usr()" (BZ#2083309) * ethtool -L may cause system to hang (BZ#2083323) * For isolated CPUs (with nohz_full enabled for isolated CPUs) CPU utilization statistics are not getting reflected continuously (BZ#2084139) * Affinity broken due to vector space exhaustion (BZ#2084647) * kernel memory leak while freeing nested actions (BZ#2086597) * sync rhel-8.6 with upstream 5.13 through 5.16 fixes and improvements (BZ#2088037) * Kernel panic possibly when cleaning namespace on pod deletion (BZ#2089539) * Softirq hrtimers are being placed on the per-CPU softirq clocks on isolcpu’s. (BZ#2090485) * fix missed wake-ups in rq_qos_throttle try two (BZ#2092076) * NFS4 client experiencing IO outages while sending duplicate SYNs and erroneous RSTs during connection reestablishment (BZ#2094334) * using __this_cpu_read() in preemptible [00000000] code: kworker/u66:1/937154 (BZ#2095775) * Need some changes in RHEL8.x kernels. (BZ#2096932) 4. Bugs fixed (https://bugzilla.redhat.com/): 1903244 - CVE-2020-29368 kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check 2035652 - CVE-2021-4197 kernel: cgroup: Use open-time creds and namespace for migration perm checks 2036934 - CVE-2021-4203 kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses 2064604 - CVE-2022-1012 kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak 2086753 - CVE-2022-1729 kernel: race condition in perf_event_open leads to privilege escalation 2092427 - CVE-2022-32250 kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root 6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2022:1988-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1988 Issue date: 2022-05-10 CVE Names: CVE-2020-0404 CVE-2020-4788 CVE-2020-13974 CVE-2020-27820 CVE-2021-0941 CVE-2021-3612 CVE-2021-3669 CVE-2021-3743 CVE-2021-3744 CVE-2021-3752 CVE-2021-3759 CVE-2021-3764 CVE-2021-3772 CVE-2021-3773 CVE-2021-4002 CVE-2021-4037 CVE-2021-4083 CVE-2021-4157 CVE-2021-4197 CVE-2021-4203 CVE-2021-20322 CVE-2021-21781 CVE-2021-26401 CVE-2021-29154 CVE-2021-37159 CVE-2021-41864 CVE-2021-42739 CVE-2021-43056 CVE-2021-43389 CVE-2021-43976 CVE-2021-44733 CVE-2021-45485 CVE-2021-45486 CVE-2022-0001 CVE-2022-0002 CVE-2022-0286 CVE-2022-0322 CVE-2022-1011 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Security Fix(es): * kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083) * kernel: avoid cyclic entity chains due to malformed USB descriptors (CVE-2020-0404) * kernel: speculation on incompletely validated data on IBM Power9 (CVE-2020-4788) * kernel: integer overflow in k_ascii() in drivers/tty/vt/keyboard.c (CVE-2020-13974) * kernel: out-of-bounds read in bpf_skb_change_head() of filter.c due to a use-after-free (CVE-2021-0941) * kernel: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP() (CVE-2021-3612) * kernel: reading /proc/sysvipc/shm does not scale with large shared memory segment counts (CVE-2021-3669) * kernel: out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c (CVE-2021-3743) * kernel: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() (CVE-2021-3744) * kernel: possible use-after-free in bluetooth module (CVE-2021-3752) * kernel: unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks (CVE-2021-3759) * kernel: DoS in ccp_run_aes_gcm_cmd() function (CVE-2021-3764) * kernel: sctp: Invalid chunks may be used to remotely remove existing associations (CVE-2021-3772) * kernel: lack of port sanity checking in natd and netfilter leads to exploit of OpenVPN clients (CVE-2021-3773) * kernel: possible leak or coruption of data residing on hugetlbfs (CVE-2021-4002) * kernel: security regression for CVE-2018-13405 (CVE-2021-4037) * kernel: Buffer overwrite in decode_nfs_fh function (CVE-2021-4157) * kernel: cgroup: Use open-time creds and namespace for migration perm checks (CVE-2021-4197) * kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses (CVE-2021-4203) * kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies (CVE-2021-20322) * kernel: arm: SIGPAGE information disclosure vulnerability (CVE-2021-21781) * hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715 (CVE-2021-26401) * kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation (CVE-2021-29154) * kernel: use-after-free in hso_free_net_device() in drivers/net/usb/hso.c (CVE-2021-37159) * kernel: eBPF multiplication integer overflow in prealloc_elems_and_freelist() in kernel/bpf/stackmap.c leads to out-of-bounds write (CVE-2021-41864) * kernel: Heap buffer overflow in firedtv driver (CVE-2021-42739) * kernel: ppc: kvm: allows a malicious KVM guest to crash the host (CVE-2021-43056) * kernel: an array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (CVE-2021-43389) * kernel: mwifiex_usb_recv() in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker to cause DoS via crafted USB device (CVE-2021-43976) * kernel: use-after-free in the TEE subsystem (CVE-2021-44733) * kernel: information leak in the IPv6 implementation (CVE-2021-45485) * kernel: information leak in the IPv4 implementation (CVE-2021-45486) * hw: cpu: intel: Branch History Injection (BHI) (CVE-2022-0001) * hw: cpu: intel: Intra-Mode BTI (CVE-2022-0002) * kernel: Local denial of service in bond_ipsec_add_sa (CVE-2022-0286) * kernel: DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c (CVE-2022-0322) * kernel: FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes (CVE-2022-1011) * kernel: use-after-free in nouveau kernel module (CVE-2020-27820) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1888433 - CVE-2020-4788 kernel: speculation on incompletely validated data on IBM Power9 1901726 - CVE-2020-27820 kernel: use-after-free in nouveau kernel module 1919791 - CVE-2020-0404 kernel: avoid cyclic entity chains due to malformed USB descriptors 1946684 - CVE-2021-29154 kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation 1951739 - CVE-2021-42739 kernel: Heap buffer overflow in firedtv driver 1957375 - [RFE] x86, tsc: Add kcmdline args for skipping tsc calibration sequences 1974079 - CVE-2021-3612 kernel: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP() 1981950 - CVE-2021-21781 kernel: arm: SIGPAGE information disclosure vulnerability 1983894 - Hostnetwork pod to service backed by hostnetwork on the same node is not working with OVN Kubernetes 1985353 - CVE-2021-37159 kernel: use-after-free in hso_free_net_device() in drivers/net/usb/hso.c 1986473 - CVE-2021-3669 kernel: reading /proc/sysvipc/shm does not scale with large shared memory segment counts 1994390 - FIPS: deadlock between PID 1 and "modprobe crypto-jitterentropy_rng" at boot, preventing system to boot 1997338 - block: update to upstream v5.14 1997467 - CVE-2021-3764 kernel: DoS in ccp_run_aes_gcm_cmd() function 1997961 - CVE-2021-3743 kernel: out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c 1999544 - CVE-2021-3752 kernel: possible use-after-free in bluetooth module 1999675 - CVE-2021-3759 kernel: unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks 2000627 - CVE-2021-3744 kernel: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() 2000694 - CVE-2021-3772 kernel: sctp: Invalid chunks may be used to remotely remove existing associations 2004949 - CVE-2021-3773 kernel: lack of port sanity checking in natd and netfilter leads to exploit of OpenVPN clients 2009312 - Incorrect system time reported by the cpu guest statistics (PPC only). 2009521 - XFS: sync to upstream v5.11 2010463 - CVE-2021-41864 kernel: eBPF multiplication integer overflow in prealloc_elems_and_freelist() in kernel/bpf/stackmap.c leads to out-of-bounds write 2011104 - statfs reports wrong free space for small quotas 2013180 - CVE-2021-43389 kernel: an array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c 2014230 - CVE-2021-20322 kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies 2015525 - SCTP peel-off with SELinux and containers in OCP 2015755 - zram: zram leak with warning when running zram02.sh in ltp 2016169 - CVE-2020-13974 kernel: integer overflow in k_ascii() in drivers/tty/vt/keyboard.c 2017073 - CVE-2021-43056 kernel: ppc: kvm: allows a malicious KVM guest to crash the host 2017796 - ceph omnibus backport for RHEL-8.6.0 2018205 - CVE-2021-0941 kernel: out-of-bounds read in bpf_skb_change_head() of filter.c due to a use-after-free 2022814 - Rebase the input and HID stack in 8.6 to v5.15 2025003 - CVE-2021-43976 kernel: mwifiex_usb_recv() in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker to cause DoS via crafted USB device 2025726 - CVE-2021-4002 kernel: possible leak or coruption of data residing on hugetlbfs 2027239 - CVE-2021-4037 kernel: security regression for CVE-2018-13405 2029923 - CVE-2021-4083 kernel: fget: check that the fd still exists after getting a ref to it 2030476 - Kernel 4.18.0-348.2.1 secpath_cache memory leak involving strongswan tunnel 2030747 - CVE-2021-44733 kernel: use-after-free in the TEE subsystem 2031200 - rename(2) fails on subfolder mounts when the share path has a trailing slash 2034342 - CVE-2021-4157 kernel: Buffer overwrite in decode_nfs_fh function 2035652 - CVE-2021-4197 kernel: cgroup: Use open-time creds and namespace for migration perm checks 2036934 - CVE-2021-4203 kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses 2037019 - CVE-2022-0286 kernel: Local denial of service in bond_ipsec_add_sa 2039911 - CVE-2021-45485 kernel: information leak in the IPv6 implementation 2039914 - CVE-2021-45486 kernel: information leak in the IPv4 implementation 2042798 - [RHEL8.6][sfc] General sfc driver update 2042822 - CVE-2022-0322 kernel: DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c 2043453 - [RHEL8.6 wireless] stack & drivers general update to v5.16+ 2046021 - kernel 4.18.0-358.el8 async dirops causes write errors with namespace restricted caps 2048251 - Selinux is not allowing SCTP connection setup between inter pod communication in enforcing mode 2061700 - CVE-2021-26401 hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715 2061712 - CVE-2022-0001 hw: cpu: intel: Branch History Injection (BHI) 2061721 - CVE-2022-0002 hw: cpu: intel: Intra-Mode BTI 2064855 - CVE-2022-1011 kernel: FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes 6. Package List: Red Hat Enterprise Linux BaseOS (v. 8): Source: kernel-4.18.0-372.9.1.el8.src.rpm aarch64: bpftool-4.18.0-372.9.1.el8.aarch64.rpm bpftool-debuginfo-4.18.0-372.9.1.el8.aarch64.rpm kernel-4.18.0-372.9.1.el8.aarch64.rpm kernel-core-4.18.0-372.9.1.el8.aarch64.rpm kernel-cross-headers-4.18.0-372.9.1.el8.aarch64.rpm kernel-debug-4.18.0-372.9.1.el8.aarch64.rpm kernel-debug-core-4.18.0-372.9.1.el8.aarch64.rpm kernel-debug-debuginfo-4.18.0-372.9.1.el8.aarch64.rpm kernel-debug-devel-4.18.0-372.9.1.el8.aarch64.rpm kernel-debug-modules-4.18.0-372.9.1.el8.aarch64.rpm kernel-debug-modules-extra-4.18.0-372.9.1.el8.aarch64.rpm kernel-debuginfo-4.18.0-372.9.1.el8.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-372.9.1.el8.aarch64.rpm kernel-devel-4.18.0-372.9.1.el8.aarch64.rpm kernel-headers-4.18.0-372.9.1.el8.aarch64.rpm kernel-modules-4.18.0-372.9.1.el8.aarch64.rpm kernel-modules-extra-4.18.0-372.9.1.el8.aarch64.rpm kernel-tools-4.18.0-372.9.1.el8.aarch64.rpm kernel-tools-debuginfo-4.18.0-372.9.1.el8.aarch64.rpm kernel-tools-libs-4.18.0-372.9.1.el8.aarch64.rpm perf-4.18.0-372.9.1.el8.aarch64.rpm perf-debuginfo-4.18.0-372.9.1.el8.aarch64.rpm python3-perf-4.18.0-372.9.1.el8.aarch64.rpm python3-perf-debuginfo-4.18.0-372.9.1.el8.aarch64.rpm noarch: kernel-abi-stablelists-4.18.0-372.9.1.el8.noarch.rpm kernel-doc-4.18.0-372.9.1.el8.noarch.rpm ppc64le: bpftool-4.18.0-372.9.1.el8.ppc64le.rpm bpftool-debuginfo-4.18.0-372.9.1.el8.ppc64le.rpm kernel-4.18.0-372.9.1.el8.ppc64le.rpm kernel-core-4.18.0-372.9.1.el8.ppc64le.rpm kernel-cross-headers-4.18.0-372.9.1.el8.ppc64le.rpm kernel-debug-4.18.0-372.9.1.el8.ppc64le.rpm kernel-debug-core-4.18.0-372.9.1.el8.ppc64le.rpm kernel-debug-debuginfo-4.18.0-372.9.1.el8.ppc64le.rpm kernel-debug-devel-4.18.0-372.9.1.el8.ppc64le.rpm kernel-debug-modules-4.18.0-372.9.1.el8.ppc64le.rpm kernel-debug-modules-extra-4.18.0-372.9.1.el8.ppc64le.rpm kernel-debuginfo-4.18.0-372.9.1.el8.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-372.9.1.el8.ppc64le.rpm kernel-devel-4.18.0-372.9.1.el8.ppc64le.rpm kernel-headers-4.18.0-372.9.1.el8.ppc64le.rpm kernel-modules-4.18.0-372.9.1.el8.ppc64le.rpm kernel-modules-extra-4.18.0-372.9.1.el8.ppc64le.rpm kernel-tools-4.18.0-372.9.1.el8.ppc64le.rpm kernel-tools-debuginfo-4.18.0-372.9.1.el8.ppc64le.rpm kernel-tools-libs-4.18.0-372.9.1.el8.ppc64le.rpm perf-4.18.0-372.9.1.el8.ppc64le.rpm perf-debuginfo-4.18.0-372.9.1.el8.ppc64le.rpm python3-perf-4.18.0-372.9.1.el8.ppc64le.rpm python3-perf-debuginfo-4.18.0-372.9.1.el8.ppc64le.rpm s390x: bpftool-4.18.0-372.9.1.el8.s390x.rpm bpftool-debuginfo-4.18.0-372.9.1.el8.s390x.rpm kernel-4.18.0-372.9.1.el8.s390x.rpm kernel-core-4.18.0-372.9.1.el8.s390x.rpm kernel-cross-headers-4.18.0-372.9.1.el8.s390x.rpm kernel-debug-4.18.0-372.9.1.el8.s390x.rpm kernel-debug-core-4.18.0-372.9.1.el8.s390x.rpm kernel-debug-debuginfo-4.18.0-372.9.1.el8.s390x.rpm kernel-debug-devel-4.18.0-372.9.1.el8.s390x.rpm kernel-debug-modules-4.18.0-372.9.1.el8.s390x.rpm kernel-debug-modules-extra-4.18.0-372.9.1.el8.s390x.rpm kernel-debuginfo-4.18.0-372.9.1.el8.s390x.rpm kernel-debuginfo-common-s390x-4.18.0-372.9.1.el8.s390x.rpm kernel-devel-4.18.0-372.9.1.el8.s390x.rpm kernel-headers-4.18.0-372.9.1.el8.s390x.rpm kernel-modules-4.18.0-372.9.1.el8.s390x.rpm kernel-modules-extra-4.18.0-372.9.1.el8.s390x.rpm kernel-tools-4.18.0-372.9.1.el8.s390x.rpm kernel-tools-debuginfo-4.18.0-372.9.1.el8.s390x.rpm kernel-zfcpdump-4.18.0-372.9.1.el8.s390x.rpm kernel-zfcpdump-core-4.18.0-372.9.1.el8.s390x.rpm kernel-zfcpdump-debuginfo-4.18.0-372.9.1.el8.s390x.rpm kernel-zfcpdump-devel-4.18.0-372.9.1.el8.s390x.rpm kernel-zfcpdump-modules-4.18.0-372.9.1.el8.s390x.rpm kernel-zfcpdump-modules-extra-4.18.0-372.9.1.el8.s390x.rpm perf-4.18.0-372.9.1.el8.s390x.rpm perf-debuginfo-4.18.0-372.9.1.el8.s390x.rpm python3-perf-4.18.0-372.9.1.el8.s390x.rpm python3-perf-debuginfo-4.18.0-372.9.1.el8.s390x.rpm x86_64: bpftool-4.18.0-372.9.1.el8.x86_64.rpm bpftool-debuginfo-4.18.0-372.9.1.el8.x86_64.rpm kernel-4.18.0-372.9.1.el8.x86_64.rpm kernel-core-4.18.0-372.9.1.el8.x86_64.rpm kernel-cross-headers-4.18.0-372.9.1.el8.x86_64.rpm kernel-debug-4.18.0-372.9.1.el8.x86_64.rpm kernel-debug-core-4.18.0-372.9.1.el8.x86_64.rpm kernel-debug-debuginfo-4.18.0-372.9.1.el8.x86_64.rpm kernel-debug-devel-4.18.0-372.9.1.el8.x86_64.rpm kernel-debug-modules-4.18.0-372.9.1.el8.x86_64.rpm kernel-debug-modules-extra-4.18.0-372.9.1.el8.x86_64.rpm kernel-debuginfo-4.18.0-372.9.1.el8.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-372.9.1.el8.x86_64.rpm kernel-devel-4.18.0-372.9.1.el8.x86_64.rpm kernel-headers-4.18.0-372.9.1.el8.x86_64.rpm kernel-modules-4.18.0-372.9.1.el8.x86_64.rpm kernel-modules-extra-4.18.0-372.9.1.el8.x86_64.rpm kernel-tools-4.18.0-372.9.1.el8.x86_64.rpm kernel-tools-debuginfo-4.18.0-372.9.1.el8.x86_64.rpm kernel-tools-libs-4.18.0-372.9.1.el8.x86_64.rpm perf-4.18.0-372.9.1.el8.x86_64.rpm perf-debuginfo-4.18.0-372.9.1.el8.x86_64.rpm python3-perf-4.18.0-372.9.1.el8.x86_64.rpm python3-perf-debuginfo-4.18.0-372.9.1.el8.x86_64.rpm Red Hat CodeReady Linux Builder (v. 8): aarch64: bpftool-debuginfo-4.18.0-372.9.1.el8.aarch64.rpm kernel-debug-debuginfo-4.18.0-372.9.1.el8.aarch64.rpm kernel-debuginfo-4.18.0-372.9.1.el8.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-372.9.1.el8.aarch64.rpm kernel-tools-debuginfo-4.18.0-372.9.1.el8.aarch64.rpm kernel-tools-libs-devel-4.18.0-372.9.1.el8.aarch64.rpm perf-debuginfo-4.18.0-372.9.1.el8.aarch64.rpm python3-perf-debuginfo-4.18.0-372.9.1.el8.aarch64.rpm ppc64le: bpftool-debuginfo-4.18.0-372.9.1.el8.ppc64le.rpm kernel-debug-debuginfo-4.18.0-372.9.1.el8.ppc64le.rpm kernel-debuginfo-4.18.0-372.9.1.el8.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-372.9.1.el8.ppc64le.rpm kernel-tools-debuginfo-4.18.0-372.9.1.el8.ppc64le.rpm kernel-tools-libs-devel-4.18.0-372.9.1.el8.ppc64le.rpm perf-debuginfo-4.18.0-372.9.1.el8.ppc64le.rpm python3-perf-debuginfo-4.18.0-372.9.1.el8.ppc64le.rpm x86_64: bpftool-debuginfo-4.18.0-372.9.1.el8.x86_64.rpm kernel-debug-debuginfo-4.18.0-372.9.1.el8.x86_64.rpm kernel-debuginfo-4.18.0-372.9.1.el8.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-372.9.1.el8.x86_64.rpm kernel-tools-debuginfo-4.18.0-372.9.1.el8.x86_64.rpm kernel-tools-libs-devel-4.18.0-372.9.1.el8.x86_64.rpm perf-debuginfo-4.18.0-372.9.1.el8.x86_64.rpm python3-perf-debuginfo-4.18.0-372.9.1.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYnqSF9zjgjWX9erEAQjBXQ/8DSpFUMNN6ZVFtli2KuVowVLS+14J0jtj 0zxpr0skJT8vVulU3VTeURBMdg9NAo9bj3R5KTk2+dC+AMuHET5aoVvaYmimBGKL 5qzpu7q9Z0aaD2I288suHCnYuRJnt+qKZtNa4hlcY92bN0tcYBonxsdIS2xM6xIu GHNS8HNVUNz4PuCBfmbITvgX9Qx+iZQVlVccDBG5LDpVwgOtnrxHKbe5E499v/9M oVoN+eV9ulHAZdCHWlUAahbsvEqDraCKNT0nHq/xO5dprPjAcjeKYMeaICtblRr8 k+IouGywaN+mW4sBjnaaiuw2eAtoXq/wHisX1iUdNkroqcx9NBshWMDBJnE4sxQJ ZOSc8B6yjJItPvUI7eD3BDgoka/mdoyXTrg+9VRrir6vfDHPrFySLDrO1O5HM5fO 3sExCVO2VM7QMCGHJ1zXXX4szk4SV/PRsjEesvHOyR2xTKZZWMsXe1h9gYslbADd tW0yco/G23xjxqOtMKuM/nShBChflMy9apssldiOfdqODJMv5d4rRpt0xgmtSOM6 qReveuQCasmNrGlAHgDwbtWz01fmSuk9eYDhZNmHA3gxhoHIV/y+wr0CLbOQtDxT p79nhiqwUo5VMj/X30Lu0Wl3ptLuhRWamzTCkEEzdubr8aVsT4RRNQU3KfVFfpT1 MWp/2ui3i80= =Fdgy -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Bugs fixed (https://bugzilla.redhat.com/): 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak 2053429 - CVE-2022-23806 golang: crypto/elliptic IsOnCurve returns true for invalid field elements 2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale 2074689 - CVE-2022-21803 nconf: Prototype pollution in memory store 2080279 - CVE-2022-29810 go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses 2082087 - RHACM 2.3.11 images 2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group 5. ========================================================================== Ubuntu Security Notice USN-5467-1 June 08, 2022 linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-azure-fde, linux-gcp, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-azure-fde: Linux kernel for Microsoft Azure cloud systems - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-gke: Linux kernel for Google Container Engine (GKE) systems - linux-gkeop: Linux kernel for Google Container Engine (GKE) systems - linux-ibm: Linux kernel for IBM cloud systems - linux-kvm: Linux kernel for cloud environments - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi: Linux kernel for Raspberry Pi systems - linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems - linux-azure-5.4: Linux kernel for Microsoft Azure cloud systems - linux-gke-5.4: Linux kernel for Google Container Engine (GKE) systems - linux-gkeop-5.4: Linux kernel for Google Container Engine (GKE) systems - linux-hwe-5.4: Linux hardware enablement (HWE) kernel - linux-ibm-5.4: Linux kernel for IBM cloud systems - linux-oracle-5.4: Linux kernel for Oracle Cloud systems - linux-raspi-5.4: Linux kernel for Raspberry Pi systems Details: It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. (CVE-2022-21499) Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1966) It was discovered that the SCTP protocol implementation in the Linux kernel did not properly verify VTAGs in some situations. A remote attacker could possibly use this to cause a denial of service (connection disassociation). (CVE-2021-3772) Eric Biederman discovered that the cgroup process migration implementation in the Linux kernel did not perform permission checks correctly in some situations. (CVE-2021-4197) Jann Horn discovered that the FUSE file system in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1011) Qiuhao Li, Gaoning Pan and Yongkang Jia discovered that the KVM implementation in the Linux kernel did not properly perform guest page table updates in some situations. An attacker in a guest vm could possibly use this to crash the host OS. (CVE-2022-1158) Duoming Zhou discovered that the 6pack protocol implementation in the Linux kernel did not handle detach events properly in some situations, leading to a use-after-free vulnerability. (CVE-2022-1198) It was discovered that the PF_KEYv2 implementation in the Linux kernel did not properly initialize kernel memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-1353) It was discovered that the implementation of X.25 network protocols in the Linux kernel did not terminate link layer sessions properly. (CVE-2022-1516) Demi Marie Obenour and Simon Gaiser discovered that several Xen para- virtualization device frontends did not properly restrict the access rights of device backends. An attacker could possibly use a malicious Xen backend to gain access to memory pages of a guest VM or cause a denial of service in the guest. (CVE-2022-23036, CVE-2022-23037, CVE-2022-23038, CVE-2022-23039, CVE-2022-23040, CVE-2022-23041, CVE-2022-23042) It was discovered that the USB Gadget file system interface in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-24958) It was discovered that the USB SR9700 ethernet device driver for the Linux kernel did not properly validate the length of requests from the device. A physically proximate attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2022-26966) 赵子轩 discovered that the 802.2 LLC type 2 driver in the Linux kernel did not properly perform reference counting in some error conditions. (CVE-2022-28356) It was discovered that the Microchip CAN BUS Analyzer interface implementation in the Linux kernel did not properly handle certain error conditions, leading to a double-free. (CVE-2022-28389) It was discovered that the EMS CAN/USB interface implementation in the Linux kernel contained a double-free vulnerability when handling certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-28390) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: linux-image-5.4.0-1026-ibm 5.4.0-1026.29 linux-image-5.4.0-1046-gkeop 5.4.0-1046.48 linux-image-5.4.0-1065-raspi 5.4.0-1065.75 linux-image-5.4.0-1068-kvm 5.4.0-1068.72 linux-image-5.4.0-1074-gke 5.4.0-1074.79 linux-image-5.4.0-1076-oracle 5.4.0-1076.83 linux-image-5.4.0-1078-aws 5.4.0-1078.84 linux-image-5.4.0-1078-gcp 5.4.0-1078.84 linux-image-5.4.0-1083-azure 5.4.0-1083.87 linux-image-5.4.0-1083-azure-fde 5.4.0-1083.87+cvm1.1 linux-image-5.4.0-117-generic 5.4.0-117.132 linux-image-5.4.0-117-generic-lpae 5.4.0-117.132 linux-image-5.4.0-117-lowlatency 5.4.0-117.132 linux-image-aws-lts-20.04 5.4.0.1078.79 linux-image-azure-fde 5.4.0.1083.87+cvm1.24 linux-image-azure-lts-20.04 5.4.0.1083.81 linux-image-gcp-lts-20.04 5.4.0.1078.85 linux-image-generic 5.4.0.117.120 linux-image-generic-lpae 5.4.0.117.120 linux-image-gke 5.4.0.1074.83 linux-image-gke-5.4 5.4.0.1074.83 linux-image-gkeop 5.4.0.1046.48 linux-image-gkeop-5.4 5.4.0.1046.48 linux-image-ibm 5.4.0.1026.24 linux-image-ibm-lts-20.04 5.4.0.1026.24 linux-image-kvm 5.4.0.1068.66 linux-image-lowlatency 5.4.0.117.120 linux-image-oem 5.4.0.117.120 linux-image-oem-osp1 5.4.0.117.120 linux-image-oracle-lts-20.04 5.4.0.1076.75 linux-image-raspi 5.4.0.1065.98 linux-image-raspi2 5.4.0.1065.98 linux-image-virtual 5.4.0.117.120 Ubuntu 18.04 LTS: linux-image-5.4.0-1026-ibm 5.4.0-1026.29~18.04.1 linux-image-5.4.0-1046-gkeop 5.4.0-1046.48~18.04.1 linux-image-5.4.0-1065-raspi 5.4.0-1065.75~18.04.1 linux-image-5.4.0-1074-gke 5.4.0-1074.79~18.04.1 linux-image-5.4.0-1076-oracle 5.4.0-1076.83~18.04.1 linux-image-5.4.0-1078-aws 5.4.0-1078.84~18.04.1 linux-image-5.4.0-1083-azure 5.4.0-1083.87~18.04.1 linux-image-5.4.0-117-generic 5.4.0-117.132~18.04.1 linux-image-5.4.0-117-generic-lpae 5.4.0-117.132~18.04.1 linux-image-5.4.0-117-lowlatency 5.4.0-117.132~18.04.1 linux-image-aws 5.4.0.1078.59 linux-image-azure 5.4.0.1083.61 linux-image-generic-hwe-18.04 5.4.0.117.132~18.04.99 linux-image-generic-lpae-hwe-18.04 5.4.0.117.132~18.04.99 linux-image-gke-5.4 5.4.0.1074.79~18.04.37 linux-image-gkeop-5.4 5.4.0.1046.48~18.04.44 linux-image-ibm 5.4.0.1026.41 linux-image-lowlatency-hwe-18.04 5.4.0.117.132~18.04.99 linux-image-oem 5.4.0.117.132~18.04.99 linux-image-oem-osp1 5.4.0.117.132~18.04.99 linux-image-oracle 5.4.0.1076.83~18.04.54 linux-image-raspi-hwe-18.04 5.4.0.1065.65 linux-image-snapdragon-hwe-18.04 5.4.0.117.132~18.04.99 linux-image-virtual-hwe-18.04 5.4.0.117.132~18.04.99 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-5467-1 CVE-2021-3772, CVE-2021-4197, CVE-2022-1011, CVE-2022-1158, CVE-2022-1198, CVE-2022-1353, CVE-2022-1516, CVE-2022-1966, CVE-2022-21499, CVE-2022-23036, CVE-2022-23037, CVE-2022-23038, CVE-2022-23039, CVE-2022-23040, CVE-2022-23041, CVE-2022-23042, CVE-2022-24958, CVE-2022-26966, CVE-2022-28356, CVE-2022-28389, CVE-2022-28390 Package Information: https://launchpad.net/ubuntu/+source/linux/5.4.0-117.132 https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1078.84 https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1083.87 https://launchpad.net/ubuntu/+source/linux-azure-fde/5.4.0-1083.87+cvm1.1 https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1078.84 https://launchpad.net/ubuntu/+source/linux-gke/5.4.0-1074.79 https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1046.48 https://launchpad.net/ubuntu/+source/linux-ibm/5.4.0-1026.29 https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1068.72 https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1076.83 https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1065.75 https://launchpad.net/ubuntu/+source/linux-aws-5.4/5.4.0-1078.84~18.04.1 https://launchpad.net/ubuntu/+source/linux-azure-5.4/5.4.0-1083.87~18.04.1 https://launchpad.net/ubuntu/+source/linux-gke-5.4/5.4.0-1074.79~18.04.1 https://launchpad.net/ubuntu/+source/linux-gkeop-5.4/5.4.0-1046.48~18.04.1 https://launchpad.net/ubuntu/+source/linux-hwe-5.4/5.4.0-117.132~18.04.1 https://launchpad.net/ubuntu/+source/linux-ibm-5.4/5.4.0-1026.29~18.04.1 https://launchpad.net/ubuntu/+source/linux-oracle-5.4/5.4.0-1076.83~18.04.1 https://launchpad.net/ubuntu/+source/linux-raspi-5.4/5.4.0-1065.75~18.04.1 . Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.25. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHSA-2022:5729 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html Security Fix(es): * golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675) * golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921) * golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. You may download the oc tool and use it to inspect release image metadata as follows: (For x86_64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.25-x86_64 The image digest is sha256:ed84fb3fbe026b3bbb4a2637ddd874452ac49c6ead1e15675f257e28664879cc (For s390x architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.25-s390x The image digest is sha256:a151628743b643e8ceda09dbd290aa4ac2787fc519365603a5612cb4d379d8e3 (For ppc64le architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.25-ppc64le The image digest is sha256:5ee9476628f198cdadd8f7afe6f117e8102eaafba8345e95d2f479c260eb0574 All OpenShift Container Platform 4.10 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html 3. Solution: For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString 2060058 - superfluous apirequestcount entries in audit log 2064857 - CVE-2022-24921 golang: regexp: stack exhaustion via a deeply nested expression 2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode 2079034 - [4.10] Openshift Container Platform - Ingress Controller does not set allowPrivilegeEscalation in the router deployment 2094584 - VM with sysprep is failed to create 2095217 - VM SSH command generated by UI points at api VIP 2095319 - [4.10] Bootimage bump tracker 2098655 - gcp cluster rollback fails due to storage failure 2099526 - prometheus-adapter becomes inaccessible during rollout 2100894 - Possible to cause misconfiguration of container runtime soon after cluster creation 2100974 - Layout issue: No spacing in delete modals 2103175 - disabling ipv6 router advertisements using "all" does not disable it on secondary interfaces 2105110 - [VPA] recommender is logging errors for pods with init containers 2105275 - NodeIP is used instead of EgressIP 2105653 - egressIP panics with nil pointer dereference 2106385 - the cronjob object is created with a wrong api version batch/v1beta1 when created via the openshift console 2106842 - In CI 4.10 HAProxy must-gather takes longer than 10 minutes 2107276 - The ccoctl does not seem to know how to leverage the VMs service account to talk to GCP APIs. 2109125 - [4.10 Backport] Spoke BMH stuck "inspecting" when deployed via ZTP in 4.11 OCP hub 2109225 - Console 4.10 operand form refresh 2109235 - openshift-apiserver pods never going NotReady 5. Description: Red Hat Advanced Cluster Management for Kubernetes 2.5.0 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/ Security fixes: * nodejs-json-schema: Prototype pollution vulnerability (CVE-2021-3918) * containerd: Unprivileged pod may bind mount any privileged regular file on disk (CVE-2021-43816) * minio: user privilege escalation in AddUser() admin API (CVE-2021-43858) * openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778) * imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path (CVE-2022-24778) * golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565) * node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235) * nconf: Prototype pollution in memory store (CVE-2022-21803) * golang: crypto/elliptic IsOnCurve returns true for invalid field elements (CVE-2022-23806) * nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account (CVE-2022-24450) * Moment.js: Path traversal in moment.locale (CVE-2022-24785) * golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191) * go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses (CVE-2022-29810) * opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190) Bug fixes: * RFE Copy secret with specific secret namespace, name for source and name, namespace and cluster label for target (BZ# 2014557) * RHACM 2.5.0 images (BZ# 2024938) * [UI] When you delete host agent from infraenv no confirmation message appear (Are you sure you want to delete x?) (BZ#2028348) * Clusters are in 'Degraded' status with upgrade env due to obs-controller not working properly (BZ# 2028647) * create cluster pool -> choose infra type, As a result infra providers disappear from UI. (BZ# 2033339) * Restore/backup shows up as Validation failed but the restore backup status in ACM shows success (BZ# 2034279) * Observability - OCP 311 node role are not displayed completely (BZ# 2038650) * Documented uninstall procedure leaves many leftovers (BZ# 2041921) * infrastructure-operator pod crashes due to insufficient privileges in ACM 2.5 (BZ# 2046554) * Acm failed to install due to some missing CRDs in operator (BZ# 2047463) * Navigation icons no longer showing in ACM 2.5 (BZ# 2051298) * ACM home page now includes /home/ in url (BZ# 2051299) * proxy heading in Add Credential should be capitalized (BZ# 2051349) * ACM 2.5 tries to create new MCE instance when install on top of existing MCE 2.0 (BZ# 2051983) * Create Policy button does not work and user cannot use console to create policy (BZ# 2053264) * No cluster information was displayed after a policyset was created (BZ# 2053366) * Dynamic plugin update does not take effect in Firefox (BZ# 2053516) * Replicated policy should not be available when creating a Policy Set (BZ# 2054431) * Placement section in Policy Set wizard does not reset when users click "Back" to re-configured placement (BZ# 2054433) 3. Bugs fixed (https://bugzilla.redhat.com/): 2014557 - RFE Copy secret with specific secret namespace, name for source and name, namespace and cluster label for target 2024702 - CVE-2021-3918 nodejs-json-schema: Prototype pollution vulnerability 2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion 2028224 - RHACM 2.5.0 images 2028348 - [UI] When you delete host agent from infraenv no confirmation message appear (Are you sure you want to delete x?) 2028647 - Clusters are in 'Degraded' status with upgrade env due to obs-controller not working properly 2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2033339 - create cluster pool -> choose infra type , As a result infra providers disappear from UI. 2034279 - Restore/backup shows up as Validation failed but the restore backup status in ACM shows success 2036252 - CVE-2021-43858 minio: user privilege escalation in AddUser() admin API 2038650 - Observability - OCP 311 node role are not displayed completely 2041921 - Documented uninstall procedure leaves many leftovers 2044434 - CVE-2021-43816 containerd: Unprivileged pod may bind mount any privileged regular file on disk 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2046554 - infrastructure-operator pod crashes due to insufficient privileges in ACM 2.5 2047463 - Acm failed to install due to some missing CRDs in operator 2051298 - Navigation icons no longer showing in ACM 2.5 2051299 - ACM home page now includes /home/ in url 2051349 - proxy heading in Add Credential should be capitalized 2051983 - ACM 2.5 tries to create new MCE instance when install on top of existing MCE 2.0 2052573 - CVE-2022-24450 nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account 2053264 - Create Policy button does not work and user cannot use console to create policy 2053366 - No cluster information was displayed after a policyset was created 2053429 - CVE-2022-23806 golang: crypto/elliptic IsOnCurve returns true for invalid field elements 2053516 - Dynamic plugin update does not take effect in Firefox 2054431 - Replicated policy should not be available when creating a Policy Set 2054433 - Placement section in Policy Set wizard does not reset when users click "Back" to re-configured placement 2054772 - credentialName is not parsed correctly in UI notifications/alerts when creating/updating a discovery config 2054860 - Cluster overview page crashes for on-prem cluster 2055333 - Unable to delete assisted-service operator 2055900 - If MCH is installed on existing MCE and both are in multicluster-engine namespace , uninstalling MCH terminates multicluster-engine namespace 2056485 - [UI] In infraenv detail the host list don't have pagination 2056701 - Non platform install fails agentclusterinstall CRD is outdated in rhacm2.5 2057060 - [CAPI] Unable to create ClusterDeployment due to service account restrictions (ACM + Bundled Assisted) 2058435 - Label cluster.open-cluster-management.io/backup-cluster stamped 'unknown' for velero backups 2059779 - spec.nodeSelector is missing in MCE instance created by MCH upon installing ACM on infra nodes 2059781 - Policy UI crashes when viewing details of configuration policies for backupschedule that does not exist 2060135 - [assisted-install] agentServiceConfig left orphaned after uninstalling ACM 2060151 - Policy set of the same name cannot be re-created after the previous one has been deleted 2060230 - [UI] Delete host modal has incorrect host's name populated 2060309 - multiclusterhub stuck in installing on "ManagedClusterConditionAvailable" [intermittent] 2060469 - The development branch of the Submariner addon deploys 0.11.0, not 0.12.0 2060550 - MCE installation hang due to no console-mce-console deployment available 2060603 - prometheus doesn't display managed clusters 2060831 - Observability - prometheus-operator failed to start on *KS 2060934 - Cannot provision AWS OCP 4.9 cluster from Power Hub 2061260 - The value of the policyset placement should be filtered space when input cluster label expression 2061311 - Cleanup of installed spoke clusters hang on deletion of spoke namespace 2061659 - the network section in create cluster -> Networking include the brace in the network title 2061798 - [ACM 2.5] The service of Cluster Proxy addon was missing 2061838 - ACM component subscriptions are removed when enabling spec.disableHubSelfManagement in MCH 2062009 - No name validation is performed on Policy and Policy Set Wizards 2062022 - cluster.open-cluster-management.io/backup-cluster of velero schedules should populate the corresponding hub clusterID 2062025 - No validation is done on yaml's format or content in Policy and Policy Set wizards 2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates 2062337 - velero schedules get re-created after the backupschedule is in 'BackupCollision' phase 2062462 - Upgrade to 2.5 hang due to irreconcilable errors of grc-sub and search-prod-sub in MCH 2062556 - Always return the policyset page after created the policy from UI 2062787 - Submariner Add-on UI does not indicate on Broker error 2063055 - User with cluserrolebinding of open-cluster-management:cluster-manager-admin role can't see policies and clusters page 2063341 - Release imagesets are missing in the console for ocp 4.10 2063345 - Application Lifecycle- UI shows white blank page when the page is Refreshed 2063596 - claim clusters from clusterpool throws errors 2063599 - Update the message in clusterset -> clusterpool page since we did not allow to add clusterpool to clusterset by resourceassignment 2063697 - Observability - MCOCR reports object-storage secret without AWS access_key in STS enabled env 2064231 - Can not clean the instance type for worker pool when create the clusters 2064247 - prefer UI can add the architecture type when create the cluster 2064392 - multicloud oauth-proxy failed to log users in on web 2064477 - Click at "Edit Policy" for each policy leads to a blank page 2064509 - No option to view the ansible job details and its history in the Automation wizard after creation of the automation job 2064516 - Unable to delete an automation job of a policy 2064528 - Columns of Policy Set, Status and Source on Policy page are not sortable 2064535 - Different messages on the empty pages of Overview and Clusters when policy is disabled 2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server 2064722 - [Tracker] [DR][ACM 2.5] Applications are not getting deployed on managed cluster 2064899 - Failed to provision openshift 4.10 on bare metal 2065436 - "Filter" drop-down list does not show entries of the policies that have no top-level remediation specified 2066198 - Issues about disabled policy from UI 2066207 - The new created policy should be always shown up on the first line 2066333 - The message was confuse when the cluster status is Running 2066383 - MCE install failing on proxy disconnected environment 2066433 - Logout not working for ACM 2.5 2066464 - console-mce-console pods throw ImagePullError after upgrading to ocp 4.10 2066475 - User with view-only rolebinding should not be allowed to create policy, policy set and automation job 2066544 - The search box can't work properly in Policies page 2066594 - RFE: Can't open the helm source link of the backup-restore-enabled policy from UI 2066650 - minor issues in cluster curator due to the startup throws errors 2066751 - the image repo of application-manager did not updated to use the image repo in MCE/MCH configuration 2066834 - Hibernating cluster(s) in cluster pool stuck in 'Stopping' status after restore activation 2066842 - cluster pool credentials are not backed up 2066914 - Unable to remove cluster value during configuration of the label expressions for policy and policy set 2066940 - Validation fired out for https proxy when the link provided not starting with https 2066965 - No message is displayed in Policy Wizard to indicate a policy externally managed 2066979 - MIssing groups in policy filter options comparing to previous RHACM version 2067053 - I was not able to remove the image mirror content when create the cluster 2067067 - Can't filter the cluster info when clicked the cluster in the Placement section 2067207 - Bare metal asset secrets are not backed up 2067465 - Categories,Standards, and Controls annotations are not updated after user has deleted a selected template 2067713 - Columns on policy's "Results" are not sort-able as in previous release 2067728 - Can't search in the policy creation or policyset creation Yaml editor 2068304 - Application Lifecycle- Replicasets arent showing the logs console in Topology 2068309 - For policy wizard in dynamics plugin environment, buttons at the bottom should be sticky and the contents of the Policy should scroll 2068312 - Application Lifecycle - Argo Apps are not showing overview details and topology after upgrading from 2.4 2068313 - Application Lifecycle - Refreshing overview page leads to a blank page 2068328 - A cluster's "View history" page should not contain all clusters' violations history 2068387 - Observability - observability operator always CrashLoopBackOff in FIPS upgrading hub 2068993 - Observability - Node list is not filtered according to nodeType on OCP 311 dashboard 2069329 - config-policy-controller addon with "Unknown" status in OCP 3.11 managed cluster after upgrade hub to 2.5 2069368 - CVE-2022-24778 imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path 2069469 - Status of unreachable clusters is not reported in several places on GRC panels 2069615 - The YAML editor can't work well when login UI using dynamic console plugin 2069622 - No validation for policy template's name 2069698 - After claim a cluster from clusterpool, the cluster pages become very very slow 2069867 - Error occurs when trying to edit an application set/subscription 2069870 - ACM/MCE Dynamic Plugins - 404: Page Not Found Error Occurs - intermittent crashing 2069875 - Cluster secrets are not being created in the managed cluster's namespace 2069895 - Application Lifecycle - Replicaset and Pods gives error messages when Yaml is selected on sidebar 2070203 - Blank Application is shown when editing an Application with AnsibleJobs 2070782 - Failed Secret Propagation to the Same Namespace as the AnsibleJob CR 2070846 - [ACM 2.5] Can't re-add the default clusterset label after removing it from a managedcluster on BM SNO hub 2071066 - Policy set details panel does not work when deployed into namespace different than "default" 2071173 - Configured RunOnce automation job is not displayed although the policy has no violation 2071191 - MIssing title on details panel after clicking "view details" of a policy set card 2071769 - Placement must be always configured or error is reported when creating a policy 2071818 - ACM logo not displayed in About info modal 2071869 - Topology includes the status of local cluster resources when Application is only deployed to managed cluster 2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale 2072097 - Local Cluster is shown as Remote on the Application Overview Page and Single App Overview Page 2072104 - Inconsistent "Not Deployed" Icon Used Between 2.4 and 2.5 as well as the Overview and Topology 2072177 - Cluster Resource Status is showing App Definition Statuses as well 2072227 - Sidebar Statuses Need to Be Updated to Reflect Cluster List and Cluster Resource Statuses 2072231 - Local Cluster not included in the appsubreport for Helm Applications Deployed on All Clusters 2072334 - Redirect URL is now to the details page after created a policy 2072342 - Shows "NaN%" in the ring chart when add the disabled policy into policyset and view its details 2072350 - CRD Deployed via Application Console does not have correct deployment status and spelling 2072359 - Report the error when editing compliance type in the YAML editor and then submit the changes 2072504 - The policy has violations on the failed managed cluster 2072551 - URL dropdown is not being rendered with an Argo App with a new URL 2072773 - When a channel is deleted and recreated through the App Wizard, application creation stalls and warning pops up 2072824 - The edit/delete policyset button should be greyed when using viewer check 2072829 - When Argo App with jsonnet object is deployed, topology and cluster status would fail to display the correct statuses. 2073179 - Policy controller was unable to retrieve violation status in for an OCP 3.11 managed cluster on ARM hub 2073330 - Observabilityy - memory usage data are not collected even collect rule is fired on SNO 2073355 - Get blank page when click policy with unknown status in Governance -> Overview page 2073508 - Thread responsible to get insights data from *ks clusters is broken 2073557 - appsubstatus is not deleted for Helm applications when changing between 2 managed clusters 2073726 - Placement of First Subscription gets overlapped by the Cluster Node in Application Topology 2073739 - Console/App LC - Error message saying resource conflict only shows up in standalone ACM but not in Dynamic plugin 2073740 - Console/App LC- Apps are deployed even though deployment do not proceed because of "resource conflict" error 2074178 - Editing Helm Argo Applications does not Prune Old Resources 2074626 - Policy placement failure during ZTP SNO scale test 2074689 - CVE-2022-21803 nconf: Prototype pollution in memory store 2074803 - The import cluster YAML editor shows the klusterletaddonconfig was required on MCE portal 2074937 - UI allows creating cluster even when there are no ClusterImageSets 2075416 - infraEnv failed to create image after restore 2075440 - The policyreport CR is created for spoke clusters until restarted the insights-client pod 2075739 - The lookup function won't check the referred resource whether exist when using template policies 2076421 - Can't select existing placement for policy or policyset when editing policy or policyset 2076494 - No policyreport CR for spoke clusters generated in the disconnected env 2076502 - The policyset card doesn't show the cluster status(violation/without violation) again after deleted one policy 2077144 - GRC Ansible automation wizard does not display error of missing dependent Ansible Automation Platform operator 2077149 - App UI shows no clusters cluster column of App Table when Discovery Applications is deployed to a managed cluster 2077291 - Prometheus doesn't display acm_managed_cluster_info after upgrade from 2.4 to 2.5 2077304 - Create Cluster button is disabled only if other clusters exist 2077526 - ACM UI is very very slow after upgrade from 2.4 to 2.5 2077562 - Console/App LC- Helm and Object bucket applications are not showing as deployed in the UI 2077751 - Can't create a template policy from UI when the object's name is referring Golang text template syntax in this policy 2077783 - Still show violation for clusterserviceversions after enforced "Detect Image vulnerabilities " policy template and the operator is installed 2077951 - Misleading message indicated that a placement of a policy became one managed only by policy set 2078164 - Failed to edit a policy without placement 2078167 - Placement binding and rule names are not created in yaml when editing a policy previously created with no placement 2078373 - Disable the hyperlink of *ks node in standalone MCE environment since the search component was not exists 2078617 - Azure public credential details get pre-populated with base domain name in UI 2078952 - View pod logs in search details returns error 2078973 - Crashed pod is marked with success in Topology 2079013 - Changing existing placement rules does not change YAML file 2079015 - Uninstall pod crashed when destroying Azure Gov cluster in ACM 2079421 - Hyphen(s) is deleted unexpectedly in UI when yaml is turned on 2079494 - Hitting Enter in yaml editor caused unexpected keys "key00x:" to be created 2079533 - Clusters with no default clusterset do not get assigned default cluster when upgrading from ACM 2.4 to 2.5 2079585 - When an Ansible Secret is propagated to an Ansible Application namespace, the propagated secret is shown in the Credentials page 2079611 - Edit appset placement in UI with a different existing placement causes the current associated placement being deleted 2079615 - Edit appset placement in UI with a new placement throws error upon submitting 2079658 - Cluster Count is Incorrect in Application UI 2079909 - Wrong message is displayed when GRC fails to connect to an ansible tower 2080172 - Still create policy automation successfully when the PolicyAutomation name exceed 63 characters 2080215 - Get a blank page after go to policies page in upgraded env when using an user with namespace-role-binding of default view role 2080279 - CVE-2022-29810 go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses 2080503 - vSphere network name doesn't allow entering spaces and doesn't reflect YAML changes 2080567 - Number of cluster in violation in the table does not match other cluster numbers on the policy set details page 2080712 - Select an existing placement configuration does not work 2080776 - Unrecognized characters are displayed on policy and policy set yaml editors 2081792 - When deploying an application to a clusterpool claimed cluster after upgrade, the application does not get deployed to the cluster 2081810 - Type '-' character in Name field caused previously typed character backspaced in in the name field of policy wizard 2081829 - Application deployed on local cluster's topology is crashing after upgrade 2081938 - The deleted policy still be shown on the policyset review page when edit this policy set 2082226 - Object Storage Topology includes residue of resources after Upgrade 2082409 - Policy set details panel remains even after the policy set has been deleted 2082449 - The hypershift-addon-agent deployment did not have imagePullSecrets 2083038 - Warning still refers to the `klusterlet-addon-appmgr` pod rather than the `application-manager` pod 2083160 - When editing a helm app with failing resources to another, the appsubstatus and the managedclusterview do not get updated 2083434 - The provider-credential-controller did not support the RHV credentials type 2083854 - When deploying an application with ansiblejobs multiple times with different namespaces, the topology shows all the ansiblejobs rather than just the one within the namespace 2083870 - When editing an existing application and refreshing the `Select an existing placement configuration`, multiple occurrences of the placementrule gets displayed 2084034 - The status message looks messy in the policy set card, suggest one kind status one a row 2084158 - Support provisioning bm cluster where no provisioning network provided 2084622 - Local Helm application shows cluster resources as `Not Deployed` in Topology [Upgrade] 2085083 - Policies fail to copy to cluster namespace after ACM upgrade 2085237 - Resources referenced by a channel are not annotated with backup label 2085273 - Error querying for ansible job in app topology 2085281 - Template name error is reported but the template name was found in a different replicated policy 2086389 - The policy violations for hibernated cluster still be displayed on the policy set details page 2087515 - Validation thrown out in configuration for disconnect install while creating bm credential 2088158 - Object Storage Application deployed to all clusters is showing unemployed in topology [Upgrade] 2088511 - Some cluster resources are not showing labels that are defined in the YAML 5

Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow in the setSmartPowerManagement function. Tenda AC10-1200 is a wireless router from China Tenda Company. A buffer error vulnerability exists in Tenda AC10-1200, which arises from incorrect validation of data boundaries when performing operations on memory in the setSmartPowerManagement function. An attacker could exploit this vulnerability to crash the program