VARIoT IoT vulnerabilities database

VAR-202105-0846 | CVE-2021-30186 | CODESYS V2 runtime system SP Out-of-bounds Vulnerability in Microsoft |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow
VAR-202105-1306 | CVE-2021-33574 | GNU C Library Resource Management Error Vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact. The vulnerability stems from the library's mq_notify function having a use-after-free feature. Solution:
OSP 16.2.z Release - OSP Director Operator Containers
4. Bugs fixed (https://bugzilla.redhat.com/):
2025995 - Rebase tech preview on latest upstream v1.2.x branch
2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache
2036784 - osp controller (fencing enabled) in downed state after system manual crash test
5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202107-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: glibc: Multiple vulnerabilities
Date: July 06, 2021
Bugs: #764176, #767718, #772425, #792261
ID: 202107-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities in glibc could result in Denial of Service.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 sys-libs/glibc < 2.33-r1 >= 2.33-r1
Description
===========
Multiple vulnerabilities have been discovered in glibc. Please review
the CVE identifiers referenced below for details.
Impact
======
An attacker could cause a possible Denial of Service condition.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All glibc users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.33-r1"
References
==========
[ 1 ] CVE-2019-25013
https://nvd.nist.gov/vuln/detail/CVE-2019-25013
[ 2 ] CVE-2020-27618
https://nvd.nist.gov/vuln/detail/CVE-2020-27618
[ 3 ] CVE-2021-27645
https://nvd.nist.gov/vuln/detail/CVE-2021-27645
[ 4 ] CVE-2021-3326
https://nvd.nist.gov/vuln/detail/CVE-2021-3326
[ 5 ] CVE-2021-33574
https://nvd.nist.gov/vuln/detail/CVE-2021-33574
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202107-07
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2021 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
.
Clusters and applications are all visible and managed from a single console
— with security policy built in. See the following Release Notes documentation, which
will be updated shortly for this release, for additional details about this
release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/
Security fixes:
* CVE-2021-3795 semver-regex: inefficient regular expression complexity
* CVE-2021-23440 nodejs-set-value: type confusion allows bypass of
CVE-2019-10747
Related bugs:
* RHACM 2.2.10 images (Bugzilla #2013652)
3. Bugs fixed (https://bugzilla.redhat.com/):
2004944 - CVE-2021-23440 nodejs-set-value: type confusion allows bypass of CVE-2019-10747
2006009 - CVE-2021-3795 semver-regex: inefficient regular expression complexity
2013652 - RHACM 2.2.10 images
5. Summary:
An update is now available for OpenShift Logging 5.3. Bugs fixed (https://bugzilla.redhat.com/):
1963232 - CVE-2021-33194 golang: x/net/html: infinite loop in ParseFragment
5. JIRA issues fixed (https://issues.jboss.org/):
LOG-1168 - Disable hostname verification in syslog TLS settings
LOG-1235 - Using HTTPS without a secret does not translate into the correct 'scheme' value in Fluentd
LOG-1375 - ssl_ca_cert should be optional
LOG-1378 - CLO should support sasl_plaintext(Password over http)
LOG-1392 - In fluentd config, flush_interval can't be set with flush_mode=immediate
LOG-1494 - Syslog output is serializing json incorrectly
LOG-1555 - Fluentd logs emit transaction failed: error_class=NoMethodError while forwarding to external syslog server
LOG-1575 - Rejected by Elasticsearch and unexpected json-parsing
LOG-1735 - Regression introducing flush_at_shutdown
LOG-1774 - The collector logs should be excluded in fluent.conf
LOG-1776 - fluentd total_limit_size sets value beyond available space
LOG-1822 - OpenShift Alerting Rules Style-Guide Compliance
LOG-1859 - CLO Should not error and exit early on missing ca-bundle when cluster wide proxy is not enabled
LOG-1862 - Unsupported kafka parameters when enabled Kafka SASL
LOG-1903 - Fix the Display of ClusterLogging type in OLM
LOG-1911 - CLF API changes to Opt-in to multiline error detection
LOG-1918 - Alert `FluentdNodeDown` always firing
LOG-1939 - Opt-in multiline detection breaks cloudwatch forwarding
6. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: ACS 3.67 security and enhancement update
Advisory ID: RHSA-2021:4902-01
Product: RHACS
Advisory URL: https://access.redhat.com/errata/RHSA-2021:4902
Issue date: 2021-12-01
CVE Names: CVE-2018-20673 CVE-2019-5827 CVE-2019-13750
CVE-2019-13751 CVE-2019-17594 CVE-2019-17595
CVE-2019-18218 CVE-2019-19603 CVE-2019-20838
CVE-2020-12762 CVE-2020-13435 CVE-2020-14155
CVE-2020-16135 CVE-2020-24370 CVE-2020-27304
CVE-2021-3200 CVE-2021-3445 CVE-2021-3580
CVE-2021-3749 CVE-2021-3800 CVE-2021-3801
CVE-2021-20231 CVE-2021-20232 CVE-2021-20266
CVE-2021-22876 CVE-2021-22898 CVE-2021-22925
CVE-2021-23343 CVE-2021-23840 CVE-2021-23841
CVE-2021-27645 CVE-2021-28153 CVE-2021-29923
CVE-2021-32690 CVE-2021-33560 CVE-2021-33574
CVE-2021-35942 CVE-2021-36084 CVE-2021-36085
CVE-2021-36086 CVE-2021-36087 CVE-2021-39293
=====================================================================
1. Summary:
Updated images are now available for Red Hat Advanced Cluster Security for
Kubernetes (RHACS).
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Description:
The release of RHACS 3.67 provides the following new features, bug fixes,
security patches and system changes:
OpenShift Dedicated support
RHACS 3.67 is thoroughly tested and supported on OpenShift Dedicated on
Amazon Web Services and Google Cloud Platform.
1. Use OpenShift OAuth server as an identity provider
If you are using RHACS with OpenShift, you can now configure the built-in
OpenShift OAuth server as an identity provider for RHACS.
2. Enhancements for CI outputs
Red Hat has improved the usability of RHACS CI integrations. CI outputs now
show additional detailed information about the vulnerabilities and the
security policies responsible for broken builds.
3. Runtime Class policy criteria
Users can now use RHACS to define the container runtime configuration that
may be used to run a pod’s containers using the Runtime Class policy
criteria.
Security Fix(es):
* civetweb: directory traversal when using the built-in example HTTP
form-based file upload mechanism via the mg_handle_form_request API
(CVE-2020-27304)
* nodejs-axios: Regular expression denial of service in trim function
(CVE-2021-3749)
* nodejs-prismjs: ReDoS vulnerability (CVE-2021-3801)
* golang: net: incorrect parsing of extraneous zero characters at the
beginning of an IP address octet (CVE-2021-29923)
* helm: information disclosure vulnerability (CVE-2021-32690)
* golang: archive/zip: malformed archive may cause panic or memory
exhaustion (incomplete fix of CVE-2021-33196) (CVE-2021-39293)
* nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe
(CVE-2021-23343)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fixes
The release of RHACS 3.67 includes the following bug fixes:
1. Previously, when using RHACS with the Compliance Operator integration,
RHACS did not respect or populate Compliance Operator TailoredProfiles.
This has been fixed.
2. Previously, the Alpine Linux package manager (APK) in Image policy
looked for the presence of apk package in the image rather than the
apk-tools package. This issue has been fixed.
System changes
The release of RHACS 3.67 includes the following system changes:
1. Scanner now identifies vulnerabilities in Ubuntu 21.10 images.
2. The Port exposure method policy criteria now include route as an
exposure method.
3. The OpenShift: Kubeadmin Secret Accessed security policy now allows the
OpenShift Compliance Operator to check for the existence of the Kubeadmin
secret without creating a violation.
4. The OpenShift Compliance Operator integration now supports using
TailoredProfiles.
5. The RHACS Jenkins plugin now provides additional security information.
6. When you enable the environment variable ROX_NETWORK_ACCESS_LOG for
Central, the logs contain the Request URI and X-Forwarded-For header
values.
7. The default uid:gid pair for the Scanner image is now 65534:65534.
8. RHACS adds a new default Scope Manager role that includes minimum
permissions to create and modify access scopes.
9. If microdnf is part of an image or shows up in process execution, RHACS
reports it as a security violation for the Red Hat Package Manager in Image
or the Red Hat Package Manager Execution security policies.
10. In addition to manually uploading vulnerability definitions in offline
mode, you can now upload definitions in online mode.
11. You can now format the output of the following roxctl CLI commands in
table, csv, or JSON format: image scan, image check & deployment check
12. You can now use a regular expression for the deployment name while
specifying policy exclusions
3. Solution:
To take advantage of these new features, fixes and changes, please upgrade
Red Hat Advanced Cluster Security for Kubernetes to version 3.67.
4. Bugs fixed (https://bugzilla.redhat.com/):
1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe
1978144 - CVE-2021-32690 helm: information disclosure vulnerability
1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet
1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function
2005445 - CVE-2021-3801 nodejs-prismjs: ReDoS vulnerability
2006044 - CVE-2021-39293 golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196)
2016640 - CVE-2020-27304 civetweb: directory traversal when using the built-in example HTTP form-based file upload mechanism via the mg_handle_form_request API
5. JIRA issues fixed (https://issues.jboss.org/):
RHACS-65 - Release RHACS 3.67.0
6. References:
https://access.redhat.com/security/cve/CVE-2018-20673
https://access.redhat.com/security/cve/CVE-2019-5827
https://access.redhat.com/security/cve/CVE-2019-13750
https://access.redhat.com/security/cve/CVE-2019-13751
https://access.redhat.com/security/cve/CVE-2019-17594
https://access.redhat.com/security/cve/CVE-2019-17595
https://access.redhat.com/security/cve/CVE-2019-18218
https://access.redhat.com/security/cve/CVE-2019-19603
https://access.redhat.com/security/cve/CVE-2019-20838
https://access.redhat.com/security/cve/CVE-2020-12762
https://access.redhat.com/security/cve/CVE-2020-13435
https://access.redhat.com/security/cve/CVE-2020-14155
https://access.redhat.com/security/cve/CVE-2020-16135
https://access.redhat.com/security/cve/CVE-2020-24370
https://access.redhat.com/security/cve/CVE-2020-27304
https://access.redhat.com/security/cve/CVE-2021-3200
https://access.redhat.com/security/cve/CVE-2021-3445
https://access.redhat.com/security/cve/CVE-2021-3580
https://access.redhat.com/security/cve/CVE-2021-3749
https://access.redhat.com/security/cve/CVE-2021-3800
https://access.redhat.com/security/cve/CVE-2021-3801
https://access.redhat.com/security/cve/CVE-2021-20231
https://access.redhat.com/security/cve/CVE-2021-20232
https://access.redhat.com/security/cve/CVE-2021-20266
https://access.redhat.com/security/cve/CVE-2021-22876
https://access.redhat.com/security/cve/CVE-2021-22898
https://access.redhat.com/security/cve/CVE-2021-22925
https://access.redhat.com/security/cve/CVE-2021-23343
https://access.redhat.com/security/cve/CVE-2021-23840
https://access.redhat.com/security/cve/CVE-2021-23841
https://access.redhat.com/security/cve/CVE-2021-27645
https://access.redhat.com/security/cve/CVE-2021-28153
https://access.redhat.com/security/cve/CVE-2021-29923
https://access.redhat.com/security/cve/CVE-2021-32690
https://access.redhat.com/security/cve/CVE-2021-33560
https://access.redhat.com/security/cve/CVE-2021-33574
https://access.redhat.com/security/cve/CVE-2021-35942
https://access.redhat.com/security/cve/CVE-2021-36084
https://access.redhat.com/security/cve/CVE-2021-36085
https://access.redhat.com/security/cve/CVE-2021-36086
https://access.redhat.com/security/cve/CVE-2021-36087
https://access.redhat.com/security/cve/CVE-2021-39293
https://access.redhat.com/security/updates/classification/#moderate
7. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYafeGdzjgjWX9erEAQgZ8Q/9H5ov4ZfKZszdJu0WvRMetEt6DMU2RTZr
Kjv4h4FnmsMDYYDocnkFvsRjcpdGxtoUShAqD6+FrTNXjPtA/v1tsQTJzhg4o50w
tKa9T4aHfrYXjGvWgQXJJEGmGaYMYePUOv77x6pLfMB+FmgfOtb8kzOdNzAtqX3e
lq8b2DrQuPSRiWkUgFM2hmS7OtUsqTIShqWu67HJdOY74qDN4DGp7GnG6inCrUjV
x4/4X5Fb7JrAYiy57C5eZwYW61HmrG7YHk9SZTRYgRW0rfgLncVsny4lX1871Ch2
e8ttu0EJFM1EJyuCJwJd1Q+rhua6S1VSY+etLUuaYme5DtvozLXQTLUK31qAq/hK
qnLYQjaSieea9j1dV6YNHjnvV0XGczyZYwzmys/CNVUxwvSHr1AJGmQ3zDeOt7Qz
vguWmPzyiob3RtHjfUlUpPYeI6HVug801YK6FAoB9F2BW2uHVgbtKOwG5pl5urJt
G4taizPtH8uJj5hem5nHnSE1sVGTiStb4+oj2LQonRkgLQ2h7tsX8Z8yWM/3TwUT
PTBX9AIHwt8aCx7XxTeEIs0H9B1T9jYfy06o9H2547un9sBoT0Sm7fqKuJKic8N/
pJ2kXBiVJ9B4G+JjWe8rh1oC1yz5Q5/5HZ19VYBjHhYEhX4s9s2YsF1L1uMoT3NN
T0pPNmsPGZY=
=ux5P
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
. Bugs fixed (https://bugzilla.redhat.com/):
1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option
1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option
5. Solution:
See the Red Hat OpenShift Container Platform 4.6 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index
See the Red Hat OpenShift Container Platform 4.7 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index
See the Red Hat OpenShift Container Platform 4.8 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index
See the Red Hat OpenShift Container Platform 4.9 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index
4
VAR-202109-1357 | CVE-2021-30744 | plural Apple Cross-site scripting vulnerability in the product |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting. plural Apple A cross-site scripting vulnerability exists in the product.Information may be obtained and information may be tampered with. A remote attacker could exploit this vulnerability to trick a victim into clicking a specially crafted link and execute arbitrary HTML and script code in the user's browser. The following products and versions are affected: WebKitGTK+: 2.30.0, 2.30.1, 2.30.2, 2.30.3, 2.30.4, 2.30.5, 2.30.6, 2.31.1, 2.31.90, 2.31.91, 2.32 .0, 2.32.1. A security issue has been found in WebKitGTK and WPE WebKit prior to 2.32.3.
Installation note:
This update may be obtained from the Mac App Store. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-05-25-7 tvOS 14.6
tvOS 14.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212532.
Audio
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30707: hjy79425575 working with Trend Micro Zero Day
Initiative
Audio
Available for: Apple TV 4K and Apple TV HD
Impact: Parsing a maliciously crafted audio file may lead to
disclosure of user information
Description: This issue was addressed with improved checks.
CVE-2021-30685: Mickey Jin (@patch1t) of Trend Micro
CoreAudio
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted audio file may disclose
restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30686: Mickey Jin of Trend Micro
Crash Reporter
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to modify protected parts
of the file system
Description: A logic issue was addressed with improved state
management.
CVE-2021-30727: Cees Elzinga
CVMS
Available for: Apple TV 4K and Apple TV HD
Impact: A local attacker may be able to elevate their privileges
Description: This issue was addressed with improved checks.
CVE-2021-30724: Mickey Jin (@patch1t) of Trend Micro
Heimdal
Available for: Apple TV 4K and Apple TV HD
Impact: A local user may be able to leak sensitive user information
Description: A logic issue was addressed with improved state
management.
CVE-2021-30697: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may cause a denial of service or
potentially disclose memory contents
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30710: Gabe Kirkpatrick (@gabe_k)
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to disclosure
of user information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30687: Hou JingYi (@hjy79425575) of Qihoo 360
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to disclosure
of user information
Description: This issue was addressed with improved checks.
CVE-2021-30700: Ye Zhang(@co0py_Cat) of Baidu Security
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-30701: Mickey Jin (@patch1t) of Trend Micro and Ye Zhang of
Baidu Security
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted ASTC file may disclose
memory contents
Description: This issue was addressed with improved checks.
CVE-2021-30705: Ye Zhang of Baidu Security
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A logic issue was addressed with improved validation.
CVE-2021-30740: Linus Henze (pinauten.de)
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-30704: an anonymous researcher
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted message may lead to a denial
of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-30715: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2021-30736: Ian Beer of Google Project Zero
LaunchServices
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to break out of its
sandbox
Description: This issue was addressed with improved environment
sanitization.
CVE-2021-30677: Ron Waisberg (@epsilan)
Security
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue in the ASN.1 decoder was
addressed by removing the vulnerable code.
CVE-2021-30737: xerub
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited.
CVE-2021-30744: Dan Hite of jsontop
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-21779: Marcin Towalski of Cisco Talos
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to leak sensitive user
information
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30689: an anonymous researcher
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2021-30749: an anonymous researcher and mipu94 of SEFCOM lab,
ASU. working with Trend Micro Zero Day Initiative
CVE-2021-30734: Jack Dates of RET2 Systems, Inc. (@ret2systems)
working with Trend Micro Zero Day Initiative
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious website may be able to access restricted ports on
arbitrary servers
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30720: David Schütz (@xdavidhu)
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited.
CVE-2021-30663: an anonymous researcher
Additional recognition
ImageIO
We would like to acknowledge Jzhu working with Trend Micro Zero Day
Initiative and an anonymous researcher for their assistance.
WebKit
We would like to acknowledge Chris Salls (@salls) of Makai Security
for their assistance.
Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software."
To check the current version of software, select
"Settings -> General -> About."
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCtU9MACgkQZcsbuWJ6
jjBzuhAAmXJik2L+PmRMzs6dd1QcCSwHYi0KLG0ERapHKJsFcm5+xpv87a4AFO4p
3E6+5w9wQSWVEsQG1PIvuyV3M81xuu8xY88tAD1ce1qGA4Dny4E7RU08Y0l43j/x
d1RemCf0TjwYpvX34/GaOspxFQYnRo1gWsU1v7bieF8vMHZmUOlgiNep0UEG3Kuq
7IAAsfzWS43a+nkefSDWEujMNwbg1SZKua/+BXgZC7AOXdAHItqyNBFIerUc2uSf
ReHLZ5BNBKw9OsL9qoJsiLCmwxKrpUTzpQahu2gybZf65nza6QPOTohqqWq79EOD
mIqOW4SQ5mVSrzMh+GB9EovMY+l5YgyHwObTUjRW+4znLU7fqNXBgwzgWoIpJdF0
rpkjP3phOGXZWwiBhRmm5iYI08HFoBfF+EoPFN5Ucl7ZWz2uF0bQlbp3yqRoGRaO
ZWY2LzPIdP5zSq7rqXDaVnNFuKF93J4ouZZwVMXA4yf5wmQ3silIeJlvxxphlet8
oXv2pkewq9A81RGMlgMDZMvawQvPGkOVgeBm1coajN1swNY8esW7N6J1+rtDL0mI
sulaGZCeSM9ndg5VRU2lpClFdGEUZXT2hZ8NoMV6jj48c0gZBW3M82snGD4zeRqM
dcezqg6o22ZxpogRJuRf41Y87ktE5o73wgj0xu72MQoxK86+Ek0=
=BeQR
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: GNOME security, bug fix, and enhancement update
Advisory ID: RHSA-2021:4381-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:4381
Issue date: 2021-11-09
CVE Names: CVE-2020-13558 CVE-2020-24870 CVE-2020-27918
CVE-2020-29623 CVE-2020-36241 CVE-2021-1765
CVE-2021-1788 CVE-2021-1789 CVE-2021-1799
CVE-2021-1801 CVE-2021-1844 CVE-2021-1870
CVE-2021-1871 CVE-2021-21775 CVE-2021-21779
CVE-2021-21806 CVE-2021-28650 CVE-2021-30663
CVE-2021-30665 CVE-2021-30682 CVE-2021-30689
CVE-2021-30720 CVE-2021-30734 CVE-2021-30744
CVE-2021-30749 CVE-2021-30758 CVE-2021-30795
CVE-2021-30797 CVE-2021-30799
====================================================================
1. Summary:
An update for GNOME is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64
3. Description:
GNOME is the default desktop environment of Red Hat Enterprise Linux.
The following packages have been upgraded to a later upstream version: gdm
(40.0), webkit2gtk3 (2.32.3). (BZ#1909300)
Security Fix(es):
* webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to
arbitrary code execution (CVE-2020-13558)
* LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in
identify.cpp (CVE-2020-24870)
* webkitgtk: Use-after-free leading to arbitrary code execution
(CVE-2020-27918)
* webkitgtk: IFrame sandboxing policy violation (CVE-2021-1765)
* webkitgtk: Use-after-free leading to arbitrary code execution
(CVE-2021-1788)
* webkitgtk: Type confusion issue leading to arbitrary code execution
(CVE-2021-1789)
* webkitgtk: Access to restricted ports on arbitrary servers via port
redirection (CVE-2021-1799)
* webkitgtk: IFrame sandboxing policy violation (CVE-2021-1801)
* webkitgtk: Memory corruption issue leading to arbitrary code execution
(CVE-2021-1844)
* webkitgtk: Logic issue leading to arbitrary code execution
(CVE-2021-1870)
* webkitgtk: Logic issue leading to arbitrary code execution
(CVE-2021-1871)
* webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent
leading to information leak and possibly code execution (CVE-2021-21775)
* webkitgtk: Use-after-free in WebCore::GraphicsContext leading to
information leak and possibly code execution (CVE-2021-21779)
* webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code
execution (CVE-2021-21806)
* webkitgtk: Integer overflow leading to arbitrary code execution
(CVE-2021-30663)
* webkitgtk: Memory corruption leading to arbitrary code execution
(CVE-2021-30665)
* webkitgtk: Logic issue leading to leak of sensitive user information
(CVE-2021-30682)
* webkitgtk: Logic issue leading to universal cross site scripting attack
(CVE-2021-30689)
* webkitgtk: Logic issue allowing access to restricted ports on arbitrary
servers (CVE-2021-30720)
* webkitgtk: Memory corruptions leading to arbitrary code execution
(CVE-2021-30734)
* webkitgtk: Cross-origin issue with iframe elements leading to universal
cross site scripting attack (CVE-2021-30744)
* webkitgtk: Memory corruptions leading to arbitrary code execution
(CVE-2021-30749)
* webkitgtk: Type confusion leading to arbitrary code execution
(CVE-2021-30758)
* webkitgtk: Use-after-free leading to arbitrary code execution
(CVE-2021-30795)
* webkitgtk: Insufficient checks leading to arbitrary code execution
(CVE-2021-30797)
* webkitgtk: Memory corruptions leading to arbitrary code execution
(CVE-2021-30799)
* webkitgtk: User may be unable to fully delete browsing history
(CVE-2020-29623)
* gnome-autoar: Directory traversal via directory symbolic links pointing
outside of the destination directory (CVE-2020-36241)
* gnome-autoar: Directory traversal via directory symbolic links pointing
outside of the destination directory (incomplete CVE-2020-36241 fix)
(CVE-2021-28650)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.5 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
GDM must be restarted for this update to take effect. The GNOME session
must be restarted (log out, then log back in) for this update to take
effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1651378 - [RFE] Provide a mechanism for persistently showing the security level of a machine at login time
1770302 - disable show text in GDM login/lock screen (patched in RHEL 7.8)
1791478 - Cannot completely disable odrs (Gnome Ratings) from the Software application in Gnome Desktop
1813727 - Files copied from NFS4 to Desktop can't be opened
1854679 - [RFE] Disable left edge gesture
1873297 - Gnome-software coredumps when run as root in terminal
1873488 - GTK3 prints errors with overlay scrollbar disabled
1888404 - Updates page hides ongoing updates on refresh
1894613 - [RFE] Re-inclusion of workspace renaming in GNOME 3.
1897932 - JS ERROR: Error: Extension point conflict: there is already a status indicator for role ...
1904139 - Automatic Logout Feature not working
1905000 - Desktop refresh broken after unlock
1909300 - gdm isn't killing the login screen on login after all, should rebase to latest release
1914925 - RFE: add patch to set grub boot_success flag on shutdown/reboot
1924725 - [Wayland] Double-touch desktop icons fails sometimes
1925640 - CVE-2020-36241 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory
1928794 - CVE-2020-24870 LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp
1928886 - CVE-2020-13558 webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution
1935261 - [RFE] Enable connecting to WiFI and VPN connections at the GDM login
1937416 - Rebase WebKitGTK to 2.32
1937866 - Unable to disable onscreen keyboard in touch screen machine [rhel-8.5.0]
1938937 - Mutter: mouse click doesn't work when using 10-bit graphic monitor [rhel-8.5.0]
1940026 - CVE-2021-28650 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix)
1944323 - CVE-2020-27918 webkitgtk: Use-after-free leading to arbitrary code execution
1944329 - CVE-2020-29623 webkitgtk: User may be unable to fully delete browsing history
1944333 - CVE-2021-1765 webkitgtk: IFrame sandboxing policy violation
1944337 - CVE-2021-1789 webkitgtk: Type confusion issue leading to arbitrary code execution
1944340 - CVE-2021-1799 webkitgtk: Access to restricted ports on arbitrary servers via port redirection
1944343 - CVE-2021-1801 webkitgtk: IFrame sandboxing policy violation
1944350 - CVE-2021-1870 webkitgtk: Logic issue leading to arbitrary code execution
1944859 - CVE-2021-1788 webkitgtk: Use-after-free leading to arbitrary code execution
1944862 - CVE-2021-1844 webkitgtk: Memory corruption issue leading to arbitrary code execution
1944867 - CVE-2021-1871 webkitgtk: Logic issue leading to arbitrary code execution
1949176 - GNOME Shell on Wayland does not generate xauth data, needed for X forwarding over SSH
1951086 - Disable the Facebook provider
1952136 - Disable the Foursquare provider
1955754 - gnome-session kiosk-session support still isn't up to muster
1957705 - RFE: make gnome-calculator internet access attemps configurable system-wide
1960705 - Vino nonfunctional in FIPS mode
1962049 - [Hyper-V][RHEL8.5]gdm: Guest with 1 vcpu start GUI failed on Hyper-V
1971507 - gnome-shell JS ERROR Error calling onComplete: TypeError this._dialog.actor is undefined _hideLockScreenComplete updateTweens
1971534 - gnome-shell[2343]: gsignal.c:2642: instance '0x5583c61f9280' has no handler with id '23831'
1972545 - flatpak: Prefer runtime from the same origin as the application
1978287 - gnome-shell to include / Documented - PolicyKit-authentication-agent
1978505 - Gnome Software development package is missing important header files.
1978612 - pt_BR translations for "Register System" panel
1980441 - CVE-2021-21806 webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution
1980661 - "Screen Lock disabled" notification appears on first login after disabling gdm and notification pop-up.
1981420 - Improve style of overview close buttons
1986863 - CVE-2021-21775 webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution
1986866 - CVE-2021-21779 webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution
1986872 - CVE-2021-30663 webkitgtk: Integer overflow leading to arbitrary code execution
1986874 - CVE-2021-30665 webkitgtk: Memory corruption leading to arbitrary code execution
1986879 - CVE-2021-30682 webkitgtk: Logic issue leading to leak of sensitive user information
1986881 - CVE-2021-30689 webkitgtk: Logic issue leading to universal cross site scripting attack
1986883 - CVE-2021-30720 webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers
1986886 - CVE-2021-30734 webkitgtk: Memory corruptions leading to arbitrary code execution
1986888 - CVE-2021-30744 webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack
1986890 - CVE-2021-30749 webkitgtk: Memory corruptions leading to arbitrary code execution
1986892 - CVE-2021-30758 webkitgtk: Type confusion leading to arbitrary code execution
1986900 - CVE-2021-30795 webkitgtk: Use-after-free leading to arbitrary code execution
1986902 - CVE-2021-30797 webkitgtk: Insufficient checks leading to arbitrary code execution
1986906 - CVE-2021-30799 webkitgtk: Memory corruptions leading to arbitrary code execution
1987233 - [RHEL8.5]Login screen shows dots when entering username
1989035 - terminal don't redraw if partially off screen
1998989 - [RHEL8.5] [Hyper-V]Cannot display GUI after installed RHEL8.5 recent build
1999120 - Gnome file manager crashes Xwayland/Desktop on drag/drop of files
2004170 - Unable to login to session via xdmcp
6. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source:
LibRaw-0.19.5-3.el8.src.rpm
accountsservice-0.6.55-2.el8.src.rpm
gdm-40.0-15.el8.src.rpm
gnome-autoar-0.2.3-2.el8.src.rpm
gnome-calculator-3.28.2-2.el8.src.rpm
gnome-control-center-3.28.2-28.el8.src.rpm
gnome-online-accounts-3.28.2-3.el8.src.rpm
gnome-session-3.28.1-13.el8.src.rpm
gnome-settings-daemon-3.32.0-16.el8.src.rpm
gnome-shell-3.32.2-40.el8.src.rpm
gnome-shell-extensions-3.32.1-20.el8.src.rpm
gnome-software-3.36.1-10.el8.src.rpm
gtk3-3.22.30-8.el8.src.rpm
mutter-3.32.2-60.el8.src.rpm
vino-3.22.0-11.el8.src.rpm
webkit2gtk3-2.32.3-2.el8.src.rpm
aarch64:
accountsservice-0.6.55-2.el8.aarch64.rpm
accountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm
accountsservice-debugsource-0.6.55-2.el8.aarch64.rpm
accountsservice-libs-0.6.55-2.el8.aarch64.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm
gdm-40.0-15.el8.aarch64.rpm
gdm-debuginfo-40.0-15.el8.aarch64.rpm
gdm-debugsource-40.0-15.el8.aarch64.rpm
gnome-autoar-0.2.3-2.el8.aarch64.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.aarch64.rpm
gnome-autoar-debugsource-0.2.3-2.el8.aarch64.rpm
gnome-calculator-3.28.2-2.el8.aarch64.rpm
gnome-calculator-debuginfo-3.28.2-2.el8.aarch64.rpm
gnome-calculator-debugsource-3.28.2-2.el8.aarch64.rpm
gnome-control-center-3.28.2-28.el8.aarch64.rpm
gnome-control-center-debuginfo-3.28.2-28.el8.aarch64.rpm
gnome-control-center-debugsource-3.28.2-28.el8.aarch64.rpm
gnome-online-accounts-3.28.2-3.el8.aarch64.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.aarch64.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.aarch64.rpm
gnome-online-accounts-devel-3.28.2-3.el8.aarch64.rpm
gnome-session-3.28.1-13.el8.aarch64.rpm
gnome-session-debuginfo-3.28.1-13.el8.aarch64.rpm
gnome-session-debugsource-3.28.1-13.el8.aarch64.rpm
gnome-session-kiosk-session-3.28.1-13.el8.aarch64.rpm
gnome-session-wayland-session-3.28.1-13.el8.aarch64.rpm
gnome-session-xsession-3.28.1-13.el8.aarch64.rpm
gnome-settings-daemon-3.32.0-16.el8.aarch64.rpm
gnome-settings-daemon-debuginfo-3.32.0-16.el8.aarch64.rpm
gnome-settings-daemon-debugsource-3.32.0-16.el8.aarch64.rpm
gnome-shell-3.32.2-40.el8.aarch64.rpm
gnome-shell-debuginfo-3.32.2-40.el8.aarch64.rpm
gnome-shell-debugsource-3.32.2-40.el8.aarch64.rpm
gnome-software-3.36.1-10.el8.aarch64.rpm
gnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm
gnome-software-debugsource-3.36.1-10.el8.aarch64.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.aarch64.rpm
gtk-update-icon-cache-3.22.30-8.el8.aarch64.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-3.22.30-8.el8.aarch64.rpm
gtk3-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-debugsource-3.22.30-8.el8.aarch64.rpm
gtk3-devel-3.22.30-8.el8.aarch64.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-immodule-xim-3.22.30-8.el8.aarch64.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.aarch64.rpm
mutter-3.32.2-60.el8.aarch64.rpm
mutter-debuginfo-3.32.2-60.el8.aarch64.rpm
mutter-debugsource-3.32.2-60.el8.aarch64.rpm
mutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm
vino-3.22.0-11.el8.aarch64.rpm
vino-debuginfo-3.22.0-11.el8.aarch64.rpm
vino-debugsource-3.22.0-11.el8.aarch64.rpm
webkit2gtk3-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-devel-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-jsc-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.aarch64.rpm
noarch:
gnome-classic-session-3.32.1-20.el8.noarch.rpm
gnome-control-center-filesystem-3.28.2-28.el8.noarch.rpm
gnome-shell-extension-apps-menu-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-auto-move-windows-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-common-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-dash-to-dock-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-desktop-icons-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-disable-screenshield-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-drive-menu-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-gesture-inhibitor-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-horizontal-workspaces-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-launch-new-instance-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-native-window-placement-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-no-hot-corner-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-panel-favorites-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-places-menu-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-screenshot-window-sizer-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-systemMonitor-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-top-icons-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-updates-dialog-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-user-theme-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-window-grouper-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-window-list-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-windowsNavigator-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-workspace-indicator-3.32.1-20.el8.noarch.rpm
ppc64le:
LibRaw-0.19.5-3.el8.ppc64le.rpm
LibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm
LibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm
accountsservice-0.6.55-2.el8.ppc64le.rpm
accountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm
accountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm
accountsservice-libs-0.6.55-2.el8.ppc64le.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm
gdm-40.0-15.el8.ppc64le.rpm
gdm-debuginfo-40.0-15.el8.ppc64le.rpm
gdm-debugsource-40.0-15.el8.ppc64le.rpm
gnome-autoar-0.2.3-2.el8.ppc64le.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.ppc64le.rpm
gnome-autoar-debugsource-0.2.3-2.el8.ppc64le.rpm
gnome-calculator-3.28.2-2.el8.ppc64le.rpm
gnome-calculator-debuginfo-3.28.2-2.el8.ppc64le.rpm
gnome-calculator-debugsource-3.28.2-2.el8.ppc64le.rpm
gnome-control-center-3.28.2-28.el8.ppc64le.rpm
gnome-control-center-debuginfo-3.28.2-28.el8.ppc64le.rpm
gnome-control-center-debugsource-3.28.2-28.el8.ppc64le.rpm
gnome-online-accounts-3.28.2-3.el8.ppc64le.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.ppc64le.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.ppc64le.rpm
gnome-online-accounts-devel-3.28.2-3.el8.ppc64le.rpm
gnome-session-3.28.1-13.el8.ppc64le.rpm
gnome-session-debuginfo-3.28.1-13.el8.ppc64le.rpm
gnome-session-debugsource-3.28.1-13.el8.ppc64le.rpm
gnome-session-kiosk-session-3.28.1-13.el8.ppc64le.rpm
gnome-session-wayland-session-3.28.1-13.el8.ppc64le.rpm
gnome-session-xsession-3.28.1-13.el8.ppc64le.rpm
gnome-settings-daemon-3.32.0-16.el8.ppc64le.rpm
gnome-settings-daemon-debuginfo-3.32.0-16.el8.ppc64le.rpm
gnome-settings-daemon-debugsource-3.32.0-16.el8.ppc64le.rpm
gnome-shell-3.32.2-40.el8.ppc64le.rpm
gnome-shell-debuginfo-3.32.2-40.el8.ppc64le.rpm
gnome-shell-debugsource-3.32.2-40.el8.ppc64le.rpm
gnome-software-3.36.1-10.el8.ppc64le.rpm
gnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm
gnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.ppc64le.rpm
gtk-update-icon-cache-3.22.30-8.el8.ppc64le.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-3.22.30-8.el8.ppc64le.rpm
gtk3-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-debugsource-3.22.30-8.el8.ppc64le.rpm
gtk3-devel-3.22.30-8.el8.ppc64le.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-immodule-xim-3.22.30-8.el8.ppc64le.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.ppc64le.rpm
mutter-3.32.2-60.el8.ppc64le.rpm
mutter-debuginfo-3.32.2-60.el8.ppc64le.rpm
mutter-debugsource-3.32.2-60.el8.ppc64le.rpm
mutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm
vino-3.22.0-11.el8.ppc64le.rpm
vino-debuginfo-3.22.0-11.el8.ppc64le.rpm
vino-debugsource-3.22.0-11.el8.ppc64le.rpm
webkit2gtk3-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-devel-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-jsc-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm
s390x:
accountsservice-0.6.55-2.el8.s390x.rpm
accountsservice-debuginfo-0.6.55-2.el8.s390x.rpm
accountsservice-debugsource-0.6.55-2.el8.s390x.rpm
accountsservice-libs-0.6.55-2.el8.s390x.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm
gdm-40.0-15.el8.s390x.rpm
gdm-debuginfo-40.0-15.el8.s390x.rpm
gdm-debugsource-40.0-15.el8.s390x.rpm
gnome-autoar-0.2.3-2.el8.s390x.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.s390x.rpm
gnome-autoar-debugsource-0.2.3-2.el8.s390x.rpm
gnome-calculator-3.28.2-2.el8.s390x.rpm
gnome-calculator-debuginfo-3.28.2-2.el8.s390x.rpm
gnome-calculator-debugsource-3.28.2-2.el8.s390x.rpm
gnome-control-center-3.28.2-28.el8.s390x.rpm
gnome-control-center-debuginfo-3.28.2-28.el8.s390x.rpm
gnome-control-center-debugsource-3.28.2-28.el8.s390x.rpm
gnome-online-accounts-3.28.2-3.el8.s390x.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.s390x.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.s390x.rpm
gnome-online-accounts-devel-3.28.2-3.el8.s390x.rpm
gnome-session-3.28.1-13.el8.s390x.rpm
gnome-session-debuginfo-3.28.1-13.el8.s390x.rpm
gnome-session-debugsource-3.28.1-13.el8.s390x.rpm
gnome-session-kiosk-session-3.28.1-13.el8.s390x.rpm
gnome-session-wayland-session-3.28.1-13.el8.s390x.rpm
gnome-session-xsession-3.28.1-13.el8.s390x.rpm
gnome-settings-daemon-3.32.0-16.el8.s390x.rpm
gnome-settings-daemon-debuginfo-3.32.0-16.el8.s390x.rpm
gnome-settings-daemon-debugsource-3.32.0-16.el8.s390x.rpm
gnome-shell-3.32.2-40.el8.s390x.rpm
gnome-shell-debuginfo-3.32.2-40.el8.s390x.rpm
gnome-shell-debugsource-3.32.2-40.el8.s390x.rpm
gnome-software-3.36.1-10.el8.s390x.rpm
gnome-software-debuginfo-3.36.1-10.el8.s390x.rpm
gnome-software-debugsource-3.36.1-10.el8.s390x.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.s390x.rpm
gtk-update-icon-cache-3.22.30-8.el8.s390x.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-3.22.30-8.el8.s390x.rpm
gtk3-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-debugsource-3.22.30-8.el8.s390x.rpm
gtk3-devel-3.22.30-8.el8.s390x.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-immodule-xim-3.22.30-8.el8.s390x.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.s390x.rpm
mutter-3.32.2-60.el8.s390x.rpm
mutter-debuginfo-3.32.2-60.el8.s390x.rpm
mutter-debugsource-3.32.2-60.el8.s390x.rpm
mutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm
vino-3.22.0-11.el8.s390x.rpm
vino-debuginfo-3.22.0-11.el8.s390x.rpm
vino-debugsource-3.22.0-11.el8.s390x.rpm
webkit2gtk3-2.32.3-2.el8.s390x.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.s390x.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.s390x.rpm
webkit2gtk3-devel-2.32.3-2.el8.s390x.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.s390x.rpm
webkit2gtk3-jsc-2.32.3-2.el8.s390x.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.s390x.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.s390x.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.s390x.rpm
x86_64:
LibRaw-0.19.5-3.el8.i686.rpm
LibRaw-0.19.5-3.el8.x86_64.rpm
LibRaw-debuginfo-0.19.5-3.el8.i686.rpm
LibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm
LibRaw-debugsource-0.19.5-3.el8.i686.rpm
LibRaw-debugsource-0.19.5-3.el8.x86_64.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm
accountsservice-0.6.55-2.el8.x86_64.rpm
accountsservice-debuginfo-0.6.55-2.el8.i686.rpm
accountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm
accountsservice-debugsource-0.6.55-2.el8.i686.rpm
accountsservice-debugsource-0.6.55-2.el8.x86_64.rpm
accountsservice-libs-0.6.55-2.el8.i686.rpm
accountsservice-libs-0.6.55-2.el8.x86_64.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm
gdm-40.0-15.el8.i686.rpm
gdm-40.0-15.el8.x86_64.rpm
gdm-debuginfo-40.0-15.el8.i686.rpm
gdm-debuginfo-40.0-15.el8.x86_64.rpm
gdm-debugsource-40.0-15.el8.i686.rpm
gdm-debugsource-40.0-15.el8.x86_64.rpm
gnome-autoar-0.2.3-2.el8.i686.rpm
gnome-autoar-0.2.3-2.el8.x86_64.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.i686.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.x86_64.rpm
gnome-autoar-debugsource-0.2.3-2.el8.i686.rpm
gnome-autoar-debugsource-0.2.3-2.el8.x86_64.rpm
gnome-calculator-3.28.2-2.el8.x86_64.rpm
gnome-calculator-debuginfo-3.28.2-2.el8.x86_64.rpm
gnome-calculator-debugsource-3.28.2-2.el8.x86_64.rpm
gnome-control-center-3.28.2-28.el8.x86_64.rpm
gnome-control-center-debuginfo-3.28.2-28.el8.x86_64.rpm
gnome-control-center-debugsource-3.28.2-28.el8.x86_64.rpm
gnome-online-accounts-3.28.2-3.el8.i686.rpm
gnome-online-accounts-3.28.2-3.el8.x86_64.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.i686.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.x86_64.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.i686.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.x86_64.rpm
gnome-online-accounts-devel-3.28.2-3.el8.i686.rpm
gnome-online-accounts-devel-3.28.2-3.el8.x86_64.rpm
gnome-session-3.28.1-13.el8.x86_64.rpm
gnome-session-debuginfo-3.28.1-13.el8.x86_64.rpm
gnome-session-debugsource-3.28.1-13.el8.x86_64.rpm
gnome-session-kiosk-session-3.28.1-13.el8.x86_64.rpm
gnome-session-wayland-session-3.28.1-13.el8.x86_64.rpm
gnome-session-xsession-3.28.1-13.el8.x86_64.rpm
gnome-settings-daemon-3.32.0-16.el8.x86_64.rpm
gnome-settings-daemon-debuginfo-3.32.0-16.el8.x86_64.rpm
gnome-settings-daemon-debugsource-3.32.0-16.el8.x86_64.rpm
gnome-shell-3.32.2-40.el8.x86_64.rpm
gnome-shell-debuginfo-3.32.2-40.el8.x86_64.rpm
gnome-shell-debugsource-3.32.2-40.el8.x86_64.rpm
gnome-software-3.36.1-10.el8.x86_64.rpm
gnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm
gnome-software-debugsource-3.36.1-10.el8.x86_64.rpm
gsettings-desktop-schemas-3.32.0-6.el8.i686.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.i686.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.x86_64.rpm
gtk-update-icon-cache-3.22.30-8.el8.x86_64.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.i686.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-3.22.30-8.el8.i686.rpm
gtk3-3.22.30-8.el8.x86_64.rpm
gtk3-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-debugsource-3.22.30-8.el8.i686.rpm
gtk3-debugsource-3.22.30-8.el8.x86_64.rpm
gtk3-devel-3.22.30-8.el8.i686.rpm
gtk3-devel-3.22.30-8.el8.x86_64.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-immodule-xim-3.22.30-8.el8.x86_64.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.x86_64.rpm
mutter-3.32.2-60.el8.i686.rpm
mutter-3.32.2-60.el8.x86_64.rpm
mutter-debuginfo-3.32.2-60.el8.i686.rpm
mutter-debuginfo-3.32.2-60.el8.x86_64.rpm
mutter-debugsource-3.32.2-60.el8.i686.rpm
mutter-debugsource-3.32.2-60.el8.x86_64.rpm
mutter-tests-debuginfo-3.32.2-60.el8.i686.rpm
mutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm
vino-3.22.0-11.el8.x86_64.rpm
vino-debuginfo-3.22.0-11.el8.x86_64.rpm
vino-debugsource-3.22.0-11.el8.x86_64.rpm
webkit2gtk3-2.32.3-2.el8.i686.rpm
webkit2gtk3-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.i686.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.i686.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-devel-2.32.3-2.el8.i686.rpm
webkit2gtk3-devel-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.i686.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-jsc-2.32.3-2.el8.i686.rpm
webkit2gtk3-jsc-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.i686.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.i686.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.i686.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 8):
Source:
gsettings-desktop-schemas-3.32.0-6.el8.src.rpm
aarch64:
gsettings-desktop-schemas-3.32.0-6.el8.aarch64.rpm
ppc64le:
gsettings-desktop-schemas-3.32.0-6.el8.ppc64le.rpm
s390x:
gsettings-desktop-schemas-3.32.0-6.el8.s390x.rpm
x86_64:
gsettings-desktop-schemas-3.32.0-6.el8.x86_64.rpm
Red Hat Enterprise Linux CRB (v. 8):
aarch64:
accountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm
accountsservice-debugsource-0.6.55-2.el8.aarch64.rpm
accountsservice-devel-0.6.55-2.el8.aarch64.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm
gnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm
gnome-software-debugsource-3.36.1-10.el8.aarch64.rpm
gnome-software-devel-3.36.1-10.el8.aarch64.rpm
mutter-debuginfo-3.32.2-60.el8.aarch64.rpm
mutter-debugsource-3.32.2-60.el8.aarch64.rpm
mutter-devel-3.32.2-60.el8.aarch64.rpm
mutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm
ppc64le:
LibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm
LibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm
LibRaw-devel-0.19.5-3.el8.ppc64le.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm
accountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm
accountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm
accountsservice-devel-0.6.55-2.el8.ppc64le.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm
gnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm
gnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm
gnome-software-devel-3.36.1-10.el8.ppc64le.rpm
mutter-debuginfo-3.32.2-60.el8.ppc64le.rpm
mutter-debugsource-3.32.2-60.el8.ppc64le.rpm
mutter-devel-3.32.2-60.el8.ppc64le.rpm
mutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm
s390x:
accountsservice-debuginfo-0.6.55-2.el8.s390x.rpm
accountsservice-debugsource-0.6.55-2.el8.s390x.rpm
accountsservice-devel-0.6.55-2.el8.s390x.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm
gnome-software-debuginfo-3.36.1-10.el8.s390x.rpm
gnome-software-debugsource-3.36.1-10.el8.s390x.rpm
gnome-software-devel-3.36.1-10.el8.s390x.rpm
mutter-debuginfo-3.32.2-60.el8.s390x.rpm
mutter-debugsource-3.32.2-60.el8.s390x.rpm
mutter-devel-3.32.2-60.el8.s390x.rpm
mutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm
x86_64:
LibRaw-debuginfo-0.19.5-3.el8.i686.rpm
LibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm
LibRaw-debugsource-0.19.5-3.el8.i686.rpm
LibRaw-debugsource-0.19.5-3.el8.x86_64.rpm
LibRaw-devel-0.19.5-3.el8.i686.rpm
LibRaw-devel-0.19.5-3.el8.x86_64.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm
accountsservice-debuginfo-0.6.55-2.el8.i686.rpm
accountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm
accountsservice-debugsource-0.6.55-2.el8.i686.rpm
accountsservice-debugsource-0.6.55-2.el8.x86_64.rpm
accountsservice-devel-0.6.55-2.el8.i686.rpm
accountsservice-devel-0.6.55-2.el8.x86_64.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm
gnome-software-3.36.1-10.el8.i686.rpm
gnome-software-debuginfo-3.36.1-10.el8.i686.rpm
gnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm
gnome-software-debugsource-3.36.1-10.el8.i686.rpm
gnome-software-debugsource-3.36.1-10.el8.x86_64.rpm
gnome-software-devel-3.36.1-10.el8.i686.rpm
gnome-software-devel-3.36.1-10.el8.x86_64.rpm
mutter-debuginfo-3.32.2-60.el8.i686.rpm
mutter-debuginfo-3.32.2-60.el8.x86_64.rpm
mutter-debugsource-3.32.2-60.el8.i686.rpm
mutter-debugsource-3.32.2-60.el8.x86_64.rpm
mutter-devel-3.32.2-60.el8.i686.rpm
mutter-devel-3.32.2-60.el8.x86_64.rpm
mutter-tests-debuginfo-3.32.2-60.el8.i686.rpm
mutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-13558
https://access.redhat.com/security/cve/CVE-2020-24870
https://access.redhat.com/security/cve/CVE-2020-27918
https://access.redhat.com/security/cve/CVE-2020-29623
https://access.redhat.com/security/cve/CVE-2020-36241
https://access.redhat.com/security/cve/CVE-2021-1765
https://access.redhat.com/security/cve/CVE-2021-1788
https://access.redhat.com/security/cve/CVE-2021-1789
https://access.redhat.com/security/cve/CVE-2021-1799
https://access.redhat.com/security/cve/CVE-2021-1801
https://access.redhat.com/security/cve/CVE-2021-1844
https://access.redhat.com/security/cve/CVE-2021-1870
https://access.redhat.com/security/cve/CVE-2021-1871
https://access.redhat.com/security/cve/CVE-2021-21775
https://access.redhat.com/security/cve/CVE-2021-21779
https://access.redhat.com/security/cve/CVE-2021-21806
https://access.redhat.com/security/cve/CVE-2021-28650
https://access.redhat.com/security/cve/CVE-2021-30663
https://access.redhat.com/security/cve/CVE-2021-30665
https://access.redhat.com/security/cve/CVE-2021-30682
https://access.redhat.com/security/cve/CVE-2021-30689
https://access.redhat.com/security/cve/CVE-2021-30720
https://access.redhat.com/security/cve/CVE-2021-30734
https://access.redhat.com/security/cve/CVE-2021-30744
https://access.redhat.com/security/cve/CVE-2021-30749
https://access.redhat.com/security/cve/CVE-2021-30758
https://access.redhat.com/security/cve/CVE-2021-30795
https://access.redhat.com/security/cve/CVE-2021-30797
https://access.redhat.com/security/cve/CVE-2021-30799
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. Summary:
The Migration Toolkit for Containers (MTC) 1.6.3 is now available. Description:
The Migration Toolkit for Containers (MTC) enables you to migrate
Kubernetes resources, persistent volume data, and internal container images
between OpenShift Container Platform clusters, using the MTC web console or
the Kubernetes API.
Security Fix(es):
* mig-controller: incorrect namespaces handling may lead to not authorized
usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
2019088 - "MigrationController" CR displays syntax error when unquiescing applications
2021666 - Route name longer than 63 characters causes direct volume migration to fail
2021668 - "MigrationController" CR ignores the "cluster_subdomain" value for direct volume migration routes
2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)
2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image
2027196 - "migration-controller" pod goes into "CrashLoopBackoff" state if an invalid registry route is entered on the "Clusters" page of the web console
2027382 - "Copy oc describe/oc logs" window does not close automatically after timeout
2028841 - "rsync-client" container fails during direct volume migration with "Address family not supported by protocol" error
2031793 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "includedResources" resource
2039852 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "destMigClusterRef" or "srcMigClusterRef"
5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202202-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: WebkitGTK+: Multiple vulnerabilities
Date: February 01, 2022
Bugs: #779175, #801400, #813489, #819522, #820434, #829723,
#831739
ID: 202202-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple vulnerabilities have been found in WebkitGTK+, the worst of
which could result in the arbitrary execution of code.
Background
=========
WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from hybrid
HTML/CSS applications to full-fledged web browsers.
Affected packages
================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.34.4 >= 2.34.4
Description
==========
Multiple vulnerabilities have been discovered in WebkitGTK+. Please
review the CVE identifiers referenced below for details.
Workaround
=========
There is no known workaround at this time.
Resolution
=========
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.34.4"
References
=========
[ 1 ] CVE-2021-30848
https://nvd.nist.gov/vuln/detail/CVE-2021-30848
[ 2 ] CVE-2021-30888
https://nvd.nist.gov/vuln/detail/CVE-2021-30888
[ 3 ] CVE-2021-30682
https://nvd.nist.gov/vuln/detail/CVE-2021-30682
[ 4 ] CVE-2021-30889
https://nvd.nist.gov/vuln/detail/CVE-2021-30889
[ 5 ] CVE-2021-30666
https://nvd.nist.gov/vuln/detail/CVE-2021-30666
[ 6 ] CVE-2021-30665
https://nvd.nist.gov/vuln/detail/CVE-2021-30665
[ 7 ] CVE-2021-30890
https://nvd.nist.gov/vuln/detail/CVE-2021-30890
[ 8 ] CVE-2021-30661
https://nvd.nist.gov/vuln/detail/CVE-2021-30661
[ 9 ] WSA-2021-0005
https://webkitgtk.org/security/WSA-2021-0005.html
[ 10 ] CVE-2021-30761
https://nvd.nist.gov/vuln/detail/CVE-2021-30761
[ 11 ] CVE-2021-30897
https://nvd.nist.gov/vuln/detail/CVE-2021-30897
[ 12 ] CVE-2021-30823
https://nvd.nist.gov/vuln/detail/CVE-2021-30823
[ 13 ] CVE-2021-30734
https://nvd.nist.gov/vuln/detail/CVE-2021-30734
[ 14 ] CVE-2021-30934
https://nvd.nist.gov/vuln/detail/CVE-2021-30934
[ 15 ] CVE-2021-1871
https://nvd.nist.gov/vuln/detail/CVE-2021-1871
[ 16 ] CVE-2021-30762
https://nvd.nist.gov/vuln/detail/CVE-2021-30762
[ 17 ] WSA-2021-0006
https://webkitgtk.org/security/WSA-2021-0006.html
[ 18 ] CVE-2021-30797
https://nvd.nist.gov/vuln/detail/CVE-2021-30797
[ 19 ] CVE-2021-30936
https://nvd.nist.gov/vuln/detail/CVE-2021-30936
[ 20 ] CVE-2021-30663
https://nvd.nist.gov/vuln/detail/CVE-2021-30663
[ 21 ] CVE-2021-1825
https://nvd.nist.gov/vuln/detail/CVE-2021-1825
[ 22 ] CVE-2021-30951
https://nvd.nist.gov/vuln/detail/CVE-2021-30951
[ 23 ] CVE-2021-30952
https://nvd.nist.gov/vuln/detail/CVE-2021-30952
[ 24 ] CVE-2021-1788
https://nvd.nist.gov/vuln/detail/CVE-2021-1788
[ 25 ] CVE-2021-1820
https://nvd.nist.gov/vuln/detail/CVE-2021-1820
[ 26 ] CVE-2021-30953
https://nvd.nist.gov/vuln/detail/CVE-2021-30953
[ 27 ] CVE-2021-30749
https://nvd.nist.gov/vuln/detail/CVE-2021-30749
[ 28 ] CVE-2021-30849
https://nvd.nist.gov/vuln/detail/CVE-2021-30849
[ 29 ] CVE-2021-1826
https://nvd.nist.gov/vuln/detail/CVE-2021-1826
[ 30 ] CVE-2021-30836
https://nvd.nist.gov/vuln/detail/CVE-2021-30836
[ 31 ] CVE-2021-30954
https://nvd.nist.gov/vuln/detail/CVE-2021-30954
[ 32 ] CVE-2021-30984
https://nvd.nist.gov/vuln/detail/CVE-2021-30984
[ 33 ] CVE-2021-30851
https://nvd.nist.gov/vuln/detail/CVE-2021-30851
[ 34 ] CVE-2021-30758
https://nvd.nist.gov/vuln/detail/CVE-2021-30758
[ 35 ] CVE-2021-42762
https://nvd.nist.gov/vuln/detail/CVE-2021-42762
[ 36 ] CVE-2021-1844
https://nvd.nist.gov/vuln/detail/CVE-2021-1844
[ 37 ] CVE-2021-30689
https://nvd.nist.gov/vuln/detail/CVE-2021-30689
[ 38 ] CVE-2021-45482
https://nvd.nist.gov/vuln/detail/CVE-2021-45482
[ 39 ] CVE-2021-30858
https://nvd.nist.gov/vuln/detail/CVE-2021-30858
[ 40 ] CVE-2021-21779
https://nvd.nist.gov/vuln/detail/CVE-2021-21779
[ 41 ] WSA-2021-0004
https://webkitgtk.org/security/WSA-2021-0004.html
[ 42 ] CVE-2021-30846
https://nvd.nist.gov/vuln/detail/CVE-2021-30846
[ 43 ] CVE-2021-30744
https://nvd.nist.gov/vuln/detail/CVE-2021-30744
[ 44 ] CVE-2021-30809
https://nvd.nist.gov/vuln/detail/CVE-2021-30809
[ 45 ] CVE-2021-30884
https://nvd.nist.gov/vuln/detail/CVE-2021-30884
[ 46 ] CVE-2021-30720
https://nvd.nist.gov/vuln/detail/CVE-2021-30720
[ 47 ] CVE-2021-30799
https://nvd.nist.gov/vuln/detail/CVE-2021-30799
[ 48 ] CVE-2021-30795
https://nvd.nist.gov/vuln/detail/CVE-2021-30795
[ 49 ] CVE-2021-1817
https://nvd.nist.gov/vuln/detail/CVE-2021-1817
[ 50 ] CVE-2021-21775
https://nvd.nist.gov/vuln/detail/CVE-2021-21775
[ 51 ] CVE-2021-30887
https://nvd.nist.gov/vuln/detail/CVE-2021-30887
[ 52 ] CVE-2021-21806
https://nvd.nist.gov/vuln/detail/CVE-2021-21806
[ 53 ] CVE-2021-30818
https://nvd.nist.gov/vuln/detail/CVE-2021-30818
Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202202-01
Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
======
Copyright 2022 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4945-1 security@debian.org
https://www.debian.org/security/ Alberto Garcia
July 28, 2021 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : webkit2gtk
CVE ID : CVE-2021-21775 CVE-2021-21779 CVE-2021-30663 CVE-2021-30665
CVE-2021-30689 CVE-2021-30720 CVE-2021-30734 CVE-2021-30744
CVE-2021-30749 CVE-2021-30758 CVE-2021-30795 CVE-2021-30797
CVE-2021-30799
The following vulnerabilities have been discovered in the webkit2gtk
web engine:
CVE-2021-21775
Marcin Towalski discovered that a specially crafted web page can
lead to a potential information leak and further memory
corruption. In order to trigger the vulnerability, a victim must
be tricked into visiting a malicious webpage.
CVE-2021-21779
Marcin Towalski discovered that a specially crafted web page can
lead to a potential information leak and further memory
corruption. In order to trigger the vulnerability, a victim must
be tricked into visiting a malicious webpage.
CVE-2021-30720
David Schutz discovered that a malicious website may be able to
access restricted ports on arbitrary servers.
For the stable distribution (buster), these problems have been fixed in
version 2.32.3-1~deb10u1.
We recommend that you upgrade your webkit2gtk packages
VAR-202109-1389 | CVE-2021-30689 | plural Apple Cross-site scripting vulnerability in the product |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting. plural Apple A cross-site scripting vulnerability exists in the product.Information may be obtained and information may be tampered with. A remote attacker could exploit this vulnerability to perform a cross-site scripting (XSS) attack. The following products and versions are affected: WebKitGTK+: 2.30.0, 2.30.1, 2.30.2, 2.30.3, 2.30.4, 2.30.5, 2.30.6, 2.31.1, 2.31.90, 2.31.91, 2.32 .0, 2.32.1. A security issue has been found in WebKitGTK and WPE WebKit prior to 2.32.3. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4945-1 security@debian.org
https://www.debian.org/security/ Alberto Garcia
July 28, 2021 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : webkit2gtk
CVE ID : CVE-2021-21775 CVE-2021-21779 CVE-2021-30663 CVE-2021-30665
CVE-2021-30689 CVE-2021-30720 CVE-2021-30734 CVE-2021-30744
CVE-2021-30749 CVE-2021-30758 CVE-2021-30795 CVE-2021-30797
CVE-2021-30799
The following vulnerabilities have been discovered in the webkit2gtk
web engine:
CVE-2021-21775
Marcin Towalski discovered that a specially crafted web page can
lead to a potential information leak and further memory
corruption. In order to trigger the vulnerability, a victim must
be tricked into visiting a malicious webpage.
CVE-2021-21779
Marcin Towalski discovered that a specially crafted web page can
lead to a potential information leak and further memory
corruption. In order to trigger the vulnerability, a victim must
be tricked into visiting a malicious webpage.
CVE-2021-30720
David Schutz discovered that a malicious website may be able to
access restricted ports on arbitrary servers.
For the stable distribution (buster), these problems have been fixed in
version 2.32.3-1~deb10u1.
We recommend that you upgrade your webkit2gtk packages. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: GNOME security, bug fix, and enhancement update
Advisory ID: RHSA-2021:4381-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:4381
Issue date: 2021-11-09
CVE Names: CVE-2020-13558 CVE-2020-24870 CVE-2020-27918
CVE-2020-29623 CVE-2020-36241 CVE-2021-1765
CVE-2021-1788 CVE-2021-1789 CVE-2021-1799
CVE-2021-1801 CVE-2021-1844 CVE-2021-1870
CVE-2021-1871 CVE-2021-21775 CVE-2021-21779
CVE-2021-21806 CVE-2021-28650 CVE-2021-30663
CVE-2021-30665 CVE-2021-30682 CVE-2021-30689
CVE-2021-30720 CVE-2021-30734 CVE-2021-30744
CVE-2021-30749 CVE-2021-30758 CVE-2021-30795
CVE-2021-30797 CVE-2021-30799
====================================================================
1. Summary:
An update for GNOME is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64
3. Description:
GNOME is the default desktop environment of Red Hat Enterprise Linux.
The following packages have been upgraded to a later upstream version: gdm
(40.0), webkit2gtk3 (2.32.3). (BZ#1909300)
Security Fix(es):
* webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to
arbitrary code execution (CVE-2020-13558)
* LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in
identify.cpp (CVE-2020-24870)
* webkitgtk: Use-after-free leading to arbitrary code execution
(CVE-2020-27918)
* webkitgtk: IFrame sandboxing policy violation (CVE-2021-1765)
* webkitgtk: Use-after-free leading to arbitrary code execution
(CVE-2021-1788)
* webkitgtk: Type confusion issue leading to arbitrary code execution
(CVE-2021-1789)
* webkitgtk: Access to restricted ports on arbitrary servers via port
redirection (CVE-2021-1799)
* webkitgtk: IFrame sandboxing policy violation (CVE-2021-1801)
* webkitgtk: Memory corruption issue leading to arbitrary code execution
(CVE-2021-1844)
* webkitgtk: Logic issue leading to arbitrary code execution
(CVE-2021-1870)
* webkitgtk: Logic issue leading to arbitrary code execution
(CVE-2021-1871)
* webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent
leading to information leak and possibly code execution (CVE-2021-21775)
* webkitgtk: Use-after-free in WebCore::GraphicsContext leading to
information leak and possibly code execution (CVE-2021-21779)
* webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code
execution (CVE-2021-21806)
* webkitgtk: Integer overflow leading to arbitrary code execution
(CVE-2021-30663)
* webkitgtk: Memory corruption leading to arbitrary code execution
(CVE-2021-30665)
* webkitgtk: Logic issue leading to leak of sensitive user information
(CVE-2021-30682)
* webkitgtk: Logic issue leading to universal cross site scripting attack
(CVE-2021-30689)
* webkitgtk: Logic issue allowing access to restricted ports on arbitrary
servers (CVE-2021-30720)
* webkitgtk: Memory corruptions leading to arbitrary code execution
(CVE-2021-30734)
* webkitgtk: Cross-origin issue with iframe elements leading to universal
cross site scripting attack (CVE-2021-30744)
* webkitgtk: Memory corruptions leading to arbitrary code execution
(CVE-2021-30749)
* webkitgtk: Type confusion leading to arbitrary code execution
(CVE-2021-30758)
* webkitgtk: Use-after-free leading to arbitrary code execution
(CVE-2021-30795)
* webkitgtk: Insufficient checks leading to arbitrary code execution
(CVE-2021-30797)
* webkitgtk: Memory corruptions leading to arbitrary code execution
(CVE-2021-30799)
* webkitgtk: User may be unable to fully delete browsing history
(CVE-2020-29623)
* gnome-autoar: Directory traversal via directory symbolic links pointing
outside of the destination directory (CVE-2020-36241)
* gnome-autoar: Directory traversal via directory symbolic links pointing
outside of the destination directory (incomplete CVE-2020-36241 fix)
(CVE-2021-28650)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.5 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
GDM must be restarted for this update to take effect. The GNOME session
must be restarted (log out, then log back in) for this update to take
effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1651378 - [RFE] Provide a mechanism for persistently showing the security level of a machine at login time
1770302 - disable show text in GDM login/lock screen (patched in RHEL 7.8)
1791478 - Cannot completely disable odrs (Gnome Ratings) from the Software application in Gnome Desktop
1813727 - Files copied from NFS4 to Desktop can't be opened
1854679 - [RFE] Disable left edge gesture
1873297 - Gnome-software coredumps when run as root in terminal
1873488 - GTK3 prints errors with overlay scrollbar disabled
1888404 - Updates page hides ongoing updates on refresh
1894613 - [RFE] Re-inclusion of workspace renaming in GNOME 3.
1897932 - JS ERROR: Error: Extension point conflict: there is already a status indicator for role ...
1904139 - Automatic Logout Feature not working
1905000 - Desktop refresh broken after unlock
1909300 - gdm isn't killing the login screen on login after all, should rebase to latest release
1914925 - RFE: add patch to set grub boot_success flag on shutdown/reboot
1924725 - [Wayland] Double-touch desktop icons fails sometimes
1925640 - CVE-2020-36241 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory
1928794 - CVE-2020-24870 LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp
1928886 - CVE-2020-13558 webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution
1935261 - [RFE] Enable connecting to WiFI and VPN connections at the GDM login
1937416 - Rebase WebKitGTK to 2.32
1937866 - Unable to disable onscreen keyboard in touch screen machine [rhel-8.5.0]
1938937 - Mutter: mouse click doesn't work when using 10-bit graphic monitor [rhel-8.5.0]
1940026 - CVE-2021-28650 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix)
1944323 - CVE-2020-27918 webkitgtk: Use-after-free leading to arbitrary code execution
1944329 - CVE-2020-29623 webkitgtk: User may be unable to fully delete browsing history
1944333 - CVE-2021-1765 webkitgtk: IFrame sandboxing policy violation
1944337 - CVE-2021-1789 webkitgtk: Type confusion issue leading to arbitrary code execution
1944340 - CVE-2021-1799 webkitgtk: Access to restricted ports on arbitrary servers via port redirection
1944343 - CVE-2021-1801 webkitgtk: IFrame sandboxing policy violation
1944350 - CVE-2021-1870 webkitgtk: Logic issue leading to arbitrary code execution
1944859 - CVE-2021-1788 webkitgtk: Use-after-free leading to arbitrary code execution
1944862 - CVE-2021-1844 webkitgtk: Memory corruption issue leading to arbitrary code execution
1944867 - CVE-2021-1871 webkitgtk: Logic issue leading to arbitrary code execution
1949176 - GNOME Shell on Wayland does not generate xauth data, needed for X forwarding over SSH
1951086 - Disable the Facebook provider
1952136 - Disable the Foursquare provider
1955754 - gnome-session kiosk-session support still isn't up to muster
1957705 - RFE: make gnome-calculator internet access attemps configurable system-wide
1960705 - Vino nonfunctional in FIPS mode
1962049 - [Hyper-V][RHEL8.5]gdm: Guest with 1 vcpu start GUI failed on Hyper-V
1971507 - gnome-shell JS ERROR Error calling onComplete: TypeError this._dialog.actor is undefined _hideLockScreenComplete updateTweens
1971534 - gnome-shell[2343]: gsignal.c:2642: instance '0x5583c61f9280' has no handler with id '23831'
1972545 - flatpak: Prefer runtime from the same origin as the application
1978287 - gnome-shell to include / Documented - PolicyKit-authentication-agent
1978505 - Gnome Software development package is missing important header files.
1978612 - pt_BR translations for "Register System" panel
1980441 - CVE-2021-21806 webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution
1980661 - "Screen Lock disabled" notification appears on first login after disabling gdm and notification pop-up.
1981420 - Improve style of overview close buttons
1986863 - CVE-2021-21775 webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution
1986866 - CVE-2021-21779 webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution
1986872 - CVE-2021-30663 webkitgtk: Integer overflow leading to arbitrary code execution
1986874 - CVE-2021-30665 webkitgtk: Memory corruption leading to arbitrary code execution
1986879 - CVE-2021-30682 webkitgtk: Logic issue leading to leak of sensitive user information
1986881 - CVE-2021-30689 webkitgtk: Logic issue leading to universal cross site scripting attack
1986883 - CVE-2021-30720 webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers
1986886 - CVE-2021-30734 webkitgtk: Memory corruptions leading to arbitrary code execution
1986888 - CVE-2021-30744 webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack
1986890 - CVE-2021-30749 webkitgtk: Memory corruptions leading to arbitrary code execution
1986892 - CVE-2021-30758 webkitgtk: Type confusion leading to arbitrary code execution
1986900 - CVE-2021-30795 webkitgtk: Use-after-free leading to arbitrary code execution
1986902 - CVE-2021-30797 webkitgtk: Insufficient checks leading to arbitrary code execution
1986906 - CVE-2021-30799 webkitgtk: Memory corruptions leading to arbitrary code execution
1987233 - [RHEL8.5]Login screen shows dots when entering username
1989035 - terminal don't redraw if partially off screen
1998989 - [RHEL8.5] [Hyper-V]Cannot display GUI after installed RHEL8.5 recent build
1999120 - Gnome file manager crashes Xwayland/Desktop on drag/drop of files
2004170 - Unable to login to session via xdmcp
6. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source:
LibRaw-0.19.5-3.el8.src.rpm
accountsservice-0.6.55-2.el8.src.rpm
gdm-40.0-15.el8.src.rpm
gnome-autoar-0.2.3-2.el8.src.rpm
gnome-calculator-3.28.2-2.el8.src.rpm
gnome-control-center-3.28.2-28.el8.src.rpm
gnome-online-accounts-3.28.2-3.el8.src.rpm
gnome-session-3.28.1-13.el8.src.rpm
gnome-settings-daemon-3.32.0-16.el8.src.rpm
gnome-shell-3.32.2-40.el8.src.rpm
gnome-shell-extensions-3.32.1-20.el8.src.rpm
gnome-software-3.36.1-10.el8.src.rpm
gtk3-3.22.30-8.el8.src.rpm
mutter-3.32.2-60.el8.src.rpm
vino-3.22.0-11.el8.src.rpm
webkit2gtk3-2.32.3-2.el8.src.rpm
aarch64:
accountsservice-0.6.55-2.el8.aarch64.rpm
accountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm
accountsservice-debugsource-0.6.55-2.el8.aarch64.rpm
accountsservice-libs-0.6.55-2.el8.aarch64.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm
gdm-40.0-15.el8.aarch64.rpm
gdm-debuginfo-40.0-15.el8.aarch64.rpm
gdm-debugsource-40.0-15.el8.aarch64.rpm
gnome-autoar-0.2.3-2.el8.aarch64.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.aarch64.rpm
gnome-autoar-debugsource-0.2.3-2.el8.aarch64.rpm
gnome-calculator-3.28.2-2.el8.aarch64.rpm
gnome-calculator-debuginfo-3.28.2-2.el8.aarch64.rpm
gnome-calculator-debugsource-3.28.2-2.el8.aarch64.rpm
gnome-control-center-3.28.2-28.el8.aarch64.rpm
gnome-control-center-debuginfo-3.28.2-28.el8.aarch64.rpm
gnome-control-center-debugsource-3.28.2-28.el8.aarch64.rpm
gnome-online-accounts-3.28.2-3.el8.aarch64.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.aarch64.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.aarch64.rpm
gnome-online-accounts-devel-3.28.2-3.el8.aarch64.rpm
gnome-session-3.28.1-13.el8.aarch64.rpm
gnome-session-debuginfo-3.28.1-13.el8.aarch64.rpm
gnome-session-debugsource-3.28.1-13.el8.aarch64.rpm
gnome-session-kiosk-session-3.28.1-13.el8.aarch64.rpm
gnome-session-wayland-session-3.28.1-13.el8.aarch64.rpm
gnome-session-xsession-3.28.1-13.el8.aarch64.rpm
gnome-settings-daemon-3.32.0-16.el8.aarch64.rpm
gnome-settings-daemon-debuginfo-3.32.0-16.el8.aarch64.rpm
gnome-settings-daemon-debugsource-3.32.0-16.el8.aarch64.rpm
gnome-shell-3.32.2-40.el8.aarch64.rpm
gnome-shell-debuginfo-3.32.2-40.el8.aarch64.rpm
gnome-shell-debugsource-3.32.2-40.el8.aarch64.rpm
gnome-software-3.36.1-10.el8.aarch64.rpm
gnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm
gnome-software-debugsource-3.36.1-10.el8.aarch64.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.aarch64.rpm
gtk-update-icon-cache-3.22.30-8.el8.aarch64.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-3.22.30-8.el8.aarch64.rpm
gtk3-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-debugsource-3.22.30-8.el8.aarch64.rpm
gtk3-devel-3.22.30-8.el8.aarch64.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-immodule-xim-3.22.30-8.el8.aarch64.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.aarch64.rpm
mutter-3.32.2-60.el8.aarch64.rpm
mutter-debuginfo-3.32.2-60.el8.aarch64.rpm
mutter-debugsource-3.32.2-60.el8.aarch64.rpm
mutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm
vino-3.22.0-11.el8.aarch64.rpm
vino-debuginfo-3.22.0-11.el8.aarch64.rpm
vino-debugsource-3.22.0-11.el8.aarch64.rpm
webkit2gtk3-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-devel-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-jsc-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.aarch64.rpm
noarch:
gnome-classic-session-3.32.1-20.el8.noarch.rpm
gnome-control-center-filesystem-3.28.2-28.el8.noarch.rpm
gnome-shell-extension-apps-menu-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-auto-move-windows-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-common-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-dash-to-dock-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-desktop-icons-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-disable-screenshield-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-drive-menu-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-gesture-inhibitor-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-horizontal-workspaces-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-launch-new-instance-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-native-window-placement-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-no-hot-corner-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-panel-favorites-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-places-menu-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-screenshot-window-sizer-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-systemMonitor-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-top-icons-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-updates-dialog-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-user-theme-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-window-grouper-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-window-list-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-windowsNavigator-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-workspace-indicator-3.32.1-20.el8.noarch.rpm
ppc64le:
LibRaw-0.19.5-3.el8.ppc64le.rpm
LibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm
LibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm
accountsservice-0.6.55-2.el8.ppc64le.rpm
accountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm
accountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm
accountsservice-libs-0.6.55-2.el8.ppc64le.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm
gdm-40.0-15.el8.ppc64le.rpm
gdm-debuginfo-40.0-15.el8.ppc64le.rpm
gdm-debugsource-40.0-15.el8.ppc64le.rpm
gnome-autoar-0.2.3-2.el8.ppc64le.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.ppc64le.rpm
gnome-autoar-debugsource-0.2.3-2.el8.ppc64le.rpm
gnome-calculator-3.28.2-2.el8.ppc64le.rpm
gnome-calculator-debuginfo-3.28.2-2.el8.ppc64le.rpm
gnome-calculator-debugsource-3.28.2-2.el8.ppc64le.rpm
gnome-control-center-3.28.2-28.el8.ppc64le.rpm
gnome-control-center-debuginfo-3.28.2-28.el8.ppc64le.rpm
gnome-control-center-debugsource-3.28.2-28.el8.ppc64le.rpm
gnome-online-accounts-3.28.2-3.el8.ppc64le.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.ppc64le.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.ppc64le.rpm
gnome-online-accounts-devel-3.28.2-3.el8.ppc64le.rpm
gnome-session-3.28.1-13.el8.ppc64le.rpm
gnome-session-debuginfo-3.28.1-13.el8.ppc64le.rpm
gnome-session-debugsource-3.28.1-13.el8.ppc64le.rpm
gnome-session-kiosk-session-3.28.1-13.el8.ppc64le.rpm
gnome-session-wayland-session-3.28.1-13.el8.ppc64le.rpm
gnome-session-xsession-3.28.1-13.el8.ppc64le.rpm
gnome-settings-daemon-3.32.0-16.el8.ppc64le.rpm
gnome-settings-daemon-debuginfo-3.32.0-16.el8.ppc64le.rpm
gnome-settings-daemon-debugsource-3.32.0-16.el8.ppc64le.rpm
gnome-shell-3.32.2-40.el8.ppc64le.rpm
gnome-shell-debuginfo-3.32.2-40.el8.ppc64le.rpm
gnome-shell-debugsource-3.32.2-40.el8.ppc64le.rpm
gnome-software-3.36.1-10.el8.ppc64le.rpm
gnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm
gnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.ppc64le.rpm
gtk-update-icon-cache-3.22.30-8.el8.ppc64le.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-3.22.30-8.el8.ppc64le.rpm
gtk3-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-debugsource-3.22.30-8.el8.ppc64le.rpm
gtk3-devel-3.22.30-8.el8.ppc64le.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-immodule-xim-3.22.30-8.el8.ppc64le.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.ppc64le.rpm
mutter-3.32.2-60.el8.ppc64le.rpm
mutter-debuginfo-3.32.2-60.el8.ppc64le.rpm
mutter-debugsource-3.32.2-60.el8.ppc64le.rpm
mutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm
vino-3.22.0-11.el8.ppc64le.rpm
vino-debuginfo-3.22.0-11.el8.ppc64le.rpm
vino-debugsource-3.22.0-11.el8.ppc64le.rpm
webkit2gtk3-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-devel-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-jsc-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm
s390x:
accountsservice-0.6.55-2.el8.s390x.rpm
accountsservice-debuginfo-0.6.55-2.el8.s390x.rpm
accountsservice-debugsource-0.6.55-2.el8.s390x.rpm
accountsservice-libs-0.6.55-2.el8.s390x.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm
gdm-40.0-15.el8.s390x.rpm
gdm-debuginfo-40.0-15.el8.s390x.rpm
gdm-debugsource-40.0-15.el8.s390x.rpm
gnome-autoar-0.2.3-2.el8.s390x.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.s390x.rpm
gnome-autoar-debugsource-0.2.3-2.el8.s390x.rpm
gnome-calculator-3.28.2-2.el8.s390x.rpm
gnome-calculator-debuginfo-3.28.2-2.el8.s390x.rpm
gnome-calculator-debugsource-3.28.2-2.el8.s390x.rpm
gnome-control-center-3.28.2-28.el8.s390x.rpm
gnome-control-center-debuginfo-3.28.2-28.el8.s390x.rpm
gnome-control-center-debugsource-3.28.2-28.el8.s390x.rpm
gnome-online-accounts-3.28.2-3.el8.s390x.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.s390x.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.s390x.rpm
gnome-online-accounts-devel-3.28.2-3.el8.s390x.rpm
gnome-session-3.28.1-13.el8.s390x.rpm
gnome-session-debuginfo-3.28.1-13.el8.s390x.rpm
gnome-session-debugsource-3.28.1-13.el8.s390x.rpm
gnome-session-kiosk-session-3.28.1-13.el8.s390x.rpm
gnome-session-wayland-session-3.28.1-13.el8.s390x.rpm
gnome-session-xsession-3.28.1-13.el8.s390x.rpm
gnome-settings-daemon-3.32.0-16.el8.s390x.rpm
gnome-settings-daemon-debuginfo-3.32.0-16.el8.s390x.rpm
gnome-settings-daemon-debugsource-3.32.0-16.el8.s390x.rpm
gnome-shell-3.32.2-40.el8.s390x.rpm
gnome-shell-debuginfo-3.32.2-40.el8.s390x.rpm
gnome-shell-debugsource-3.32.2-40.el8.s390x.rpm
gnome-software-3.36.1-10.el8.s390x.rpm
gnome-software-debuginfo-3.36.1-10.el8.s390x.rpm
gnome-software-debugsource-3.36.1-10.el8.s390x.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.s390x.rpm
gtk-update-icon-cache-3.22.30-8.el8.s390x.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-3.22.30-8.el8.s390x.rpm
gtk3-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-debugsource-3.22.30-8.el8.s390x.rpm
gtk3-devel-3.22.30-8.el8.s390x.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-immodule-xim-3.22.30-8.el8.s390x.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.s390x.rpm
mutter-3.32.2-60.el8.s390x.rpm
mutter-debuginfo-3.32.2-60.el8.s390x.rpm
mutter-debugsource-3.32.2-60.el8.s390x.rpm
mutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm
vino-3.22.0-11.el8.s390x.rpm
vino-debuginfo-3.22.0-11.el8.s390x.rpm
vino-debugsource-3.22.0-11.el8.s390x.rpm
webkit2gtk3-2.32.3-2.el8.s390x.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.s390x.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.s390x.rpm
webkit2gtk3-devel-2.32.3-2.el8.s390x.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.s390x.rpm
webkit2gtk3-jsc-2.32.3-2.el8.s390x.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.s390x.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.s390x.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.s390x.rpm
x86_64:
LibRaw-0.19.5-3.el8.i686.rpm
LibRaw-0.19.5-3.el8.x86_64.rpm
LibRaw-debuginfo-0.19.5-3.el8.i686.rpm
LibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm
LibRaw-debugsource-0.19.5-3.el8.i686.rpm
LibRaw-debugsource-0.19.5-3.el8.x86_64.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm
accountsservice-0.6.55-2.el8.x86_64.rpm
accountsservice-debuginfo-0.6.55-2.el8.i686.rpm
accountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm
accountsservice-debugsource-0.6.55-2.el8.i686.rpm
accountsservice-debugsource-0.6.55-2.el8.x86_64.rpm
accountsservice-libs-0.6.55-2.el8.i686.rpm
accountsservice-libs-0.6.55-2.el8.x86_64.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm
gdm-40.0-15.el8.i686.rpm
gdm-40.0-15.el8.x86_64.rpm
gdm-debuginfo-40.0-15.el8.i686.rpm
gdm-debuginfo-40.0-15.el8.x86_64.rpm
gdm-debugsource-40.0-15.el8.i686.rpm
gdm-debugsource-40.0-15.el8.x86_64.rpm
gnome-autoar-0.2.3-2.el8.i686.rpm
gnome-autoar-0.2.3-2.el8.x86_64.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.i686.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.x86_64.rpm
gnome-autoar-debugsource-0.2.3-2.el8.i686.rpm
gnome-autoar-debugsource-0.2.3-2.el8.x86_64.rpm
gnome-calculator-3.28.2-2.el8.x86_64.rpm
gnome-calculator-debuginfo-3.28.2-2.el8.x86_64.rpm
gnome-calculator-debugsource-3.28.2-2.el8.x86_64.rpm
gnome-control-center-3.28.2-28.el8.x86_64.rpm
gnome-control-center-debuginfo-3.28.2-28.el8.x86_64.rpm
gnome-control-center-debugsource-3.28.2-28.el8.x86_64.rpm
gnome-online-accounts-3.28.2-3.el8.i686.rpm
gnome-online-accounts-3.28.2-3.el8.x86_64.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.i686.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.x86_64.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.i686.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.x86_64.rpm
gnome-online-accounts-devel-3.28.2-3.el8.i686.rpm
gnome-online-accounts-devel-3.28.2-3.el8.x86_64.rpm
gnome-session-3.28.1-13.el8.x86_64.rpm
gnome-session-debuginfo-3.28.1-13.el8.x86_64.rpm
gnome-session-debugsource-3.28.1-13.el8.x86_64.rpm
gnome-session-kiosk-session-3.28.1-13.el8.x86_64.rpm
gnome-session-wayland-session-3.28.1-13.el8.x86_64.rpm
gnome-session-xsession-3.28.1-13.el8.x86_64.rpm
gnome-settings-daemon-3.32.0-16.el8.x86_64.rpm
gnome-settings-daemon-debuginfo-3.32.0-16.el8.x86_64.rpm
gnome-settings-daemon-debugsource-3.32.0-16.el8.x86_64.rpm
gnome-shell-3.32.2-40.el8.x86_64.rpm
gnome-shell-debuginfo-3.32.2-40.el8.x86_64.rpm
gnome-shell-debugsource-3.32.2-40.el8.x86_64.rpm
gnome-software-3.36.1-10.el8.x86_64.rpm
gnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm
gnome-software-debugsource-3.36.1-10.el8.x86_64.rpm
gsettings-desktop-schemas-3.32.0-6.el8.i686.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.i686.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.x86_64.rpm
gtk-update-icon-cache-3.22.30-8.el8.x86_64.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.i686.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-3.22.30-8.el8.i686.rpm
gtk3-3.22.30-8.el8.x86_64.rpm
gtk3-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-debugsource-3.22.30-8.el8.i686.rpm
gtk3-debugsource-3.22.30-8.el8.x86_64.rpm
gtk3-devel-3.22.30-8.el8.i686.rpm
gtk3-devel-3.22.30-8.el8.x86_64.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-immodule-xim-3.22.30-8.el8.x86_64.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.x86_64.rpm
mutter-3.32.2-60.el8.i686.rpm
mutter-3.32.2-60.el8.x86_64.rpm
mutter-debuginfo-3.32.2-60.el8.i686.rpm
mutter-debuginfo-3.32.2-60.el8.x86_64.rpm
mutter-debugsource-3.32.2-60.el8.i686.rpm
mutter-debugsource-3.32.2-60.el8.x86_64.rpm
mutter-tests-debuginfo-3.32.2-60.el8.i686.rpm
mutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm
vino-3.22.0-11.el8.x86_64.rpm
vino-debuginfo-3.22.0-11.el8.x86_64.rpm
vino-debugsource-3.22.0-11.el8.x86_64.rpm
webkit2gtk3-2.32.3-2.el8.i686.rpm
webkit2gtk3-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.i686.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.i686.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-devel-2.32.3-2.el8.i686.rpm
webkit2gtk3-devel-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.i686.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-jsc-2.32.3-2.el8.i686.rpm
webkit2gtk3-jsc-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.i686.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.i686.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.i686.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 8):
Source:
gsettings-desktop-schemas-3.32.0-6.el8.src.rpm
aarch64:
gsettings-desktop-schemas-3.32.0-6.el8.aarch64.rpm
ppc64le:
gsettings-desktop-schemas-3.32.0-6.el8.ppc64le.rpm
s390x:
gsettings-desktop-schemas-3.32.0-6.el8.s390x.rpm
x86_64:
gsettings-desktop-schemas-3.32.0-6.el8.x86_64.rpm
Red Hat Enterprise Linux CRB (v. 8):
aarch64:
accountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm
accountsservice-debugsource-0.6.55-2.el8.aarch64.rpm
accountsservice-devel-0.6.55-2.el8.aarch64.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm
gnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm
gnome-software-debugsource-3.36.1-10.el8.aarch64.rpm
gnome-software-devel-3.36.1-10.el8.aarch64.rpm
mutter-debuginfo-3.32.2-60.el8.aarch64.rpm
mutter-debugsource-3.32.2-60.el8.aarch64.rpm
mutter-devel-3.32.2-60.el8.aarch64.rpm
mutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm
ppc64le:
LibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm
LibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm
LibRaw-devel-0.19.5-3.el8.ppc64le.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm
accountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm
accountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm
accountsservice-devel-0.6.55-2.el8.ppc64le.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm
gnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm
gnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm
gnome-software-devel-3.36.1-10.el8.ppc64le.rpm
mutter-debuginfo-3.32.2-60.el8.ppc64le.rpm
mutter-debugsource-3.32.2-60.el8.ppc64le.rpm
mutter-devel-3.32.2-60.el8.ppc64le.rpm
mutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm
s390x:
accountsservice-debuginfo-0.6.55-2.el8.s390x.rpm
accountsservice-debugsource-0.6.55-2.el8.s390x.rpm
accountsservice-devel-0.6.55-2.el8.s390x.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm
gnome-software-debuginfo-3.36.1-10.el8.s390x.rpm
gnome-software-debugsource-3.36.1-10.el8.s390x.rpm
gnome-software-devel-3.36.1-10.el8.s390x.rpm
mutter-debuginfo-3.32.2-60.el8.s390x.rpm
mutter-debugsource-3.32.2-60.el8.s390x.rpm
mutter-devel-3.32.2-60.el8.s390x.rpm
mutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm
x86_64:
LibRaw-debuginfo-0.19.5-3.el8.i686.rpm
LibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm
LibRaw-debugsource-0.19.5-3.el8.i686.rpm
LibRaw-debugsource-0.19.5-3.el8.x86_64.rpm
LibRaw-devel-0.19.5-3.el8.i686.rpm
LibRaw-devel-0.19.5-3.el8.x86_64.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm
accountsservice-debuginfo-0.6.55-2.el8.i686.rpm
accountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm
accountsservice-debugsource-0.6.55-2.el8.i686.rpm
accountsservice-debugsource-0.6.55-2.el8.x86_64.rpm
accountsservice-devel-0.6.55-2.el8.i686.rpm
accountsservice-devel-0.6.55-2.el8.x86_64.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm
gnome-software-3.36.1-10.el8.i686.rpm
gnome-software-debuginfo-3.36.1-10.el8.i686.rpm
gnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm
gnome-software-debugsource-3.36.1-10.el8.i686.rpm
gnome-software-debugsource-3.36.1-10.el8.x86_64.rpm
gnome-software-devel-3.36.1-10.el8.i686.rpm
gnome-software-devel-3.36.1-10.el8.x86_64.rpm
mutter-debuginfo-3.32.2-60.el8.i686.rpm
mutter-debuginfo-3.32.2-60.el8.x86_64.rpm
mutter-debugsource-3.32.2-60.el8.i686.rpm
mutter-debugsource-3.32.2-60.el8.x86_64.rpm
mutter-devel-3.32.2-60.el8.i686.rpm
mutter-devel-3.32.2-60.el8.x86_64.rpm
mutter-tests-debuginfo-3.32.2-60.el8.i686.rpm
mutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-13558
https://access.redhat.com/security/cve/CVE-2020-24870
https://access.redhat.com/security/cve/CVE-2020-27918
https://access.redhat.com/security/cve/CVE-2020-29623
https://access.redhat.com/security/cve/CVE-2020-36241
https://access.redhat.com/security/cve/CVE-2021-1765
https://access.redhat.com/security/cve/CVE-2021-1788
https://access.redhat.com/security/cve/CVE-2021-1789
https://access.redhat.com/security/cve/CVE-2021-1799
https://access.redhat.com/security/cve/CVE-2021-1801
https://access.redhat.com/security/cve/CVE-2021-1844
https://access.redhat.com/security/cve/CVE-2021-1870
https://access.redhat.com/security/cve/CVE-2021-1871
https://access.redhat.com/security/cve/CVE-2021-21775
https://access.redhat.com/security/cve/CVE-2021-21779
https://access.redhat.com/security/cve/CVE-2021-21806
https://access.redhat.com/security/cve/CVE-2021-28650
https://access.redhat.com/security/cve/CVE-2021-30663
https://access.redhat.com/security/cve/CVE-2021-30665
https://access.redhat.com/security/cve/CVE-2021-30682
https://access.redhat.com/security/cve/CVE-2021-30689
https://access.redhat.com/security/cve/CVE-2021-30720
https://access.redhat.com/security/cve/CVE-2021-30734
https://access.redhat.com/security/cve/CVE-2021-30744
https://access.redhat.com/security/cve/CVE-2021-30749
https://access.redhat.com/security/cve/CVE-2021-30758
https://access.redhat.com/security/cve/CVE-2021-30795
https://access.redhat.com/security/cve/CVE-2021-30797
https://access.redhat.com/security/cve/CVE-2021-30799
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. Summary:
The Migration Toolkit for Containers (MTC) 1.6.3 is now available. Description:
The Migration Toolkit for Containers (MTC) enables you to migrate
Kubernetes resources, persistent volume data, and internal container images
between OpenShift Container Platform clusters, using the MTC web console or
the Kubernetes API.
Security Fix(es):
* mig-controller: incorrect namespaces handling may lead to not authorized
usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
2019088 - "MigrationController" CR displays syntax error when unquiescing applications
2021666 - Route name longer than 63 characters causes direct volume migration to fail
2021668 - "MigrationController" CR ignores the "cluster_subdomain" value for direct volume migration routes
2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)
2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image
2027196 - "migration-controller" pod goes into "CrashLoopBackoff" state if an invalid registry route is entered on the "Clusters" page of the web console
2027382 - "Copy oc describe/oc logs" window does not close automatically after timeout
2028841 - "rsync-client" container fails during direct volume migration with "Address family not supported by protocol" error
2031793 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "includedResources" resource
2039852 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "destMigClusterRef" or "srcMigClusterRef"
5. ==========================================================================
Ubuntu Security Notice USN-5024-1
July 28, 2021
webkit2gtk vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.04
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in WebKitGTK.
Software Description:
- webkit2gtk: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKitGTK Web and
JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 21.04:
libjavascriptcoregtk-4.0-18 2.32.3-0ubuntu0.21.04.1
libwebkit2gtk-4.0-37 2.32.3-0ubuntu0.21.04.1
Ubuntu 20.04 LTS:
libjavascriptcoregtk-4.0-18 2.32.3-0ubuntu0.20.04.1
libwebkit2gtk-4.0-37 2.32.3-0ubuntu0.20.04.1
Ubuntu 18.04 LTS:
libjavascriptcoregtk-4.0-18 2.32.3-0ubuntu0.18.04.1
libwebkit2gtk-4.0-37 2.32.3-0ubuntu0.18.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK, such as Epiphany, to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-05-25-7 tvOS 14.6
tvOS 14.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212532.
Audio
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30707: hjy79425575 working with Trend Micro Zero Day
Initiative
Audio
Available for: Apple TV 4K and Apple TV HD
Impact: Parsing a maliciously crafted audio file may lead to
disclosure of user information
Description: This issue was addressed with improved checks.
CVE-2021-30685: Mickey Jin (@patch1t) of Trend Micro
CoreAudio
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted audio file may disclose
restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30686: Mickey Jin of Trend Micro
Crash Reporter
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to modify protected parts
of the file system
Description: A logic issue was addressed with improved state
management.
CVE-2021-30727: Cees Elzinga
CVMS
Available for: Apple TV 4K and Apple TV HD
Impact: A local attacker may be able to elevate their privileges
Description: This issue was addressed with improved checks.
CVE-2021-30724: Mickey Jin (@patch1t) of Trend Micro
Heimdal
Available for: Apple TV 4K and Apple TV HD
Impact: A local user may be able to leak sensitive user information
Description: A logic issue was addressed with improved state
management.
CVE-2021-30697: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may cause a denial of service or
potentially disclose memory contents
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30710: Gabe Kirkpatrick (@gabe_k)
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to disclosure
of user information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30687: Hou JingYi (@hjy79425575) of Qihoo 360
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to disclosure
of user information
Description: This issue was addressed with improved checks.
CVE-2021-30700: Ye Zhang(@co0py_Cat) of Baidu Security
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-30701: Mickey Jin (@patch1t) of Trend Micro and Ye Zhang of
Baidu Security
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted ASTC file may disclose
memory contents
Description: This issue was addressed with improved checks.
CVE-2021-30705: Ye Zhang of Baidu Security
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A logic issue was addressed with improved validation.
CVE-2021-30740: Linus Henze (pinauten.de)
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-30704: an anonymous researcher
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted message may lead to a denial
of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-30715: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2021-30736: Ian Beer of Google Project Zero
LaunchServices
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to break out of its
sandbox
Description: This issue was addressed with improved environment
sanitization.
CVE-2021-30677: Ron Waisberg (@epsilan)
Security
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue in the ASN.1 decoder was
addressed by removing the vulnerable code.
CVE-2021-30737: xerub
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited.
CVE-2021-30744: Dan Hite of jsontop
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-21779: Marcin Towalski of Cisco Talos
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to leak sensitive user
information
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30689: an anonymous researcher
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2021-30749: an anonymous researcher and mipu94 of SEFCOM lab,
ASU. working with Trend Micro Zero Day Initiative
CVE-2021-30734: Jack Dates of RET2 Systems, Inc. (@ret2systems)
working with Trend Micro Zero Day Initiative
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious website may be able to access restricted ports on
arbitrary servers
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30720: David Schütz (@xdavidhu)
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited.
Description: An integer overflow was addressed with improved input
validation.
CVE-2021-30663: an anonymous researcher
Additional recognition
ImageIO
We would like to acknowledge Jzhu working with Trend Micro Zero Day
Initiative and an anonymous researcher for their assistance.
WebKit
We would like to acknowledge Chris Salls (@salls) of Makai Security
for their assistance.
Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software."
To check the current version of software, select
"Settings -> General -> About."
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCtU9MACgkQZcsbuWJ6
jjBzuhAAmXJik2L+PmRMzs6dd1QcCSwHYi0KLG0ERapHKJsFcm5+xpv87a4AFO4p
3E6+5w9wQSWVEsQG1PIvuyV3M81xuu8xY88tAD1ce1qGA4Dny4E7RU08Y0l43j/x
d1RemCf0TjwYpvX34/GaOspxFQYnRo1gWsU1v7bieF8vMHZmUOlgiNep0UEG3Kuq
7IAAsfzWS43a+nkefSDWEujMNwbg1SZKua/+BXgZC7AOXdAHItqyNBFIerUc2uSf
ReHLZ5BNBKw9OsL9qoJsiLCmwxKrpUTzpQahu2gybZf65nza6QPOTohqqWq79EOD
mIqOW4SQ5mVSrzMh+GB9EovMY+l5YgyHwObTUjRW+4znLU7fqNXBgwzgWoIpJdF0
rpkjP3phOGXZWwiBhRmm5iYI08HFoBfF+EoPFN5Ucl7ZWz2uF0bQlbp3yqRoGRaO
ZWY2LzPIdP5zSq7rqXDaVnNFuKF93J4ouZZwVMXA4yf5wmQ3silIeJlvxxphlet8
oXv2pkewq9A81RGMlgMDZMvawQvPGkOVgeBm1coajN1swNY8esW7N6J1+rtDL0mI
sulaGZCeSM9ndg5VRU2lpClFdGEUZXT2hZ8NoMV6jj48c0gZBW3M82snGD4zeRqM
dcezqg6o22ZxpogRJuRf41Y87ktE5o73wgj0xu72MQoxK86+Ek0=
=BeQR
-----END PGP SIGNATURE-----
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202202-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: WebkitGTK+: Multiple vulnerabilities
Date: February 01, 2022
Bugs: #779175, #801400, #813489, #819522, #820434, #829723,
#831739
ID: 202202-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple vulnerabilities have been found in WebkitGTK+, the worst of
which could result in the arbitrary execution of code.
Background
=========
WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from hybrid
HTML/CSS applications to full-fledged web browsers.
Affected packages
================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.34.4 >= 2.34.4
Description
==========
Multiple vulnerabilities have been discovered in WebkitGTK+. Please
review the CVE identifiers referenced below for details.
Workaround
=========
There is no known workaround at this time.
Resolution
=========
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.34.4"
References
=========
[ 1 ] CVE-2021-30848
https://nvd.nist.gov/vuln/detail/CVE-2021-30848
[ 2 ] CVE-2021-30888
https://nvd.nist.gov/vuln/detail/CVE-2021-30888
[ 3 ] CVE-2021-30682
https://nvd.nist.gov/vuln/detail/CVE-2021-30682
[ 4 ] CVE-2021-30889
https://nvd.nist.gov/vuln/detail/CVE-2021-30889
[ 5 ] CVE-2021-30666
https://nvd.nist.gov/vuln/detail/CVE-2021-30666
[ 6 ] CVE-2021-30665
https://nvd.nist.gov/vuln/detail/CVE-2021-30665
[ 7 ] CVE-2021-30890
https://nvd.nist.gov/vuln/detail/CVE-2021-30890
[ 8 ] CVE-2021-30661
https://nvd.nist.gov/vuln/detail/CVE-2021-30661
[ 9 ] WSA-2021-0005
https://webkitgtk.org/security/WSA-2021-0005.html
[ 10 ] CVE-2021-30761
https://nvd.nist.gov/vuln/detail/CVE-2021-30761
[ 11 ] CVE-2021-30897
https://nvd.nist.gov/vuln/detail/CVE-2021-30897
[ 12 ] CVE-2021-30823
https://nvd.nist.gov/vuln/detail/CVE-2021-30823
[ 13 ] CVE-2021-30734
https://nvd.nist.gov/vuln/detail/CVE-2021-30734
[ 14 ] CVE-2021-30934
https://nvd.nist.gov/vuln/detail/CVE-2021-30934
[ 15 ] CVE-2021-1871
https://nvd.nist.gov/vuln/detail/CVE-2021-1871
[ 16 ] CVE-2021-30762
https://nvd.nist.gov/vuln/detail/CVE-2021-30762
[ 17 ] WSA-2021-0006
https://webkitgtk.org/security/WSA-2021-0006.html
[ 18 ] CVE-2021-30797
https://nvd.nist.gov/vuln/detail/CVE-2021-30797
[ 19 ] CVE-2021-30936
https://nvd.nist.gov/vuln/detail/CVE-2021-30936
[ 20 ] CVE-2021-30663
https://nvd.nist.gov/vuln/detail/CVE-2021-30663
[ 21 ] CVE-2021-1825
https://nvd.nist.gov/vuln/detail/CVE-2021-1825
[ 22 ] CVE-2021-30951
https://nvd.nist.gov/vuln/detail/CVE-2021-30951
[ 23 ] CVE-2021-30952
https://nvd.nist.gov/vuln/detail/CVE-2021-30952
[ 24 ] CVE-2021-1788
https://nvd.nist.gov/vuln/detail/CVE-2021-1788
[ 25 ] CVE-2021-1820
https://nvd.nist.gov/vuln/detail/CVE-2021-1820
[ 26 ] CVE-2021-30953
https://nvd.nist.gov/vuln/detail/CVE-2021-30953
[ 27 ] CVE-2021-30749
https://nvd.nist.gov/vuln/detail/CVE-2021-30749
[ 28 ] CVE-2021-30849
https://nvd.nist.gov/vuln/detail/CVE-2021-30849
[ 29 ] CVE-2021-1826
https://nvd.nist.gov/vuln/detail/CVE-2021-1826
[ 30 ] CVE-2021-30836
https://nvd.nist.gov/vuln/detail/CVE-2021-30836
[ 31 ] CVE-2021-30954
https://nvd.nist.gov/vuln/detail/CVE-2021-30954
[ 32 ] CVE-2021-30984
https://nvd.nist.gov/vuln/detail/CVE-2021-30984
[ 33 ] CVE-2021-30851
https://nvd.nist.gov/vuln/detail/CVE-2021-30851
[ 34 ] CVE-2021-30758
https://nvd.nist.gov/vuln/detail/CVE-2021-30758
[ 35 ] CVE-2021-42762
https://nvd.nist.gov/vuln/detail/CVE-2021-42762
[ 36 ] CVE-2021-1844
https://nvd.nist.gov/vuln/detail/CVE-2021-1844
[ 37 ] CVE-2021-30689
https://nvd.nist.gov/vuln/detail/CVE-2021-30689
[ 38 ] CVE-2021-45482
https://nvd.nist.gov/vuln/detail/CVE-2021-45482
[ 39 ] CVE-2021-30858
https://nvd.nist.gov/vuln/detail/CVE-2021-30858
[ 40 ] CVE-2021-21779
https://nvd.nist.gov/vuln/detail/CVE-2021-21779
[ 41 ] WSA-2021-0004
https://webkitgtk.org/security/WSA-2021-0004.html
[ 42 ] CVE-2021-30846
https://nvd.nist.gov/vuln/detail/CVE-2021-30846
[ 43 ] CVE-2021-30744
https://nvd.nist.gov/vuln/detail/CVE-2021-30744
[ 44 ] CVE-2021-30809
https://nvd.nist.gov/vuln/detail/CVE-2021-30809
[ 45 ] CVE-2021-30884
https://nvd.nist.gov/vuln/detail/CVE-2021-30884
[ 46 ] CVE-2021-30720
https://nvd.nist.gov/vuln/detail/CVE-2021-30720
[ 47 ] CVE-2021-30799
https://nvd.nist.gov/vuln/detail/CVE-2021-30799
[ 48 ] CVE-2021-30795
https://nvd.nist.gov/vuln/detail/CVE-2021-30795
[ 49 ] CVE-2021-1817
https://nvd.nist.gov/vuln/detail/CVE-2021-1817
[ 50 ] CVE-2021-21775
https://nvd.nist.gov/vuln/detail/CVE-2021-21775
[ 51 ] CVE-2021-30887
https://nvd.nist.gov/vuln/detail/CVE-2021-30887
[ 52 ] CVE-2021-21806
https://nvd.nist.gov/vuln/detail/CVE-2021-21806
[ 53 ] CVE-2021-30818
https://nvd.nist.gov/vuln/detail/CVE-2021-30818
Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202202-01
Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
======
Copyright 2022 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
VAR-202109-1360 | CVE-2021-30749 | plural Apple Out-of-bounds write vulnerabilities in the product |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution. plural Apple The product contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the KeyframeEffect class. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. WebKitGTK+ has a buffer error vulnerability, which is caused by a boundary error when processing HTML content in WebKit. The following products and versions are affected: WebKitGTK+: 2.30.0, 2.30.1, 2.30.2, 2.30.3, 2.30.4, 2.30.5, 2.30.6, 2.31.1, 2.31.90, 2.31.91, 2.32 .0, 2.32.1.
The specific flaw exists within the KeyframeEffect class. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4945-1 security@debian.org
https://www.debian.org/security/ Alberto Garcia
July 28, 2021 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : webkit2gtk
CVE ID : CVE-2021-21775 CVE-2021-21779 CVE-2021-30663 CVE-2021-30665
CVE-2021-30689 CVE-2021-30720 CVE-2021-30734 CVE-2021-30744
CVE-2021-30749 CVE-2021-30758 CVE-2021-30795 CVE-2021-30797
CVE-2021-30799
The following vulnerabilities have been discovered in the webkit2gtk
web engine:
CVE-2021-21775
Marcin Towalski discovered that a specially crafted web page can
lead to a potential information leak and further memory
corruption. In order to trigger the vulnerability, a victim must
be tricked into visiting a malicious webpage.
CVE-2021-21779
Marcin Towalski discovered that a specially crafted web page can
lead to a potential information leak and further memory
corruption. In order to trigger the vulnerability, a victim must
be tricked into visiting a malicious webpage.
CVE-2021-30720
David Schutz discovered that a malicious website may be able to
access restricted ports on arbitrary servers.
For the stable distribution (buster), these problems have been fixed in
version 2.32.3-1~deb10u1.
We recommend that you upgrade your webkit2gtk packages. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: GNOME security, bug fix, and enhancement update
Advisory ID: RHSA-2021:4381-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:4381
Issue date: 2021-11-09
CVE Names: CVE-2020-13558 CVE-2020-24870 CVE-2020-27918
CVE-2020-29623 CVE-2020-36241 CVE-2021-1765
CVE-2021-1788 CVE-2021-1789 CVE-2021-1799
CVE-2021-1801 CVE-2021-1844 CVE-2021-1870
CVE-2021-1871 CVE-2021-21775 CVE-2021-21779
CVE-2021-21806 CVE-2021-28650 CVE-2021-30663
CVE-2021-30665 CVE-2021-30682 CVE-2021-30689
CVE-2021-30720 CVE-2021-30734 CVE-2021-30744
CVE-2021-30749 CVE-2021-30758 CVE-2021-30795
CVE-2021-30797 CVE-2021-30799
====================================================================
1. Summary:
An update for GNOME is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64
3. Description:
GNOME is the default desktop environment of Red Hat Enterprise Linux.
The following packages have been upgraded to a later upstream version: gdm
(40.0), webkit2gtk3 (2.32.3).
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.5 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
GDM must be restarted for this update to take effect. The GNOME session
must be restarted (log out, then log back in) for this update to take
effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1651378 - [RFE] Provide a mechanism for persistently showing the security level of a machine at login time
1770302 - disable show text in GDM login/lock screen (patched in RHEL 7.8)
1791478 - Cannot completely disable odrs (Gnome Ratings) from the Software application in Gnome Desktop
1813727 - Files copied from NFS4 to Desktop can't be opened
1854679 - [RFE] Disable left edge gesture
1873297 - Gnome-software coredumps when run as root in terminal
1873488 - GTK3 prints errors with overlay scrollbar disabled
1888404 - Updates page hides ongoing updates on refresh
1894613 - [RFE] Re-inclusion of workspace renaming in GNOME 3.
1897932 - JS ERROR: Error: Extension point conflict: there is already a status indicator for role ...
1904139 - Automatic Logout Feature not working
1905000 - Desktop refresh broken after unlock
1909300 - gdm isn't killing the login screen on login after all, should rebase to latest release
1914925 - RFE: add patch to set grub boot_success flag on shutdown/reboot
1924725 - [Wayland] Double-touch desktop icons fails sometimes
1925640 - CVE-2020-36241 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory
1928794 - CVE-2020-24870 LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp
1928886 - CVE-2020-13558 webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution
1935261 - [RFE] Enable connecting to WiFI and VPN connections at the GDM login
1937416 - Rebase WebKitGTK to 2.32
1937866 - Unable to disable onscreen keyboard in touch screen machine [rhel-8.5.0]
1938937 - Mutter: mouse click doesn't work when using 10-bit graphic monitor [rhel-8.5.0]
1940026 - CVE-2021-28650 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix)
1944323 - CVE-2020-27918 webkitgtk: Use-after-free leading to arbitrary code execution
1944329 - CVE-2020-29623 webkitgtk: User may be unable to fully delete browsing history
1944333 - CVE-2021-1765 webkitgtk: IFrame sandboxing policy violation
1944337 - CVE-2021-1789 webkitgtk: Type confusion issue leading to arbitrary code execution
1944340 - CVE-2021-1799 webkitgtk: Access to restricted ports on arbitrary servers via port redirection
1944343 - CVE-2021-1801 webkitgtk: IFrame sandboxing policy violation
1944350 - CVE-2021-1870 webkitgtk: Logic issue leading to arbitrary code execution
1944859 - CVE-2021-1788 webkitgtk: Use-after-free leading to arbitrary code execution
1944862 - CVE-2021-1844 webkitgtk: Memory corruption issue leading to arbitrary code execution
1944867 - CVE-2021-1871 webkitgtk: Logic issue leading to arbitrary code execution
1949176 - GNOME Shell on Wayland does not generate xauth data, needed for X forwarding over SSH
1951086 - Disable the Facebook provider
1952136 - Disable the Foursquare provider
1955754 - gnome-session kiosk-session support still isn't up to muster
1957705 - RFE: make gnome-calculator internet access attemps configurable system-wide
1960705 - Vino nonfunctional in FIPS mode
1962049 - [Hyper-V][RHEL8.5]gdm: Guest with 1 vcpu start GUI failed on Hyper-V
1971507 - gnome-shell JS ERROR Error calling onComplete: TypeError this._dialog.actor is undefined _hideLockScreenComplete updateTweens
1971534 - gnome-shell[2343]: gsignal.c:2642: instance '0x5583c61f9280' has no handler with id '23831'
1972545 - flatpak: Prefer runtime from the same origin as the application
1978287 - gnome-shell to include / Documented - PolicyKit-authentication-agent
1978505 - Gnome Software development package is missing important header files.
1978612 - pt_BR translations for "Register System" panel
1980441 - CVE-2021-21806 webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution
1980661 - "Screen Lock disabled" notification appears on first login after disabling gdm and notification pop-up. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source:
LibRaw-0.19.5-3.el8.src.rpm
accountsservice-0.6.55-2.el8.src.rpm
gdm-40.0-15.el8.src.rpm
gnome-autoar-0.2.3-2.el8.src.rpm
gnome-calculator-3.28.2-2.el8.src.rpm
gnome-control-center-3.28.2-28.el8.src.rpm
gnome-online-accounts-3.28.2-3.el8.src.rpm
gnome-session-3.28.1-13.el8.src.rpm
gnome-settings-daemon-3.32.0-16.el8.src.rpm
gnome-shell-3.32.2-40.el8.src.rpm
gnome-shell-extensions-3.32.1-20.el8.src.rpm
gnome-software-3.36.1-10.el8.src.rpm
gtk3-3.22.30-8.el8.src.rpm
mutter-3.32.2-60.el8.src.rpm
vino-3.22.0-11.el8.src.rpm
webkit2gtk3-2.32.3-2.el8.src.rpm
aarch64:
accountsservice-0.6.55-2.el8.aarch64.rpm
accountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm
accountsservice-debugsource-0.6.55-2.el8.aarch64.rpm
accountsservice-libs-0.6.55-2.el8.aarch64.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm
gdm-40.0-15.el8.aarch64.rpm
gdm-debuginfo-40.0-15.el8.aarch64.rpm
gdm-debugsource-40.0-15.el8.aarch64.rpm
gnome-autoar-0.2.3-2.el8.aarch64.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.aarch64.rpm
gnome-autoar-debugsource-0.2.3-2.el8.aarch64.rpm
gnome-calculator-3.28.2-2.el8.aarch64.rpm
gnome-calculator-debuginfo-3.28.2-2.el8.aarch64.rpm
gnome-calculator-debugsource-3.28.2-2.el8.aarch64.rpm
gnome-control-center-3.28.2-28.el8.aarch64.rpm
gnome-control-center-debuginfo-3.28.2-28.el8.aarch64.rpm
gnome-control-center-debugsource-3.28.2-28.el8.aarch64.rpm
gnome-online-accounts-3.28.2-3.el8.aarch64.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.aarch64.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.aarch64.rpm
gnome-online-accounts-devel-3.28.2-3.el8.aarch64.rpm
gnome-session-3.28.1-13.el8.aarch64.rpm
gnome-session-debuginfo-3.28.1-13.el8.aarch64.rpm
gnome-session-debugsource-3.28.1-13.el8.aarch64.rpm
gnome-session-kiosk-session-3.28.1-13.el8.aarch64.rpm
gnome-session-wayland-session-3.28.1-13.el8.aarch64.rpm
gnome-session-xsession-3.28.1-13.el8.aarch64.rpm
gnome-settings-daemon-3.32.0-16.el8.aarch64.rpm
gnome-settings-daemon-debuginfo-3.32.0-16.el8.aarch64.rpm
gnome-settings-daemon-debugsource-3.32.0-16.el8.aarch64.rpm
gnome-shell-3.32.2-40.el8.aarch64.rpm
gnome-shell-debuginfo-3.32.2-40.el8.aarch64.rpm
gnome-shell-debugsource-3.32.2-40.el8.aarch64.rpm
gnome-software-3.36.1-10.el8.aarch64.rpm
gnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm
gnome-software-debugsource-3.36.1-10.el8.aarch64.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.aarch64.rpm
gtk-update-icon-cache-3.22.30-8.el8.aarch64.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-3.22.30-8.el8.aarch64.rpm
gtk3-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-debugsource-3.22.30-8.el8.aarch64.rpm
gtk3-devel-3.22.30-8.el8.aarch64.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-immodule-xim-3.22.30-8.el8.aarch64.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.aarch64.rpm
mutter-3.32.2-60.el8.aarch64.rpm
mutter-debuginfo-3.32.2-60.el8.aarch64.rpm
mutter-debugsource-3.32.2-60.el8.aarch64.rpm
mutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm
vino-3.22.0-11.el8.aarch64.rpm
vino-debuginfo-3.22.0-11.el8.aarch64.rpm
vino-debugsource-3.22.0-11.el8.aarch64.rpm
webkit2gtk3-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-devel-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-jsc-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.aarch64.rpm
noarch:
gnome-classic-session-3.32.1-20.el8.noarch.rpm
gnome-control-center-filesystem-3.28.2-28.el8.noarch.rpm
gnome-shell-extension-apps-menu-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-auto-move-windows-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-common-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-dash-to-dock-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-desktop-icons-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-disable-screenshield-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-drive-menu-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-gesture-inhibitor-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-horizontal-workspaces-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-launch-new-instance-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-native-window-placement-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-no-hot-corner-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-panel-favorites-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-places-menu-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-screenshot-window-sizer-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-systemMonitor-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-top-icons-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-updates-dialog-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-user-theme-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-window-grouper-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-window-list-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-windowsNavigator-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-workspace-indicator-3.32.1-20.el8.noarch.rpm
ppc64le:
LibRaw-0.19.5-3.el8.ppc64le.rpm
LibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm
LibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm
accountsservice-0.6.55-2.el8.ppc64le.rpm
accountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm
accountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm
accountsservice-libs-0.6.55-2.el8.ppc64le.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm
gdm-40.0-15.el8.ppc64le.rpm
gdm-debuginfo-40.0-15.el8.ppc64le.rpm
gdm-debugsource-40.0-15.el8.ppc64le.rpm
gnome-autoar-0.2.3-2.el8.ppc64le.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.ppc64le.rpm
gnome-autoar-debugsource-0.2.3-2.el8.ppc64le.rpm
gnome-calculator-3.28.2-2.el8.ppc64le.rpm
gnome-calculator-debuginfo-3.28.2-2.el8.ppc64le.rpm
gnome-calculator-debugsource-3.28.2-2.el8.ppc64le.rpm
gnome-control-center-3.28.2-28.el8.ppc64le.rpm
gnome-control-center-debuginfo-3.28.2-28.el8.ppc64le.rpm
gnome-control-center-debugsource-3.28.2-28.el8.ppc64le.rpm
gnome-online-accounts-3.28.2-3.el8.ppc64le.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.ppc64le.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.ppc64le.rpm
gnome-online-accounts-devel-3.28.2-3.el8.ppc64le.rpm
gnome-session-3.28.1-13.el8.ppc64le.rpm
gnome-session-debuginfo-3.28.1-13.el8.ppc64le.rpm
gnome-session-debugsource-3.28.1-13.el8.ppc64le.rpm
gnome-session-kiosk-session-3.28.1-13.el8.ppc64le.rpm
gnome-session-wayland-session-3.28.1-13.el8.ppc64le.rpm
gnome-session-xsession-3.28.1-13.el8.ppc64le.rpm
gnome-settings-daemon-3.32.0-16.el8.ppc64le.rpm
gnome-settings-daemon-debuginfo-3.32.0-16.el8.ppc64le.rpm
gnome-settings-daemon-debugsource-3.32.0-16.el8.ppc64le.rpm
gnome-shell-3.32.2-40.el8.ppc64le.rpm
gnome-shell-debuginfo-3.32.2-40.el8.ppc64le.rpm
gnome-shell-debugsource-3.32.2-40.el8.ppc64le.rpm
gnome-software-3.36.1-10.el8.ppc64le.rpm
gnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm
gnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.ppc64le.rpm
gtk-update-icon-cache-3.22.30-8.el8.ppc64le.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-3.22.30-8.el8.ppc64le.rpm
gtk3-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-debugsource-3.22.30-8.el8.ppc64le.rpm
gtk3-devel-3.22.30-8.el8.ppc64le.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-immodule-xim-3.22.30-8.el8.ppc64le.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.ppc64le.rpm
mutter-3.32.2-60.el8.ppc64le.rpm
mutter-debuginfo-3.32.2-60.el8.ppc64le.rpm
mutter-debugsource-3.32.2-60.el8.ppc64le.rpm
mutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm
vino-3.22.0-11.el8.ppc64le.rpm
vino-debuginfo-3.22.0-11.el8.ppc64le.rpm
vino-debugsource-3.22.0-11.el8.ppc64le.rpm
webkit2gtk3-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-devel-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-jsc-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm
s390x:
accountsservice-0.6.55-2.el8.s390x.rpm
accountsservice-debuginfo-0.6.55-2.el8.s390x.rpm
accountsservice-debugsource-0.6.55-2.el8.s390x.rpm
accountsservice-libs-0.6.55-2.el8.s390x.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm
gdm-40.0-15.el8.s390x.rpm
gdm-debuginfo-40.0-15.el8.s390x.rpm
gdm-debugsource-40.0-15.el8.s390x.rpm
gnome-autoar-0.2.3-2.el8.s390x.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.s390x.rpm
gnome-autoar-debugsource-0.2.3-2.el8.s390x.rpm
gnome-calculator-3.28.2-2.el8.s390x.rpm
gnome-calculator-debuginfo-3.28.2-2.el8.s390x.rpm
gnome-calculator-debugsource-3.28.2-2.el8.s390x.rpm
gnome-control-center-3.28.2-28.el8.s390x.rpm
gnome-control-center-debuginfo-3.28.2-28.el8.s390x.rpm
gnome-control-center-debugsource-3.28.2-28.el8.s390x.rpm
gnome-online-accounts-3.28.2-3.el8.s390x.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.s390x.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.s390x.rpm
gnome-online-accounts-devel-3.28.2-3.el8.s390x.rpm
gnome-session-3.28.1-13.el8.s390x.rpm
gnome-session-debuginfo-3.28.1-13.el8.s390x.rpm
gnome-session-debugsource-3.28.1-13.el8.s390x.rpm
gnome-session-kiosk-session-3.28.1-13.el8.s390x.rpm
gnome-session-wayland-session-3.28.1-13.el8.s390x.rpm
gnome-session-xsession-3.28.1-13.el8.s390x.rpm
gnome-settings-daemon-3.32.0-16.el8.s390x.rpm
gnome-settings-daemon-debuginfo-3.32.0-16.el8.s390x.rpm
gnome-settings-daemon-debugsource-3.32.0-16.el8.s390x.rpm
gnome-shell-3.32.2-40.el8.s390x.rpm
gnome-shell-debuginfo-3.32.2-40.el8.s390x.rpm
gnome-shell-debugsource-3.32.2-40.el8.s390x.rpm
gnome-software-3.36.1-10.el8.s390x.rpm
gnome-software-debuginfo-3.36.1-10.el8.s390x.rpm
gnome-software-debugsource-3.36.1-10.el8.s390x.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.s390x.rpm
gtk-update-icon-cache-3.22.30-8.el8.s390x.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-3.22.30-8.el8.s390x.rpm
gtk3-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-debugsource-3.22.30-8.el8.s390x.rpm
gtk3-devel-3.22.30-8.el8.s390x.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-immodule-xim-3.22.30-8.el8.s390x.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.s390x.rpm
mutter-3.32.2-60.el8.s390x.rpm
mutter-debuginfo-3.32.2-60.el8.s390x.rpm
mutter-debugsource-3.32.2-60.el8.s390x.rpm
mutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm
vino-3.22.0-11.el8.s390x.rpm
vino-debuginfo-3.22.0-11.el8.s390x.rpm
vino-debugsource-3.22.0-11.el8.s390x.rpm
webkit2gtk3-2.32.3-2.el8.s390x.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.s390x.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.s390x.rpm
webkit2gtk3-devel-2.32.3-2.el8.s390x.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.s390x.rpm
webkit2gtk3-jsc-2.32.3-2.el8.s390x.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.s390x.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.s390x.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.s390x.rpm
x86_64:
LibRaw-0.19.5-3.el8.i686.rpm
LibRaw-0.19.5-3.el8.x86_64.rpm
LibRaw-debuginfo-0.19.5-3.el8.i686.rpm
LibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm
LibRaw-debugsource-0.19.5-3.el8.i686.rpm
LibRaw-debugsource-0.19.5-3.el8.x86_64.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm
accountsservice-0.6.55-2.el8.x86_64.rpm
accountsservice-debuginfo-0.6.55-2.el8.i686.rpm
accountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm
accountsservice-debugsource-0.6.55-2.el8.i686.rpm
accountsservice-debugsource-0.6.55-2.el8.x86_64.rpm
accountsservice-libs-0.6.55-2.el8.i686.rpm
accountsservice-libs-0.6.55-2.el8.x86_64.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm
gdm-40.0-15.el8.i686.rpm
gdm-40.0-15.el8.x86_64.rpm
gdm-debuginfo-40.0-15.el8.i686.rpm
gdm-debuginfo-40.0-15.el8.x86_64.rpm
gdm-debugsource-40.0-15.el8.i686.rpm
gdm-debugsource-40.0-15.el8.x86_64.rpm
gnome-autoar-0.2.3-2.el8.i686.rpm
gnome-autoar-0.2.3-2.el8.x86_64.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.i686.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.x86_64.rpm
gnome-autoar-debugsource-0.2.3-2.el8.i686.rpm
gnome-autoar-debugsource-0.2.3-2.el8.x86_64.rpm
gnome-calculator-3.28.2-2.el8.x86_64.rpm
gnome-calculator-debuginfo-3.28.2-2.el8.x86_64.rpm
gnome-calculator-debugsource-3.28.2-2.el8.x86_64.rpm
gnome-control-center-3.28.2-28.el8.x86_64.rpm
gnome-control-center-debuginfo-3.28.2-28.el8.x86_64.rpm
gnome-control-center-debugsource-3.28.2-28.el8.x86_64.rpm
gnome-online-accounts-3.28.2-3.el8.i686.rpm
gnome-online-accounts-3.28.2-3.el8.x86_64.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.i686.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.x86_64.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.i686.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.x86_64.rpm
gnome-online-accounts-devel-3.28.2-3.el8.i686.rpm
gnome-online-accounts-devel-3.28.2-3.el8.x86_64.rpm
gnome-session-3.28.1-13.el8.x86_64.rpm
gnome-session-debuginfo-3.28.1-13.el8.x86_64.rpm
gnome-session-debugsource-3.28.1-13.el8.x86_64.rpm
gnome-session-kiosk-session-3.28.1-13.el8.x86_64.rpm
gnome-session-wayland-session-3.28.1-13.el8.x86_64.rpm
gnome-session-xsession-3.28.1-13.el8.x86_64.rpm
gnome-settings-daemon-3.32.0-16.el8.x86_64.rpm
gnome-settings-daemon-debuginfo-3.32.0-16.el8.x86_64.rpm
gnome-settings-daemon-debugsource-3.32.0-16.el8.x86_64.rpm
gnome-shell-3.32.2-40.el8.x86_64.rpm
gnome-shell-debuginfo-3.32.2-40.el8.x86_64.rpm
gnome-shell-debugsource-3.32.2-40.el8.x86_64.rpm
gnome-software-3.36.1-10.el8.x86_64.rpm
gnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm
gnome-software-debugsource-3.36.1-10.el8.x86_64.rpm
gsettings-desktop-schemas-3.32.0-6.el8.i686.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.i686.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.x86_64.rpm
gtk-update-icon-cache-3.22.30-8.el8.x86_64.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.i686.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-3.22.30-8.el8.i686.rpm
gtk3-3.22.30-8.el8.x86_64.rpm
gtk3-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-debugsource-3.22.30-8.el8.i686.rpm
gtk3-debugsource-3.22.30-8.el8.x86_64.rpm
gtk3-devel-3.22.30-8.el8.i686.rpm
gtk3-devel-3.22.30-8.el8.x86_64.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-immodule-xim-3.22.30-8.el8.x86_64.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.x86_64.rpm
mutter-3.32.2-60.el8.i686.rpm
mutter-3.32.2-60.el8.x86_64.rpm
mutter-debuginfo-3.32.2-60.el8.i686.rpm
mutter-debuginfo-3.32.2-60.el8.x86_64.rpm
mutter-debugsource-3.32.2-60.el8.i686.rpm
mutter-debugsource-3.32.2-60.el8.x86_64.rpm
mutter-tests-debuginfo-3.32.2-60.el8.i686.rpm
mutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm
vino-3.22.0-11.el8.x86_64.rpm
vino-debuginfo-3.22.0-11.el8.x86_64.rpm
vino-debugsource-3.22.0-11.el8.x86_64.rpm
webkit2gtk3-2.32.3-2.el8.i686.rpm
webkit2gtk3-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.i686.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.i686.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-devel-2.32.3-2.el8.i686.rpm
webkit2gtk3-devel-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.i686.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-jsc-2.32.3-2.el8.i686.rpm
webkit2gtk3-jsc-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.i686.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.i686.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.i686.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 8):
Source:
gsettings-desktop-schemas-3.32.0-6.el8.src.rpm
aarch64:
gsettings-desktop-schemas-3.32.0-6.el8.aarch64.rpm
ppc64le:
gsettings-desktop-schemas-3.32.0-6.el8.ppc64le.rpm
s390x:
gsettings-desktop-schemas-3.32.0-6.el8.s390x.rpm
x86_64:
gsettings-desktop-schemas-3.32.0-6.el8.x86_64.rpm
Red Hat Enterprise Linux CRB (v. 8):
aarch64:
accountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm
accountsservice-debugsource-0.6.55-2.el8.aarch64.rpm
accountsservice-devel-0.6.55-2.el8.aarch64.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm
gnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm
gnome-software-debugsource-3.36.1-10.el8.aarch64.rpm
gnome-software-devel-3.36.1-10.el8.aarch64.rpm
mutter-debuginfo-3.32.2-60.el8.aarch64.rpm
mutter-debugsource-3.32.2-60.el8.aarch64.rpm
mutter-devel-3.32.2-60.el8.aarch64.rpm
mutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm
ppc64le:
LibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm
LibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm
LibRaw-devel-0.19.5-3.el8.ppc64le.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm
accountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm
accountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm
accountsservice-devel-0.6.55-2.el8.ppc64le.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm
gnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm
gnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm
gnome-software-devel-3.36.1-10.el8.ppc64le.rpm
mutter-debuginfo-3.32.2-60.el8.ppc64le.rpm
mutter-debugsource-3.32.2-60.el8.ppc64le.rpm
mutter-devel-3.32.2-60.el8.ppc64le.rpm
mutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm
s390x:
accountsservice-debuginfo-0.6.55-2.el8.s390x.rpm
accountsservice-debugsource-0.6.55-2.el8.s390x.rpm
accountsservice-devel-0.6.55-2.el8.s390x.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm
gnome-software-debuginfo-3.36.1-10.el8.s390x.rpm
gnome-software-debugsource-3.36.1-10.el8.s390x.rpm
gnome-software-devel-3.36.1-10.el8.s390x.rpm
mutter-debuginfo-3.32.2-60.el8.s390x.rpm
mutter-debugsource-3.32.2-60.el8.s390x.rpm
mutter-devel-3.32.2-60.el8.s390x.rpm
mutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm
x86_64:
LibRaw-debuginfo-0.19.5-3.el8.i686.rpm
LibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm
LibRaw-debugsource-0.19.5-3.el8.i686.rpm
LibRaw-debugsource-0.19.5-3.el8.x86_64.rpm
LibRaw-devel-0.19.5-3.el8.i686.rpm
LibRaw-devel-0.19.5-3.el8.x86_64.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm
accountsservice-debuginfo-0.6.55-2.el8.i686.rpm
accountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm
accountsservice-debugsource-0.6.55-2.el8.i686.rpm
accountsservice-debugsource-0.6.55-2.el8.x86_64.rpm
accountsservice-devel-0.6.55-2.el8.i686.rpm
accountsservice-devel-0.6.55-2.el8.x86_64.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm
gnome-software-3.36.1-10.el8.i686.rpm
gnome-software-debuginfo-3.36.1-10.el8.i686.rpm
gnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm
gnome-software-debugsource-3.36.1-10.el8.i686.rpm
gnome-software-debugsource-3.36.1-10.el8.x86_64.rpm
gnome-software-devel-3.36.1-10.el8.i686.rpm
gnome-software-devel-3.36.1-10.el8.x86_64.rpm
mutter-debuginfo-3.32.2-60.el8.i686.rpm
mutter-debuginfo-3.32.2-60.el8.x86_64.rpm
mutter-debugsource-3.32.2-60.el8.i686.rpm
mutter-debugsource-3.32.2-60.el8.x86_64.rpm
mutter-devel-3.32.2-60.el8.i686.rpm
mutter-devel-3.32.2-60.el8.x86_64.rpm
mutter-tests-debuginfo-3.32.2-60.el8.i686.rpm
mutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-13558
https://access.redhat.com/security/cve/CVE-2020-24870
https://access.redhat.com/security/cve/CVE-2020-27918
https://access.redhat.com/security/cve/CVE-2020-29623
https://access.redhat.com/security/cve/CVE-2020-36241
https://access.redhat.com/security/cve/CVE-2021-1765
https://access.redhat.com/security/cve/CVE-2021-1788
https://access.redhat.com/security/cve/CVE-2021-1789
https://access.redhat.com/security/cve/CVE-2021-1799
https://access.redhat.com/security/cve/CVE-2021-1801
https://access.redhat.com/security/cve/CVE-2021-1844
https://access.redhat.com/security/cve/CVE-2021-1870
https://access.redhat.com/security/cve/CVE-2021-1871
https://access.redhat.com/security/cve/CVE-2021-21775
https://access.redhat.com/security/cve/CVE-2021-21779
https://access.redhat.com/security/cve/CVE-2021-21806
https://access.redhat.com/security/cve/CVE-2021-28650
https://access.redhat.com/security/cve/CVE-2021-30663
https://access.redhat.com/security/cve/CVE-2021-30665
https://access.redhat.com/security/cve/CVE-2021-30682
https://access.redhat.com/security/cve/CVE-2021-30689
https://access.redhat.com/security/cve/CVE-2021-30720
https://access.redhat.com/security/cve/CVE-2021-30734
https://access.redhat.com/security/cve/CVE-2021-30744
https://access.redhat.com/security/cve/CVE-2021-30749
https://access.redhat.com/security/cve/CVE-2021-30758
https://access.redhat.com/security/cve/CVE-2021-30795
https://access.redhat.com/security/cve/CVE-2021-30797
https://access.redhat.com/security/cve/CVE-2021-30799
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. Summary:
The Migration Toolkit for Containers (MTC) 1.6.3 is now available. Description:
The Migration Toolkit for Containers (MTC) enables you to migrate
Kubernetes resources, persistent volume data, and internal container images
between OpenShift Container Platform clusters, using the MTC web console or
the Kubernetes API.
Security Fix(es):
* mig-controller: incorrect namespaces handling may lead to not authorized
usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
2019088 - "MigrationController" CR displays syntax error when unquiescing applications
2021666 - Route name longer than 63 characters causes direct volume migration to fail
2021668 - "MigrationController" CR ignores the "cluster_subdomain" value for direct volume migration routes
2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)
2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image
2027196 - "migration-controller" pod goes into "CrashLoopBackoff" state if an invalid registry route is entered on the "Clusters" page of the web console
2027382 - "Copy oc describe/oc logs" window does not close automatically after timeout
2028841 - "rsync-client" container fails during direct volume migration with "Address family not supported by protocol" error
2031793 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "includedResources" resource
2039852 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "destMigClusterRef" or "srcMigClusterRef"
5.
Installation note:
This update may be obtained from the Mac App Store. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-05-25-7 tvOS 14.6
tvOS 14.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212532.
Audio
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30707: hjy79425575 working with Trend Micro Zero Day
Initiative
Audio
Available for: Apple TV 4K and Apple TV HD
Impact: Parsing a maliciously crafted audio file may lead to
disclosure of user information
Description: This issue was addressed with improved checks.
CVE-2021-30685: Mickey Jin (@patch1t) of Trend Micro
CoreAudio
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted audio file may disclose
restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30686: Mickey Jin of Trend Micro
Crash Reporter
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to modify protected parts
of the file system
Description: A logic issue was addressed with improved state
management.
CVE-2021-30727: Cees Elzinga
CVMS
Available for: Apple TV 4K and Apple TV HD
Impact: A local attacker may be able to elevate their privileges
Description: This issue was addressed with improved checks.
CVE-2021-30724: Mickey Jin (@patch1t) of Trend Micro
Heimdal
Available for: Apple TV 4K and Apple TV HD
Impact: A local user may be able to leak sensitive user information
Description: A logic issue was addressed with improved state
management.
CVE-2021-30697: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may cause a denial of service or
potentially disclose memory contents
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30710: Gabe Kirkpatrick (@gabe_k)
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to disclosure
of user information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30687: Hou JingYi (@hjy79425575) of Qihoo 360
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to disclosure
of user information
Description: This issue was addressed with improved checks.
CVE-2021-30700: Ye Zhang(@co0py_Cat) of Baidu Security
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-30701: Mickey Jin (@patch1t) of Trend Micro and Ye Zhang of
Baidu Security
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted ASTC file may disclose
memory contents
Description: This issue was addressed with improved checks.
CVE-2021-30705: Ye Zhang of Baidu Security
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A logic issue was addressed with improved validation.
CVE-2021-30740: Linus Henze (pinauten.de)
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-30704: an anonymous researcher
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted message may lead to a denial
of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-30715: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2021-30736: Ian Beer of Google Project Zero
LaunchServices
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to break out of its
sandbox
Description: This issue was addressed with improved environment
sanitization.
CVE-2021-30677: Ron Waisberg (@epsilan)
Security
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue in the ASN.1 decoder was
addressed by removing the vulnerable code. Apple is aware of a report that this issue
may have been actively exploited.
CVE-2021-30665: yangkang (@dnpushme)&zerokeeper&bianliang of 360 ATA
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A cross-origin issue with iframe elements was addressed
with improved tracking of security origins.
CVE-2021-21779: Marcin Towalski of Cisco Talos
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to leak sensitive user
information
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30682: an anonymous researcher and 1lastBr3ath
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved state
management.
CVE-2021-30749: an anonymous researcher and mipu94 of SEFCOM lab,
ASU. working with Trend Micro Zero Day Initiative
CVE-2021-30734: Jack Dates of RET2 Systems, Inc. (@ret2systems)
working with Trend Micro Zero Day Initiative
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious website may be able to access restricted ports on
arbitrary servers
Description: A logic issue was addressed with improved restrictions. Apple is aware of a report that this issue
may have been actively exploited.
Description: An integer overflow was addressed with improved input
validation.
CVE-2021-30663: an anonymous researcher
Additional recognition
ImageIO
We would like to acknowledge Jzhu working with Trend Micro Zero Day
Initiative and an anonymous researcher for their assistance.
WebKit
We would like to acknowledge Chris Salls (@salls) of Makai Security
for their assistance.
Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software."
To check the current version of software, select
"Settings -> General -> About."
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCtU9MACgkQZcsbuWJ6
jjBzuhAAmXJik2L+PmRMzs6dd1QcCSwHYi0KLG0ERapHKJsFcm5+xpv87a4AFO4p
3E6+5w9wQSWVEsQG1PIvuyV3M81xuu8xY88tAD1ce1qGA4Dny4E7RU08Y0l43j/x
d1RemCf0TjwYpvX34/GaOspxFQYnRo1gWsU1v7bieF8vMHZmUOlgiNep0UEG3Kuq
7IAAsfzWS43a+nkefSDWEujMNwbg1SZKua/+BXgZC7AOXdAHItqyNBFIerUc2uSf
ReHLZ5BNBKw9OsL9qoJsiLCmwxKrpUTzpQahu2gybZf65nza6QPOTohqqWq79EOD
mIqOW4SQ5mVSrzMh+GB9EovMY+l5YgyHwObTUjRW+4znLU7fqNXBgwzgWoIpJdF0
rpkjP3phOGXZWwiBhRmm5iYI08HFoBfF+EoPFN5Ucl7ZWz2uF0bQlbp3yqRoGRaO
ZWY2LzPIdP5zSq7rqXDaVnNFuKF93J4ouZZwVMXA4yf5wmQ3silIeJlvxxphlet8
oXv2pkewq9A81RGMlgMDZMvawQvPGkOVgeBm1coajN1swNY8esW7N6J1+rtDL0mI
sulaGZCeSM9ndg5VRU2lpClFdGEUZXT2hZ8NoMV6jj48c0gZBW3M82snGD4zeRqM
dcezqg6o22ZxpogRJuRf41Y87ktE5o73wgj0xu72MQoxK86+Ek0=
=BeQR
-----END PGP SIGNATURE-----
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202202-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: WebkitGTK+: Multiple vulnerabilities
Date: February 01, 2022
Bugs: #779175, #801400, #813489, #819522, #820434, #829723,
#831739
ID: 202202-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple vulnerabilities have been found in WebkitGTK+, the worst of
which could result in the arbitrary execution of code.
Background
=========
WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from hybrid
HTML/CSS applications to full-fledged web browsers.
Affected packages
================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.34.4 >= 2.34.4
Description
==========
Multiple vulnerabilities have been discovered in WebkitGTK+. Please
review the CVE identifiers referenced below for details.
Workaround
=========
There is no known workaround at this time.
Resolution
=========
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.34.4"
References
=========
[ 1 ] CVE-2021-30848
https://nvd.nist.gov/vuln/detail/CVE-2021-30848
[ 2 ] CVE-2021-30888
https://nvd.nist.gov/vuln/detail/CVE-2021-30888
[ 3 ] CVE-2021-30682
https://nvd.nist.gov/vuln/detail/CVE-2021-30682
[ 4 ] CVE-2021-30889
https://nvd.nist.gov/vuln/detail/CVE-2021-30889
[ 5 ] CVE-2021-30666
https://nvd.nist.gov/vuln/detail/CVE-2021-30666
[ 6 ] CVE-2021-30665
https://nvd.nist.gov/vuln/detail/CVE-2021-30665
[ 7 ] CVE-2021-30890
https://nvd.nist.gov/vuln/detail/CVE-2021-30890
[ 8 ] CVE-2021-30661
https://nvd.nist.gov/vuln/detail/CVE-2021-30661
[ 9 ] WSA-2021-0005
https://webkitgtk.org/security/WSA-2021-0005.html
[ 10 ] CVE-2021-30761
https://nvd.nist.gov/vuln/detail/CVE-2021-30761
[ 11 ] CVE-2021-30897
https://nvd.nist.gov/vuln/detail/CVE-2021-30897
[ 12 ] CVE-2021-30823
https://nvd.nist.gov/vuln/detail/CVE-2021-30823
[ 13 ] CVE-2021-30734
https://nvd.nist.gov/vuln/detail/CVE-2021-30734
[ 14 ] CVE-2021-30934
https://nvd.nist.gov/vuln/detail/CVE-2021-30934
[ 15 ] CVE-2021-1871
https://nvd.nist.gov/vuln/detail/CVE-2021-1871
[ 16 ] CVE-2021-30762
https://nvd.nist.gov/vuln/detail/CVE-2021-30762
[ 17 ] WSA-2021-0006
https://webkitgtk.org/security/WSA-2021-0006.html
[ 18 ] CVE-2021-30797
https://nvd.nist.gov/vuln/detail/CVE-2021-30797
[ 19 ] CVE-2021-30936
https://nvd.nist.gov/vuln/detail/CVE-2021-30936
[ 20 ] CVE-2021-30663
https://nvd.nist.gov/vuln/detail/CVE-2021-30663
[ 21 ] CVE-2021-1825
https://nvd.nist.gov/vuln/detail/CVE-2021-1825
[ 22 ] CVE-2021-30951
https://nvd.nist.gov/vuln/detail/CVE-2021-30951
[ 23 ] CVE-2021-30952
https://nvd.nist.gov/vuln/detail/CVE-2021-30952
[ 24 ] CVE-2021-1788
https://nvd.nist.gov/vuln/detail/CVE-2021-1788
[ 25 ] CVE-2021-1820
https://nvd.nist.gov/vuln/detail/CVE-2021-1820
[ 26 ] CVE-2021-30953
https://nvd.nist.gov/vuln/detail/CVE-2021-30953
[ 27 ] CVE-2021-30749
https://nvd.nist.gov/vuln/detail/CVE-2021-30749
[ 28 ] CVE-2021-30849
https://nvd.nist.gov/vuln/detail/CVE-2021-30849
[ 29 ] CVE-2021-1826
https://nvd.nist.gov/vuln/detail/CVE-2021-1826
[ 30 ] CVE-2021-30836
https://nvd.nist.gov/vuln/detail/CVE-2021-30836
[ 31 ] CVE-2021-30954
https://nvd.nist.gov/vuln/detail/CVE-2021-30954
[ 32 ] CVE-2021-30984
https://nvd.nist.gov/vuln/detail/CVE-2021-30984
[ 33 ] CVE-2021-30851
https://nvd.nist.gov/vuln/detail/CVE-2021-30851
[ 34 ] CVE-2021-30758
https://nvd.nist.gov/vuln/detail/CVE-2021-30758
[ 35 ] CVE-2021-42762
https://nvd.nist.gov/vuln/detail/CVE-2021-42762
[ 36 ] CVE-2021-1844
https://nvd.nist.gov/vuln/detail/CVE-2021-1844
[ 37 ] CVE-2021-30689
https://nvd.nist.gov/vuln/detail/CVE-2021-30689
[ 38 ] CVE-2021-45482
https://nvd.nist.gov/vuln/detail/CVE-2021-45482
[ 39 ] CVE-2021-30858
https://nvd.nist.gov/vuln/detail/CVE-2021-30858
[ 40 ] CVE-2021-21779
https://nvd.nist.gov/vuln/detail/CVE-2021-21779
[ 41 ] WSA-2021-0004
https://webkitgtk.org/security/WSA-2021-0004.html
[ 42 ] CVE-2021-30846
https://nvd.nist.gov/vuln/detail/CVE-2021-30846
[ 43 ] CVE-2021-30744
https://nvd.nist.gov/vuln/detail/CVE-2021-30744
[ 44 ] CVE-2021-30809
https://nvd.nist.gov/vuln/detail/CVE-2021-30809
[ 45 ] CVE-2021-30884
https://nvd.nist.gov/vuln/detail/CVE-2021-30884
[ 46 ] CVE-2021-30720
https://nvd.nist.gov/vuln/detail/CVE-2021-30720
[ 47 ] CVE-2021-30799
https://nvd.nist.gov/vuln/detail/CVE-2021-30799
[ 48 ] CVE-2021-30795
https://nvd.nist.gov/vuln/detail/CVE-2021-30795
[ 49 ] CVE-2021-1817
https://nvd.nist.gov/vuln/detail/CVE-2021-1817
[ 50 ] CVE-2021-21775
https://nvd.nist.gov/vuln/detail/CVE-2021-21775
[ 51 ] CVE-2021-30887
https://nvd.nist.gov/vuln/detail/CVE-2021-30887
[ 52 ] CVE-2021-21806
https://nvd.nist.gov/vuln/detail/CVE-2021-21806
[ 53 ] CVE-2021-30818
https://nvd.nist.gov/vuln/detail/CVE-2021-30818
Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202202-01
Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
======
Copyright 2022 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
VAR-202109-1347 | CVE-2021-30734 | (Pwn2Own) Apple macOS process_token_VPHAL Out-Of-Bounds Write Privilege Escalation Vulnerability |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the LLIntGenerator object. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. WebKitGTK+ has a buffer error vulnerability, which is caused by a boundary error when processing HTML content in WebKit. The following products and versions are affected: WebKitGTK+: 2.30.0, 2.30.1, 2.30.2, 2.30.3, 2.30.4, 2.30.5, 2.30.6, 2.31.1, 2.31.90, 2.31.91, 2.32 .0, 2.32.1.
The specific flaw exists within the AppleIntelKBLGraphics kext.
Installation note:
This update may be obtained from the Mac App Store. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-05-25-7 tvOS 14.6
tvOS 14.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212532.
Audio
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30707: hjy79425575 working with Trend Micro Zero Day
Initiative
Audio
Available for: Apple TV 4K and Apple TV HD
Impact: Parsing a maliciously crafted audio file may lead to
disclosure of user information
Description: This issue was addressed with improved checks.
CVE-2021-30685: Mickey Jin (@patch1t) of Trend Micro
CoreAudio
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted audio file may disclose
restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30686: Mickey Jin of Trend Micro
Crash Reporter
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to modify protected parts
of the file system
Description: A logic issue was addressed with improved state
management.
CVE-2021-30727: Cees Elzinga
CVMS
Available for: Apple TV 4K and Apple TV HD
Impact: A local attacker may be able to elevate their privileges
Description: This issue was addressed with improved checks.
CVE-2021-30724: Mickey Jin (@patch1t) of Trend Micro
Heimdal
Available for: Apple TV 4K and Apple TV HD
Impact: A local user may be able to leak sensitive user information
Description: A logic issue was addressed with improved state
management.
CVE-2021-30697: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may cause a denial of service or
potentially disclose memory contents
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30710: Gabe Kirkpatrick (@gabe_k)
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to disclosure
of user information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30687: Hou JingYi (@hjy79425575) of Qihoo 360
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to disclosure
of user information
Description: This issue was addressed with improved checks.
CVE-2021-30700: Ye Zhang(@co0py_Cat) of Baidu Security
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-30701: Mickey Jin (@patch1t) of Trend Micro and Ye Zhang of
Baidu Security
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted ASTC file may disclose
memory contents
Description: This issue was addressed with improved checks.
CVE-2021-30705: Ye Zhang of Baidu Security
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A logic issue was addressed with improved validation.
CVE-2021-30740: Linus Henze (pinauten.de)
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-30704: an anonymous researcher
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted message may lead to a denial
of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-30715: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2021-30736: Ian Beer of Google Project Zero
LaunchServices
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to break out of its
sandbox
Description: This issue was addressed with improved environment
sanitization.
CVE-2021-30677: Ron Waisberg (@epsilan)
Security
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue in the ASN.1 decoder was
addressed by removing the vulnerable code. Apple is aware of a report that this issue
may have been actively exploited.
CVE-2021-30665: yangkang (@dnpushme)&zerokeeper&bianliang of 360 ATA
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A cross-origin issue with iframe elements was addressed
with improved tracking of security origins.
CVE-2021-21779: Marcin Towalski of Cisco Talos
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to leak sensitive user
information
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30682: an anonymous researcher and 1lastBr3ath
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved state
management.
CVE-2021-30749: an anonymous researcher and mipu94 of SEFCOM lab,
ASU. working with Trend Micro Zero Day Initiative
CVE-2021-30734: Jack Dates of RET2 Systems, Inc. (@ret2systems)
working with Trend Micro Zero Day Initiative
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious website may be able to access restricted ports on
arbitrary servers
Description: A logic issue was addressed with improved restrictions. Apple is aware of a report that this issue
may have been actively exploited.
CVE-2021-30663: an anonymous researcher
Additional recognition
ImageIO
We would like to acknowledge Jzhu working with Trend Micro Zero Day
Initiative and an anonymous researcher for their assistance.
WebKit
We would like to acknowledge Chris Salls (@salls) of Makai Security
for their assistance.
Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software."
To check the current version of software, select
"Settings -> General -> About."
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCtU9MACgkQZcsbuWJ6
jjBzuhAAmXJik2L+PmRMzs6dd1QcCSwHYi0KLG0ERapHKJsFcm5+xpv87a4AFO4p
3E6+5w9wQSWVEsQG1PIvuyV3M81xuu8xY88tAD1ce1qGA4Dny4E7RU08Y0l43j/x
d1RemCf0TjwYpvX34/GaOspxFQYnRo1gWsU1v7bieF8vMHZmUOlgiNep0UEG3Kuq
7IAAsfzWS43a+nkefSDWEujMNwbg1SZKua/+BXgZC7AOXdAHItqyNBFIerUc2uSf
ReHLZ5BNBKw9OsL9qoJsiLCmwxKrpUTzpQahu2gybZf65nza6QPOTohqqWq79EOD
mIqOW4SQ5mVSrzMh+GB9EovMY+l5YgyHwObTUjRW+4znLU7fqNXBgwzgWoIpJdF0
rpkjP3phOGXZWwiBhRmm5iYI08HFoBfF+EoPFN5Ucl7ZWz2uF0bQlbp3yqRoGRaO
ZWY2LzPIdP5zSq7rqXDaVnNFuKF93J4ouZZwVMXA4yf5wmQ3silIeJlvxxphlet8
oXv2pkewq9A81RGMlgMDZMvawQvPGkOVgeBm1coajN1swNY8esW7N6J1+rtDL0mI
sulaGZCeSM9ndg5VRU2lpClFdGEUZXT2hZ8NoMV6jj48c0gZBW3M82snGD4zeRqM
dcezqg6o22ZxpogRJuRf41Y87ktE5o73wgj0xu72MQoxK86+Ek0=
=BeQR
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: GNOME security, bug fix, and enhancement update
Advisory ID: RHSA-2021:4381-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:4381
Issue date: 2021-11-09
CVE Names: CVE-2020-13558 CVE-2020-24870 CVE-2020-27918
CVE-2020-29623 CVE-2020-36241 CVE-2021-1765
CVE-2021-1788 CVE-2021-1789 CVE-2021-1799
CVE-2021-1801 CVE-2021-1844 CVE-2021-1870
CVE-2021-1871 CVE-2021-21775 CVE-2021-21779
CVE-2021-21806 CVE-2021-28650 CVE-2021-30663
CVE-2021-30665 CVE-2021-30682 CVE-2021-30689
CVE-2021-30720 CVE-2021-30734 CVE-2021-30744
CVE-2021-30749 CVE-2021-30758 CVE-2021-30795
CVE-2021-30797 CVE-2021-30799
====================================================================
1. Summary:
An update for GNOME is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64
3. Description:
GNOME is the default desktop environment of Red Hat Enterprise Linux.
The following packages have been upgraded to a later upstream version: gdm
(40.0), webkit2gtk3 (2.32.3).
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.5 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
GDM must be restarted for this update to take effect. The GNOME session
must be restarted (log out, then log back in) for this update to take
effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1651378 - [RFE] Provide a mechanism for persistently showing the security level of a machine at login time
1770302 - disable show text in GDM login/lock screen (patched in RHEL 7.8)
1791478 - Cannot completely disable odrs (Gnome Ratings) from the Software application in Gnome Desktop
1813727 - Files copied from NFS4 to Desktop can't be opened
1854679 - [RFE] Disable left edge gesture
1873297 - Gnome-software coredumps when run as root in terminal
1873488 - GTK3 prints errors with overlay scrollbar disabled
1888404 - Updates page hides ongoing updates on refresh
1894613 - [RFE] Re-inclusion of workspace renaming in GNOME 3.
1897932 - JS ERROR: Error: Extension point conflict: there is already a status indicator for role ...
1904139 - Automatic Logout Feature not working
1905000 - Desktop refresh broken after unlock
1909300 - gdm isn't killing the login screen on login after all, should rebase to latest release
1914925 - RFE: add patch to set grub boot_success flag on shutdown/reboot
1924725 - [Wayland] Double-touch desktop icons fails sometimes
1925640 - CVE-2020-36241 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory
1928794 - CVE-2020-24870 LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp
1928886 - CVE-2020-13558 webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution
1935261 - [RFE] Enable connecting to WiFI and VPN connections at the GDM login
1937416 - Rebase WebKitGTK to 2.32
1937866 - Unable to disable onscreen keyboard in touch screen machine [rhel-8.5.0]
1938937 - Mutter: mouse click doesn't work when using 10-bit graphic monitor [rhel-8.5.0]
1940026 - CVE-2021-28650 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix)
1944323 - CVE-2020-27918 webkitgtk: Use-after-free leading to arbitrary code execution
1944329 - CVE-2020-29623 webkitgtk: User may be unable to fully delete browsing history
1944333 - CVE-2021-1765 webkitgtk: IFrame sandboxing policy violation
1944337 - CVE-2021-1789 webkitgtk: Type confusion issue leading to arbitrary code execution
1944340 - CVE-2021-1799 webkitgtk: Access to restricted ports on arbitrary servers via port redirection
1944343 - CVE-2021-1801 webkitgtk: IFrame sandboxing policy violation
1944350 - CVE-2021-1870 webkitgtk: Logic issue leading to arbitrary code execution
1944859 - CVE-2021-1788 webkitgtk: Use-after-free leading to arbitrary code execution
1944862 - CVE-2021-1844 webkitgtk: Memory corruption issue leading to arbitrary code execution
1944867 - CVE-2021-1871 webkitgtk: Logic issue leading to arbitrary code execution
1949176 - GNOME Shell on Wayland does not generate xauth data, needed for X forwarding over SSH
1951086 - Disable the Facebook provider
1952136 - Disable the Foursquare provider
1955754 - gnome-session kiosk-session support still isn't up to muster
1957705 - RFE: make gnome-calculator internet access attemps configurable system-wide
1960705 - Vino nonfunctional in FIPS mode
1962049 - [Hyper-V][RHEL8.5]gdm: Guest with 1 vcpu start GUI failed on Hyper-V
1971507 - gnome-shell JS ERROR Error calling onComplete: TypeError this._dialog.actor is undefined _hideLockScreenComplete updateTweens
1971534 - gnome-shell[2343]: gsignal.c:2642: instance '0x5583c61f9280' has no handler with id '23831'
1972545 - flatpak: Prefer runtime from the same origin as the application
1978287 - gnome-shell to include / Documented - PolicyKit-authentication-agent
1978505 - Gnome Software development package is missing important header files.
1978612 - pt_BR translations for "Register System" panel
1980441 - CVE-2021-21806 webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution
1980661 - "Screen Lock disabled" notification appears on first login after disabling gdm and notification pop-up. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source:
LibRaw-0.19.5-3.el8.src.rpm
accountsservice-0.6.55-2.el8.src.rpm
gdm-40.0-15.el8.src.rpm
gnome-autoar-0.2.3-2.el8.src.rpm
gnome-calculator-3.28.2-2.el8.src.rpm
gnome-control-center-3.28.2-28.el8.src.rpm
gnome-online-accounts-3.28.2-3.el8.src.rpm
gnome-session-3.28.1-13.el8.src.rpm
gnome-settings-daemon-3.32.0-16.el8.src.rpm
gnome-shell-3.32.2-40.el8.src.rpm
gnome-shell-extensions-3.32.1-20.el8.src.rpm
gnome-software-3.36.1-10.el8.src.rpm
gtk3-3.22.30-8.el8.src.rpm
mutter-3.32.2-60.el8.src.rpm
vino-3.22.0-11.el8.src.rpm
webkit2gtk3-2.32.3-2.el8.src.rpm
aarch64:
accountsservice-0.6.55-2.el8.aarch64.rpm
accountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm
accountsservice-debugsource-0.6.55-2.el8.aarch64.rpm
accountsservice-libs-0.6.55-2.el8.aarch64.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm
gdm-40.0-15.el8.aarch64.rpm
gdm-debuginfo-40.0-15.el8.aarch64.rpm
gdm-debugsource-40.0-15.el8.aarch64.rpm
gnome-autoar-0.2.3-2.el8.aarch64.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.aarch64.rpm
gnome-autoar-debugsource-0.2.3-2.el8.aarch64.rpm
gnome-calculator-3.28.2-2.el8.aarch64.rpm
gnome-calculator-debuginfo-3.28.2-2.el8.aarch64.rpm
gnome-calculator-debugsource-3.28.2-2.el8.aarch64.rpm
gnome-control-center-3.28.2-28.el8.aarch64.rpm
gnome-control-center-debuginfo-3.28.2-28.el8.aarch64.rpm
gnome-control-center-debugsource-3.28.2-28.el8.aarch64.rpm
gnome-online-accounts-3.28.2-3.el8.aarch64.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.aarch64.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.aarch64.rpm
gnome-online-accounts-devel-3.28.2-3.el8.aarch64.rpm
gnome-session-3.28.1-13.el8.aarch64.rpm
gnome-session-debuginfo-3.28.1-13.el8.aarch64.rpm
gnome-session-debugsource-3.28.1-13.el8.aarch64.rpm
gnome-session-kiosk-session-3.28.1-13.el8.aarch64.rpm
gnome-session-wayland-session-3.28.1-13.el8.aarch64.rpm
gnome-session-xsession-3.28.1-13.el8.aarch64.rpm
gnome-settings-daemon-3.32.0-16.el8.aarch64.rpm
gnome-settings-daemon-debuginfo-3.32.0-16.el8.aarch64.rpm
gnome-settings-daemon-debugsource-3.32.0-16.el8.aarch64.rpm
gnome-shell-3.32.2-40.el8.aarch64.rpm
gnome-shell-debuginfo-3.32.2-40.el8.aarch64.rpm
gnome-shell-debugsource-3.32.2-40.el8.aarch64.rpm
gnome-software-3.36.1-10.el8.aarch64.rpm
gnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm
gnome-software-debugsource-3.36.1-10.el8.aarch64.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.aarch64.rpm
gtk-update-icon-cache-3.22.30-8.el8.aarch64.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-3.22.30-8.el8.aarch64.rpm
gtk3-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-debugsource-3.22.30-8.el8.aarch64.rpm
gtk3-devel-3.22.30-8.el8.aarch64.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-immodule-xim-3.22.30-8.el8.aarch64.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.aarch64.rpm
mutter-3.32.2-60.el8.aarch64.rpm
mutter-debuginfo-3.32.2-60.el8.aarch64.rpm
mutter-debugsource-3.32.2-60.el8.aarch64.rpm
mutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm
vino-3.22.0-11.el8.aarch64.rpm
vino-debuginfo-3.22.0-11.el8.aarch64.rpm
vino-debugsource-3.22.0-11.el8.aarch64.rpm
webkit2gtk3-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-devel-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-jsc-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.aarch64.rpm
noarch:
gnome-classic-session-3.32.1-20.el8.noarch.rpm
gnome-control-center-filesystem-3.28.2-28.el8.noarch.rpm
gnome-shell-extension-apps-menu-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-auto-move-windows-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-common-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-dash-to-dock-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-desktop-icons-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-disable-screenshield-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-drive-menu-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-gesture-inhibitor-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-horizontal-workspaces-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-launch-new-instance-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-native-window-placement-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-no-hot-corner-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-panel-favorites-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-places-menu-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-screenshot-window-sizer-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-systemMonitor-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-top-icons-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-updates-dialog-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-user-theme-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-window-grouper-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-window-list-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-windowsNavigator-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-workspace-indicator-3.32.1-20.el8.noarch.rpm
ppc64le:
LibRaw-0.19.5-3.el8.ppc64le.rpm
LibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm
LibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm
accountsservice-0.6.55-2.el8.ppc64le.rpm
accountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm
accountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm
accountsservice-libs-0.6.55-2.el8.ppc64le.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm
gdm-40.0-15.el8.ppc64le.rpm
gdm-debuginfo-40.0-15.el8.ppc64le.rpm
gdm-debugsource-40.0-15.el8.ppc64le.rpm
gnome-autoar-0.2.3-2.el8.ppc64le.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.ppc64le.rpm
gnome-autoar-debugsource-0.2.3-2.el8.ppc64le.rpm
gnome-calculator-3.28.2-2.el8.ppc64le.rpm
gnome-calculator-debuginfo-3.28.2-2.el8.ppc64le.rpm
gnome-calculator-debugsource-3.28.2-2.el8.ppc64le.rpm
gnome-control-center-3.28.2-28.el8.ppc64le.rpm
gnome-control-center-debuginfo-3.28.2-28.el8.ppc64le.rpm
gnome-control-center-debugsource-3.28.2-28.el8.ppc64le.rpm
gnome-online-accounts-3.28.2-3.el8.ppc64le.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.ppc64le.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.ppc64le.rpm
gnome-online-accounts-devel-3.28.2-3.el8.ppc64le.rpm
gnome-session-3.28.1-13.el8.ppc64le.rpm
gnome-session-debuginfo-3.28.1-13.el8.ppc64le.rpm
gnome-session-debugsource-3.28.1-13.el8.ppc64le.rpm
gnome-session-kiosk-session-3.28.1-13.el8.ppc64le.rpm
gnome-session-wayland-session-3.28.1-13.el8.ppc64le.rpm
gnome-session-xsession-3.28.1-13.el8.ppc64le.rpm
gnome-settings-daemon-3.32.0-16.el8.ppc64le.rpm
gnome-settings-daemon-debuginfo-3.32.0-16.el8.ppc64le.rpm
gnome-settings-daemon-debugsource-3.32.0-16.el8.ppc64le.rpm
gnome-shell-3.32.2-40.el8.ppc64le.rpm
gnome-shell-debuginfo-3.32.2-40.el8.ppc64le.rpm
gnome-shell-debugsource-3.32.2-40.el8.ppc64le.rpm
gnome-software-3.36.1-10.el8.ppc64le.rpm
gnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm
gnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.ppc64le.rpm
gtk-update-icon-cache-3.22.30-8.el8.ppc64le.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-3.22.30-8.el8.ppc64le.rpm
gtk3-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-debugsource-3.22.30-8.el8.ppc64le.rpm
gtk3-devel-3.22.30-8.el8.ppc64le.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-immodule-xim-3.22.30-8.el8.ppc64le.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.ppc64le.rpm
mutter-3.32.2-60.el8.ppc64le.rpm
mutter-debuginfo-3.32.2-60.el8.ppc64le.rpm
mutter-debugsource-3.32.2-60.el8.ppc64le.rpm
mutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm
vino-3.22.0-11.el8.ppc64le.rpm
vino-debuginfo-3.22.0-11.el8.ppc64le.rpm
vino-debugsource-3.22.0-11.el8.ppc64le.rpm
webkit2gtk3-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-devel-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-jsc-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm
s390x:
accountsservice-0.6.55-2.el8.s390x.rpm
accountsservice-debuginfo-0.6.55-2.el8.s390x.rpm
accountsservice-debugsource-0.6.55-2.el8.s390x.rpm
accountsservice-libs-0.6.55-2.el8.s390x.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm
gdm-40.0-15.el8.s390x.rpm
gdm-debuginfo-40.0-15.el8.s390x.rpm
gdm-debugsource-40.0-15.el8.s390x.rpm
gnome-autoar-0.2.3-2.el8.s390x.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.s390x.rpm
gnome-autoar-debugsource-0.2.3-2.el8.s390x.rpm
gnome-calculator-3.28.2-2.el8.s390x.rpm
gnome-calculator-debuginfo-3.28.2-2.el8.s390x.rpm
gnome-calculator-debugsource-3.28.2-2.el8.s390x.rpm
gnome-control-center-3.28.2-28.el8.s390x.rpm
gnome-control-center-debuginfo-3.28.2-28.el8.s390x.rpm
gnome-control-center-debugsource-3.28.2-28.el8.s390x.rpm
gnome-online-accounts-3.28.2-3.el8.s390x.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.s390x.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.s390x.rpm
gnome-online-accounts-devel-3.28.2-3.el8.s390x.rpm
gnome-session-3.28.1-13.el8.s390x.rpm
gnome-session-debuginfo-3.28.1-13.el8.s390x.rpm
gnome-session-debugsource-3.28.1-13.el8.s390x.rpm
gnome-session-kiosk-session-3.28.1-13.el8.s390x.rpm
gnome-session-wayland-session-3.28.1-13.el8.s390x.rpm
gnome-session-xsession-3.28.1-13.el8.s390x.rpm
gnome-settings-daemon-3.32.0-16.el8.s390x.rpm
gnome-settings-daemon-debuginfo-3.32.0-16.el8.s390x.rpm
gnome-settings-daemon-debugsource-3.32.0-16.el8.s390x.rpm
gnome-shell-3.32.2-40.el8.s390x.rpm
gnome-shell-debuginfo-3.32.2-40.el8.s390x.rpm
gnome-shell-debugsource-3.32.2-40.el8.s390x.rpm
gnome-software-3.36.1-10.el8.s390x.rpm
gnome-software-debuginfo-3.36.1-10.el8.s390x.rpm
gnome-software-debugsource-3.36.1-10.el8.s390x.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.s390x.rpm
gtk-update-icon-cache-3.22.30-8.el8.s390x.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-3.22.30-8.el8.s390x.rpm
gtk3-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-debugsource-3.22.30-8.el8.s390x.rpm
gtk3-devel-3.22.30-8.el8.s390x.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-immodule-xim-3.22.30-8.el8.s390x.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.s390x.rpm
mutter-3.32.2-60.el8.s390x.rpm
mutter-debuginfo-3.32.2-60.el8.s390x.rpm
mutter-debugsource-3.32.2-60.el8.s390x.rpm
mutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm
vino-3.22.0-11.el8.s390x.rpm
vino-debuginfo-3.22.0-11.el8.s390x.rpm
vino-debugsource-3.22.0-11.el8.s390x.rpm
webkit2gtk3-2.32.3-2.el8.s390x.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.s390x.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.s390x.rpm
webkit2gtk3-devel-2.32.3-2.el8.s390x.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.s390x.rpm
webkit2gtk3-jsc-2.32.3-2.el8.s390x.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.s390x.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.s390x.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.s390x.rpm
x86_64:
LibRaw-0.19.5-3.el8.i686.rpm
LibRaw-0.19.5-3.el8.x86_64.rpm
LibRaw-debuginfo-0.19.5-3.el8.i686.rpm
LibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm
LibRaw-debugsource-0.19.5-3.el8.i686.rpm
LibRaw-debugsource-0.19.5-3.el8.x86_64.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm
accountsservice-0.6.55-2.el8.x86_64.rpm
accountsservice-debuginfo-0.6.55-2.el8.i686.rpm
accountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm
accountsservice-debugsource-0.6.55-2.el8.i686.rpm
accountsservice-debugsource-0.6.55-2.el8.x86_64.rpm
accountsservice-libs-0.6.55-2.el8.i686.rpm
accountsservice-libs-0.6.55-2.el8.x86_64.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm
gdm-40.0-15.el8.i686.rpm
gdm-40.0-15.el8.x86_64.rpm
gdm-debuginfo-40.0-15.el8.i686.rpm
gdm-debuginfo-40.0-15.el8.x86_64.rpm
gdm-debugsource-40.0-15.el8.i686.rpm
gdm-debugsource-40.0-15.el8.x86_64.rpm
gnome-autoar-0.2.3-2.el8.i686.rpm
gnome-autoar-0.2.3-2.el8.x86_64.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.i686.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.x86_64.rpm
gnome-autoar-debugsource-0.2.3-2.el8.i686.rpm
gnome-autoar-debugsource-0.2.3-2.el8.x86_64.rpm
gnome-calculator-3.28.2-2.el8.x86_64.rpm
gnome-calculator-debuginfo-3.28.2-2.el8.x86_64.rpm
gnome-calculator-debugsource-3.28.2-2.el8.x86_64.rpm
gnome-control-center-3.28.2-28.el8.x86_64.rpm
gnome-control-center-debuginfo-3.28.2-28.el8.x86_64.rpm
gnome-control-center-debugsource-3.28.2-28.el8.x86_64.rpm
gnome-online-accounts-3.28.2-3.el8.i686.rpm
gnome-online-accounts-3.28.2-3.el8.x86_64.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.i686.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.x86_64.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.i686.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.x86_64.rpm
gnome-online-accounts-devel-3.28.2-3.el8.i686.rpm
gnome-online-accounts-devel-3.28.2-3.el8.x86_64.rpm
gnome-session-3.28.1-13.el8.x86_64.rpm
gnome-session-debuginfo-3.28.1-13.el8.x86_64.rpm
gnome-session-debugsource-3.28.1-13.el8.x86_64.rpm
gnome-session-kiosk-session-3.28.1-13.el8.x86_64.rpm
gnome-session-wayland-session-3.28.1-13.el8.x86_64.rpm
gnome-session-xsession-3.28.1-13.el8.x86_64.rpm
gnome-settings-daemon-3.32.0-16.el8.x86_64.rpm
gnome-settings-daemon-debuginfo-3.32.0-16.el8.x86_64.rpm
gnome-settings-daemon-debugsource-3.32.0-16.el8.x86_64.rpm
gnome-shell-3.32.2-40.el8.x86_64.rpm
gnome-shell-debuginfo-3.32.2-40.el8.x86_64.rpm
gnome-shell-debugsource-3.32.2-40.el8.x86_64.rpm
gnome-software-3.36.1-10.el8.x86_64.rpm
gnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm
gnome-software-debugsource-3.36.1-10.el8.x86_64.rpm
gsettings-desktop-schemas-3.32.0-6.el8.i686.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.i686.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.x86_64.rpm
gtk-update-icon-cache-3.22.30-8.el8.x86_64.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.i686.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-3.22.30-8.el8.i686.rpm
gtk3-3.22.30-8.el8.x86_64.rpm
gtk3-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-debugsource-3.22.30-8.el8.i686.rpm
gtk3-debugsource-3.22.30-8.el8.x86_64.rpm
gtk3-devel-3.22.30-8.el8.i686.rpm
gtk3-devel-3.22.30-8.el8.x86_64.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-immodule-xim-3.22.30-8.el8.x86_64.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.x86_64.rpm
mutter-3.32.2-60.el8.i686.rpm
mutter-3.32.2-60.el8.x86_64.rpm
mutter-debuginfo-3.32.2-60.el8.i686.rpm
mutter-debuginfo-3.32.2-60.el8.x86_64.rpm
mutter-debugsource-3.32.2-60.el8.i686.rpm
mutter-debugsource-3.32.2-60.el8.x86_64.rpm
mutter-tests-debuginfo-3.32.2-60.el8.i686.rpm
mutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm
vino-3.22.0-11.el8.x86_64.rpm
vino-debuginfo-3.22.0-11.el8.x86_64.rpm
vino-debugsource-3.22.0-11.el8.x86_64.rpm
webkit2gtk3-2.32.3-2.el8.i686.rpm
webkit2gtk3-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.i686.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.i686.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-devel-2.32.3-2.el8.i686.rpm
webkit2gtk3-devel-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.i686.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-jsc-2.32.3-2.el8.i686.rpm
webkit2gtk3-jsc-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.i686.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.i686.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.i686.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 8):
Source:
gsettings-desktop-schemas-3.32.0-6.el8.src.rpm
aarch64:
gsettings-desktop-schemas-3.32.0-6.el8.aarch64.rpm
ppc64le:
gsettings-desktop-schemas-3.32.0-6.el8.ppc64le.rpm
s390x:
gsettings-desktop-schemas-3.32.0-6.el8.s390x.rpm
x86_64:
gsettings-desktop-schemas-3.32.0-6.el8.x86_64.rpm
Red Hat Enterprise Linux CRB (v. 8):
aarch64:
accountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm
accountsservice-debugsource-0.6.55-2.el8.aarch64.rpm
accountsservice-devel-0.6.55-2.el8.aarch64.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm
gnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm
gnome-software-debugsource-3.36.1-10.el8.aarch64.rpm
gnome-software-devel-3.36.1-10.el8.aarch64.rpm
mutter-debuginfo-3.32.2-60.el8.aarch64.rpm
mutter-debugsource-3.32.2-60.el8.aarch64.rpm
mutter-devel-3.32.2-60.el8.aarch64.rpm
mutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm
ppc64le:
LibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm
LibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm
LibRaw-devel-0.19.5-3.el8.ppc64le.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm
accountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm
accountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm
accountsservice-devel-0.6.55-2.el8.ppc64le.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm
gnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm
gnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm
gnome-software-devel-3.36.1-10.el8.ppc64le.rpm
mutter-debuginfo-3.32.2-60.el8.ppc64le.rpm
mutter-debugsource-3.32.2-60.el8.ppc64le.rpm
mutter-devel-3.32.2-60.el8.ppc64le.rpm
mutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm
s390x:
accountsservice-debuginfo-0.6.55-2.el8.s390x.rpm
accountsservice-debugsource-0.6.55-2.el8.s390x.rpm
accountsservice-devel-0.6.55-2.el8.s390x.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm
gnome-software-debuginfo-3.36.1-10.el8.s390x.rpm
gnome-software-debugsource-3.36.1-10.el8.s390x.rpm
gnome-software-devel-3.36.1-10.el8.s390x.rpm
mutter-debuginfo-3.32.2-60.el8.s390x.rpm
mutter-debugsource-3.32.2-60.el8.s390x.rpm
mutter-devel-3.32.2-60.el8.s390x.rpm
mutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm
x86_64:
LibRaw-debuginfo-0.19.5-3.el8.i686.rpm
LibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm
LibRaw-debugsource-0.19.5-3.el8.i686.rpm
LibRaw-debugsource-0.19.5-3.el8.x86_64.rpm
LibRaw-devel-0.19.5-3.el8.i686.rpm
LibRaw-devel-0.19.5-3.el8.x86_64.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm
accountsservice-debuginfo-0.6.55-2.el8.i686.rpm
accountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm
accountsservice-debugsource-0.6.55-2.el8.i686.rpm
accountsservice-debugsource-0.6.55-2.el8.x86_64.rpm
accountsservice-devel-0.6.55-2.el8.i686.rpm
accountsservice-devel-0.6.55-2.el8.x86_64.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm
gnome-software-3.36.1-10.el8.i686.rpm
gnome-software-debuginfo-3.36.1-10.el8.i686.rpm
gnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm
gnome-software-debugsource-3.36.1-10.el8.i686.rpm
gnome-software-debugsource-3.36.1-10.el8.x86_64.rpm
gnome-software-devel-3.36.1-10.el8.i686.rpm
gnome-software-devel-3.36.1-10.el8.x86_64.rpm
mutter-debuginfo-3.32.2-60.el8.i686.rpm
mutter-debuginfo-3.32.2-60.el8.x86_64.rpm
mutter-debugsource-3.32.2-60.el8.i686.rpm
mutter-debugsource-3.32.2-60.el8.x86_64.rpm
mutter-devel-3.32.2-60.el8.i686.rpm
mutter-devel-3.32.2-60.el8.x86_64.rpm
mutter-tests-debuginfo-3.32.2-60.el8.i686.rpm
mutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-13558
https://access.redhat.com/security/cve/CVE-2020-24870
https://access.redhat.com/security/cve/CVE-2020-27918
https://access.redhat.com/security/cve/CVE-2020-29623
https://access.redhat.com/security/cve/CVE-2020-36241
https://access.redhat.com/security/cve/CVE-2021-1765
https://access.redhat.com/security/cve/CVE-2021-1788
https://access.redhat.com/security/cve/CVE-2021-1789
https://access.redhat.com/security/cve/CVE-2021-1799
https://access.redhat.com/security/cve/CVE-2021-1801
https://access.redhat.com/security/cve/CVE-2021-1844
https://access.redhat.com/security/cve/CVE-2021-1870
https://access.redhat.com/security/cve/CVE-2021-1871
https://access.redhat.com/security/cve/CVE-2021-21775
https://access.redhat.com/security/cve/CVE-2021-21779
https://access.redhat.com/security/cve/CVE-2021-21806
https://access.redhat.com/security/cve/CVE-2021-28650
https://access.redhat.com/security/cve/CVE-2021-30663
https://access.redhat.com/security/cve/CVE-2021-30665
https://access.redhat.com/security/cve/CVE-2021-30682
https://access.redhat.com/security/cve/CVE-2021-30689
https://access.redhat.com/security/cve/CVE-2021-30720
https://access.redhat.com/security/cve/CVE-2021-30734
https://access.redhat.com/security/cve/CVE-2021-30744
https://access.redhat.com/security/cve/CVE-2021-30749
https://access.redhat.com/security/cve/CVE-2021-30758
https://access.redhat.com/security/cve/CVE-2021-30795
https://access.redhat.com/security/cve/CVE-2021-30797
https://access.redhat.com/security/cve/CVE-2021-30799
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. Summary:
The Migration Toolkit for Containers (MTC) 1.6.3 is now available. Description:
The Migration Toolkit for Containers (MTC) enables you to migrate
Kubernetes resources, persistent volume data, and internal container images
between OpenShift Container Platform clusters, using the MTC web console or
the Kubernetes API.
Security Fix(es):
* mig-controller: incorrect namespaces handling may lead to not authorized
usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
2019088 - "MigrationController" CR displays syntax error when unquiescing applications
2021666 - Route name longer than 63 characters causes direct volume migration to fail
2021668 - "MigrationController" CR ignores the "cluster_subdomain" value for direct volume migration routes
2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)
2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image
2027196 - "migration-controller" pod goes into "CrashLoopBackoff" state if an invalid registry route is entered on the "Clusters" page of the web console
2027382 - "Copy oc describe/oc logs" window does not close automatically after timeout
2028841 - "rsync-client" container fails during direct volume migration with "Address family not supported by protocol" error
2031793 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "includedResources" resource
2039852 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "destMigClusterRef" or "srcMigClusterRef"
5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202202-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: WebkitGTK+: Multiple vulnerabilities
Date: February 01, 2022
Bugs: #779175, #801400, #813489, #819522, #820434, #829723,
#831739
ID: 202202-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple vulnerabilities have been found in WebkitGTK+, the worst of
which could result in the arbitrary execution of code.
Background
=========
WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from hybrid
HTML/CSS applications to full-fledged web browsers.
Affected packages
================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.34.4 >= 2.34.4
Description
==========
Multiple vulnerabilities have been discovered in WebkitGTK+. Please
review the CVE identifiers referenced below for details.
Workaround
=========
There is no known workaround at this time.
Resolution
=========
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.34.4"
References
=========
[ 1 ] CVE-2021-30848
https://nvd.nist.gov/vuln/detail/CVE-2021-30848
[ 2 ] CVE-2021-30888
https://nvd.nist.gov/vuln/detail/CVE-2021-30888
[ 3 ] CVE-2021-30682
https://nvd.nist.gov/vuln/detail/CVE-2021-30682
[ 4 ] CVE-2021-30889
https://nvd.nist.gov/vuln/detail/CVE-2021-30889
[ 5 ] CVE-2021-30666
https://nvd.nist.gov/vuln/detail/CVE-2021-30666
[ 6 ] CVE-2021-30665
https://nvd.nist.gov/vuln/detail/CVE-2021-30665
[ 7 ] CVE-2021-30890
https://nvd.nist.gov/vuln/detail/CVE-2021-30890
[ 8 ] CVE-2021-30661
https://nvd.nist.gov/vuln/detail/CVE-2021-30661
[ 9 ] WSA-2021-0005
https://webkitgtk.org/security/WSA-2021-0005.html
[ 10 ] CVE-2021-30761
https://nvd.nist.gov/vuln/detail/CVE-2021-30761
[ 11 ] CVE-2021-30897
https://nvd.nist.gov/vuln/detail/CVE-2021-30897
[ 12 ] CVE-2021-30823
https://nvd.nist.gov/vuln/detail/CVE-2021-30823
[ 13 ] CVE-2021-30734
https://nvd.nist.gov/vuln/detail/CVE-2021-30734
[ 14 ] CVE-2021-30934
https://nvd.nist.gov/vuln/detail/CVE-2021-30934
[ 15 ] CVE-2021-1871
https://nvd.nist.gov/vuln/detail/CVE-2021-1871
[ 16 ] CVE-2021-30762
https://nvd.nist.gov/vuln/detail/CVE-2021-30762
[ 17 ] WSA-2021-0006
https://webkitgtk.org/security/WSA-2021-0006.html
[ 18 ] CVE-2021-30797
https://nvd.nist.gov/vuln/detail/CVE-2021-30797
[ 19 ] CVE-2021-30936
https://nvd.nist.gov/vuln/detail/CVE-2021-30936
[ 20 ] CVE-2021-30663
https://nvd.nist.gov/vuln/detail/CVE-2021-30663
[ 21 ] CVE-2021-1825
https://nvd.nist.gov/vuln/detail/CVE-2021-1825
[ 22 ] CVE-2021-30951
https://nvd.nist.gov/vuln/detail/CVE-2021-30951
[ 23 ] CVE-2021-30952
https://nvd.nist.gov/vuln/detail/CVE-2021-30952
[ 24 ] CVE-2021-1788
https://nvd.nist.gov/vuln/detail/CVE-2021-1788
[ 25 ] CVE-2021-1820
https://nvd.nist.gov/vuln/detail/CVE-2021-1820
[ 26 ] CVE-2021-30953
https://nvd.nist.gov/vuln/detail/CVE-2021-30953
[ 27 ] CVE-2021-30749
https://nvd.nist.gov/vuln/detail/CVE-2021-30749
[ 28 ] CVE-2021-30849
https://nvd.nist.gov/vuln/detail/CVE-2021-30849
[ 29 ] CVE-2021-1826
https://nvd.nist.gov/vuln/detail/CVE-2021-1826
[ 30 ] CVE-2021-30836
https://nvd.nist.gov/vuln/detail/CVE-2021-30836
[ 31 ] CVE-2021-30954
https://nvd.nist.gov/vuln/detail/CVE-2021-30954
[ 32 ] CVE-2021-30984
https://nvd.nist.gov/vuln/detail/CVE-2021-30984
[ 33 ] CVE-2021-30851
https://nvd.nist.gov/vuln/detail/CVE-2021-30851
[ 34 ] CVE-2021-30758
https://nvd.nist.gov/vuln/detail/CVE-2021-30758
[ 35 ] CVE-2021-42762
https://nvd.nist.gov/vuln/detail/CVE-2021-42762
[ 36 ] CVE-2021-1844
https://nvd.nist.gov/vuln/detail/CVE-2021-1844
[ 37 ] CVE-2021-30689
https://nvd.nist.gov/vuln/detail/CVE-2021-30689
[ 38 ] CVE-2021-45482
https://nvd.nist.gov/vuln/detail/CVE-2021-45482
[ 39 ] CVE-2021-30858
https://nvd.nist.gov/vuln/detail/CVE-2021-30858
[ 40 ] CVE-2021-21779
https://nvd.nist.gov/vuln/detail/CVE-2021-21779
[ 41 ] WSA-2021-0004
https://webkitgtk.org/security/WSA-2021-0004.html
[ 42 ] CVE-2021-30846
https://nvd.nist.gov/vuln/detail/CVE-2021-30846
[ 43 ] CVE-2021-30744
https://nvd.nist.gov/vuln/detail/CVE-2021-30744
[ 44 ] CVE-2021-30809
https://nvd.nist.gov/vuln/detail/CVE-2021-30809
[ 45 ] CVE-2021-30884
https://nvd.nist.gov/vuln/detail/CVE-2021-30884
[ 46 ] CVE-2021-30720
https://nvd.nist.gov/vuln/detail/CVE-2021-30720
[ 47 ] CVE-2021-30799
https://nvd.nist.gov/vuln/detail/CVE-2021-30799
[ 48 ] CVE-2021-30795
https://nvd.nist.gov/vuln/detail/CVE-2021-30795
[ 49 ] CVE-2021-1817
https://nvd.nist.gov/vuln/detail/CVE-2021-1817
[ 50 ] CVE-2021-21775
https://nvd.nist.gov/vuln/detail/CVE-2021-21775
[ 51 ] CVE-2021-30887
https://nvd.nist.gov/vuln/detail/CVE-2021-30887
[ 52 ] CVE-2021-21806
https://nvd.nist.gov/vuln/detail/CVE-2021-21806
[ 53 ] CVE-2021-30818
https://nvd.nist.gov/vuln/detail/CVE-2021-30818
Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202202-01
Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
======
Copyright 2022 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4945-1 security@debian.org
https://www.debian.org/security/ Alberto Garcia
July 28, 2021 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : webkit2gtk
CVE ID : CVE-2021-21775 CVE-2021-21779 CVE-2021-30663 CVE-2021-30665
CVE-2021-30689 CVE-2021-30720 CVE-2021-30734 CVE-2021-30744
CVE-2021-30749 CVE-2021-30758 CVE-2021-30795 CVE-2021-30797
CVE-2021-30799
The following vulnerabilities have been discovered in the webkit2gtk
web engine:
CVE-2021-21775
Marcin Towalski discovered that a specially crafted web page can
lead to a potential information leak and further memory
corruption. In order to trigger the vulnerability, a victim must
be tricked into visiting a malicious webpage.
CVE-2021-21779
Marcin Towalski discovered that a specially crafted web page can
lead to a potential information leak and further memory
corruption. In order to trigger the vulnerability, a victim must
be tricked into visiting a malicious webpage.
CVE-2021-30720
David Schutz discovered that a malicious website may be able to
access restricted ports on arbitrary servers.
For the stable distribution (buster), these problems have been fixed in
version 2.32.3-1~deb10u1.
We recommend that you upgrade your webkit2gtk packages
VAR-202109-1330 | CVE-2021-30682 | plural Apple Product vulnerabilities |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to leak sensitive user information. plural Apple There are unspecified vulnerabilities in the product.Information may be obtained. An information disclosure vulnerability exists in WebKitGTK+, which is caused by the application outputting too much data in webKit. The following products and versions are affected: WebKitGTK+: 2.30.0, 2.30.1, 2.30.2, 2.30.3, 2.30.4, 2.30.5, 2.30.6, 2.31.1, 2.31.90, 2.31.91, 2.32 .0, 2.32.1. A security issue has been found in WebKitGTK and WPE WebKit prior to 2.32.0. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: GNOME security, bug fix, and enhancement update
Advisory ID: RHSA-2021:4381-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:4381
Issue date: 2021-11-09
CVE Names: CVE-2020-13558 CVE-2020-24870 CVE-2020-27918
CVE-2020-29623 CVE-2020-36241 CVE-2021-1765
CVE-2021-1788 CVE-2021-1789 CVE-2021-1799
CVE-2021-1801 CVE-2021-1844 CVE-2021-1870
CVE-2021-1871 CVE-2021-21775 CVE-2021-21779
CVE-2021-21806 CVE-2021-28650 CVE-2021-30663
CVE-2021-30665 CVE-2021-30682 CVE-2021-30689
CVE-2021-30720 CVE-2021-30734 CVE-2021-30744
CVE-2021-30749 CVE-2021-30758 CVE-2021-30795
CVE-2021-30797 CVE-2021-30799
====================================================================
1. Summary:
An update for GNOME is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64
3. Description:
GNOME is the default desktop environment of Red Hat Enterprise Linux.
The following packages have been upgraded to a later upstream version: gdm
(40.0), webkit2gtk3 (2.32.3). (BZ#1909300)
Security Fix(es):
* webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to
arbitrary code execution (CVE-2020-13558)
* LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in
identify.cpp (CVE-2020-24870)
* webkitgtk: Use-after-free leading to arbitrary code execution
(CVE-2020-27918)
* webkitgtk: IFrame sandboxing policy violation (CVE-2021-1765)
* webkitgtk: Use-after-free leading to arbitrary code execution
(CVE-2021-1788)
* webkitgtk: Type confusion issue leading to arbitrary code execution
(CVE-2021-1789)
* webkitgtk: Access to restricted ports on arbitrary servers via port
redirection (CVE-2021-1799)
* webkitgtk: IFrame sandboxing policy violation (CVE-2021-1801)
* webkitgtk: Memory corruption issue leading to arbitrary code execution
(CVE-2021-1844)
* webkitgtk: Logic issue leading to arbitrary code execution
(CVE-2021-1870)
* webkitgtk: Logic issue leading to arbitrary code execution
(CVE-2021-1871)
* webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent
leading to information leak and possibly code execution (CVE-2021-21775)
* webkitgtk: Use-after-free in WebCore::GraphicsContext leading to
information leak and possibly code execution (CVE-2021-21779)
* webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code
execution (CVE-2021-21806)
* webkitgtk: Integer overflow leading to arbitrary code execution
(CVE-2021-30663)
* webkitgtk: Memory corruption leading to arbitrary code execution
(CVE-2021-30665)
* webkitgtk: Logic issue leading to leak of sensitive user information
(CVE-2021-30682)
* webkitgtk: Logic issue leading to universal cross site scripting attack
(CVE-2021-30689)
* webkitgtk: Logic issue allowing access to restricted ports on arbitrary
servers (CVE-2021-30720)
* webkitgtk: Memory corruptions leading to arbitrary code execution
(CVE-2021-30734)
* webkitgtk: Cross-origin issue with iframe elements leading to universal
cross site scripting attack (CVE-2021-30744)
* webkitgtk: Memory corruptions leading to arbitrary code execution
(CVE-2021-30749)
* webkitgtk: Type confusion leading to arbitrary code execution
(CVE-2021-30758)
* webkitgtk: Use-after-free leading to arbitrary code execution
(CVE-2021-30795)
* webkitgtk: Insufficient checks leading to arbitrary code execution
(CVE-2021-30797)
* webkitgtk: Memory corruptions leading to arbitrary code execution
(CVE-2021-30799)
* webkitgtk: User may be unable to fully delete browsing history
(CVE-2020-29623)
* gnome-autoar: Directory traversal via directory symbolic links pointing
outside of the destination directory (CVE-2020-36241)
* gnome-autoar: Directory traversal via directory symbolic links pointing
outside of the destination directory (incomplete CVE-2020-36241 fix)
(CVE-2021-28650)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.5 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
GDM must be restarted for this update to take effect. The GNOME session
must be restarted (log out, then log back in) for this update to take
effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1651378 - [RFE] Provide a mechanism for persistently showing the security level of a machine at login time
1770302 - disable show text in GDM login/lock screen (patched in RHEL 7.8)
1791478 - Cannot completely disable odrs (Gnome Ratings) from the Software application in Gnome Desktop
1813727 - Files copied from NFS4 to Desktop can't be opened
1854679 - [RFE] Disable left edge gesture
1873297 - Gnome-software coredumps when run as root in terminal
1873488 - GTK3 prints errors with overlay scrollbar disabled
1888404 - Updates page hides ongoing updates on refresh
1894613 - [RFE] Re-inclusion of workspace renaming in GNOME 3.
1897932 - JS ERROR: Error: Extension point conflict: there is already a status indicator for role ...
1904139 - Automatic Logout Feature not working
1905000 - Desktop refresh broken after unlock
1909300 - gdm isn't killing the login screen on login after all, should rebase to latest release
1914925 - RFE: add patch to set grub boot_success flag on shutdown/reboot
1924725 - [Wayland] Double-touch desktop icons fails sometimes
1925640 - CVE-2020-36241 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory
1928794 - CVE-2020-24870 LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp
1928886 - CVE-2020-13558 webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution
1935261 - [RFE] Enable connecting to WiFI and VPN connections at the GDM login
1937416 - Rebase WebKitGTK to 2.32
1937866 - Unable to disable onscreen keyboard in touch screen machine [rhel-8.5.0]
1938937 - Mutter: mouse click doesn't work when using 10-bit graphic monitor [rhel-8.5.0]
1940026 - CVE-2021-28650 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix)
1944323 - CVE-2020-27918 webkitgtk: Use-after-free leading to arbitrary code execution
1944329 - CVE-2020-29623 webkitgtk: User may be unable to fully delete browsing history
1944333 - CVE-2021-1765 webkitgtk: IFrame sandboxing policy violation
1944337 - CVE-2021-1789 webkitgtk: Type confusion issue leading to arbitrary code execution
1944340 - CVE-2021-1799 webkitgtk: Access to restricted ports on arbitrary servers via port redirection
1944343 - CVE-2021-1801 webkitgtk: IFrame sandboxing policy violation
1944350 - CVE-2021-1870 webkitgtk: Logic issue leading to arbitrary code execution
1944859 - CVE-2021-1788 webkitgtk: Use-after-free leading to arbitrary code execution
1944862 - CVE-2021-1844 webkitgtk: Memory corruption issue leading to arbitrary code execution
1944867 - CVE-2021-1871 webkitgtk: Logic issue leading to arbitrary code execution
1949176 - GNOME Shell on Wayland does not generate xauth data, needed for X forwarding over SSH
1951086 - Disable the Facebook provider
1952136 - Disable the Foursquare provider
1955754 - gnome-session kiosk-session support still isn't up to muster
1957705 - RFE: make gnome-calculator internet access attemps configurable system-wide
1960705 - Vino nonfunctional in FIPS mode
1962049 - [Hyper-V][RHEL8.5]gdm: Guest with 1 vcpu start GUI failed on Hyper-V
1971507 - gnome-shell JS ERROR Error calling onComplete: TypeError this._dialog.actor is undefined _hideLockScreenComplete updateTweens
1971534 - gnome-shell[2343]: gsignal.c:2642: instance '0x5583c61f9280' has no handler with id '23831'
1972545 - flatpak: Prefer runtime from the same origin as the application
1978287 - gnome-shell to include / Documented - PolicyKit-authentication-agent
1978505 - Gnome Software development package is missing important header files.
1978612 - pt_BR translations for "Register System" panel
1980441 - CVE-2021-21806 webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution
1980661 - "Screen Lock disabled" notification appears on first login after disabling gdm and notification pop-up.
1981420 - Improve style of overview close buttons
1986863 - CVE-2021-21775 webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution
1986866 - CVE-2021-21779 webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution
1986872 - CVE-2021-30663 webkitgtk: Integer overflow leading to arbitrary code execution
1986874 - CVE-2021-30665 webkitgtk: Memory corruption leading to arbitrary code execution
1986879 - CVE-2021-30682 webkitgtk: Logic issue leading to leak of sensitive user information
1986881 - CVE-2021-30689 webkitgtk: Logic issue leading to universal cross site scripting attack
1986883 - CVE-2021-30720 webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers
1986886 - CVE-2021-30734 webkitgtk: Memory corruptions leading to arbitrary code execution
1986888 - CVE-2021-30744 webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack
1986890 - CVE-2021-30749 webkitgtk: Memory corruptions leading to arbitrary code execution
1986892 - CVE-2021-30758 webkitgtk: Type confusion leading to arbitrary code execution
1986900 - CVE-2021-30795 webkitgtk: Use-after-free leading to arbitrary code execution
1986902 - CVE-2021-30797 webkitgtk: Insufficient checks leading to arbitrary code execution
1986906 - CVE-2021-30799 webkitgtk: Memory corruptions leading to arbitrary code execution
1987233 - [RHEL8.5]Login screen shows dots when entering username
1989035 - terminal don't redraw if partially off screen
1998989 - [RHEL8.5] [Hyper-V]Cannot display GUI after installed RHEL8.5 recent build
1999120 - Gnome file manager crashes Xwayland/Desktop on drag/drop of files
2004170 - Unable to login to session via xdmcp
6. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source:
LibRaw-0.19.5-3.el8.src.rpm
accountsservice-0.6.55-2.el8.src.rpm
gdm-40.0-15.el8.src.rpm
gnome-autoar-0.2.3-2.el8.src.rpm
gnome-calculator-3.28.2-2.el8.src.rpm
gnome-control-center-3.28.2-28.el8.src.rpm
gnome-online-accounts-3.28.2-3.el8.src.rpm
gnome-session-3.28.1-13.el8.src.rpm
gnome-settings-daemon-3.32.0-16.el8.src.rpm
gnome-shell-3.32.2-40.el8.src.rpm
gnome-shell-extensions-3.32.1-20.el8.src.rpm
gnome-software-3.36.1-10.el8.src.rpm
gtk3-3.22.30-8.el8.src.rpm
mutter-3.32.2-60.el8.src.rpm
vino-3.22.0-11.el8.src.rpm
webkit2gtk3-2.32.3-2.el8.src.rpm
aarch64:
accountsservice-0.6.55-2.el8.aarch64.rpm
accountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm
accountsservice-debugsource-0.6.55-2.el8.aarch64.rpm
accountsservice-libs-0.6.55-2.el8.aarch64.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm
gdm-40.0-15.el8.aarch64.rpm
gdm-debuginfo-40.0-15.el8.aarch64.rpm
gdm-debugsource-40.0-15.el8.aarch64.rpm
gnome-autoar-0.2.3-2.el8.aarch64.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.aarch64.rpm
gnome-autoar-debugsource-0.2.3-2.el8.aarch64.rpm
gnome-calculator-3.28.2-2.el8.aarch64.rpm
gnome-calculator-debuginfo-3.28.2-2.el8.aarch64.rpm
gnome-calculator-debugsource-3.28.2-2.el8.aarch64.rpm
gnome-control-center-3.28.2-28.el8.aarch64.rpm
gnome-control-center-debuginfo-3.28.2-28.el8.aarch64.rpm
gnome-control-center-debugsource-3.28.2-28.el8.aarch64.rpm
gnome-online-accounts-3.28.2-3.el8.aarch64.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.aarch64.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.aarch64.rpm
gnome-online-accounts-devel-3.28.2-3.el8.aarch64.rpm
gnome-session-3.28.1-13.el8.aarch64.rpm
gnome-session-debuginfo-3.28.1-13.el8.aarch64.rpm
gnome-session-debugsource-3.28.1-13.el8.aarch64.rpm
gnome-session-kiosk-session-3.28.1-13.el8.aarch64.rpm
gnome-session-wayland-session-3.28.1-13.el8.aarch64.rpm
gnome-session-xsession-3.28.1-13.el8.aarch64.rpm
gnome-settings-daemon-3.32.0-16.el8.aarch64.rpm
gnome-settings-daemon-debuginfo-3.32.0-16.el8.aarch64.rpm
gnome-settings-daemon-debugsource-3.32.0-16.el8.aarch64.rpm
gnome-shell-3.32.2-40.el8.aarch64.rpm
gnome-shell-debuginfo-3.32.2-40.el8.aarch64.rpm
gnome-shell-debugsource-3.32.2-40.el8.aarch64.rpm
gnome-software-3.36.1-10.el8.aarch64.rpm
gnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm
gnome-software-debugsource-3.36.1-10.el8.aarch64.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.aarch64.rpm
gtk-update-icon-cache-3.22.30-8.el8.aarch64.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-3.22.30-8.el8.aarch64.rpm
gtk3-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-debugsource-3.22.30-8.el8.aarch64.rpm
gtk3-devel-3.22.30-8.el8.aarch64.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-immodule-xim-3.22.30-8.el8.aarch64.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.aarch64.rpm
mutter-3.32.2-60.el8.aarch64.rpm
mutter-debuginfo-3.32.2-60.el8.aarch64.rpm
mutter-debugsource-3.32.2-60.el8.aarch64.rpm
mutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm
vino-3.22.0-11.el8.aarch64.rpm
vino-debuginfo-3.22.0-11.el8.aarch64.rpm
vino-debugsource-3.22.0-11.el8.aarch64.rpm
webkit2gtk3-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-devel-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-jsc-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.aarch64.rpm
noarch:
gnome-classic-session-3.32.1-20.el8.noarch.rpm
gnome-control-center-filesystem-3.28.2-28.el8.noarch.rpm
gnome-shell-extension-apps-menu-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-auto-move-windows-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-common-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-dash-to-dock-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-desktop-icons-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-disable-screenshield-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-drive-menu-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-gesture-inhibitor-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-horizontal-workspaces-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-launch-new-instance-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-native-window-placement-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-no-hot-corner-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-panel-favorites-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-places-menu-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-screenshot-window-sizer-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-systemMonitor-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-top-icons-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-updates-dialog-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-user-theme-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-window-grouper-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-window-list-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-windowsNavigator-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-workspace-indicator-3.32.1-20.el8.noarch.rpm
ppc64le:
LibRaw-0.19.5-3.el8.ppc64le.rpm
LibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm
LibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm
accountsservice-0.6.55-2.el8.ppc64le.rpm
accountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm
accountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm
accountsservice-libs-0.6.55-2.el8.ppc64le.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm
gdm-40.0-15.el8.ppc64le.rpm
gdm-debuginfo-40.0-15.el8.ppc64le.rpm
gdm-debugsource-40.0-15.el8.ppc64le.rpm
gnome-autoar-0.2.3-2.el8.ppc64le.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.ppc64le.rpm
gnome-autoar-debugsource-0.2.3-2.el8.ppc64le.rpm
gnome-calculator-3.28.2-2.el8.ppc64le.rpm
gnome-calculator-debuginfo-3.28.2-2.el8.ppc64le.rpm
gnome-calculator-debugsource-3.28.2-2.el8.ppc64le.rpm
gnome-control-center-3.28.2-28.el8.ppc64le.rpm
gnome-control-center-debuginfo-3.28.2-28.el8.ppc64le.rpm
gnome-control-center-debugsource-3.28.2-28.el8.ppc64le.rpm
gnome-online-accounts-3.28.2-3.el8.ppc64le.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.ppc64le.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.ppc64le.rpm
gnome-online-accounts-devel-3.28.2-3.el8.ppc64le.rpm
gnome-session-3.28.1-13.el8.ppc64le.rpm
gnome-session-debuginfo-3.28.1-13.el8.ppc64le.rpm
gnome-session-debugsource-3.28.1-13.el8.ppc64le.rpm
gnome-session-kiosk-session-3.28.1-13.el8.ppc64le.rpm
gnome-session-wayland-session-3.28.1-13.el8.ppc64le.rpm
gnome-session-xsession-3.28.1-13.el8.ppc64le.rpm
gnome-settings-daemon-3.32.0-16.el8.ppc64le.rpm
gnome-settings-daemon-debuginfo-3.32.0-16.el8.ppc64le.rpm
gnome-settings-daemon-debugsource-3.32.0-16.el8.ppc64le.rpm
gnome-shell-3.32.2-40.el8.ppc64le.rpm
gnome-shell-debuginfo-3.32.2-40.el8.ppc64le.rpm
gnome-shell-debugsource-3.32.2-40.el8.ppc64le.rpm
gnome-software-3.36.1-10.el8.ppc64le.rpm
gnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm
gnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.ppc64le.rpm
gtk-update-icon-cache-3.22.30-8.el8.ppc64le.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-3.22.30-8.el8.ppc64le.rpm
gtk3-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-debugsource-3.22.30-8.el8.ppc64le.rpm
gtk3-devel-3.22.30-8.el8.ppc64le.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-immodule-xim-3.22.30-8.el8.ppc64le.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.ppc64le.rpm
mutter-3.32.2-60.el8.ppc64le.rpm
mutter-debuginfo-3.32.2-60.el8.ppc64le.rpm
mutter-debugsource-3.32.2-60.el8.ppc64le.rpm
mutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm
vino-3.22.0-11.el8.ppc64le.rpm
vino-debuginfo-3.22.0-11.el8.ppc64le.rpm
vino-debugsource-3.22.0-11.el8.ppc64le.rpm
webkit2gtk3-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-devel-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-jsc-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm
s390x:
accountsservice-0.6.55-2.el8.s390x.rpm
accountsservice-debuginfo-0.6.55-2.el8.s390x.rpm
accountsservice-debugsource-0.6.55-2.el8.s390x.rpm
accountsservice-libs-0.6.55-2.el8.s390x.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm
gdm-40.0-15.el8.s390x.rpm
gdm-debuginfo-40.0-15.el8.s390x.rpm
gdm-debugsource-40.0-15.el8.s390x.rpm
gnome-autoar-0.2.3-2.el8.s390x.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.s390x.rpm
gnome-autoar-debugsource-0.2.3-2.el8.s390x.rpm
gnome-calculator-3.28.2-2.el8.s390x.rpm
gnome-calculator-debuginfo-3.28.2-2.el8.s390x.rpm
gnome-calculator-debugsource-3.28.2-2.el8.s390x.rpm
gnome-control-center-3.28.2-28.el8.s390x.rpm
gnome-control-center-debuginfo-3.28.2-28.el8.s390x.rpm
gnome-control-center-debugsource-3.28.2-28.el8.s390x.rpm
gnome-online-accounts-3.28.2-3.el8.s390x.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.s390x.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.s390x.rpm
gnome-online-accounts-devel-3.28.2-3.el8.s390x.rpm
gnome-session-3.28.1-13.el8.s390x.rpm
gnome-session-debuginfo-3.28.1-13.el8.s390x.rpm
gnome-session-debugsource-3.28.1-13.el8.s390x.rpm
gnome-session-kiosk-session-3.28.1-13.el8.s390x.rpm
gnome-session-wayland-session-3.28.1-13.el8.s390x.rpm
gnome-session-xsession-3.28.1-13.el8.s390x.rpm
gnome-settings-daemon-3.32.0-16.el8.s390x.rpm
gnome-settings-daemon-debuginfo-3.32.0-16.el8.s390x.rpm
gnome-settings-daemon-debugsource-3.32.0-16.el8.s390x.rpm
gnome-shell-3.32.2-40.el8.s390x.rpm
gnome-shell-debuginfo-3.32.2-40.el8.s390x.rpm
gnome-shell-debugsource-3.32.2-40.el8.s390x.rpm
gnome-software-3.36.1-10.el8.s390x.rpm
gnome-software-debuginfo-3.36.1-10.el8.s390x.rpm
gnome-software-debugsource-3.36.1-10.el8.s390x.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.s390x.rpm
gtk-update-icon-cache-3.22.30-8.el8.s390x.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-3.22.30-8.el8.s390x.rpm
gtk3-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-debugsource-3.22.30-8.el8.s390x.rpm
gtk3-devel-3.22.30-8.el8.s390x.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-immodule-xim-3.22.30-8.el8.s390x.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.s390x.rpm
mutter-3.32.2-60.el8.s390x.rpm
mutter-debuginfo-3.32.2-60.el8.s390x.rpm
mutter-debugsource-3.32.2-60.el8.s390x.rpm
mutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm
vino-3.22.0-11.el8.s390x.rpm
vino-debuginfo-3.22.0-11.el8.s390x.rpm
vino-debugsource-3.22.0-11.el8.s390x.rpm
webkit2gtk3-2.32.3-2.el8.s390x.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.s390x.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.s390x.rpm
webkit2gtk3-devel-2.32.3-2.el8.s390x.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.s390x.rpm
webkit2gtk3-jsc-2.32.3-2.el8.s390x.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.s390x.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.s390x.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.s390x.rpm
x86_64:
LibRaw-0.19.5-3.el8.i686.rpm
LibRaw-0.19.5-3.el8.x86_64.rpm
LibRaw-debuginfo-0.19.5-3.el8.i686.rpm
LibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm
LibRaw-debugsource-0.19.5-3.el8.i686.rpm
LibRaw-debugsource-0.19.5-3.el8.x86_64.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm
accountsservice-0.6.55-2.el8.x86_64.rpm
accountsservice-debuginfo-0.6.55-2.el8.i686.rpm
accountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm
accountsservice-debugsource-0.6.55-2.el8.i686.rpm
accountsservice-debugsource-0.6.55-2.el8.x86_64.rpm
accountsservice-libs-0.6.55-2.el8.i686.rpm
accountsservice-libs-0.6.55-2.el8.x86_64.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm
gdm-40.0-15.el8.i686.rpm
gdm-40.0-15.el8.x86_64.rpm
gdm-debuginfo-40.0-15.el8.i686.rpm
gdm-debuginfo-40.0-15.el8.x86_64.rpm
gdm-debugsource-40.0-15.el8.i686.rpm
gdm-debugsource-40.0-15.el8.x86_64.rpm
gnome-autoar-0.2.3-2.el8.i686.rpm
gnome-autoar-0.2.3-2.el8.x86_64.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.i686.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.x86_64.rpm
gnome-autoar-debugsource-0.2.3-2.el8.i686.rpm
gnome-autoar-debugsource-0.2.3-2.el8.x86_64.rpm
gnome-calculator-3.28.2-2.el8.x86_64.rpm
gnome-calculator-debuginfo-3.28.2-2.el8.x86_64.rpm
gnome-calculator-debugsource-3.28.2-2.el8.x86_64.rpm
gnome-control-center-3.28.2-28.el8.x86_64.rpm
gnome-control-center-debuginfo-3.28.2-28.el8.x86_64.rpm
gnome-control-center-debugsource-3.28.2-28.el8.x86_64.rpm
gnome-online-accounts-3.28.2-3.el8.i686.rpm
gnome-online-accounts-3.28.2-3.el8.x86_64.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.i686.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.x86_64.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.i686.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.x86_64.rpm
gnome-online-accounts-devel-3.28.2-3.el8.i686.rpm
gnome-online-accounts-devel-3.28.2-3.el8.x86_64.rpm
gnome-session-3.28.1-13.el8.x86_64.rpm
gnome-session-debuginfo-3.28.1-13.el8.x86_64.rpm
gnome-session-debugsource-3.28.1-13.el8.x86_64.rpm
gnome-session-kiosk-session-3.28.1-13.el8.x86_64.rpm
gnome-session-wayland-session-3.28.1-13.el8.x86_64.rpm
gnome-session-xsession-3.28.1-13.el8.x86_64.rpm
gnome-settings-daemon-3.32.0-16.el8.x86_64.rpm
gnome-settings-daemon-debuginfo-3.32.0-16.el8.x86_64.rpm
gnome-settings-daemon-debugsource-3.32.0-16.el8.x86_64.rpm
gnome-shell-3.32.2-40.el8.x86_64.rpm
gnome-shell-debuginfo-3.32.2-40.el8.x86_64.rpm
gnome-shell-debugsource-3.32.2-40.el8.x86_64.rpm
gnome-software-3.36.1-10.el8.x86_64.rpm
gnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm
gnome-software-debugsource-3.36.1-10.el8.x86_64.rpm
gsettings-desktop-schemas-3.32.0-6.el8.i686.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.i686.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.x86_64.rpm
gtk-update-icon-cache-3.22.30-8.el8.x86_64.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.i686.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-3.22.30-8.el8.i686.rpm
gtk3-3.22.30-8.el8.x86_64.rpm
gtk3-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-debugsource-3.22.30-8.el8.i686.rpm
gtk3-debugsource-3.22.30-8.el8.x86_64.rpm
gtk3-devel-3.22.30-8.el8.i686.rpm
gtk3-devel-3.22.30-8.el8.x86_64.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-immodule-xim-3.22.30-8.el8.x86_64.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.x86_64.rpm
mutter-3.32.2-60.el8.i686.rpm
mutter-3.32.2-60.el8.x86_64.rpm
mutter-debuginfo-3.32.2-60.el8.i686.rpm
mutter-debuginfo-3.32.2-60.el8.x86_64.rpm
mutter-debugsource-3.32.2-60.el8.i686.rpm
mutter-debugsource-3.32.2-60.el8.x86_64.rpm
mutter-tests-debuginfo-3.32.2-60.el8.i686.rpm
mutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm
vino-3.22.0-11.el8.x86_64.rpm
vino-debuginfo-3.22.0-11.el8.x86_64.rpm
vino-debugsource-3.22.0-11.el8.x86_64.rpm
webkit2gtk3-2.32.3-2.el8.i686.rpm
webkit2gtk3-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.i686.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.i686.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-devel-2.32.3-2.el8.i686.rpm
webkit2gtk3-devel-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.i686.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-jsc-2.32.3-2.el8.i686.rpm
webkit2gtk3-jsc-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.i686.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.i686.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.i686.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 8):
Source:
gsettings-desktop-schemas-3.32.0-6.el8.src.rpm
aarch64:
gsettings-desktop-schemas-3.32.0-6.el8.aarch64.rpm
ppc64le:
gsettings-desktop-schemas-3.32.0-6.el8.ppc64le.rpm
s390x:
gsettings-desktop-schemas-3.32.0-6.el8.s390x.rpm
x86_64:
gsettings-desktop-schemas-3.32.0-6.el8.x86_64.rpm
Red Hat Enterprise Linux CRB (v. 8):
aarch64:
accountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm
accountsservice-debugsource-0.6.55-2.el8.aarch64.rpm
accountsservice-devel-0.6.55-2.el8.aarch64.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm
gnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm
gnome-software-debugsource-3.36.1-10.el8.aarch64.rpm
gnome-software-devel-3.36.1-10.el8.aarch64.rpm
mutter-debuginfo-3.32.2-60.el8.aarch64.rpm
mutter-debugsource-3.32.2-60.el8.aarch64.rpm
mutter-devel-3.32.2-60.el8.aarch64.rpm
mutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm
ppc64le:
LibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm
LibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm
LibRaw-devel-0.19.5-3.el8.ppc64le.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm
accountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm
accountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm
accountsservice-devel-0.6.55-2.el8.ppc64le.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm
gnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm
gnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm
gnome-software-devel-3.36.1-10.el8.ppc64le.rpm
mutter-debuginfo-3.32.2-60.el8.ppc64le.rpm
mutter-debugsource-3.32.2-60.el8.ppc64le.rpm
mutter-devel-3.32.2-60.el8.ppc64le.rpm
mutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm
s390x:
accountsservice-debuginfo-0.6.55-2.el8.s390x.rpm
accountsservice-debugsource-0.6.55-2.el8.s390x.rpm
accountsservice-devel-0.6.55-2.el8.s390x.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm
gnome-software-debuginfo-3.36.1-10.el8.s390x.rpm
gnome-software-debugsource-3.36.1-10.el8.s390x.rpm
gnome-software-devel-3.36.1-10.el8.s390x.rpm
mutter-debuginfo-3.32.2-60.el8.s390x.rpm
mutter-debugsource-3.32.2-60.el8.s390x.rpm
mutter-devel-3.32.2-60.el8.s390x.rpm
mutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm
x86_64:
LibRaw-debuginfo-0.19.5-3.el8.i686.rpm
LibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm
LibRaw-debugsource-0.19.5-3.el8.i686.rpm
LibRaw-debugsource-0.19.5-3.el8.x86_64.rpm
LibRaw-devel-0.19.5-3.el8.i686.rpm
LibRaw-devel-0.19.5-3.el8.x86_64.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm
accountsservice-debuginfo-0.6.55-2.el8.i686.rpm
accountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm
accountsservice-debugsource-0.6.55-2.el8.i686.rpm
accountsservice-debugsource-0.6.55-2.el8.x86_64.rpm
accountsservice-devel-0.6.55-2.el8.i686.rpm
accountsservice-devel-0.6.55-2.el8.x86_64.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm
gnome-software-3.36.1-10.el8.i686.rpm
gnome-software-debuginfo-3.36.1-10.el8.i686.rpm
gnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm
gnome-software-debugsource-3.36.1-10.el8.i686.rpm
gnome-software-debugsource-3.36.1-10.el8.x86_64.rpm
gnome-software-devel-3.36.1-10.el8.i686.rpm
gnome-software-devel-3.36.1-10.el8.x86_64.rpm
mutter-debuginfo-3.32.2-60.el8.i686.rpm
mutter-debuginfo-3.32.2-60.el8.x86_64.rpm
mutter-debugsource-3.32.2-60.el8.i686.rpm
mutter-debugsource-3.32.2-60.el8.x86_64.rpm
mutter-devel-3.32.2-60.el8.i686.rpm
mutter-devel-3.32.2-60.el8.x86_64.rpm
mutter-tests-debuginfo-3.32.2-60.el8.i686.rpm
mutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-13558
https://access.redhat.com/security/cve/CVE-2020-24870
https://access.redhat.com/security/cve/CVE-2020-27918
https://access.redhat.com/security/cve/CVE-2020-29623
https://access.redhat.com/security/cve/CVE-2020-36241
https://access.redhat.com/security/cve/CVE-2021-1765
https://access.redhat.com/security/cve/CVE-2021-1788
https://access.redhat.com/security/cve/CVE-2021-1789
https://access.redhat.com/security/cve/CVE-2021-1799
https://access.redhat.com/security/cve/CVE-2021-1801
https://access.redhat.com/security/cve/CVE-2021-1844
https://access.redhat.com/security/cve/CVE-2021-1870
https://access.redhat.com/security/cve/CVE-2021-1871
https://access.redhat.com/security/cve/CVE-2021-21775
https://access.redhat.com/security/cve/CVE-2021-21779
https://access.redhat.com/security/cve/CVE-2021-21806
https://access.redhat.com/security/cve/CVE-2021-28650
https://access.redhat.com/security/cve/CVE-2021-30663
https://access.redhat.com/security/cve/CVE-2021-30665
https://access.redhat.com/security/cve/CVE-2021-30682
https://access.redhat.com/security/cve/CVE-2021-30689
https://access.redhat.com/security/cve/CVE-2021-30720
https://access.redhat.com/security/cve/CVE-2021-30734
https://access.redhat.com/security/cve/CVE-2021-30744
https://access.redhat.com/security/cve/CVE-2021-30749
https://access.redhat.com/security/cve/CVE-2021-30758
https://access.redhat.com/security/cve/CVE-2021-30795
https://access.redhat.com/security/cve/CVE-2021-30797
https://access.redhat.com/security/cve/CVE-2021-30799
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. Summary:
The Migration Toolkit for Containers (MTC) 1.6.3 is now available. Description:
The Migration Toolkit for Containers (MTC) enables you to migrate
Kubernetes resources, persistent volume data, and internal container images
between OpenShift Container Platform clusters, using the MTC web console or
the Kubernetes API.
Security Fix(es):
* mig-controller: incorrect namespaces handling may lead to not authorized
usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
2019088 - "MigrationController" CR displays syntax error when unquiescing applications
2021666 - Route name longer than 63 characters causes direct volume migration to fail
2021668 - "MigrationController" CR ignores the "cluster_subdomain" value for direct volume migration routes
2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)
2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image
2027196 - "migration-controller" pod goes into "CrashLoopBackoff" state if an invalid registry route is entered on the "Clusters" page of the web console
2027382 - "Copy oc describe/oc logs" window does not close automatically after timeout
2028841 - "rsync-client" container fails during direct volume migration with "Address family not supported by protocol" error
2031793 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "includedResources" resource
2039852 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "destMigClusterRef" or "srcMigClusterRef"
5.
CVE-2021-30714: @08Tc3wBB of ZecOps, and George Nosenko
CommCenter
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A device may accept invalid activation results
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30740: Linus Henze (pinauten.de)
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may disclose restricted memory
Description: This issue was addressed with improved checks.
CVE-2021-23841: Tavis Ormandy of Google
CVE-2021-30698: Tavis Ormandy of Google
Wi-Fi
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An attacker in WiFi range may be able to force a client to
use a less secure authentication mechanism
Description: A logic issue was addressed with improved validation.
CommCenter
We would like to acknowledge CHRISTIAN MINA and Stefan Sterz
(@0x7374) of Secure Mobile Networking Lab at TU Darmstadt and
Industrial Software at TU Wien for their assistance. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
Information about the security content is also available at
https://support.apple.com/HT212529.
AMD
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30678: Yu Wang of Didi Research America
AMD
Available for: macOS Big Sur
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: A logic issue was addressed with improved state
management.
CVE-2021-30676: shrek_wzw
App Store
Available for: macOS Big Sur
Impact: A malicious application may be able to break out of its
sandbox
Description: A path handling issue was addressed with improved
validation.
CVE-2021-30688: Thijs Alkemade of Computest Research Division
AppleScript
Available for: macOS Big Sur
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved state
management.
CVE-2021-30669: Yair Hoffmann
Audio
Available for: macOS Big Sur
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30707: hjy79425575 working with Trend Micro Zero Day
Initiative
Audio
Available for: macOS Big Sur
Impact: Parsing a maliciously crafted audio file may lead to
disclosure of user information
Description: This issue was addressed with improved checks.
CVE-2021-30685: Mickey Jin (@patch1t) of Trend Micro
Core Services
Available for: macOS Big Sur
Impact: A malicious application may be able to gain root privileges
Description: A validation issue existed in the handling of symlinks.
CVE-2021-30681: Zhongcheng Li (CK01)
CoreAudio
Available for: macOS Big Sur
Impact: Processing a maliciously crafted audio file may disclose
restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30686: Mickey Jin of Trend Micro
Crash Reporter
Available for: macOS Big Sur
Impact: A malicious application may be able to modify protected parts
of the file system
Description: A logic issue was addressed with improved state
management.
CVE-2021-30727: Cees Elzinga
CVMS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: This issue was addressed with improved checks.
CVE-2021-30724: Mickey Jin (@patch1t) of Trend Micro
Dock
Available for: macOS Big Sur
Impact: A malicious application may be able to access a user's call
history
Description: An access issue was addressed with improved access
restrictions.
CVE-2021-30673: Josh Parnham (@joshparnham)
Graphics Drivers
Available for: macOS Big Sur
Impact: A remote attacker may cause an unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30684: Liu Long of Ant Security Light-Year Lab
Graphics Drivers
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-30735: Jack Dates of RET2 Systems, Inc. (@ret2systems)
working with Trend Micro Zero Day Initiative
Heimdal
Available for: macOS Big Sur
Impact: A local user may be able to leak sensitive user information
Description: A logic issue was addressed with improved state
management.
CVE-2021-30697: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Big Sur
Impact: A malicious application may cause a denial of service or
potentially disclose memory contents
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30710: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Big Sur
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30683: Gabe Kirkpatrick (@gabe_k)
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to disclosure
of user information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30687: Hou JingYi (@hjy79425575) of Qihoo 360
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to disclosure
of user information
Description: This issue was addressed with improved checks.
CVE-2021-30700: Ye Zhang(@co0py_Cat) of Baidu Security
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-30701: Mickey Jin (@patch1t) of Trend Micro and Ye Zhang of
Baidu Security
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted ASTC file may disclose
memory contents
Description: This issue was addressed with improved checks.
CVE-2021-30705: Ye Zhang of Baidu Security
Intel Graphics Driver
Available for: macOS Big Sur
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: An out-of-bounds read issue was addressed by removing
the vulnerable code.
CVE-2021-30719: an anonymous researcher working with Trend Micro Zero
Day Initiative
Intel Graphics Driver
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-30728: Liu Long of Ant Security Light-Year Lab
CVE-2021-30726: Yinyi Wu(@3ndy1) of Qihoo 360 Vulcan Team
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A logic issue was addressed with improved validation.
CVE-2021-30740: Linus Henze (pinauten.de)
Kernel
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-30704: an anonymous researcher
Kernel
Available for: macOS Big Sur
Impact: Processing a maliciously crafted message may lead to a denial
of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-30715: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2021-30736: Ian Beer of Google Project Zero
Kernel
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-30739: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab
Kext Management
Available for: macOS Big Sur
Impact: A local user may be able to load unsigned kernel extensions
Description: A logic issue was addressed with improved state
management.
CVE-2021-30680: Csaba Fitzl (@theevilbit) of Offensive Security
LaunchServices
Available for: macOS Big Sur
Impact: A malicious application may be able to break out of its
sandbox
Description: This issue was addressed with improved environment
sanitization.
CVE-2021-30677: Ron Waisberg (@epsilan)
Login Window
Available for: macOS Big Sur
Impact: A person with physical access to a Mac may be able to bypass
Login Window
Description: A logic issue was addressed with improved state
management.
CVE-2021-30702: Jewel Lambert of Original Spin, LLC.
Mail
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
misrepresent application state
Description: A logic issue was addressed with improved state
management.
CVE-2021-30696: Fabian Ising and Damian Poddebniak of Münster
University of Applied Sciences
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An information disclosure issue was addressed with
improved state management.
CVE-2021-30723: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30691: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30692: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30694: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30725: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30746: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A validation issue was addressed with improved logic.
CVE-2021-30693: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30695: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30708: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: This issue was addressed with improved checks.
CVE-2021-30709: Mickey Jin (@patch1t) of Trend Micro
NSOpenPanel
Available for: macOS Big Sur
Impact: An application may be able to gain elevated privileges
Description: This issue was addressed by removing the vulnerable
code.
CVE-2021-30679: Gabe Kirkpatrick (@gabe_k)
OpenLDAP
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-36226
CVE-2020-36227
CVE-2020-36223
CVE-2020-36224
CVE-2020-36225
CVE-2020-36221
CVE-2020-36228
CVE-2020-36222
CVE-2020-36230
CVE-2020-36229
PackageKit
Available for: macOS Big Sur
Impact: A malicious application may be able to overwrite arbitrary
files
Description: An issue with path validation logic for hardlinks was
addressed with improved path sanitization.
CVE-2021-30738: Qingyang Chen of Topsec Alpha Team and Csaba Fitzl
(@theevilbit) of Offensive Security
Security
Available for: macOS Big Sur
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue in the ASN.1 decoder was
addressed by removing the vulnerable code.
CVE-2021-30737: xerub
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
perform denial of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-30716: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
execute arbitrary code
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30717: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: A path handling issue was addressed with improved
validation.
CVE-2021-30721: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: An information disclosure issue was addressed with
improved state management.
CVE-2021-30722: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30712: Aleksandar Nikolic of Cisco Talos
Software Update
Available for: macOS Big Sur
Impact: A person with physical access to a Mac may be able to bypass
Login Window during a software update
Description: This issue was addressed with improved checks.
CVE-2021-30668: Syrus Kimiagar and Danilo Paffi Monteiro
SoftwareUpdate
Available for: macOS Big Sur
Impact: A non-privileged user may be able to modify restricted
settings
Description: This issue was addressed with improved checks.
CVE-2021-30718: SiQian Wei of ByteDance Security
TCC
Available for: macOS Big Sur
Impact: A malicious application may be able to send unauthorized
Apple events to Finder
Description: A validation issue was addressed with improved logic.
CVE-2021-30671: Ryan Bell (@iRyanBell)
TCC
Available for: macOS Big Sur
Impact: A malicious application may be able to bypass Privacy
preferences. Apple is aware of a report that this issue may have been
actively exploited.
CVE-2021-30713: an anonymous researcher
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A cross-origin issue with iframe elements was addressed
with improved tracking of security origins.
CVE-2021-30744: Dan Hite of jsontop
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30682: an anonymous researcher and 1lastBr3ath
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved state
management.
CVE-2021-30689: an anonymous researcher
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2021-30749: an anonymous researcher and mipu94 of SEFCOM lab,
ASU. working with Trend Micro Zero Day Initiative
CVE-2021-30734: Jack Dates of RET2 Systems, Inc. (@ret2systems)
working with Trend Micro Zero Day Initiative
WebKit
Available for: macOS Big Sur
Impact: A malicious website may be able to access restricted ports on
arbitrary servers
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30720: David Schütz (@xdavidhu)
WebRTC
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: A null pointer dereference was addressed with improved
input validation.
CVE-2021-23841: Tavis Ormandy of Google
CVE-2021-30698: Tavis Ormandy of Google
Additional recognition
App Store
We would like to acknowledge Thijs Alkemade of Computest Research
Division for their assistance.
CoreCapture
We would like to acknowledge Zuozhi Fan (@pattern_F_) of Ant-
financial TianQiong Security Lab for their assistance.
ImageIO
We would like to acknowledge Jzhu working with Trend Micro Zero Day
Initiative and an anonymous researcher for their assistance.
Mail Drafts
We would like to acknowledge Lauritz Holtmann (@_lauritz_) for their
assistance.
WebKit
We would like to acknowledge Chris Salls (@salls) of Makai Security
for their assistance.
Installation note:
This update may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCtU9AACgkQZcsbuWJ6
jjDC5g/+P0Hya9smOX6XVhxtnwe+vh2d5zOrKLBymdkvDPGw1UQoGOq08+7eu02Q
vsManS/aP1UKNcMnbALHNFbFXv61ZjWi+71qgGGAQAe3EtYTJchBiIIyOBNIHoOJ
8X9sOeiyFzOOKw+GyVsBMNRL9Oh678USC4qgyyO5u2+Oexehu+6N9YNdAzwZgy6o
muP+NlZ08s80ahRfq/6q8uKj7+Is0k5OEdxpWTnJOoXUDzZPj4Vo7H0HL6zjuqg3
CurJQABF3kDBWgZCvroMU6/HpbilGPE+JUFV7HPfaMe6iE3FsfrOq101w+/ovuNM
hJ3yk/QENoh5BYdHKJo7zPVZBteGX20EVPdWfTsnz6a/hk568A+ICiupFIqwEuQv
esIBWzgab9YUb2fAaZ071Z+lSn0Rj7tm3V/rhdwq19tYD3Q7BqEJ+YxYCH2zvyIB
mP4/NoMpsDiTqFradR8Skac5uwINpZzAHjFyWLj0QVWVMxyQB8EGshR16YPkMryJ
rjGyNIqZPcZ/Z6KJqpvNJrfI+b0oeqFMBUwpwK/7aQFPP/MvsM+UVSySipRiqwoa
WAHMuY4SQwcseok7N6Rf+zAEYm9Nc+YglYpTW2taw6g0vWNIuCbyzPdC/Srrjw98
od2jLahPwyoBg6WBvXoZ6H4YOWFAywf225nYk3l5ATsG6rNbhYk=
=Avma
-----END PGP SIGNATURE-----
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202202-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: WebkitGTK+: Multiple vulnerabilities
Date: February 01, 2022
Bugs: #779175, #801400, #813489, #819522, #820434, #829723,
#831739
ID: 202202-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple vulnerabilities have been found in WebkitGTK+, the worst of
which could result in the arbitrary execution of code.
Background
=========
WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from hybrid
HTML/CSS applications to full-fledged web browsers.
Affected packages
================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.34.4 >= 2.34.4
Description
==========
Multiple vulnerabilities have been discovered in WebkitGTK+. Please
review the CVE identifiers referenced below for details.
Workaround
=========
There is no known workaround at this time.
Resolution
=========
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.34.4"
References
=========
[ 1 ] CVE-2021-30848
https://nvd.nist.gov/vuln/detail/CVE-2021-30848
[ 2 ] CVE-2021-30888
https://nvd.nist.gov/vuln/detail/CVE-2021-30888
[ 3 ] CVE-2021-30682
https://nvd.nist.gov/vuln/detail/CVE-2021-30682
[ 4 ] CVE-2021-30889
https://nvd.nist.gov/vuln/detail/CVE-2021-30889
[ 5 ] CVE-2021-30666
https://nvd.nist.gov/vuln/detail/CVE-2021-30666
[ 6 ] CVE-2021-30665
https://nvd.nist.gov/vuln/detail/CVE-2021-30665
[ 7 ] CVE-2021-30890
https://nvd.nist.gov/vuln/detail/CVE-2021-30890
[ 8 ] CVE-2021-30661
https://nvd.nist.gov/vuln/detail/CVE-2021-30661
[ 9 ] WSA-2021-0005
https://webkitgtk.org/security/WSA-2021-0005.html
[ 10 ] CVE-2021-30761
https://nvd.nist.gov/vuln/detail/CVE-2021-30761
[ 11 ] CVE-2021-30897
https://nvd.nist.gov/vuln/detail/CVE-2021-30897
[ 12 ] CVE-2021-30823
https://nvd.nist.gov/vuln/detail/CVE-2021-30823
[ 13 ] CVE-2021-30734
https://nvd.nist.gov/vuln/detail/CVE-2021-30734
[ 14 ] CVE-2021-30934
https://nvd.nist.gov/vuln/detail/CVE-2021-30934
[ 15 ] CVE-2021-1871
https://nvd.nist.gov/vuln/detail/CVE-2021-1871
[ 16 ] CVE-2021-30762
https://nvd.nist.gov/vuln/detail/CVE-2021-30762
[ 17 ] WSA-2021-0006
https://webkitgtk.org/security/WSA-2021-0006.html
[ 18 ] CVE-2021-30797
https://nvd.nist.gov/vuln/detail/CVE-2021-30797
[ 19 ] CVE-2021-30936
https://nvd.nist.gov/vuln/detail/CVE-2021-30936
[ 20 ] CVE-2021-30663
https://nvd.nist.gov/vuln/detail/CVE-2021-30663
[ 21 ] CVE-2021-1825
https://nvd.nist.gov/vuln/detail/CVE-2021-1825
[ 22 ] CVE-2021-30951
https://nvd.nist.gov/vuln/detail/CVE-2021-30951
[ 23 ] CVE-2021-30952
https://nvd.nist.gov/vuln/detail/CVE-2021-30952
[ 24 ] CVE-2021-1788
https://nvd.nist.gov/vuln/detail/CVE-2021-1788
[ 25 ] CVE-2021-1820
https://nvd.nist.gov/vuln/detail/CVE-2021-1820
[ 26 ] CVE-2021-30953
https://nvd.nist.gov/vuln/detail/CVE-2021-30953
[ 27 ] CVE-2021-30749
https://nvd.nist.gov/vuln/detail/CVE-2021-30749
[ 28 ] CVE-2021-30849
https://nvd.nist.gov/vuln/detail/CVE-2021-30849
[ 29 ] CVE-2021-1826
https://nvd.nist.gov/vuln/detail/CVE-2021-1826
[ 30 ] CVE-2021-30836
https://nvd.nist.gov/vuln/detail/CVE-2021-30836
[ 31 ] CVE-2021-30954
https://nvd.nist.gov/vuln/detail/CVE-2021-30954
[ 32 ] CVE-2021-30984
https://nvd.nist.gov/vuln/detail/CVE-2021-30984
[ 33 ] CVE-2021-30851
https://nvd.nist.gov/vuln/detail/CVE-2021-30851
[ 34 ] CVE-2021-30758
https://nvd.nist.gov/vuln/detail/CVE-2021-30758
[ 35 ] CVE-2021-42762
https://nvd.nist.gov/vuln/detail/CVE-2021-42762
[ 36 ] CVE-2021-1844
https://nvd.nist.gov/vuln/detail/CVE-2021-1844
[ 37 ] CVE-2021-30689
https://nvd.nist.gov/vuln/detail/CVE-2021-30689
[ 38 ] CVE-2021-45482
https://nvd.nist.gov/vuln/detail/CVE-2021-45482
[ 39 ] CVE-2021-30858
https://nvd.nist.gov/vuln/detail/CVE-2021-30858
[ 40 ] CVE-2021-21779
https://nvd.nist.gov/vuln/detail/CVE-2021-21779
[ 41 ] WSA-2021-0004
https://webkitgtk.org/security/WSA-2021-0004.html
[ 42 ] CVE-2021-30846
https://nvd.nist.gov/vuln/detail/CVE-2021-30846
[ 43 ] CVE-2021-30744
https://nvd.nist.gov/vuln/detail/CVE-2021-30744
[ 44 ] CVE-2021-30809
https://nvd.nist.gov/vuln/detail/CVE-2021-30809
[ 45 ] CVE-2021-30884
https://nvd.nist.gov/vuln/detail/CVE-2021-30884
[ 46 ] CVE-2021-30720
https://nvd.nist.gov/vuln/detail/CVE-2021-30720
[ 47 ] CVE-2021-30799
https://nvd.nist.gov/vuln/detail/CVE-2021-30799
[ 48 ] CVE-2021-30795
https://nvd.nist.gov/vuln/detail/CVE-2021-30795
[ 49 ] CVE-2021-1817
https://nvd.nist.gov/vuln/detail/CVE-2021-1817
[ 50 ] CVE-2021-21775
https://nvd.nist.gov/vuln/detail/CVE-2021-21775
[ 51 ] CVE-2021-30887
https://nvd.nist.gov/vuln/detail/CVE-2021-30887
[ 52 ] CVE-2021-21806
https://nvd.nist.gov/vuln/detail/CVE-2021-21806
[ 53 ] CVE-2021-30818
https://nvd.nist.gov/vuln/detail/CVE-2021-30818
Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202202-01
Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
======
Copyright 2022 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
VAR-202106-1475 | CVE-2021-29084 | Synology DiskStation Manager Injection vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors. Synology DiskStation Manager (DSM) Is vulnerable to injection.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Synology DS418play. Authentication is not required to exploit this vulnerability.The specific flaw exists within the webapi component. The issue results from incorrect neutralization of CRLF sequences in HTTP requests. An attacker can leverage this vulnerability to disclose information in the context of the Admin user. Synology DiskStation DS418play is a network device of China Synology Corporation. Provides a storage function
VAR-202105-0020 | CVE-2020-10065 | Zephyr Out-of-bounds Vulnerability in Microsoft |
CVSS V2: 5.8 CVSS V3: 8.8 Severity: HIGH |
Missing Size Checks in Bluetooth HCI over SPI. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Length Parameter Inconsistency (CWE-130). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c. Zephyr Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
VAR-202105-0535 | CVE-2021-21000 | plural WAGO Vulnerability in product allocation of resource allocation without limitation or throttling on devices |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime. plural WAGO Product devices contain vulnerabilities in resource allocation without restrictions or throttling.Denial of service (DoS) It may be put into a state
VAR-202105-1628 | No CVE | Xbrother data center infrastructure monitoring has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Shenzhen Mongji Technology Co., Ltd. is China's leading green and smart data center overall solution provider, committed to making data centers simpler, safer, more efficient, and energy-saving. In the fields of modular data center, monitoring management, energy-saving transformation and remote operation and maintenance services, it has provided industry-leading solutions and nationwide professional technical service guarantees for more than 10,000 data center customers.
The xbrother data center infrastructure monitoring has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
VAR-202105-0536 | CVE-2021-21001 | WAGO path traversal vulnerability |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges. plural WAGO A past traversal vulnerability exists in the device of the product.Information may be obtained. WAGO is a 750-88x series programmable logic controller from WAGO. The device is a digital operation electronic system designed specifically for applications in an industrial environment
VAR-202105-0146 | CVE-2020-26558 | Bluetooth Core Specification Authorization problem vulnerability |
CVSS V2: 4.3 CVSS V3: 4.2 Severity: MEDIUM |
Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202209-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: BlueZ: Multiple Vulnerabilities
Date: September 29, 2022
Bugs: #797712, #835077
ID: 202209-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been discovered in BlueZ, the worst of
which could result in arbitrary code execution.
Background
==========
BlueZ is the canonical bluetooth tools and system daemons package for
Linux.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-wireless/bluez < 5.63 >= 5.63
Description
===========
Multiple vulnerabilities have been discovered in BlueZ. Please review
the CVE identifiers referenced below for details.
Impact
======
Please review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All BlueZ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-wireless/bluez-5.63"
References
==========
[ 1 ] CVE-2020-26558
https://nvd.nist.gov/vuln/detail/CVE-2020-26558
[ 2 ] CVE-2021-0129
https://nvd.nist.gov/vuln/detail/CVE-2021-0129
[ 3 ] CVE-2021-3588
https://nvd.nist.gov/vuln/detail/CVE-2021-3588
[ 4 ] CVE-2022-0204
https://nvd.nist.gov/vuln/detail/CVE-2022-0204
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202209-16
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2022 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: bluez security update
Advisory ID: RHSA-2021:4432-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:4432
Issue date: 2021-11-09
CVE Names: CVE-2020-26558
====================================================================
1. Summary:
An update for bluez is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64
3. Description:
The bluez packages contain the following utilities for use in Bluetooth
applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start
scripts (Red Hat), and pcmcia configuration files.
Security Fix(es):
* bluez: Passkey Entry protocol of the Bluetooth Core is vulnerable to an
impersonation attack (CVE-2020-26558)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.5 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
aarch64:
bluez-cups-5.56-1.el8.aarch64.rpm
bluez-cups-debuginfo-5.56-1.el8.aarch64.rpm
bluez-debuginfo-5.56-1.el8.aarch64.rpm
bluez-debugsource-5.56-1.el8.aarch64.rpm
bluez-hid2hci-debuginfo-5.56-1.el8.aarch64.rpm
bluez-libs-debuginfo-5.56-1.el8.aarch64.rpm
bluez-obexd-debuginfo-5.56-1.el8.aarch64.rpm
ppc64le:
bluez-cups-5.56-1.el8.ppc64le.rpm
bluez-cups-debuginfo-5.56-1.el8.ppc64le.rpm
bluez-debuginfo-5.56-1.el8.ppc64le.rpm
bluez-debugsource-5.56-1.el8.ppc64le.rpm
bluez-hid2hci-debuginfo-5.56-1.el8.ppc64le.rpm
bluez-libs-debuginfo-5.56-1.el8.ppc64le.rpm
bluez-obexd-debuginfo-5.56-1.el8.ppc64le.rpm
s390x:
bluez-cups-5.56-1.el8.s390x.rpm
bluez-cups-debuginfo-5.56-1.el8.s390x.rpm
bluez-debuginfo-5.56-1.el8.s390x.rpm
bluez-debugsource-5.56-1.el8.s390x.rpm
bluez-hid2hci-debuginfo-5.56-1.el8.s390x.rpm
bluez-libs-debuginfo-5.56-1.el8.s390x.rpm
bluez-obexd-debuginfo-5.56-1.el8.s390x.rpm
x86_64:
bluez-cups-5.56-1.el8.x86_64.rpm
bluez-cups-debuginfo-5.56-1.el8.x86_64.rpm
bluez-debuginfo-5.56-1.el8.x86_64.rpm
bluez-debugsource-5.56-1.el8.x86_64.rpm
bluez-hid2hci-debuginfo-5.56-1.el8.x86_64.rpm
bluez-libs-debuginfo-5.56-1.el8.x86_64.rpm
bluez-obexd-debuginfo-5.56-1.el8.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 8):
Source:
bluez-5.56-1.el8.src.rpm
aarch64:
bluez-5.56-1.el8.aarch64.rpm
bluez-cups-debuginfo-5.56-1.el8.aarch64.rpm
bluez-debuginfo-5.56-1.el8.aarch64.rpm
bluez-debugsource-5.56-1.el8.aarch64.rpm
bluez-hid2hci-5.56-1.el8.aarch64.rpm
bluez-hid2hci-debuginfo-5.56-1.el8.aarch64.rpm
bluez-libs-5.56-1.el8.aarch64.rpm
bluez-libs-debuginfo-5.56-1.el8.aarch64.rpm
bluez-obexd-5.56-1.el8.aarch64.rpm
bluez-obexd-debuginfo-5.56-1.el8.aarch64.rpm
ppc64le:
bluez-5.56-1.el8.ppc64le.rpm
bluez-cups-debuginfo-5.56-1.el8.ppc64le.rpm
bluez-debuginfo-5.56-1.el8.ppc64le.rpm
bluez-debugsource-5.56-1.el8.ppc64le.rpm
bluez-hid2hci-5.56-1.el8.ppc64le.rpm
bluez-hid2hci-debuginfo-5.56-1.el8.ppc64le.rpm
bluez-libs-5.56-1.el8.ppc64le.rpm
bluez-libs-debuginfo-5.56-1.el8.ppc64le.rpm
bluez-obexd-5.56-1.el8.ppc64le.rpm
bluez-obexd-debuginfo-5.56-1.el8.ppc64le.rpm
s390x:
bluez-5.56-1.el8.s390x.rpm
bluez-cups-debuginfo-5.56-1.el8.s390x.rpm
bluez-debuginfo-5.56-1.el8.s390x.rpm
bluez-debugsource-5.56-1.el8.s390x.rpm
bluez-hid2hci-5.56-1.el8.s390x.rpm
bluez-hid2hci-debuginfo-5.56-1.el8.s390x.rpm
bluez-libs-5.56-1.el8.s390x.rpm
bluez-libs-debuginfo-5.56-1.el8.s390x.rpm
bluez-obexd-5.56-1.el8.s390x.rpm
bluez-obexd-debuginfo-5.56-1.el8.s390x.rpm
x86_64:
bluez-5.56-1.el8.x86_64.rpm
bluez-cups-debuginfo-5.56-1.el8.i686.rpm
bluez-cups-debuginfo-5.56-1.el8.x86_64.rpm
bluez-debuginfo-5.56-1.el8.i686.rpm
bluez-debuginfo-5.56-1.el8.x86_64.rpm
bluez-debugsource-5.56-1.el8.i686.rpm
bluez-debugsource-5.56-1.el8.x86_64.rpm
bluez-hid2hci-5.56-1.el8.x86_64.rpm
bluez-hid2hci-debuginfo-5.56-1.el8.i686.rpm
bluez-hid2hci-debuginfo-5.56-1.el8.x86_64.rpm
bluez-libs-5.56-1.el8.i686.rpm
bluez-libs-5.56-1.el8.x86_64.rpm
bluez-libs-debuginfo-5.56-1.el8.i686.rpm
bluez-libs-debuginfo-5.56-1.el8.x86_64.rpm
bluez-obexd-5.56-1.el8.x86_64.rpm
bluez-obexd-debuginfo-5.56-1.el8.i686.rpm
bluez-obexd-debuginfo-5.56-1.el8.x86_64.rpm
Red Hat Enterprise Linux CRB (v. 8):
aarch64:
bluez-cups-debuginfo-5.56-1.el8.aarch64.rpm
bluez-debuginfo-5.56-1.el8.aarch64.rpm
bluez-debugsource-5.56-1.el8.aarch64.rpm
bluez-hid2hci-debuginfo-5.56-1.el8.aarch64.rpm
bluez-libs-debuginfo-5.56-1.el8.aarch64.rpm
bluez-libs-devel-5.56-1.el8.aarch64.rpm
bluez-obexd-debuginfo-5.56-1.el8.aarch64.rpm
ppc64le:
bluez-cups-debuginfo-5.56-1.el8.ppc64le.rpm
bluez-debuginfo-5.56-1.el8.ppc64le.rpm
bluez-debugsource-5.56-1.el8.ppc64le.rpm
bluez-hid2hci-debuginfo-5.56-1.el8.ppc64le.rpm
bluez-libs-debuginfo-5.56-1.el8.ppc64le.rpm
bluez-libs-devel-5.56-1.el8.ppc64le.rpm
bluez-obexd-debuginfo-5.56-1.el8.ppc64le.rpm
s390x:
bluez-cups-debuginfo-5.56-1.el8.s390x.rpm
bluez-debuginfo-5.56-1.el8.s390x.rpm
bluez-debugsource-5.56-1.el8.s390x.rpm
bluez-hid2hci-debuginfo-5.56-1.el8.s390x.rpm
bluez-libs-debuginfo-5.56-1.el8.s390x.rpm
bluez-libs-devel-5.56-1.el8.s390x.rpm
bluez-obexd-debuginfo-5.56-1.el8.s390x.rpm
x86_64:
bluez-cups-debuginfo-5.56-1.el8.i686.rpm
bluez-cups-debuginfo-5.56-1.el8.x86_64.rpm
bluez-debuginfo-5.56-1.el8.i686.rpm
bluez-debuginfo-5.56-1.el8.x86_64.rpm
bluez-debugsource-5.56-1.el8.i686.rpm
bluez-debugsource-5.56-1.el8.x86_64.rpm
bluez-hid2hci-debuginfo-5.56-1.el8.i686.rpm
bluez-hid2hci-debuginfo-5.56-1.el8.x86_64.rpm
bluez-libs-debuginfo-5.56-1.el8.i686.rpm
bluez-libs-debuginfo-5.56-1.el8.x86_64.rpm
bluez-libs-devel-5.56-1.el8.i686.rpm
bluez-libs-devel-5.56-1.el8.x86_64.rpm
bluez-obexd-debuginfo-5.56-1.el8.i686.rpm
bluez-obexd-debuginfo-5.56-1.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYYrdt9zjgjWX9erEAQj3Kg//RFuvdDqQfdw3Wm00uS+qmxOaUzvG5OVO
XrSpoMb5VcrJRKTBY3u4ObfU1+yGJ5iF2wGwxgu6QF4tLUwC/OPSCgvS0lifTcEy
OkvBnkR06tBsGTjBmN8wyHQTEGVdFLlFU+sbC+yKjHmF31o6ZgDD7VZV/wuzqSGk
ZPR39CzfnnnTzLz2QvrYJZZ/tpgvS5qOTebP/qEmQCuwmRJeTaY+pgj28e8njQjU
NMqAcR7/kPX6LIYzdhQgEOCWZ9imxjoYAwY/VMu9T23zuyTkRTQtCC8Q5GJgATRV
qD4adxIeyJSvvMzJf6VkvzXu32AWira9oFgFPiYwjEYVJcMmGKZGJx94a1mu2Rs8
TFi3+iuVAdHE1S9NJ54nfxkjnVs6XKDIITNIZkl+isfQEtkkUBfeVcK6U/57wCKN
jgvUtrcQpqNH86x3Uu4W//eFlXQrbfzsogDx10d/jSk+PPg60mP6Fzcad8PTgr/H
vZygkT1bLbY7lOXejiVnJ8+otIv7tK+XzajDvQwgwC+9IigncMygiSS0SelVht4U
rvdqIKs2btFOBk+GhUzEMogaGFDqRUpFKIEFFVtL6d3Uvr4rgDHjMewKdU9v11ED
94Cg3wX0XFYvrnRS1Lxx9m1vuWtevD4EyZLSxcAEMLSXEMoa2c8f7Y6gxb7PGAKb
irY79RTeDm4=R6rn
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
. ==========================================================================
Ubuntu Security Notice USN-5343-1
March 22, 2022
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-kvm: Linux kernel for cloud environments
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty
Details:
Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the
Linux kernel did not properly restrict access to the cgroups v1
release_agent feature. A local attacker could use this to gain
administrative privileges. (CVE-2022-0492)
It was discovered that the aufs file system in the Linux kernel did not
properly restrict mount namespaces, when mounted with the non-default
allow_userns option set. A local attacker could use this to gain
administrative privileges. (CVE-2016-2853)
It was discovered that the aufs file system in the Linux kernel did not
properly maintain POSIX ACL xattr data, when mounted with the non-default
allow_userns option. A local attacker could possibly use this to gain
elevated privileges. (CVE-2016-2854)
It was discovered that the f2fs file system in the Linux kernel did not
properly validate metadata in some situations. An attacker could use this
to construct a malicious f2fs image that, when mounted and operated on,
could cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2019-19449)
It was discovered that the XFS file system implementation in the Linux
kernel did not properly validate meta data in some circumstances. An
attacker could use this to construct a malicious XFS image that, when
mounted, could cause a denial of service. (CVE-2020-12655)
Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the
Linux kernel contained a reference counting error. A local attacker could
use this to cause a denial of service (system crash). (CVE-2020-25670)
Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the
Linux kernel did not properly deallocate memory in certain error
situations. A local attacker could use this to cause a denial of service
(memory exhaustion). (CVE-2020-25671, CVE-2020-25672)
Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the
Linux kernel did not properly handle error conditions in some situations,
leading to an infinite loop. A local attacker could use this to cause a
denial of service. (CVE-2020-25673)
Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation
incorrectly handled EAPOL frames from unauthenticated senders. A physically
proximate attacker could inject malicious packets to cause a denial of
service (system crash). (CVE-2020-26139)
Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation could
reassemble mixed encrypted and plaintext fragments. A physically proximate
attacker could possibly use this issue to inject packets or exfiltrate
selected fragments. (CVE-2020-26147)
It was discovered that the BR/EDR pin-code pairing procedure in the Linux
kernel was vulnerable to an impersonation attack. A physically proximate
attacker could possibly use this to pair to a device without knowledge of
the pin-code. (CVE-2020-26555)
It was discovered that the bluetooth subsystem in the Linux kernel did not
properly perform access control. An authenticated attacker could possibly
use this to expose sensitive information. (CVE-2020-26558, CVE-2021-0129)
It was discovered that the FUSE user space file system implementation in
the Linux kernel did not properly handle bad inodes in some situations. A
local attacker could possibly use this to cause a denial of service.
(CVE-2020-36322)
It was discovered that the Infiniband RDMA userspace connection manager
implementation in the Linux kernel contained a race condition leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possible execute arbitrary code.
(CVE-2020-36385)
It was discovered that the DRM subsystem in the Linux kernel contained
double-free vulnerabilities. A privileged attacker could possibly use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2021-20292)
It was discovered that a race condition existed in the timer implementation
in the Linux kernel. A privileged attacker could use this to cause a denial
of service. (CVE-2021-20317)
Or Cohen and Nadav Markus discovered a use-after-free vulnerability in the
nfc implementation in the Linux kernel. A privileged local attacker could
use this issue to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2021-23134)
It was discovered that the Xen paravirtualization backend in the Linux
kernel did not properly deallocate memory in some situations. A local
attacker could use this to cause a denial of service (memory exhaustion).
(CVE-2021-28688)
It was discovered that the RPA PCI Hotplug driver implementation in the
Linux kernel did not properly handle device name writes via sysfs, leading
to a buffer overflow. A privileged attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2021-28972)
It was discovered that a race condition existed in the netfilter subsystem
of the Linux kernel when replacing tables. A local attacker could use this
to cause a denial of service (system crash). (CVE-2021-29650)
It was discovered that a race condition in the kernel Bluetooth subsystem
could lead to use-after-free of slab objects. An attacker could use this
issue to possibly execute arbitrary code. (CVE-2021-32399)
It was discovered that the CIPSO implementation in the Linux kernel did not
properly perform reference counting in some situations, leading to use-
after-free vulnerabilities. An attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2021-33033)
It was discovered that a use-after-free existed in the Bluetooth HCI driver
of the Linux kernel. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2021-33034)
Asaf Modelevsky discovered that the Intel(R) Ethernet ixgbe driver for the
Linux kernel did not properly validate large MTU requests from Virtual
Function (VF) devices. A local attacker could possibly use this to cause a
denial of service. (CVE-2021-33098)
Norbert Slusarek discovered that the CAN broadcast manger (bcm) protocol
implementation in the Linux kernel did not properly initialize memory in
some situations. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2021-34693)
马哲宇 discovered that the IEEE 1394 (Firewire) nosy packet sniffer driver in
the Linux kernel did not properly perform reference counting in some
situations, leading to a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2021-3483)
It was discovered that an out-of-bounds (OOB) memory access flaw existed in
the f2fs module of the Linux kernel. A local attacker could use this issue
to cause a denial of service (system crash). (CVE-2021-3506)
It was discovered that the bluetooth subsystem in the Linux kernel did not
properly handle HCI device initialization failure, leading to a double-free
vulnerability. An attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2021-3564)
It was discovered that the bluetooth subsystem in the Linux kernel did not
properly handle HCI device detach events, leading to a use-after-free
vulnerability. An attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2021-3573)
Murray McAllister discovered that the joystick device interface in the
Linux kernel did not properly validate data passed via an ioctl(). A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code on systems with a joystick device
registered. (CVE-2021-3612)
It was discovered that the tracing subsystem in the Linux kernel did not
properly keep track of per-cpu ring buffer state. A privileged attacker
could use this to cause a denial of service. (CVE-2021-3679)
It was discovered that the Virtio console implementation in the Linux
kernel did not properly validate input lengths in some situations. A local
attacker could possibly use this to cause a denial of service (system
crash). (CVE-2021-38160)
It was discovered that the KVM hypervisor implementation in the Linux
kernel did not properly compute the access permissions for shadow pages in
some situations. A local attacker could use this to cause a denial of
service. (CVE-2021-38198)
It was discovered that the MAX-3421 host USB device driver in the Linux
kernel did not properly handle device removal events. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2021-38204)
It was discovered that the NFC implementation in the Linux kernel did not
properly handle failed connect events leading to a NULL pointer
dereference. A local attacker could use this to cause a denial of service.
(CVE-2021-38208)
It was discovered that the configfs interface for USB gadgets in the Linux
kernel contained a race condition. A local attacker could possibly use this
to expose sensitive information (kernel memory). (CVE-2021-39648)
It was discovered that the ext4 file system in the Linux kernel contained a
race condition when writing xattrs to an inode. A local attacker could use
this to cause a denial of service or possibly gain administrative
privileges. (CVE-2021-40490)
It was discovered that the 6pack network protocol driver in the Linux
kernel did not properly perform validation checks. A privileged attacker
could use this to cause a denial of service (system crash) or execute
arbitrary code. (CVE-2021-42008)
It was discovered that the ISDN CAPI implementation in the Linux kernel
contained a race condition in certain situations that could trigger an
array out-of-bounds bug. A privileged local attacker could possibly use
this to cause a denial of service or execute arbitrary code.
(CVE-2021-43389)
It was discovered that the Phone Network protocol (PhoNet) implementation
in the Linux kernel did not properly perform reference counting in some
error conditions. A local attacker could possibly use this to cause a
denial of service (memory exhaustion). (CVE-2021-45095)
Wenqing Liu discovered that the f2fs file system in the Linux kernel did
not properly validate the last xattr entry in an inode. An attacker could
use this to construct a malicious f2fs image that, when mounted and
operated on, could cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2021-45469)
Amit Klein discovered that the IPv6 implementation in the Linux kernel
could disclose internal state in some situations. An attacker could
possibly use this to expose sensitive information. (CVE-2021-45485)
It was discovered that the per cpu memory allocator in the Linux kernel
could report kernel pointers via dmesg. An attacker could use this to
expose sensitive information or in conjunction with another kernel
vulnerability. (CVE-2018-5995)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 ESM:
linux-image-4.4.0-1103-kvm 4.4.0-1103.112
linux-image-4.4.0-1138-aws 4.4.0-1138.152
linux-image-4.4.0-222-generic 4.4.0-222.255
linux-image-4.4.0-222-lowlatency 4.4.0-222.255
linux-image-aws 4.4.0.1138.143
linux-image-generic 4.4.0.222.229
linux-image-kvm 4.4.0.1103.101
linux-image-lowlatency 4.4.0.222.229
linux-image-virtual 4.4.0.222.229
Ubuntu 14.04 ESM:
linux-image-4.4.0-1102-aws 4.4.0-1102.107
linux-image-4.4.0-222-generic 4.4.0-222.255~14.04.1
linux-image-4.4.0-222-lowlatency 4.4.0-222.255~14.04.1
linux-image-aws 4.4.0.1102.100
linux-image-generic-lts-xenial 4.4.0.222.193
linux-image-lowlatency-lts-xenial 4.4.0.222.193
linux-image-virtual-lts-xenial 4.4.0.222.193
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-5343-1
CVE-2016-2853, CVE-2016-2854, CVE-2018-5995, CVE-2019-19449,
CVE-2020-12655, CVE-2020-25670, CVE-2020-25671, CVE-2020-25672,
CVE-2020-25673, CVE-2020-26139, CVE-2020-26147, CVE-2020-26555,
CVE-2020-26558, CVE-2020-36322, CVE-2020-36385, CVE-2021-0129,
CVE-2021-20292, CVE-2021-20317, CVE-2021-23134, CVE-2021-28688,
CVE-2021-28972, CVE-2021-29650, CVE-2021-32399, CVE-2021-33033,
CVE-2021-33034, CVE-2021-33098, CVE-2021-34693, CVE-2021-3483,
CVE-2021-3506, CVE-2021-3564, CVE-2021-3573, CVE-2021-3612,
CVE-2021-3679, CVE-2021-38160, CVE-2021-38198, CVE-2021-38204,
CVE-2021-38208, CVE-2021-39648, CVE-2021-40490, CVE-2021-42008,
CVE-2021-43389, CVE-2021-45095, CVE-2021-45469, CVE-2021-45485,
CVE-2022-0492
.
Software Description:
- bluez: Bluetooth tools and daemons
Details:
It was discovered that BlueZ incorrectly checked certain permissions when
pairing. (CVE-2020-26558)
Jay LV discovered that BlueZ incorrectly handled redundant disconnect MGMT
events. (CVE-2020-27153)
Ziming Zhang discovered that BlueZ incorrectly handled certain array
indexes
VAR-202105-1637 | No CVE | Youku Lubao has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Youku Roubao is a smart router.
Youku Lubao has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
VAR-202105-1635 | No CVE | DHP-W310AV has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
D-Link Electronic Equipment (Shanghai) Co., Ltd. is a company mainly engaged in network equipment, wireless equipment, switches and other projects.
DHP-W310AV has an unauthorized access vulnerability, and attackers can use the leak to obtain sensitive information.
VAR-202105-1634 | No CVE | Samsung SL-J2920W, Samsung SL-J1560W Series, Samsung SL-J3560FW have information disclosure vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Samsung (China) Investment Co., Ltd. is the headquarters of Samsung Group in China. As of the end of 2008, 20 of Samsung's more than 30 companies have invested in China, including Samsung Electronics, Samsung SDI, Samsung SDS, and Samsung Electro-Mechanics.
Samsung SL-J2920W, Samsung SL-J1560W Series, and Samsung SL-J3560FW have an information disclosure vulnerability, which can be exploited by attackers to obtain sensitive information.
VAR-202105-1626 | No CVE | RG-BCR810W has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Ruijie Networks Co., Ltd. is a data communication solution provider.
RG-BCR810W has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
VAR-202105-1631 | No CVE | Zhejiang Dahua camera has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Zhejiang Dahua Technology Co., Ltd. is the world's leading video-centric intelligent IoT solution provider and operation service provider. Based on technological innovation, it provides end-to-end video surveillance solutions, systems and services.
Zhejiang Dahua camera has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
VAR-202105-1636 | No CVE | Huawei Technologies Co., Ltd. S7706 and S9303 have weak password vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The business of Huawei Technologies Co., Ltd. includes switches, transmission equipment, data communication equipment, broadband multimedia equipment, power supplies, wireless communication equipment, microelectronics products, software, etc.
Huawei Technologies Co., Ltd. S7706 and S9303 have a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
VAR-202105-1627 | No CVE | Ruijie Networks Co., Ltd. NBR router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Ruijie Networks Co., Ltd. is a data communication solution provider.
Ruijie Networks Co., Ltd. NBR router has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.