VARIoT IoT vulnerabilities database

SRG2210 is a router. HUAWEI SRG2210 has a weak password vulnerability. Attackers can use this vulnerability to obtain sensitive information.

ER6300 is a high-performance all-gigabit dedicated router for Internet cafes launched by H3C. The H3C ER6300 router has a weak password vulnerability. Attackers can use this vulnerability to log in to the router background to obtain sensitive information.

An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copied to the stack variable. Tenda AC11 The device contains an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Tenda AC11 is an AC1200 dual-band Gigabit WiFi router

An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request. Tenda AC11 The device contains an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Tenda AC11 is an AC1200 dual-band Gigabit WiFi router

An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request. Tenda AC11 The device contains an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Tenda AC11 is an AC1200 dual-band Gigabit WiFi router

An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request. Tenda AC11 The device contains an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Tenda AC11 is an AC1200 dual-band Gigabit WiFi router

WX3520H is an enterprise-level operating wireless controller. New H3C Technology Co., Ltd. WX3520H has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

WX2540H is a wireless controller. New H3C Technology Co., Ltd. WX2540H has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

The MSR series router is an enterprise-level router of Xinhua Three Technology Co., Ltd. Many H3C MSR series routers have weak password vulnerabilities, which can be exploited by attackers to obtain sensitive information.

H3C WX3510H, H3C WX2510H, H3C WX3508H, H3C WX3540H are wireless controllers of H3C Technology Co., Ltd. Several wireless controller products of New H3C Technology Co., Ltd. have weak password vulnerabilities, which can be exploited by attackers to obtain sensitive information.

TL-WR841HP is a 300Mbps, high-power wireless router. Universal Technology Co., Ltd. TL-WR841HP has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

TL-WR940N is a wireless router. The TL-WR940N of Universal Technology Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

WX2560H is a gateway wireless controller independently developed by New H3C Technology Co., Ltd. New H3C Technology Co., Ltd. WX2560H has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

The H3C Xiaobei router is an enterprise-level router dedicated to shops. The H3C Beckham router has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

H3C WAC380-30 is a gateway wireless controller independently developed by New H3C Technology Co., Ltd. H3C WAC380-30 has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Ruijie Networks Co., Ltd. is a company that uses new technologies such as cloud computing, SDN, mobile internet, big data, and the Internet of Things to provide end-to-end solutions for users in various industries. RG-UAC Ruijie's unified online behavior management and audit system has a logic flaw vulnerability. Attackers can use this vulnerability to modify the administrator password.

The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 and Lyra Mini before 3.0.0.4_384_46630 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface. This relates to handle_request in router/httpd/httpd.c and auth_check in web_hook.o. An attacker-supplied value of '\0' matches the device's default value of '\0' in some situations. Note: All versions of Lyra Mini and earlier which are unsupported (End-of-Life, EOL) are also affected by this vulnerability, Consumers can mitigate this vulnerability by disabling the remote access features from WAN. ASUS GT-AC2900 There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The ASUS GT-AC2900 is a router from the Chinese company ASUS (ASUS)

Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.1.0 allow a stack buffer overflow via crafted messages. The overflow in ethereum_extractThorchainSwapData() in ethereum.c can circumvent stack protections and lead to code execution. The vulnerable interface is reachable remotely over WebUSB

omr-admin.py in openmptcprouter-vps-admin 0.57.3 and earlier compares the user provided password with the original password in a length dependent manner, which allows remote attackers to guess the password via a timing attack. openmptcprouter-vps-admin Contains an authentication vulnerability.Information may be obtained. openmptcprouter-vps-admin is an application software. An OpenMPTCRouter API based on FastAPI. There is a security vulnerability in Omr-admin.py in openmptcprouter-vps-admin version 0.57.3 and earlier versions

A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability. Linux Kernel Is vulnerable to an out-of-bounds write.Information is tampered with and denial of service (DoS) It may be put into a state. KVM is one of the kernel-based virtual machines. This vulnerability could result in an out-of-bounds write. Description: Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.2/html/release_notes/ Security fixes: * redisgraph-tls: redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309) * console-header-container: nodejs-netmask: improper input validation of octal input data (CVE-2021-28092) * console-container: nodejs-is-svg: ReDoS via malicious string (CVE-2021-28918) Bug fixes: * RHACM 2.2.4 images (BZ# 1957254) * Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 (BZ#1950832) * ACM Operator should support using the default route TLS (BZ# 1955270) * The scrolling bar for search filter does not work properly (BZ# 1956852) * Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426) * The proxy setup in install-config.yaml is not worked when IPI installing with RHACM (BZ# 1960181) * Unable to make SSH connection to a Bitbucket server (BZ# 1966513) * Observability Thanos store shard crashing - cannot unmarshall DNS message (BZ# 1967890) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory 1954506 - [DDF] Table does not contain data about 20 clusters. Now it's difficult to estimate CPU usage with larger clusters 1954535 - Reinstall Submariner - No endpoints found on one cluster 1955270 - ACM Operator should support using the default route TLS 1956852 - The scrolling bar for search filter does not work properly 1957254 - RHACM 2.2.4 images 1959426 - Limits on Length of MultiClusterObservability Resource Name 1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. 1963128 - [DDF] Please rename this to "Amazon Elastic Kubernetes Service" 1966513 - Unable to make SSH connection to a Bitbucket server 1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. 1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message 5. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.16. See the following advisories for the RPM packages for this release: https://access.redhat.com/errata/RHBA-2287 Space precludes documenting all of the container images in this advisory. Additional Changes: This update also fixes several bugs. Documentation for these changes is available from the Release Notes document linked to in the References section. Solution: For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1889659 - [Assisted-4.6] [cluster validation] Number of hosts validation is not enforced when Automatic role assigned 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1932638 - Removing ssh keys MC does not remove the key from authorized_keys 1934180 - vsphere-problem-detector should check if datastore is part of datastore cluster 1937396 - when kuryr quotas are unlimited, we should not sent alerts 1939014 - [OSP] First public endpoint is used to fetch ignition config from Glance URL (with multiple endpoints) on OSP 1939553 - Binary file uploaded to a secret in OCP 4 GUI is not properly converted to Base64-encoded string 1940275 - [IPI Baremetal] Revert Sending full ignition to masters 1942603 - [4.7z] Network policies in ovn-kubernetes don't support external traffic from router when the endpoint publishing strategy is HostNetwork 1944046 - Warn users when using an unsupported browser such as IE 1944575 - Duplicate alert rules are displayed on console for thanos-querier api return wrong results 1945702 - Operator dependency not consistently chosen from default channel 1946682 - [OVN] Source IP is not EgressIP if configured allow 0.0.0.0/0 in the EgressFirewall 1947091 - Incorrect skipped status for conditional tasks in the pipeline run 1947427 - Bootstrap ignition shim doesn't follow proxy settings 1948398 - [oVirt] remove ovirt_cafile from ovirt-credentials secret 1949541 - Kuryr-Controller crashes when it's missing the status object 1950290 - KubeClientCertificateExpiration alert is confusing, without explanation in the documentation 1951210 - Pod log filename no longer in <pod-name>-<container-name>.log format 1953475 - worker pool went degraded due to no rpm-ostree on rhel worker during applying new mc 1954121 - [ceo] [release-4.7] Operator goes degraded when a second internal node ip is added after install 1955210 - OCP 4.6 Build fails when filename contains an umlaut 1955418 - 4.8 -> 4.7 rollbacks broken on unrecognized flowschema openshift-etcd-operator 1955482 - [4.7] Drop high-cardinality metrics from kube-state-metrics which aren't used 1955600 - e2e unidling test flakes in CI 1956565 - Need ACM Managed Cluster Info metric enabled for OCP monitoring telemetry 1956980 - OVN-Kubernetes leaves stale AddressSets around if the deletion was missed. 1957308 - Customer tags cannot be seen in S3 level when set spec.managementState from Managed-> Removed-> Managed in configs.imageregistry with high ratio 1957499 - OperatorHub - console accepts any value for "Infrastructure features" annotation 1958416 - openshift-oauth-apiserver apiserver pod crashloopbackoffs 1958467 - [4.7] Webscale: sriov vfs are not created and sriovnetworknodestate indicates sync succeeded - state is not correct 1958873 - Device Replacemet UI, The status of the disk is "replacement ready" before I clicked on "start replacement" 1959546 - [4.7] storage-operator/vsphere-problem-detector causing upgrades to fail that would have succeeded in past versions 1959737 - Unable to assign nodes for EgressIP even if the egress-assignable label is set 1960093 - Console not works well against a proxy in front of openshift clusters 1960111 - Port 8080 of oVirt CSI driver is causing collisions with other services 1960542 - manifests: invalid selector in ServiceMonitor makes CVO hotloop 1960544 - Overly generic CSS rules for dd and dt elements breaks styling elsewhere in console 1960562 - manifests: invalid selector in ServiceMonitor makes CVO hotloop 1960589 - manifests: extra "spec.version" in console quickstarts makes CVO hotloop 1960645 - [Backport 4.7] Add virt_platform metric to the collected metrics 1960686 - GlobalConfigPage is constantly requesting resources 1961069 - CMO end-to-end tests work only on AWS 1961367 - Conformance tests for OpenStack require the Cinder client that is not included in the "tests" image 1961518 - manifests: invalid selector in ServiceMonitor makes CVO hotloop 1961557 - [release-4.7] respect the shutdown-delay-duration from OpenShiftAPIServerConfig 1961719 - manifests: invalid namespace in ClusterRoleBinding makes CVO hotloop 1961887 - TaskRuns Tab in PipelineRun Details Page makes cluster based calls for TaskRuns 1962314 - openshift-marketplace pods in CrashLoopBackOff state after RHACS installed with an SCC with readOnlyFileSystem set to true 1962493 - Kebab menu of taskrun contains Edit options which should not be present 1962637 - Nodes tainted after configuring additional host iface 1962819 - OCP v4.7 installation with OVN-Kubernetes fails with error "egress bandwidth restriction -1 is not equals" 1962949 - e2e-metal-ipi and related jobs fail to bootstrap due to multipe VIP's 1963141 - packageserver clusteroperator Available condition set to false on any Deployment spec change 1963243 - HAproxy pod logs showing error "another server named 'pod:httpd-7c7ccfffdc-wdkvk:httpd:8080-tcp:10.128.x.x:8080' was already defined at line 326, please use distinct names" 1964322 - UI, The status of "Used Capacity Breakdown [Pods]" is "Not available" 1964568 - Failed to upgrade from 4.6.25 to 4.7.8 due to the machine-config degradation 1965075 - [4.7z] After upgrade from 4.5.16 to 4.6.17, customer's application is seeing re-transmits 1965932 - [oauth-server] bump k8s.io/apiserver to 1.20.3 1966358 - Build failure on s390x 1966798 - [tests] Release 4.7 broken due to the usage of wrong OCS version 1966810 - Failing Test vendor/k8s.io/kube-aggregator/pkg/apiserver TestProxyCertReload due to hardcoded certificate expiration 1967328 - [IBM][ROKS] Enable volume snapshot controllers on IBM Cloud 1967966 - prometheus-k8s pods can't be scheduled due to volume node affinity conflict 1967972 - [calico] rbac-proxy container in kube-proxy fails to create tokenreviews 1970322 - [OVN]EgressFirewall doesn't work well as expected 5. 8) - x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Bug Fix(es): * kernel-rt: update RT source tree to the RHEL-8.4.z0 source tree (BZ#1957489) 4. Description: This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2021:2168-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2168 Issue date: 2021-06-01 CVE Names: CVE-2021-3501 CVE-2021-3543 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Security Fix(es): * kernel: userspace applications can misuse the KVM API to cause a write of 16 bytes at an offset up to 32 GB from vcpu->run (CVE-2021-3501) * kernel: nitro_enclaves stale file descriptors on failed usercopy (CVE-2021-3543) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * OVS mistakenly using local IP as tun_dst for VXLAN packets (?) (BZ#1944667) * Selinux: The task calling security_set_bools() deadlocks with itself when it later calls selinux_audit_rule_match(). (BZ#1945123) * [mlx5] tc flower mpls match options does not work (BZ#1952061) * mlx5: missing patches for ct.rel (BZ#1952062) * CT HWOL: with OVN/OVS, intermittently, load balancer hairpin TCP packets get dropped for seconds in a row (BZ#1952065) * [Lenovo 8.3 bug] Blackscreen after clicking on "Settings" icon from top-right corner. (BZ#1952900) * RHEL 8.x missing uio upstream fix. (BZ#1952952) * Turbostat doesn't show any measured data on AMD Milan (BZ#1952987) * P620 no sound from front headset jack (BZ#1954545) * RHEL kernel 8.2 and higher are affected by data corruption bug in raid1 arrays using bitmaps. (BZ#1955188) * [net/sched] connection failed with DNAT + SNAT by tc action ct (BZ#1956458) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1950136 - CVE-2021-3501 kernel: userspace applications can misuse the KVM API to cause a write of 16 bytes at an offset up to 32 GB from vcpu->run 1953022 - CVE-2021-3543 kernel: nitro_enclaves stale file descriptors on failed usercopy 6. Package List: Red Hat Enterprise Linux BaseOS (v. 8): Source: kernel-4.18.0-305.3.1.el8_4.src.rpm aarch64: bpftool-4.18.0-305.3.1.el8_4.aarch64.rpm bpftool-debuginfo-4.18.0-305.3.1.el8_4.aarch64.rpm kernel-4.18.0-305.3.1.el8_4.aarch64.rpm kernel-core-4.18.0-305.3.1.el8_4.aarch64.rpm kernel-cross-headers-4.18.0-305.3.1.el8_4.aarch64.rpm kernel-debug-4.18.0-305.3.1.el8_4.aarch64.rpm kernel-debug-core-4.18.0-305.3.1.el8_4.aarch64.rpm kernel-debug-debuginfo-4.18.0-305.3.1.el8_4.aarch64.rpm kernel-debug-devel-4.18.0-305.3.1.el8_4.aarch64.rpm kernel-debug-modules-4.18.0-305.3.1.el8_4.aarch64.rpm kernel-debug-modules-extra-4.18.0-305.3.1.el8_4.aarch64.rpm kernel-debuginfo-4.18.0-305.3.1.el8_4.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-305.3.1.el8_4.aarch64.rpm kernel-devel-4.18.0-305.3.1.el8_4.aarch64.rpm kernel-headers-4.18.0-305.3.1.el8_4.aarch64.rpm kernel-modules-4.18.0-305.3.1.el8_4.aarch64.rpm kernel-modules-extra-4.18.0-305.3.1.el8_4.aarch64.rpm kernel-tools-4.18.0-305.3.1.el8_4.aarch64.rpm kernel-tools-debuginfo-4.18.0-305.3.1.el8_4.aarch64.rpm kernel-tools-libs-4.18.0-305.3.1.el8_4.aarch64.rpm perf-4.18.0-305.3.1.el8_4.aarch64.rpm perf-debuginfo-4.18.0-305.3.1.el8_4.aarch64.rpm python3-perf-4.18.0-305.3.1.el8_4.aarch64.rpm python3-perf-debuginfo-4.18.0-305.3.1.el8_4.aarch64.rpm noarch: kernel-abi-stablelists-4.18.0-305.3.1.el8_4.noarch.rpm kernel-doc-4.18.0-305.3.1.el8_4.noarch.rpm ppc64le: bpftool-4.18.0-305.3.1.el8_4.ppc64le.rpm bpftool-debuginfo-4.18.0-305.3.1.el8_4.ppc64le.rpm kernel-4.18.0-305.3.1.el8_4.ppc64le.rpm kernel-core-4.18.0-305.3.1.el8_4.ppc64le.rpm kernel-cross-headers-4.18.0-305.3.1.el8_4.ppc64le.rpm kernel-debug-4.18.0-305.3.1.el8_4.ppc64le.rpm kernel-debug-core-4.18.0-305.3.1.el8_4.ppc64le.rpm kernel-debug-debuginfo-4.18.0-305.3.1.el8_4.ppc64le.rpm kernel-debug-devel-4.18.0-305.3.1.el8_4.ppc64le.rpm kernel-debug-modules-4.18.0-305.3.1.el8_4.ppc64le.rpm kernel-debug-modules-extra-4.18.0-305.3.1.el8_4.ppc64le.rpm kernel-debuginfo-4.18.0-305.3.1.el8_4.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-305.3.1.el8_4.ppc64le.rpm kernel-devel-4.18.0-305.3.1.el8_4.ppc64le.rpm kernel-headers-4.18.0-305.3.1.el8_4.ppc64le.rpm kernel-modules-4.18.0-305.3.1.el8_4.ppc64le.rpm kernel-modules-extra-4.18.0-305.3.1.el8_4.ppc64le.rpm kernel-tools-4.18.0-305.3.1.el8_4.ppc64le.rpm kernel-tools-debuginfo-4.18.0-305.3.1.el8_4.ppc64le.rpm kernel-tools-libs-4.18.0-305.3.1.el8_4.ppc64le.rpm perf-4.18.0-305.3.1.el8_4.ppc64le.rpm perf-debuginfo-4.18.0-305.3.1.el8_4.ppc64le.rpm python3-perf-4.18.0-305.3.1.el8_4.ppc64le.rpm python3-perf-debuginfo-4.18.0-305.3.1.el8_4.ppc64le.rpm s390x: bpftool-4.18.0-305.3.1.el8_4.s390x.rpm bpftool-debuginfo-4.18.0-305.3.1.el8_4.s390x.rpm kernel-4.18.0-305.3.1.el8_4.s390x.rpm kernel-core-4.18.0-305.3.1.el8_4.s390x.rpm kernel-cross-headers-4.18.0-305.3.1.el8_4.s390x.rpm kernel-debug-4.18.0-305.3.1.el8_4.s390x.rpm kernel-debug-core-4.18.0-305.3.1.el8_4.s390x.rpm kernel-debug-debuginfo-4.18.0-305.3.1.el8_4.s390x.rpm kernel-debug-devel-4.18.0-305.3.1.el8_4.s390x.rpm kernel-debug-modules-4.18.0-305.3.1.el8_4.s390x.rpm kernel-debug-modules-extra-4.18.0-305.3.1.el8_4.s390x.rpm kernel-debuginfo-4.18.0-305.3.1.el8_4.s390x.rpm kernel-debuginfo-common-s390x-4.18.0-305.3.1.el8_4.s390x.rpm kernel-devel-4.18.0-305.3.1.el8_4.s390x.rpm kernel-headers-4.18.0-305.3.1.el8_4.s390x.rpm kernel-modules-4.18.0-305.3.1.el8_4.s390x.rpm kernel-modules-extra-4.18.0-305.3.1.el8_4.s390x.rpm kernel-tools-4.18.0-305.3.1.el8_4.s390x.rpm kernel-tools-debuginfo-4.18.0-305.3.1.el8_4.s390x.rpm kernel-zfcpdump-4.18.0-305.3.1.el8_4.s390x.rpm kernel-zfcpdump-core-4.18.0-305.3.1.el8_4.s390x.rpm kernel-zfcpdump-debuginfo-4.18.0-305.3.1.el8_4.s390x.rpm kernel-zfcpdump-devel-4.18.0-305.3.1.el8_4.s390x.rpm kernel-zfcpdump-modules-4.18.0-305.3.1.el8_4.s390x.rpm kernel-zfcpdump-modules-extra-4.18.0-305.3.1.el8_4.s390x.rpm perf-4.18.0-305.3.1.el8_4.s390x.rpm perf-debuginfo-4.18.0-305.3.1.el8_4.s390x.rpm python3-perf-4.18.0-305.3.1.el8_4.s390x.rpm python3-perf-debuginfo-4.18.0-305.3.1.el8_4.s390x.rpm x86_64: bpftool-4.18.0-305.3.1.el8_4.x86_64.rpm bpftool-debuginfo-4.18.0-305.3.1.el8_4.x86_64.rpm kernel-4.18.0-305.3.1.el8_4.x86_64.rpm kernel-core-4.18.0-305.3.1.el8_4.x86_64.rpm kernel-cross-headers-4.18.0-305.3.1.el8_4.x86_64.rpm kernel-debug-4.18.0-305.3.1.el8_4.x86_64.rpm kernel-debug-core-4.18.0-305.3.1.el8_4.x86_64.rpm kernel-debug-debuginfo-4.18.0-305.3.1.el8_4.x86_64.rpm kernel-debug-devel-4.18.0-305.3.1.el8_4.x86_64.rpm kernel-debug-modules-4.18.0-305.3.1.el8_4.x86_64.rpm kernel-debug-modules-extra-4.18.0-305.3.1.el8_4.x86_64.rpm kernel-debuginfo-4.18.0-305.3.1.el8_4.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-305.3.1.el8_4.x86_64.rpm kernel-devel-4.18.0-305.3.1.el8_4.x86_64.rpm kernel-headers-4.18.0-305.3.1.el8_4.x86_64.rpm kernel-modules-4.18.0-305.3.1.el8_4.x86_64.rpm kernel-modules-extra-4.18.0-305.3.1.el8_4.x86_64.rpm kernel-tools-4.18.0-305.3.1.el8_4.x86_64.rpm kernel-tools-debuginfo-4.18.0-305.3.1.el8_4.x86_64.rpm kernel-tools-libs-4.18.0-305.3.1.el8_4.x86_64.rpm perf-4.18.0-305.3.1.el8_4.x86_64.rpm perf-debuginfo-4.18.0-305.3.1.el8_4.x86_64.rpm python3-perf-4.18.0-305.3.1.el8_4.x86_64.rpm python3-perf-debuginfo-4.18.0-305.3.1.el8_4.x86_64.rpm Red Hat CodeReady Linux Builder (v. 8): aarch64: bpftool-debuginfo-4.18.0-305.3.1.el8_4.aarch64.rpm kernel-debug-debuginfo-4.18.0-305.3.1.el8_4.aarch64.rpm kernel-debuginfo-4.18.0-305.3.1.el8_4.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-305.3.1.el8_4.aarch64.rpm kernel-tools-debuginfo-4.18.0-305.3.1.el8_4.aarch64.rpm kernel-tools-libs-devel-4.18.0-305.3.1.el8_4.aarch64.rpm perf-debuginfo-4.18.0-305.3.1.el8_4.aarch64.rpm python3-perf-debuginfo-4.18.0-305.3.1.el8_4.aarch64.rpm ppc64le: bpftool-debuginfo-4.18.0-305.3.1.el8_4.ppc64le.rpm kernel-debug-debuginfo-4.18.0-305.3.1.el8_4.ppc64le.rpm kernel-debuginfo-4.18.0-305.3.1.el8_4.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-305.3.1.el8_4.ppc64le.rpm kernel-tools-debuginfo-4.18.0-305.3.1.el8_4.ppc64le.rpm kernel-tools-libs-devel-4.18.0-305.3.1.el8_4.ppc64le.rpm perf-debuginfo-4.18.0-305.3.1.el8_4.ppc64le.rpm python3-perf-debuginfo-4.18.0-305.3.1.el8_4.ppc64le.rpm x86_64: bpftool-debuginfo-4.18.0-305.3.1.el8_4.x86_64.rpm kernel-debug-debuginfo-4.18.0-305.3.1.el8_4.x86_64.rpm kernel-debuginfo-4.18.0-305.3.1.el8_4.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-305.3.1.el8_4.x86_64.rpm kernel-tools-debuginfo-4.18.0-305.3.1.el8_4.x86_64.rpm kernel-tools-libs-devel-4.18.0-305.3.1.el8_4.x86_64.rpm perf-debuginfo-4.18.0-305.3.1.el8_4.x86_64.rpm python3-perf-debuginfo-4.18.0-305.3.1.el8_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3501 https://access.redhat.com/security/cve/CVE-2021-3543 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYLYUb9zjgjWX9erEAQjOwQ/+N/4DWSVy3kFJAXtmKzWp0MCNQvIKiusG CYk2Fac6ueif1+piE6Yrq7PJupzFK1TFxBZ2TSvvgUL8ha8QBGkeRH7HXlweLrmb C8axB3MpfDu49/G0hTjWBOGbGbS+yhvnPJZVjPTcufKUdvuQyd7tx3dPu4M/UhCg pN9q+M5/PojvBB5p7PAh4MkQ1vLo9HiO6JooqOyNzWH6Gr8YrLQylMiWTED77NyK jHWyS2nfCJnEsyHo/hMk9OUy1IiHhVBvlsgaGweFY8kobCiGIzjUE9CkSdjqovYr yz6etZFVnIaqxce4QbTQgfY1kYh+dZLRLLwlba7nmxXuYgb/3Q/JllCyGldtWMFG R4tHWqdlnCDCwSmIOfhCElTPGt46NbZJpv+vzGM17djxvxzoymQt1lck+mngR6To woA+lbf6ByPR6uDzpYJoaOBDPq14QFzW+WpxuQ5MuhMYrzZVqjY5btly8rRaAKVo I8FofcuISc2ugEm6zh7olGvjPAAd1uVGFIPcnBp/Px/xyE7RgdOyCRLDNcYLx0v/ Kr+f1wFe4LWBC3YqBkfK9tikB5lQmOor3QAH3GR0/oGmzI3NNBwbupksrrmxmAxd RtRx/jfaXqtcL0mdST6OQGjaHk7NdiCNF9ym1hSX4RXTrgs4nojVA6C7vf4U4p2u ec3DLIN9CmM=+n9i -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-4977-1 June 02, 2021 linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oracle vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.04 Summary: Several security issues were fixed in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-25670) Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the Linux kernel did not properly deallocate memory in certain error situations. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2020-25671, CVE-2020-25672) Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the Linux kernel did not properly handle error conditions in some situations, leading to an infinite loop. A local attacker could use this to cause a denial of service. (CVE-2020-25673) Piotr Krysiuk and Benedict Schlueter discovered that the eBPF implementation in the Linux kernel performed out of bounds speculation on pointer arithmetic. A local attacker could use this to expose sensitive information. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3501) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.04: linux-image-5.11.0-1006-azure 5.11.0-1006.6 linux-image-5.11.0-1007-oracle 5.11.0-1007.7 linux-image-5.11.0-1008-aws 5.11.0-1008.8 linux-image-5.11.0-1008-gcp 5.11.0-1008.9 linux-image-5.11.0-1008-kvm 5.11.0-1008.8 linux-image-5.11.0-18-generic 5.11.0-18.19 linux-image-5.11.0-18-generic-64k 5.11.0-18.19 linux-image-5.11.0-18-generic-lpae 5.11.0-18.19 linux-image-5.11.0-18-lowlatency 5.11.0-18.19 linux-image-aws 5.11.0.1008.8 linux-image-azure 5.11.0.1006.6 linux-image-gcp 5.11.0.1008.8 linux-image-generic 5.11.0.18.19 linux-image-generic-64k 5.11.0.18.19 linux-image-generic-lpae 5.11.0.18.19 linux-image-gke 5.11.0.1008.8 linux-image-kvm 5.11.0.1008.8 linux-image-lowlatency 5.11.0.18.19 linux-image-oracle 5.11.0.1007.7 linux-image-virtual 5.11.0.18.19 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well