VARIoT IoT vulnerabilities database

Debug message containing addresses of memory transactions in some Intel(R) 10th Generation Core Processors supporting SGX may allow a privileged user to potentially enable information disclosure via local access. Intel(R) 10th Generation Core Processor Is vulnerable to input validation.Information may be obtained. There is no information about this vulnerability at present. Please keep an eye on CNNVD or manufacturer announcements

Out-of-bounds write in some Intel(R) Graphics Drivers before version 15.36.39.5143 may allow an authenticated user to potentially enable denial of service via local access. Intel(R) Graphics Drivers Is vulnerable to an out-of-bounds write.Denial of service (DoS) It may be put into a state. There is a security vulnerability in Intel Graphics Drivers. There is no information about this vulnerability at present. Please pay attention to CNNVD or manufacturer announcements at any time

Improper input validation in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable escalation of privilege via local access. Intel(R) Graphics Drivers Is vulnerable to input validation.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. There is a security vulnerability in Intel Graphics Drivers. There is no information about this vulnerability at present. Please pay attention to CNNVD or manufacturer announcements at any time

Improper access control in some Intel(R) Graphics Drivers before version 26.20.100.8476 may allow an authenticated user to potentially enable an escalation of privilege via local access. Intel(R) Graphics Drivers Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. There is a security vulnerability in Intel Graphics Drivers. There is no information about this vulnerability at present. Please pay attention to CNNVD or manufacturer announcements at any time

Unchecked return value in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access

Divide by zero in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access. Intel(R) Graphics Drivers Is vulnerable to division by zero.Denial of service (DoS) It may be put into a state. There is a security vulnerability in Intel Graphics Drivers. There is no information about this vulnerability at present. Please pay attention to CNNVD or manufacturer announcements at any time

Untrusted pointer dereference in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access. Intel(R) Graphics Drivers Is vulnerable to a buffer error.Denial of service (DoS) It may be put into a state. There is a security vulnerability in Intel Graphics Drivers. There is no information about this vulnerability at present. Please pay attention to CNNVD or manufacturer announcements at any time

Out of bound write in some Intel(R) Graphics Drivers before version 26.20.100.8336 may allow a privileged user to potentially enable escalation of privilege via local access. Intel(R) Graphics Drivers Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. There is a security vulnerability in Intel Graphics Drivers. There is no information about this vulnerability at present. Please pay attention to CNNVD or manufacturer announcements at any time

Integer overflow in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable an escalation of privilege via local access. Intel(R) Graphics Drivers Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. There is a security vulnerability in Intel Graphics Drivers. There is no information about this vulnerability at present. Please pay attention to CNNVD or manufacturer announcements at any time

Integer overflow in some Intel(R) Graphics Drivers before version 26.20.100.8476 may allow a privileged user to potentially enable an escalation of privilege via local access. Intel(R) Graphics Drivers Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. There is a security vulnerability in Intel Graphics Drivers. There is no information about this vulnerability at present. Please pay attention to CNNVD or manufacturer announcements at any time

Insufficient input validation in some Intel(R) Graphics Drivers before version 27.20.100.8587 may allow a privileged user to potentially enable an escalation of privilege via local access. Intel(R) Graphics Drivers Is vulnerable to input validation.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. There is a security vulnerability in Intel Graphics Drivers. There is no information about this vulnerability at present. Please pay attention to CNNVD or manufacturer announcements at any time

Untrusted pointer dereference in some Intel(R) Graphics Drivers before versions 15.33.51.5146, 15.45.32.5145, 15.36.39.5144 and 15.40.46.5143 may allow an authenticated user to potentially denial of service via local access. Intel(R) Graphics Drivers Is vulnerable to a buffer error.Denial of service (DoS) It may be put into a state. There is a security vulnerability in Intel Graphics Drivers. There is no information about this vulnerability at present. Please pay attention to CNNVD or manufacturer announcements at any time

Use after free in some Intel(R) Graphics Drivers before version 15.33.51.5146 may allow an authenticated user to potentially enable denial of service via local access. There is a security vulnerability in Intel Graphics Drivers. There is no information about this vulnerability at present. Please pay attention to CNNVD or manufacturer announcements at any time

Insufficient control flow management in some Intel(R) Graphics Drivers before version 15.45.32.5145 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Graphics Drivers Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. There is a security vulnerability in Intel Graphics Drivers. There is no information about this vulnerability at present. Please pay attention to CNNVD or manufacturer announcements at any time

Improper access control in the Intel(R) HD Graphics Control Panel before version 15.40.46.5144 and 15.36.39.5143 may allow an authenticated user to potentially enable denial of service via local access. There is no information about this vulnerability at present. Please keep an eye on CNNVD or the manufacturer's announcement

Insufficient control flow management in the kernel mode driver for some Intel(R) Graphics Drivers before version 15.36.39.5145 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Graphics Drivers Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. There is a security vulnerability in Intel Graphics Drivers. There is no information about this vulnerability at present. Please pay attention to CNNVD or manufacturer announcements at any time

Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. There is a security vulnerability in Intel Graphics Drivers. There is no information about this vulnerability at present. Please pay attention to CNNVD or manufacturer announcements at any time. Description: Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.2/html/release_notes/ Security fixes: * redisgraph-tls: redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309) * console-header-container: nodejs-netmask: improper input validation of octal input data (CVE-2021-28092) * console-container: nodejs-is-svg: ReDoS via malicious string (CVE-2021-28918) Bug fixes: * RHACM 2.2.4 images (BZ# 1957254) * Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 (BZ#1950832) * ACM Operator should support using the default route TLS (BZ# 1955270) * The scrolling bar for search filter does not work properly (BZ# 1956852) * Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426) * The proxy setup in install-config.yaml is not worked when IPI installing with RHACM (BZ# 1960181) * Unable to make SSH connection to a Bitbucket server (BZ# 1966513) * Observability Thanos store shard crashing - cannot unmarshall DNS message (BZ# 1967890) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory 1954506 - [DDF] Table does not contain data about 20 clusters. Now it's difficult to estimate CPU usage with larger clusters 1954535 - Reinstall Submariner - No endpoints found on one cluster 1955270 - ACM Operator should support using the default route TLS 1956852 - The scrolling bar for search filter does not work properly 1957254 - RHACM 2.2.4 images 1959426 - Limits on Length of MultiClusterObservability Resource Name 1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. 1963128 - [DDF] Please rename this to "Amazon Elastic Kubernetes Service" 1966513 - Unable to make SSH connection to a Bitbucket server 1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. 1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2021:2314-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2314 Issue date: 2021-06-08 CVE Names: CVE-2020-8648 CVE-2020-12362 CVE-2020-12363 CVE-2020-12364 CVE-2020-27170 CVE-2021-3347 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362) * kernel: Use after free via PI futex state (CVE-2021-3347) * kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648) * kernel: Improper input validation in some Intel(R) Graphics Drivers (CVE-2020-12363) * kernel: Null pointer dereference in some Intel(R) Graphics Drivers (CVE-2020-12364) * kernel: Speculation on pointer arithmetic against bpf_context pointer (CVE-2020-27170) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel crash when call the timer function (sctp_generate_proto_unreach_event) of sctp module (BZ#1707184) * SCSI error handling process on HP P440ar controller gets stuck indefinitely in device reset operation (BZ#1830268) * netfilter: reproducible deadlock on nft_log module autoload (BZ#1858329) * netfilter: NULL pointer dereference in nf_tables_set_lookup() (BZ#1873171) * [DELL EMC 7.9 Bug]: No acpi_pad threads on top command for "power cap policy equal to 0 watts" (BZ#1883174) * A race between i40e_ndo_set_vf_mac() and i40e_vsi_clear() in the i40e driver causes a use after free condition of the kmalloc-4096 slab cache. (BZ#1886003) * netxen driver performs poorly with RT kernel (BZ#1894274) * gendisk->disk_part_tbl->last_lookup retains pointer after partition deletion (BZ#1898596) * Kernel experiences panic in update_group_power() due to division error even with Bug 1701115 fix (BZ#1910763) * RHEL7.9 - zfcp: fix handling of FCP_RESID_OVER bit in fcp ingress path (BZ#1917839) * RHEL7.9 - mm/THP: do not access vma->vm_mm after calling handle_userfault (BZ#1917840) * raid: wrong raid io account (BZ#1927106) * qla2x00_status_cont_entry() missing upstream patch that prevents unnecessary ABRT/warnings (BZ#1933784) * RHEL 7.9.z - System hang caused by workqueue stall in qla2xxx driver (BZ#1937945) * selinux: setsebool can trigger a deadlock (BZ#1939091) * [Hyper-V][RHEL-7] Cannot boot kernel 3.10.0-1160.21.1.el7.x86_64 on Hyper-V (BZ#1941841) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1802559 - CVE-2020-8648 kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c 1922249 - CVE-2021-3347 kernel: Use after free via PI futex state 1930246 - CVE-2020-12362 kernel: Integer overflow in Intel(R) Graphics Drivers 1930249 - CVE-2020-12363 kernel: Improper input validation in some Intel(R) Graphics Drivers 1930251 - CVE-2020-12364 kernel: Null pointer dereference in some Intel(R) Graphics Drivers 1940627 - CVE-2020-27170 kernel: Speculation on pointer arithmetic against bpf_context pointer 1941841 - [Hyper-V][RHEL-7] Cannot boot kernel 3.10.0-1160.21.1.el7.x86_64 on Hyper-V 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-1160.31.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.31.1.el7.noarch.rpm kernel-doc-3.10.0-1160.31.1.el7.noarch.rpm x86_64: bpftool-3.10.0-1160.31.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.31.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.31.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.31.1.el7.x86_64.rpm perf-3.10.0-1160.31.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm python-perf-3.10.0-1160.31.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.31.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-1160.31.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.31.1.el7.noarch.rpm kernel-doc-3.10.0-1160.31.1.el7.noarch.rpm x86_64: bpftool-3.10.0-1160.31.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.31.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.31.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.31.1.el7.x86_64.rpm perf-3.10.0-1160.31.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm python-perf-3.10.0-1160.31.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.31.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-1160.31.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.31.1.el7.noarch.rpm kernel-doc-3.10.0-1160.31.1.el7.noarch.rpm ppc64: bpftool-3.10.0-1160.31.1.el7.ppc64.rpm bpftool-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm kernel-3.10.0-1160.31.1.el7.ppc64.rpm kernel-bootwrapper-3.10.0-1160.31.1.el7.ppc64.rpm kernel-debug-3.10.0-1160.31.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm kernel-debug-devel-3.10.0-1160.31.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1160.31.1.el7.ppc64.rpm kernel-devel-3.10.0-1160.31.1.el7.ppc64.rpm kernel-headers-3.10.0-1160.31.1.el7.ppc64.rpm kernel-tools-3.10.0-1160.31.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm kernel-tools-libs-3.10.0-1160.31.1.el7.ppc64.rpm perf-3.10.0-1160.31.1.el7.ppc64.rpm perf-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm python-perf-3.10.0-1160.31.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm ppc64le: bpftool-3.10.0-1160.31.1.el7.ppc64le.rpm bpftool-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-debug-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-devel-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-headers-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-tools-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-1160.31.1.el7.ppc64le.rpm perf-3.10.0-1160.31.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm python-perf-3.10.0-1160.31.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm s390x: bpftool-3.10.0-1160.31.1.el7.s390x.rpm bpftool-debuginfo-3.10.0-1160.31.1.el7.s390x.rpm kernel-3.10.0-1160.31.1.el7.s390x.rpm kernel-debug-3.10.0-1160.31.1.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-1160.31.1.el7.s390x.rpm kernel-debug-devel-3.10.0-1160.31.1.el7.s390x.rpm kernel-debuginfo-3.10.0-1160.31.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-1160.31.1.el7.s390x.rpm kernel-devel-3.10.0-1160.31.1.el7.s390x.rpm kernel-headers-3.10.0-1160.31.1.el7.s390x.rpm kernel-kdump-3.10.0-1160.31.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-1160.31.1.el7.s390x.rpm kernel-kdump-devel-3.10.0-1160.31.1.el7.s390x.rpm perf-3.10.0-1160.31.1.el7.s390x.rpm perf-debuginfo-3.10.0-1160.31.1.el7.s390x.rpm python-perf-3.10.0-1160.31.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-1160.31.1.el7.s390x.rpm x86_64: bpftool-3.10.0-1160.31.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.31.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.31.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.31.1.el7.x86_64.rpm perf-3.10.0-1160.31.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm python-perf-3.10.0-1160.31.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: bpftool-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1160.31.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-1160.31.1.el7.ppc64.rpm perf-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm ppc64le: bpftool-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-1160.31.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm x86_64: bpftool-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.31.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-1160.31.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.31.1.el7.noarch.rpm kernel-doc-3.10.0-1160.31.1.el7.noarch.rpm x86_64: bpftool-3.10.0-1160.31.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.31.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.31.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.31.1.el7.x86_64.rpm perf-3.10.0-1160.31.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm python-perf-3.10.0-1160.31.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.31.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-8648 https://access.redhat.com/security/cve/CVE-2020-12362 https://access.redhat.com/security/cve/CVE-2020-12363 https://access.redhat.com/security/cve/CVE-2020-12364 https://access.redhat.com/security/cve/CVE-2020-27170 https://access.redhat.com/security/cve/CVE-2021-3347 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYL/x1NzjgjWX9erEAQijGA//bxt7JJkdkIO3eT3vTQ6mYtMErGKBVx8A sI+zjh/mYmaocA6UrE88bV1ixfJ2xknb9HfFBjQywPAiqTiRXHUyiL24IyGe5Lit WkPjLRDHCb/q56rl1EGkyr3noikZCNuNF9HOf8PHukJmLqD6iLWWws8J0knY9QyR /8scePwyCR4wqr2ru5etg5TKx+pkOY+Dfnwhgy6U2thQI58/Flvn7GyOBvSG69M8 6gewtkav1Fnw7WlLT386OjrAajBw6Pd9xee+S7T9qFv/BfC5k0HA26qbnMaAfzle YKXmjoIV7ExiszvspqZgdlsg0835BUALUIikbpnTvh7Kl2MY2BhBIqJvKOWeT3Mp VIpkMs4HVALkHoDqzYDZx8WKEy0hrDAjczT+aWtvXJmHEBmsHEx5Ny8tvYk1w3t/ cNVvfj+EqFaSY1GSNY1MG2ZDzIDYWrx+rGKA7tgqtwSlCdYEbORlXCDu+W8+c7Xg g1vE8kfpkbxyLpvlJ0iOWoLiOCCrZ04fiXXhgSn9O1/zmOwkijFHk5x/aFDEoyBE O/s2rawA1cADPiLTxGWU9/MITpQuS+FuAc235HT8VRSXvsV3ZHB36N1z4JZcPB5P FN8hH+ibnEOlpKC7YOE9K4eQ/jG1etWhVWctf7HcP2nbQSpiiZQoQGPznvt+6OKQ XAOam1B//x4= =HTlr -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 7) - noarch, x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Bug Fix(es): * lru-add-drain workqueue on RT is allocated without being used (BZ#1894587) * kernel-rt: update to the latest RHEL7.9.z source tree (BZ#1953118) 4. Description: OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Bugs fixed (https://bugzilla.redhat.com/): 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve 1945703 - "Guest OS Info" availability in VMI describe is flaky 1958816 - [2.6.z] KubeMacPool fails to start due to OOM likely caused by a high number of Pods running in the cluster 1963275 - migration controller null pointer dereference 1965099 - Live Migration double handoff to virt-handler causes connection failures 1965181 - CDI importer doesn't report AwaitingVDDK like it used to 1967086 - Cloning DataVolumes between namespaces fails while creating cdi-upload pod 1967887 - [2.6.6] nmstate is not progressing on a node and not configuring vlan filtering that causes an outage for VMs 1969756 - Windows VMs fail to start on air-gapped environments 1970372 - Virt-handler fails to verify container-disk 1973227 - segfault in virt-controller during pdb deletion 1974084 - 2.6.6 containers 1975212 - No Virtual Machine Templates Found [EDIT - all templates are marked as depracted] 1975727 - [Regression][VMIO][Warm] The third precopy does not end in warm migration 1977756 - [2.6.z] PVC keeps in pending when using hostpath-provisioner 1982760 - [v2v] no kind VirtualMachine is registered for version \"kubevirt.io/v1\" i... 1986989 - OpenShift Virtualization 2.6.z cannot be upgraded to 4.8.0 initially deployed starting with <= 4.8 5

Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. There is a security vulnerability in Intel Graphics Drivers. There is no information about this vulnerability at present. Please pay attention to CNNVD or manufacturer announcements at any time. Description: Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.2/html/release_notes/ Security fixes: * redisgraph-tls: redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309) * console-header-container: nodejs-netmask: improper input validation of octal input data (CVE-2021-28092) * console-container: nodejs-is-svg: ReDoS via malicious string (CVE-2021-28918) Bug fixes: * RHACM 2.2.4 images (BZ# 1957254) * Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 (BZ#1950832) * ACM Operator should support using the default route TLS (BZ# 1955270) * The scrolling bar for search filter does not work properly (BZ# 1956852) * Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426) * The proxy setup in install-config.yaml is not worked when IPI installing with RHACM (BZ# 1960181) * Unable to make SSH connection to a Bitbucket server (BZ# 1966513) * Observability Thanos store shard crashing - cannot unmarshall DNS message (BZ# 1967890) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory 1954506 - [DDF] Table does not contain data about 20 clusters. Now it's difficult to estimate CPU usage with larger clusters 1954535 - Reinstall Submariner - No endpoints found on one cluster 1955270 - ACM Operator should support using the default route TLS 1956852 - The scrolling bar for search filter does not work properly 1957254 - RHACM 2.2.4 images 1959426 - Limits on Length of MultiClusterObservability Resource Name 1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. 1963128 - [DDF] Please rename this to "Amazon Elastic Kubernetes Service" 1966513 - Unable to make SSH connection to a Bitbucket server 1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. 1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2021:2314-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2314 Issue date: 2021-06-08 CVE Names: CVE-2020-8648 CVE-2020-12362 CVE-2020-12363 CVE-2020-12364 CVE-2020-27170 CVE-2021-3347 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362) * kernel: Use after free via PI futex state (CVE-2021-3347) * kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648) * kernel: Improper input validation in some Intel(R) Graphics Drivers (CVE-2020-12363) * kernel: Null pointer dereference in some Intel(R) Graphics Drivers (CVE-2020-12364) * kernel: Speculation on pointer arithmetic against bpf_context pointer (CVE-2020-27170) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel crash when call the timer function (sctp_generate_proto_unreach_event) of sctp module (BZ#1707184) * SCSI error handling process on HP P440ar controller gets stuck indefinitely in device reset operation (BZ#1830268) * netfilter: reproducible deadlock on nft_log module autoload (BZ#1858329) * netfilter: NULL pointer dereference in nf_tables_set_lookup() (BZ#1873171) * [DELL EMC 7.9 Bug]: No acpi_pad threads on top command for "power cap policy equal to 0 watts" (BZ#1883174) * A race between i40e_ndo_set_vf_mac() and i40e_vsi_clear() in the i40e driver causes a use after free condition of the kmalloc-4096 slab cache. (BZ#1886003) * netxen driver performs poorly with RT kernel (BZ#1894274) * gendisk->disk_part_tbl->last_lookup retains pointer after partition deletion (BZ#1898596) * Kernel experiences panic in update_group_power() due to division error even with Bug 1701115 fix (BZ#1910763) * RHEL7.9 - zfcp: fix handling of FCP_RESID_OVER bit in fcp ingress path (BZ#1917839) * RHEL7.9 - mm/THP: do not access vma->vm_mm after calling handle_userfault (BZ#1917840) * raid: wrong raid io account (BZ#1927106) * qla2x00_status_cont_entry() missing upstream patch that prevents unnecessary ABRT/warnings (BZ#1933784) * RHEL 7.9.z - System hang caused by workqueue stall in qla2xxx driver (BZ#1937945) * selinux: setsebool can trigger a deadlock (BZ#1939091) * [Hyper-V][RHEL-7] Cannot boot kernel 3.10.0-1160.21.1.el7.x86_64 on Hyper-V (BZ#1941841) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-1160.31.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.31.1.el7.noarch.rpm kernel-doc-3.10.0-1160.31.1.el7.noarch.rpm x86_64: bpftool-3.10.0-1160.31.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.31.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.31.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.31.1.el7.x86_64.rpm perf-3.10.0-1160.31.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm python-perf-3.10.0-1160.31.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.31.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-1160.31.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.31.1.el7.noarch.rpm kernel-doc-3.10.0-1160.31.1.el7.noarch.rpm x86_64: bpftool-3.10.0-1160.31.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.31.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.31.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.31.1.el7.x86_64.rpm perf-3.10.0-1160.31.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm python-perf-3.10.0-1160.31.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.31.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-1160.31.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.31.1.el7.noarch.rpm kernel-doc-3.10.0-1160.31.1.el7.noarch.rpm ppc64: bpftool-3.10.0-1160.31.1.el7.ppc64.rpm bpftool-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm kernel-3.10.0-1160.31.1.el7.ppc64.rpm kernel-bootwrapper-3.10.0-1160.31.1.el7.ppc64.rpm kernel-debug-3.10.0-1160.31.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm kernel-debug-devel-3.10.0-1160.31.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1160.31.1.el7.ppc64.rpm kernel-devel-3.10.0-1160.31.1.el7.ppc64.rpm kernel-headers-3.10.0-1160.31.1.el7.ppc64.rpm kernel-tools-3.10.0-1160.31.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm kernel-tools-libs-3.10.0-1160.31.1.el7.ppc64.rpm perf-3.10.0-1160.31.1.el7.ppc64.rpm perf-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm python-perf-3.10.0-1160.31.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm ppc64le: bpftool-3.10.0-1160.31.1.el7.ppc64le.rpm bpftool-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-debug-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-devel-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-headers-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-tools-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-1160.31.1.el7.ppc64le.rpm perf-3.10.0-1160.31.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm python-perf-3.10.0-1160.31.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm s390x: bpftool-3.10.0-1160.31.1.el7.s390x.rpm bpftool-debuginfo-3.10.0-1160.31.1.el7.s390x.rpm kernel-3.10.0-1160.31.1.el7.s390x.rpm kernel-debug-3.10.0-1160.31.1.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-1160.31.1.el7.s390x.rpm kernel-debug-devel-3.10.0-1160.31.1.el7.s390x.rpm kernel-debuginfo-3.10.0-1160.31.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-1160.31.1.el7.s390x.rpm kernel-devel-3.10.0-1160.31.1.el7.s390x.rpm kernel-headers-3.10.0-1160.31.1.el7.s390x.rpm kernel-kdump-3.10.0-1160.31.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-1160.31.1.el7.s390x.rpm kernel-kdump-devel-3.10.0-1160.31.1.el7.s390x.rpm perf-3.10.0-1160.31.1.el7.s390x.rpm perf-debuginfo-3.10.0-1160.31.1.el7.s390x.rpm python-perf-3.10.0-1160.31.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-1160.31.1.el7.s390x.rpm x86_64: bpftool-3.10.0-1160.31.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.31.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.31.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.31.1.el7.x86_64.rpm perf-3.10.0-1160.31.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm python-perf-3.10.0-1160.31.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: bpftool-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1160.31.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-1160.31.1.el7.ppc64.rpm perf-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1160.31.1.el7.ppc64.rpm ppc64le: bpftool-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-1160.31.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1160.31.1.el7.ppc64le.rpm x86_64: bpftool-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.31.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-1160.31.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.31.1.el7.noarch.rpm kernel-doc-3.10.0-1160.31.1.el7.noarch.rpm x86_64: bpftool-3.10.0-1160.31.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.31.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.31.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.31.1.el7.x86_64.rpm perf-3.10.0-1160.31.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm python-perf-3.10.0-1160.31.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.31.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.31.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-8648 https://access.redhat.com/security/cve/CVE-2020-12362 https://access.redhat.com/security/cve/CVE-2020-12363 https://access.redhat.com/security/cve/CVE-2020-12364 https://access.redhat.com/security/cve/CVE-2020-27170 https://access.redhat.com/security/cve/CVE-2021-3347 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYL/x1NzjgjWX9erEAQijGA//bxt7JJkdkIO3eT3vTQ6mYtMErGKBVx8A sI+zjh/mYmaocA6UrE88bV1ixfJ2xknb9HfFBjQywPAiqTiRXHUyiL24IyGe5Lit WkPjLRDHCb/q56rl1EGkyr3noikZCNuNF9HOf8PHukJmLqD6iLWWws8J0knY9QyR /8scePwyCR4wqr2ru5etg5TKx+pkOY+Dfnwhgy6U2thQI58/Flvn7GyOBvSG69M8 6gewtkav1Fnw7WlLT386OjrAajBw6Pd9xee+S7T9qFv/BfC5k0HA26qbnMaAfzle YKXmjoIV7ExiszvspqZgdlsg0835BUALUIikbpnTvh7Kl2MY2BhBIqJvKOWeT3Mp VIpkMs4HVALkHoDqzYDZx8WKEy0hrDAjczT+aWtvXJmHEBmsHEx5Ny8tvYk1w3t/ cNVvfj+EqFaSY1GSNY1MG2ZDzIDYWrx+rGKA7tgqtwSlCdYEbORlXCDu+W8+c7Xg g1vE8kfpkbxyLpvlJ0iOWoLiOCCrZ04fiXXhgSn9O1/zmOwkijFHk5x/aFDEoyBE O/s2rawA1cADPiLTxGWU9/MITpQuS+FuAc235HT8VRSXvsV3ZHB36N1z4JZcPB5P FN8hH+ibnEOlpKC7YOE9K4eQ/jG1etWhVWctf7HcP2nbQSpiiZQoQGPznvt+6OKQ XAOam1B//x4= =HTlr -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 7) - noarch, x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Bug Fix(es): * lru-add-drain workqueue on RT is allocated without being used (BZ#1894587) * kernel-rt: update to the latest RHEL7.9.z source tree (BZ#1953118) 4. Description: OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Bugs fixed (https://bugzilla.redhat.com/): 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve 1945703 - "Guest OS Info" availability in VMI describe is flaky 1958816 - [2.6.z] KubeMacPool fails to start due to OOM likely caused by a high number of Pods running in the cluster 1963275 - migration controller null pointer dereference 1965099 - Live Migration double handoff to virt-handler causes connection failures 1965181 - CDI importer doesn't report AwaitingVDDK like it used to 1967086 - Cloning DataVolumes between namespaces fails while creating cdi-upload pod 1967887 - [2.6.6] nmstate is not progressing on a node and not configuring vlan filtering that causes an outage for VMs 1969756 - Windows VMs fail to start on air-gapped environments 1970372 - Virt-handler fails to verify container-disk 1973227 - segfault in virt-controller during pdb deletion 1974084 - 2.6.6 containers 1975212 - No Virtual Machine Templates Found [EDIT - all templates are marked as depracted] 1975727 - [Regression][VMIO][Warm] The third precopy does not end in warm migration 1977756 - [2.6.z] PVC keeps in pending when using hostpath-provisioner 1982760 - [v2v] no kind VirtualMachine is registered for version \"kubevirt.io/v1\" i... 1986989 - OpenShift Virtualization 2.6.z cannot be upgraded to 4.8.0 initially deployed starting with <= 4.8 5

Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access. There is a security vulnerability in Intel Graphics Drivers. There is no information about this vulnerability at present. Please pay attention to CNNVD or manufacturer announcements at any time. Bugs fixed (https://bugzilla.redhat.com/): 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve 1945703 - "Guest OS Info" availability in VMI describe is flaky 1958816 - [2.6.z] KubeMacPool fails to start due to OOM likely caused by a high number of Pods running in the cluster 1963275 - migration controller null pointer dereference 1965099 - Live Migration double handoff to virt-handler causes connection failures 1965181 - CDI importer doesn't report AwaitingVDDK like it used to 1967086 - Cloning DataVolumes between namespaces fails while creating cdi-upload pod 1967887 - [2.6.6] nmstate is not progressing on a node and not configuring vlan filtering that causes an outage for VMs 1969756 - Windows VMs fail to start on air-gapped environments 1970372 - Virt-handler fails to verify container-disk 1973227 - segfault in virt-controller during pdb deletion 1974084 - 2.6.6 containers 1975212 - No Virtual Machine Templates Found [EDIT - all templates are marked as depracted] 1975727 - [Regression][VMIO][Warm] The third precopy does not end in warm migration 1977756 - [2.6.z] PVC keeps in pending when using hostpath-provisioner 1982760 - [v2v] no kind VirtualMachine is registered for version \"kubevirt.io/v1\" i... 1986989 - OpenShift Virtualization 2.6.z cannot be upgraded to 4.8.0 initially deployed starting with <= 4.8 5. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.13. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHSA-2021:2122 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html This update fixes the following bug among others: * Previously, resources for the ClusterOperator were being created early in the update process, which led to update failures when the ClusterOperator had no status condition while Operators were updating. This bug fix changes the timing of when these resources are created. As a result, updates can take place without errors. (BZ#1959238) Security Fix(es): * gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121) You may download the oc tool and use it to inspect release image metadata as follows: (For x86_64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-x86_64 The image digest is sha256:783a2c963f35ccab38e82e6a8c7fa954c3a4551e07d2f43c06098828dd986ed4 (For s390x architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-s390x The image digest is sha256:4cf44e68413acad063203e1ee8982fd01d8b9c1f8643a5b31cd7ff341b3199cd (For ppc64le architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-ppc64le The image digest is sha256:d47ce972f87f14f1f3c5d50428d2255d1256dae3f45c938ace88547478643e36 All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor 3. Solution: For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923268 - [Assisted-4.7] [Staging] Using two both spelling "canceled" "cancelled" 1947216 - [AWS] Missing iam:ListAttachedRolePolicies permission in permissions.go 1953963 - Enable/Disable host operations returns cluster resource with incomplete hosts list 1957749 - ovn-kubernetes pod should have CPU and memory requests set but not limits 1959238 - CVO creating cloud-controller-manager too early causing upgrade failures 1960103 - SR-IOV obliviously reboot the node 1961941 - Local Storage Operator using LocalVolume CR fails to create PV's when backend storage failure is simulated 1962302 - packageserver clusteroperator does not set reason or message for Available condition 1962312 - Deployment considered unhealthy despite being available and at latest generation 1962435 - Public DNS records were not deleted when destroying a cluster which is using byo private hosted zone 1963115 - Test verify /run filesystem contents failing 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2021:2164-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2164 Issue date: 2021-06-01 CVE Names: CVE-2019-19532 CVE-2020-12362 CVE-2020-25211 CVE-2020-25705 CVE-2020-29661 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.4) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.4) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.4) - noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362) * kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c (CVE-2020-25211) * kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661) * kernel: malicious USB devices can lead to multiple out-of-bounds write (CVE-2019-19532) * kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1781821 - CVE-2019-19532 kernel: malicious USB devices can lead to multiple out-of-bounds write 1877571 - CVE-2020-25211 kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c 1894579 - CVE-2020-25705 kernel: ICMP rate limiting can be used for DNS poisoning attack 1906525 - CVE-2020-29661 kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free 1930246 - CVE-2020-12362 kernel: Integer overflow in Intel(R) Graphics Drivers 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.4): Source: kernel-3.10.0-693.87.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.87.1.el7.noarch.rpm kernel-doc-3.10.0-693.87.1.el7.noarch.rpm x86_64: kernel-3.10.0-693.87.1.el7.x86_64.rpm kernel-debug-3.10.0-693.87.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.87.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.87.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.87.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.87.1.el7.x86_64.rpm kernel-devel-3.10.0-693.87.1.el7.x86_64.rpm kernel-headers-3.10.0-693.87.1.el7.x86_64.rpm kernel-tools-3.10.0-693.87.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.87.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.87.1.el7.x86_64.rpm perf-3.10.0-693.87.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.87.1.el7.x86_64.rpm python-perf-3.10.0-693.87.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.87.1.el7.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.4): Source: kernel-3.10.0-693.87.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.87.1.el7.noarch.rpm kernel-doc-3.10.0-693.87.1.el7.noarch.rpm ppc64le: kernel-3.10.0-693.87.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-693.87.1.el7.ppc64le.rpm kernel-debug-3.10.0-693.87.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-693.87.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-693.87.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-693.87.1.el7.ppc64le.rpm kernel-devel-3.10.0-693.87.1.el7.ppc64le.rpm kernel-headers-3.10.0-693.87.1.el7.ppc64le.rpm kernel-tools-3.10.0-693.87.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-693.87.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-693.87.1.el7.ppc64le.rpm perf-3.10.0-693.87.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-693.87.1.el7.ppc64le.rpm python-perf-3.10.0-693.87.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-693.87.1.el7.ppc64le.rpm x86_64: kernel-3.10.0-693.87.1.el7.x86_64.rpm kernel-debug-3.10.0-693.87.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.87.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.87.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.87.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.87.1.el7.x86_64.rpm kernel-devel-3.10.0-693.87.1.el7.x86_64.rpm kernel-headers-3.10.0-693.87.1.el7.x86_64.rpm kernel-tools-3.10.0-693.87.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.87.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.87.1.el7.x86_64.rpm perf-3.10.0-693.87.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.87.1.el7.x86_64.rpm python-perf-3.10.0-693.87.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.87.1.el7.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.4): Source: kernel-3.10.0-693.87.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.87.1.el7.noarch.rpm kernel-doc-3.10.0-693.87.1.el7.noarch.rpm x86_64: kernel-3.10.0-693.87.1.el7.x86_64.rpm kernel-debug-3.10.0-693.87.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.87.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.87.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.87.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.87.1.el7.x86_64.rpm kernel-devel-3.10.0-693.87.1.el7.x86_64.rpm kernel-headers-3.10.0-693.87.1.el7.x86_64.rpm kernel-tools-3.10.0-693.87.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.87.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.87.1.el7.x86_64.rpm perf-3.10.0-693.87.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.87.1.el7.x86_64.rpm python-perf-3.10.0-693.87.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.87.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.4): x86_64: kernel-debug-debuginfo-3.10.0-693.87.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.87.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.87.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.87.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.87.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.87.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.87.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional E4S (v. 7.4): ppc64le: kernel-debug-debuginfo-3.10.0-693.87.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-693.87.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-693.87.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-693.87.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-693.87.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-693.87.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-693.87.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-693.87.1.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-693.87.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.87.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.87.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.87.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.87.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.87.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.87.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 7.4): x86_64: kernel-debug-debuginfo-3.10.0-693.87.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.87.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.87.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.87.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.87.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.87.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.87.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-19532 https://access.redhat.com/security/cve/CVE-2020-12362 https://access.redhat.com/security/cve/CVE-2020-25211 https://access.redhat.com/security/cve/CVE-2020-25705 https://access.redhat.com/security/cve/CVE-2020-29661 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYLXzYtzjgjWX9erEAQjW3A//ax5IBIju/37C2l6J5HuZYu5UyI9yyTpC KTB7FRWm+o/Ppr+YR4Tb8WuWtAJwRJgGAIM5jDP+NTHR+PzIua6ei+JtT4nx/1K/ lsylgQDkku4K1ZC9R+235Gj56TKee660vXZ80qWT/M62WkNprdS4XbD01HCAITL0 j1/7cCCSFJfPEUbKGAjk6IgEQrcCo01mrms7Ke6nuqsjKV9JOr6mB8Z+xD5yibg9 23Zkd28mMNgrdzABKuGckrwgucJCGcM34Y0ZVc2fAspk15ei+ELTut4x/fu6Xiqu ZaCB0lR4DmVQpa2tcuqO2iIqgNcYoPxzuMSoyD7DHx0MEbIrXtyYI5YIAmgHeHGg tce2dVFP5UnmW6Zss2kwj4uqh6w/eHrwESdPMbNzsCMj5lV2/TDXDqEwoqaJNNzw kHDjo6+eADy3wavMzRhl2J1kHABCNmwCVn86GC+jyhQ4XObc/oAqkwiF3kLPP7K5 3UROKYWXT6Xy1JGeADaw+Bv7ME772PyKXLN0yFTIgFag/ECwT76OTHbCqwVk0DJJ 72ILUIXscEZ+wwmFULoVZ2D6+1o/+UnttlvsAf3EIme/xLjuOC1wxD4MuR+ypVDn 6dKxgmkR7uL9r/OBrTEQbYAbI3ALAu5B2wSlAxl7Jel606Sd2/iKmFgToZSFEsDC iRLouwDKWC8= =l4Zb -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Bugs fixed (https://bugzilla.redhat.com/): 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 5. JIRA issues fixed (https://issues.jboss.org/): LOG-1328 - Port fix to 5.0.z for BZ-1945168 6. Bug Fix(es): * memcg: mem_cgroup_idr can be updated in an uncoordinated manner which can lead to corruption (BZ#1931901) * Kernel experiences panic in update_group_power() due to division error even with Bug 1701115 fix (BZ#1961624) 4. Bug Fix(es): * RHEL8.3 - Include patch: powerpc/pci: Remove LSI mappings on device teardown (xive/pci) (BZ#1931925) * RHEL8.2 - [P10][Denali] System crash during a perf sanity test (perf:) (BZ#1933995) * [RHEL 8.1] AMD/EPYC nested guest virtualization L1 guest crash (BZ#1945404) * [HPEMC 8.1 REGRESSION] skx_uncore: probe of 0008:80:08.0 failed with error -22 (BZ#1947114) * iperf3 over geneve created on vlan would fail (BZ#1947979) * [Azure][RHEL-8]Mellanox Patches To Prevent Kernel Hang In MLX4 (BZ#1952071) * [HPEMC 8.4 REGRESSION]: perf/x86/intel/uncore kernel panic vulnerability on Haswell and Broadwell servers (BZ#1956685) 4

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, macOS Mojave 10.14.6 Security Update 2021-002. An application may be able to execute arbitrary code with kernel privileges. macOS Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the AppleIntelKBLGraphics kext. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. There is a security vulnerability in the Intel Graphics Driver. Please keep an eye on CNNVD or the manufacturer's announcement. The specific flaw exists within the AppleIntelKBLGraphics kext. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-04-26-4 Security Update 2021-003 Mojave Security Update 2021-003 Mojave addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212327. APFS Available for: macOS Mojave Impact: A local user may be able to read arbitrary files Description: The issue was addressed with improved permissions logic. CVE-2021-1797: Thomas Tempelmann Audio Available for: macOS Mojave Impact: An application may be able to read restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1808: JunDong Xie of Ant Security Light-Year Lab CFNetwork Available for: macOS Mojave Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1857: an anonymous researcher CoreAudio Available for: macOS Mojave Impact: A malicious application may be able to read restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1809: JunDong Xie of Ant Security Light-Year Lab CoreGraphics Available for: macOS Mojave Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2021-1847: Xuwei Liu of Purdue University CoreText Available for: macOS Mojave Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: A logic issue was addressed with improved state management. CVE-2021-1811: Xingwei Lin of Ant Security Light-Year Lab curl Available for: macOS Mojave Impact: A remote attacker may be able to cause a denial of service Description: A buffer overflow was addressed with improved input validation. CVE-2020-8285: xnynx curl Available for: macOS Mojave Impact: An attacker may provide a fraudulent OCSP response that would appear valid Description: This issue was addressed with improved checks. CVE-2020-8286: an anonymous researcher DiskArbitration Available for: macOS Mojave Impact: A malicious application may be able to modify protected parts of the file system Description: A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks. CVE-2021-1784: Csaba Fitzl (@theevilbit) of Offensive Security, an anonymous researcher, and Mikko Kenttälä (@Turmio_) of SensorFu FontParser Available for: macOS Mojave Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1881: Hou JingYi (@hjy79425575) of Qihoo 360, an anonymous researcher, Xingwei Lin of Ant Security Light-Year Lab, and Mickey Jin of Trend Micro FontParser Available for: macOS Mojave Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2020-27942: an anonymous researcher Foundation Available for: macOS Mojave Impact: A malicious application may be able to gain root privileges Description: A validation issue was addressed with improved logic. CVE-2021-1813: Cees Elzinga ImageIO Available for: macOS Mojave Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-1843: Ye Zhang of Baidu Security Intel Graphics Driver Available for: macOS Mojave Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-1805: ABC Research s.r.o. working with Trend Micro Zero Day Initiative Intel Graphics Driver Available for: macOS Mojave Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with additional validation. CVE-2021-1806: ABC Research s.r.o. working with Trend Micro Zero Day Initiative Intel Graphics Driver Available for: macOS Mojave Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-1834: ABC Research s.r.o. working with Trend Micro Zero Day Initiative Kernel Available for: macOS Mojave Impact: A malicious application may be able to disclose kernel memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1851: @0xalsr Kernel Available for: macOS Mojave Impact: A local attacker may be able to elevate their privileges Description: A memory corruption issue was addressed with improved validation. CVE-2021-1840: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab libxpc Available for: macOS Mojave Impact: A malicious application may be able to gain root privileges Description: A race condition was addressed with additional validation. CVE-2021-30652: James Hutchins libxslt Available for: macOS Mojave Impact: Processing a maliciously crafted file may lead to heap corruption Description: A double free issue was addressed with improved memory management. CVE-2021-1875: Found by OSS-Fuzz NSRemoteView Available for: macOS Mojave Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-1876: Matthew Denton of Google Chrome Preferences Available for: macOS Mojave Impact: A local user may be able to modify protected parts of the file system Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2021-1739: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) smbx Available for: macOS Mojave Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An integer overflow was addressed with improved input validation. CVE-2021-1878: Aleksandar Nikolic of Cisco Talos (talosintelligence.com) Tailspin Available for: macOS Mojave Impact: A local attacker may be able to elevate their privileges Description: A logic issue was addressed with improved state management. CVE-2021-1868: Tim Michaud of Zoom Communications tcpdump Available for: macOS Mojave Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2020-8037: an anonymous researcher Time Machine Available for: macOS Mojave Impact: A local attacker may be able to elevate their privileges Description: The issue was addressed with improved permissions logic. CVE-2021-1839: Tim Michaud(@TimGMichaud) of Zoom Video Communications and Gary Nield of ECSC Group plc Wi-Fi Available for: macOS Mojave Impact: An application may be able to cause unexpected system termination or write kernel memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1828: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab wifivelocityd Available for: macOS Mojave Impact: An application may be able to execute arbitrary code with system privileges Description: The issue was addressed with improved permissions logic. CVE-2020-3838: Dayton Pidhirney (@_watbulb) Windows Server Available for: macOS Mojave Impact: A malicious application may be able to unexpectedly leak a user's credentials from secure text fields Description: An API issue in Accessibility TCC permissions was addressed with improved state management. CVE-2021-1873: an anonymous researcher Installation note: This update may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCHO2EACgkQZcsbuWJ6 jjBHBhAAmHYbcREaaxOXQwrb56He+ool1GyXUCGknHRnEO6Ik0nyE/GeUPuv8Y/Q /ywr188mv3ehtjFlXWpHtqwOn0KoNlAlcE+jy9r3QGTxNmBM2z30FeC0wiYYEi7s I5xWkZIcnO1jq2CMGVHHfbLhyLnkWblwWvCOWriCRzbTocEWgEqwrh/uguTVRWB4 oVo8+uHcdiS2gqS0LIMbbvP6SGkfPwVlL8Mr/e96xdditiRbZX01GkAm0l5ezYHt xrs8378fmQK3su4dHrkHpFpTmT3Yib8Jtotat8cgu6lWxLGEFR5kOye4QIjFCl/a UhnR52nlMyYlh4anbqUs7PAh2QDVa3scaRfGTdAogPfaZIAhaaiuj8qXUOsAxEhk rf0TOXmgCDfhuaA08Ys43sgUgunPLOa2+jMT4VspLZxDTkWLDrGFjlM4P5643WrT ITAKLoqq8SOhce6gd3VECvG+EK/fBWrdwzsVDzfxU3yW3kSCKxX25KcRePwJZAAu s1ZZpIZdY7rmi1DwafNSig2dncjUZJy6AhiI5w6cpQzBOQVioU8oac2JDi1X2Rn1 k/D3VQfmYas7HGqUSwx3MUx+yybktm+8Ogo+vtcRKCzUF5t13bwpyAda0mJ62c6L I/ISWomRdC4XX3AQL5EJLzO9slpOBqWsbQb0cULdt+mb4H+nLDE= =NZ77 -----END PGP SIGNATURE-----