VARIoT IoT vulnerabilities database

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j). OpenSSL is an open source general encryption library of the Openssl team that can implement the Secure Sockets Layer (SSLv2/v3) and Transport Layer Security (TLSv1) protocols. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. On March 25, 2021, the OpenSSL Project released a security advisory, OpenSSL Security Advisory [25 March 2021], that disclosed two vulnerabilities. Exploitation of these vulnerabilities could allow an malicious user to use a valid non-certificate authority (CA) certificate to act as a CA and sign a certificate for an arbitrary organization, user or device, or to cause a denial of service (DoS) condition. This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API. Bug Fix(es): This update includes various bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Container Storage Release Notes for information on the most significant of these changes: https://access.redhat.com/documentation/en-us/red_hat_openshift_container_s torage/4.7/html-single/4.7_release_notes/index All Red Hat OpenShift Container Storage users are advised to upgrade to these updated images. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1803849 - [RFE] Include per volume encryption with Vault integration in RHCS 4.1 1814681 - [RFE] use topologySpreadConstraints to evenly spread OSDs across hosts 1840004 - CVE-2020-7608 nodejs-yargs-parser: prototype pollution vulnerability 1850089 - OBC CRD is outdated and leads to missing columns in get queries 1860594 - Toolbox pod should have toleration for OCS tainted nodes 1861104 - OCS podDisruptionBudget prevents successful OCP upgrades 1861878 - [RFE] use appropriate PDB values for OSD 1866301 - [RHOCS Usability Study][Installation] “Create storage cluster” should be a part of the installation flow or need to be emphasized as a crucial step. 1869406 - must-gather should include historical pod logs 1872730 - [RFE][External mode] Re-configure noobaa to use the updated RGW endpoint from the RHCS cluster 1874367 - "Create Backing Store" page doesn't allow to select already defined k8s secret as target bucket credentials when Google Cloud Storage is selected as a provider 1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability 1886112 - log message flood with Reconciling StorageCluster","Request.Namespace":"openshift-storage","Request.Name":"ocs-storagecluster" 1886416 - Uninstall 4.6: ocs-operator logging regarding noobaa-core PVC needs change 1886638 - CVE-2020-8565 kubernetes: Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel >= 9 1888839 - Create public route for ceph-rgw service 1892622 - [GSS] Noobaa management dashboard reporting High number of issues when the cluster is in healthy state 1893611 - Skip ceph commands collection attempt if must-gather helper pod is not created 1893613 - must-gather tries to collect ceph commands in external mode when storagecluster already deleted 1893619 - OCS must-gather: Inspect errors for cephobjectoreUser and few ceph commandd when storage cluster does not exist 1894412 - [RFE][External] RGW metrics should be made available even if anything else except 9283 is provided as the monitoring-endpoint-port 1896338 - OCS upgrade from 4.6 to 4.7 build failed 1897246 - OCS - ceph historical logs collection 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1898509 - [Tracker][RHV #1899565] Deployment on RHV/oVirt storage class ovirt-csi-sc failing 1898680 - CVE-2020-7774 nodejs-y18n: prototype pollution vulnerability 1898808 - Rook-Ceph crash collector pod should not run on non-ocs node 1900711 - [RFE] Alerting for Namespace buckets and resources 1900722 - Failed to init upgrade process on noobaa-core-0 1900749 - Namespace Resource reported as Healthy when target bucket deleted 1900760 - RPC call for Namespace resource creation allows invalid target bucket names 1901134 - OCS - ceph historical logs collection 1902192 - [RFE][External] RGW metrics should be made available even if anything else except 9283 is provided as the monitoring-endpoint-port 1902685 - Too strict Content-Length header check refuses valid upload requests 1902711 - Tracker for Bug #1903078 Deleting VolumeSnapshotClass makes VolumeSnapshot not Ready 1903973 - [Azure][ROKS] Set SSD tuning (tuneFastDeviceClass) as default for OSD devices in Azure/ROKS platform 1903975 - Add "ceph df detail" for ocs must-gather to enable support to debug compression 1904302 - [GSS] ceph_daemon label includes references to a replaced OSD that cause a prometheus ruleset to fail 1904929 - [GSS][RFE]Reduce debug level for logs of Nooba Endpoint pod 1907318 - Unable to deploy & upgrade to ocs 4.7 - missing postgres image reference 1908414 - [GSS][VMWare][ROKS] rgw pods are not showing up in OCS 4.5 - due to pg_limit issue 1908678 - ocs-osd-removal job failed with "Invalid value" error when using multiple ids 1909268 - OCS 4.7 UI install -All OCS operator pods respin after storagecluster creation 1909488 - [NooBaa CLI] CLI status command looks for wrong DB PV name 1909745 - pv-pool backing store name restriction should be at 43 characters 1910705 - OBCs are stuck in a Pending state 1911131 - Bucket stats in the NB dashboard are incorrect 1911266 - Backingstore phase is ready, modecode is INITIALIZING 1911627 - CVE-2020-26289 nodejs-date-and-time: ReDoS in parsing via date.compile 1911789 - Data deduplication does not work properly 1912421 - [RFE] noobaa cli allow the creation of BackingStores with already existing secrets 1912894 - OCS storagecluster is Progressing state and some noobaa pods missing with latest 4.7 build -4.7.0-223.ci and storagecluster reflected as 4.8.0 instead of 4.7.0 1913149 - make must-gather backward compatibility for version <4.6 1913357 - ocs-operator should show error when flexible scaling and arbiter are both enabled at the same time 1914132 - No metrics available in the Object Service Dashboard in OCS 4.7, logs show "failed to retrieve metrics exporter servicemonitor" 1914159 - When OCS was deployed using arbiter mode mon's are going into CLBO state, ceph version = 14.2.11-95 1914215 - must-gather fails to delete the completed state compute-xx-debug pods after successful completion 1915111 - OCS OSD selection algorithm is making some strange choices. 1915261 - Deleted MCG CRs are stuck in a 'Deleting' state 1915445 - Uninstall 4.7: Storagecluster deletion stuck on a partially created KMS enabled OCS cluster + support TLS configuration for KMS 1915644 - update noobaa db label in must-gather to collect db pod in noobaa dir 1915698 - There is missing noobaa-core-0 pod after upgrade from OCS 4.6 to OCS 4.7 1915706 - [Azure][RBD] PV taking longer time ~ 9 minutes to get deleted 1915730 - [ocs-operator] Create public route for ceph-rgw service 1915737 - Improve ocs-operator logging during uninstall to be more verbose, to understand reasons for failures - e.g. for Bug 1915445 1915758 - improve noobaa logging in case of uninstall - logs do not specify clearly the resource on which deletion is stuck 1915807 - Arbiter: OCS Install failed when used label = topology.kubernetes.io/zone instead of deprecated failureDomain label 1915851 - OCS PodDisruptionBudget redesign for OSDs to allow multiple nodes to drain in the same failure domain 1915953 - Must-gather takes hours to complete if the OCS cluster is not fully deployed, delay seen in ceph command collection step 1916850 - Uninstall 4.7- rook: Storagecluster deletion stuck on a partially created KMS enabled OCS cluster(OSD creation failed) 1917253 - Restore-pvc creation fails with error "csi-vol-* has unsupported quota" 1917815 - [IBM Z and Power] OSD pods restarting due to OOM during upgrade test using ocs-ci 1918360 - collect timestamp for must-gather commands and also the total time taken for must-gather to complete 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve 1918925 - noobaa operator pod logs messages for other components - like rook-ceph-mon, csi-pods, new Storageclass, etc 1918938 - ocs-operator has Error logs with "unable to deploy Prometheus rules" 1919967 - MCG RPC calls time out and the system is unresponsive 1920202 - RGW pod did not get created when OCS was deployed using arbiter mode 1920498 - [IBM Z] OSDs are OOM killed and storage cluster goes into error state during ocs-ci tier1 pvc expansion tests 1920507 - Creation of cephblockpool with compression failed on timeout 1921521 - Add support for VAULT_SKIP_VERIFY option in Ceph-CSI 1921540 - RBD PVC creation fails with error "invalid encryption kms configuration: "POD_NAMESPACE" is not set" 1921609 - MongoNetworkError messages in noobaa-core logs 1921625 - 'Not Found: Secret "noobaa-root-master-key" message' in noobaa logs and cli output when kms is configured 1922064 - uninstall on VMware LSO+ arbiter with 4 OSDs in Pending state: Storagecluster deletion stuck, waiting for cephcluster to be deleted 1922108 - OCS 4.7 4.7.0-242.ci and beyond: osd pods are not created 1922113 - noobaa-db pod init container is crashing after OCS upgrade from OCS 4.6 to OCS 4.7 1922119 - PVC snapshot creation failing on OCP4.6-OCS 4.7 cluster 1922421 - [ROKS] OCS deployment stuck at mon pod in pending state 1922954 - [IBM Z] OCS: Failed tests because of osd deviceset restarts 1924185 - Object Service Dashboard shows alerts related to "system-internal-storage-pool" in OCS 4.7 1924211 - 4.7.0-249.ci: RGW pod not deployed, rook logs show - failed to create object store "must be no more than 63 characters" 1924634 - MG terminal logs show `pods "compute-x-debug" not found` even though pods are in Running state 1924784 - RBD PVC creation fails with error "invalid encryption kms configuration: failed to parse kms configuration" 1924792 - RBD PVC creation fails with error "invalid encryption kms configuration: failed to parse kms configuration" 1925055 - OSD pod stuck in Init:CrashLoopBackOff following Node maintenance in OCP upgrade from OCP 4.7 to 4.7 nightly 1925179 - MG fix [continuation from bug 1893619]: Do not attempt creating helper pod if storagecluster/cephcluster already deleted 1925249 - KMS resources should be garbage collected when StorageCluster is deleted 1925533 - [GSS] Unable to install Noobaa in AWS govcloud 1926182 - [RFE] Support disabling reconciliation of monitoring related resources using a dedicated reconcile strategy flag 1926617 - osds are in Init:CrashLoopBackOff with rgw in CrashLoopBackOff on KMS enabled cluster 1926717 - Only one NOOBAA_ROOT_SECRET_PATH key created in vault when the same backend path is used for multiple OCS clusters 1926831 - [IBM][ROKS] Deploy RGW pods only if IBM COS is not available on platform 1927128 - [Tracker for BZ #1937088] When Performed add capacity over arbiter mode cluster ceph health reports PG_AVAILABILITY Reduced data availability: 25 pgs inactive, 25 pgs incomplete 1927138 - must-gather skip collection of ceph in every run 1927186 - Configure pv-pool as backing store if cos creds secret not found in IBM Cloud 1927317 - [Arbiter] Storage Cluster installation did not started because ocs-operator was Expecting 8 node found 4 1927330 - Namespacestore-backed OBCs are stuck on Pending 1927338 - Uninstall OCS: Include events for major CRs to know the cause of deletion getting stuck 1927885 - OCS 4.7: ocs operator pod in 1/1 state even when Storagecluster is in Progressing state 1928063 - For FD: rack: actual osd pod distribution and OSD placement in rack under ceph osd tree output do not match 1928451 - MCG CLI command of diagnose doesn't work on windows 1928471 - [Deployment blocker] Ceph OSDs do not register properly in the CRUSH map 1928487 - MCG CLI - noobaa ui command shows wss instead of https 1928642 - [IBM Z] rook-ceph-rgw pods restarts continously with ocs version 4.6.3 due to liveness probe failure 1931191 - Backing/namespacestores are stuck on Creating with credentials errors 1931810 - LSO deployment(flexibleScaling:true): 100% PGS unknown even though ceph osd tree placement is correct(root cause diff from bug 1928471) 1931839 - OSD in state init:CrashLoopBackOff with KMS signed certificates 1932400 - Namespacestore deletion takes 15 minutes 1933607 - Prevent reconcile of labels on all monitoring resources deployed by ocs-operator 1933609 - Prevent reconcile of labels on all monitoring resources deployed by rook 1933736 - Allow shrinking the cluster by removing OSDs 1934000 - Improve error logging for kv-v2 while using encryption with KMS 1934990 - Ceph health ERR post node drain on KMS encryption enabled cluster 1935342 - [RFE] Add OSD flapping alert 1936545 - [Tracker for BZ #1938669] setuid and setgid file bits are not retained after a OCS CephFS CSI restore 1936877 - Include at OCS Multi-Cloud Object Gateway core container image the fixes on CVEs from RHEL8 on "nodejs" 1937070 - Storage cluster cannot be uninstalled when cluster not fully configured 1937100 - [RGW][notification][kafka]: notification fails with error: pubsub endpoint configuration error: unknown schema in: kafka 1937245 - csi-cephfsplugin pods CrashLoopBackoff in fresh 4.6 cluster due to conflict with kube-rbac-proxy 1937768 - OBC with Cache BucketPolicy stuck on pending 1939026 - ServiceUnavailable when calling the CreateBucket operation (reached max retries: 4): Reduce your request rate 1939472 - Failure domain set incorrectly to zone if flexible scaling is enabled but there are >= 3 zones 1939617 - [Arbiter] Mons cannot be failed over in stretch mode 1940440 - noobaa migration pod is deleted on failure and logs are not available for inspection 1940476 - Backingstore deletion hangs 1940957 - Deletion of Rejected NamespaceStore is stuck even when target bucket and bucketclass are deleted 1941647 - OCS deployment fails when no backend path is specified for cluster wide encryption using KMS 1941977 - rook-ceph-osd-X gets stuck in initcontainer expand-encrypted-bluefs 1942344 - No permissions in /etc/passwd leads to fail noobaa-operaor 1942350 - No permissions in /etc/passwd leads to fail noobaa-operaor 1942519 - MCG should not use KMS to store encryption keys if cluster wide encryption is not enabled using KMS 1943275 - OSD pods re-spun after "add capacity" on cluster with KMS 1943596 - [Tracker for BZ #1944611][Arbiter] When Performed zone(zone=a) Power off and Power On, 3 mon pod(zone=b,c) goes in CLBO after node Power off and 2 Osd(zone=a) goes in CLBO after node Power on 1944980 - Noobaa deployment fails when no KMS backend path is provided during storagecluster creation 1946592 - [Arbiter] When both the rgw pod hosting nodes are down, the rgw service is unavailable 1946837 - OCS 4.7 Arbiter Mode Cluster becomes stuck when entire zone is shutdown 1955328 - Upgrade of noobaa DB failed when upgrading OCS 4.6 to 4.7 1955601 - CVE-2021-3528 NooBaa: noobaa-operator leaking RPC AuthToken into log files 1957187 - Update to RHCS 4.2z1 Ceph container image at OCS 4.7.0 1957639 - Noobaa migrate job is failing when upgrading OCS 4.6.4 to 4.7 on FIPS environment 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Virtualization security, bug fix, and enhancement update Advisory ID: RHSA-2021:1189-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2021:1189 Issue date: 2021-04-14 CVE Names: CVE-2021-3449 CVE-2021-3450 ===================================================================== 1. Summary: An update is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: RHEL 8-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64 Red Hat Virtualization 4 Hypervisor for RHEL 8 - noarch, x86_64 3. Description: The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Changes to the redhat-release-virtualization-host component: * Previously, the redhat-support-tool was missing from the RHV-H 4.4 package. In this release, the redhat-support-tool has been added. (BZ#1928607) Security Fix(es): * openssl: NULL pointer dereference in signature_algorithms processing (CVE-2021-3449) * openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/2974891 The system must be rebooted for this update to take effect. For the update to take effect, all services linked to the glibc library must be restarted, or the system rebooted. 5. Bugs fixed (https://bugzilla.redhat.com/): 1892573 - RHVH 4.4.2 fails to boot from SAN when using UUID for /boot partition 1895832 - RHVH 4.4.3: No response when clicking button "Help" in Anaconda GUI 1907306 - "sysstat" doesn't collect data for upgraded RHVH 1907358 - In FIPS mode, RHVH cannot enter the new layer after upgrade 1907746 - RHVH cannot enter the new layer after upgrade testing with STIG profile selected. 1918207 - RHVH upgrade to 4.4.5-1 will fail due to FileNotFoundError 1927395 - RHVH, protecting key packages from being removed. 1928607 - redhat-support-tool is missing from latest RHV-H 4.4 1940845 - Include updated gluster-ansible-features in RHV-H 4.4.5 1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT 1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing 1942040 - Rebase RHV-H 4.4.5 on RHEL-AV 8.3.1 Async 1942498 - Rebase RHV-H 4.4.5 on RHEL-8.3.1.3 6. Package List: Red Hat Virtualization 4 Hypervisor for RHEL 8: Source: boost-1.66.0-10.el8.src.rpm dyninst-10.1.0-4.el8.src.rpm gcc-8.3.1-5.1.el8.src.rpm isl-0.16.1-6.el8.src.rpm libmpc-1.0.2-9.el8.src.rpm libxcrypt-4.1.1-4.el8.src.rpm make-4.2.1-10.el8.src.rpm redhat-virtualization-host-4.4.5-20210330.0.el8_3.src.rpm tbb-2018.2-9.el8.src.rpm zip-3.0-23.el8.src.rpm noarch: redhat-virtualization-host-image-update-4.4.5-20210330.0.el8_3.noarch.rpm vim-filesystem-8.0.1763-15.el8.noarch.rpm x86_64: boost-atomic-debuginfo-1.66.0-10.el8.x86_64.rpm boost-chrono-debuginfo-1.66.0-10.el8.x86_64.rpm boost-container-debuginfo-1.66.0-10.el8.x86_64.rpm boost-context-debuginfo-1.66.0-10.el8.x86_64.rpm boost-coroutine-debuginfo-1.66.0-10.el8.x86_64.rpm boost-date-time-1.66.0-10.el8.x86_64.rpm boost-date-time-debuginfo-1.66.0-10.el8.x86_64.rpm boost-debuginfo-1.66.0-10.el8.x86_64.rpm boost-debugsource-1.66.0-10.el8.x86_64.rpm boost-doctools-debuginfo-1.66.0-10.el8.x86_64.rpm boost-fiber-debuginfo-1.66.0-10.el8.x86_64.rpm boost-filesystem-debuginfo-1.66.0-10.el8.x86_64.rpm boost-graph-debuginfo-1.66.0-10.el8.x86_64.rpm boost-graph-mpich-debuginfo-1.66.0-10.el8.x86_64.rpm boost-graph-openmpi-debuginfo-1.66.0-10.el8.x86_64.rpm boost-iostreams-debuginfo-1.66.0-10.el8.x86_64.rpm boost-locale-debuginfo-1.66.0-10.el8.x86_64.rpm boost-log-debuginfo-1.66.0-10.el8.x86_64.rpm boost-math-debuginfo-1.66.0-10.el8.x86_64.rpm boost-mpich-debuginfo-1.66.0-10.el8.x86_64.rpm boost-mpich-python3-debuginfo-1.66.0-10.el8.x86_64.rpm boost-numpy3-debuginfo-1.66.0-10.el8.x86_64.rpm boost-openmpi-debuginfo-1.66.0-10.el8.x86_64.rpm boost-openmpi-python3-debuginfo-1.66.0-10.el8.x86_64.rpm boost-program-options-debuginfo-1.66.0-10.el8.x86_64.rpm boost-python3-debuginfo-1.66.0-10.el8.x86_64.rpm boost-random-debuginfo-1.66.0-10.el8.x86_64.rpm boost-regex-debuginfo-1.66.0-10.el8.x86_64.rpm boost-serialization-debuginfo-1.66.0-10.el8.x86_64.rpm boost-signals-debuginfo-1.66.0-10.el8.x86_64.rpm boost-stacktrace-debuginfo-1.66.0-10.el8.x86_64.rpm boost-system-debuginfo-1.66.0-10.el8.x86_64.rpm boost-test-debuginfo-1.66.0-10.el8.x86_64.rpm boost-thread-debuginfo-1.66.0-10.el8.x86_64.rpm boost-timer-debuginfo-1.66.0-10.el8.x86_64.rpm boost-type_erasure-debuginfo-1.66.0-10.el8.x86_64.rpm boost-wave-debuginfo-1.66.0-10.el8.x86_64.rpm bpftool-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm compat-libmpc-debuginfo-1.0.2-9.el8.x86_64.rpm cpp-8.3.1-5.1.el8.x86_64.rpm cpp-debuginfo-8.3.1-5.1.el8.x86_64.rpm dyninst-10.1.0-4.el8.x86_64.rpm dyninst-debuginfo-10.1.0-4.el8.x86_64.rpm dyninst-debugsource-10.1.0-4.el8.x86_64.rpm dyninst-devel-debuginfo-10.1.0-4.el8.x86_64.rpm dyninst-testsuite-debuginfo-10.1.0-4.el8.x86_64.rpm gcc-8.3.1-5.1.el8.x86_64.rpm gcc-c++-debuginfo-8.3.1-5.1.el8.x86_64.rpm gcc-debuginfo-8.3.1-5.1.el8.x86_64.rpm gcc-debugsource-8.3.1-5.1.el8.x86_64.rpm gcc-gdb-plugin-debuginfo-8.3.1-5.1.el8.x86_64.rpm gcc-gfortran-debuginfo-8.3.1-5.1.el8.x86_64.rpm gcc-offload-nvptx-debuginfo-8.3.1-5.1.el8.x86_64.rpm gcc-plugin-devel-debuginfo-8.3.1-5.1.el8.x86_64.rpm glibc-debuginfo-2.28-127.el8_3.2.x86_64.rpm glibc-debuginfo-common-2.28-127.el8_3.2.x86_64.rpm glibc-devel-2.28-127.el8_3.2.x86_64.rpm glibc-headers-2.28-127.el8_3.2.x86_64.rpm isl-0.16.1-6.el8.x86_64.rpm isl-debugsource-0.16.1-6.el8.x86_64.rpm kernel-debug-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm kernel-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-240.22.1.el8_3.x86_64.rpm kernel-devel-4.18.0-240.22.1.el8_3.x86_64.rpm kernel-headers-4.18.0-240.22.1.el8_3.x86_64.rpm kernel-tools-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm libasan-debuginfo-8.3.1-5.1.el8.x86_64.rpm libatomic-debuginfo-8.3.1-5.1.el8.x86_64.rpm libgcc-8.3.1-5.1.el8.x86_64.rpm libgcc-debuginfo-8.3.1-5.1.el8.x86_64.rpm libgfortran-debuginfo-8.3.1-5.1.el8.x86_64.rpm libgomp-8.3.1-5.1.el8.x86_64.rpm libgomp-debuginfo-8.3.1-5.1.el8.x86_64.rpm libgomp-offload-nvptx-debuginfo-8.3.1-5.1.el8.x86_64.rpm libitm-debuginfo-8.3.1-5.1.el8.x86_64.rpm liblsan-debuginfo-8.3.1-5.1.el8.x86_64.rpm libmpc-1.0.2-9.el8.x86_64.rpm libmpc-debuginfo-1.0.2-9.el8.x86_64.rpm libmpc-debugsource-1.0.2-9.el8.x86_64.rpm libquadmath-debuginfo-8.3.1-5.1.el8.x86_64.rpm libstdc++-debuginfo-8.3.1-5.1.el8.x86_64.rpm libtsan-debuginfo-8.3.1-5.1.el8.x86_64.rpm libubsan-debuginfo-8.3.1-5.1.el8.x86_64.rpm libxcrypt-debugsource-4.1.1-4.el8.x86_64.rpm libxcrypt-devel-4.1.1-4.el8.x86_64.rpm make-4.2.1-10.el8.x86_64.rpm make-debugsource-4.2.1-10.el8.x86_64.rpm perf-4.18.0-240.22.1.el8_3.x86_64.rpm perf-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm python3-perf-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm tbb-2018.2-9.el8.x86_64.rpm tbb-debugsource-2018.2-9.el8.x86_64.rpm vim-X11-debuginfo-8.0.1763-15.el8.x86_64.rpm vim-common-8.0.1763-15.el8.x86_64.rpm vim-common-debuginfo-8.0.1763-15.el8.x86_64.rpm vim-debuginfo-8.0.1763-15.el8.x86_64.rpm vim-debugsource-8.0.1763-15.el8.x86_64.rpm vim-enhanced-8.0.1763-15.el8.x86_64.rpm vim-enhanced-debuginfo-8.0.1763-15.el8.x86_64.rpm vim-minimal-debuginfo-8.0.1763-15.el8.x86_64.rpm zip-3.0-23.el8.x86_64.rpm zip-debugsource-3.0-23.el8.x86_64.rpm RHEL 8-based RHEV-H for RHEV 4 (build requirements): Source: imgbased-1.2.18-0.1.el8ev.src.rpm redhat-release-virtualization-host-4.4.5-4.el8ev.src.rpm scap-security-guide-0.1.50-1.el8ev.src.rpm noarch: imgbased-1.2.18-0.1.el8ev.noarch.rpm python3-imgbased-1.2.18-0.1.el8ev.noarch.rpm redhat-virtualization-host-image-update-placeholder-4.4.5-4.el8ev.noarch.rpm scap-security-guide-rhv-0.1.50-1.el8ev.noarch.rpm x86_64: redhat-release-virtualization-host-4.4.5-4.el8ev.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYHbW2dzjgjWX9erEAQhrvQ//VGyhTZ32NVUTnNMVVaHZyN5HL2Gt7CRG sOA8Z7hKGGPq8nHZEeTtk2KBpxaLLzVHxKmILtnsRTlRqq2s4BSgd9j7YhNvTlZe kK6Y3ovcWBKdqqui2ezZz9WFmKbQ5yjJImMo+TfyAS0D1RLwxNyKzDyYDCIZuO03 1AcV0ILWSVpaEKRrjOX6S0VnmMR0hqf4JmgLk8/ePv3wp+vd5voeIymWDPy6KrPW 0WS6NLHHNGucnzKXiRglwLeWKCYdQ+MCewkLKch/4eQPI28+N72dEgI9nhbZMind khmKrnPDt5CIS9aWNmm+B/pWHZB1kEFt6hls/+xn2aXvrHxGgj6aTyl1peMhxYwA bvlQx+p1jOOREgtvnQHwemAVEuZByW4QFWqdZn/BIqbImTjxlawqYRwHjWpOvMfo Z6l7kiG86TsEWj/QJGAoRvwmqer7pWrttVeUivFBNmUhgZ8lEIMT3MkULY8VBJp+ PrwbQwfpMn38PZbnl/DT3A0aSgZ1Q1uQZooW8B6zBKYUdgwTU8impaBaKfyM9QRq hCqHX42S4b/tNZhy64hlfkv24kei4RqgI4sGVeDfSA/tWzdgvBghQ1pOEhlPY4MH jINgKocRD1f08X0meBmqk4IuoZdWkUrGgvprmT81At4ZF3omaQ1amKj1HhXpmJVa da5fQnRzZzc= =xbcY -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link for the update. You must be logged in to download the update. Description: Red Hat Advanced Cluster Management for Kubernetes 2.1.6 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. Bug fixes: * RHACM 2.1.6 images (BZ#1940581) * When generating the import cluster string, it can include unescaped characters (BZ#1934184) 3. Bugs fixed (https://bugzilla.redhat.com/): 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1929338 - CVE-2020-35149 mquery: Code injection via merge or clone operation 1934184 - When generating the import cluster string, it can include unescaped characters 1940581 - RHACM 2.1.6 images 5. Description: This release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages that are part of the JBoss Core Services offering. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library

A vulnerability in the Cisco IOx Application Framework of Cisco 809 Industrial Integrated Services Routers (Industrial ISRs), Cisco 829 Industrial ISRs, Cisco CGR 1000 Compute Module, and Cisco IC3000 Industrial Compute Gateway could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient error handling during packet processing. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the IOx web server on an affected device. A successful exploit could allow the attacker to cause the IOx web server to stop processing requests, resulting in a DoS condition. plural Cisco The product contains a resource depletion vulnerability.Denial of service (DoS) It may be put into a state. Cisco Iox is a secure development environment of the US Cisco (Cisco) that combines Cisco IOS and Linux OS for secure network connection and development of IOT applications

A vulnerability in the hardware initialization routines of Cisco IOS XE Software for Cisco 1100 Series Industrial Integrated Services Routers and Cisco ESR6300 Embedded Series Routers could allow an authenticated, local attacker to execute unsigned code at system boot time. This vulnerability is due to incorrect validations of parameters passed to a diagnostic script that is executed when the device boots up. An attacker could exploit this vulnerability by tampering with an executable file stored on a device. A successful exploit could allow the attacker to execute unsigned code at boot time and bypass the software image verification check part of the secure boot process of an affected device. To exploit this vulnerability, the attacker would need administrative level credentials (level 15) on the device. Cisco IOS XE Has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco IOS XE is a set of modular operating system based on Linux kernel developed by American Cisco company for its network equipment. Attackers can use this vulnerability to execute unsigned code when the system is started

A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of incoming mDNS traffic. An attacker could exploit this vulnerability by sending a crafted mDNS packet to an affected device through a wireless network that is configured in FlexConnect local switching mode or through a wired network on a configured mDNS VLAN. A successful exploit could allow the attacker to cause the access point (AP) to reboot, resulting in a DoS condition. Remote attackers can use this vulnerability to submit special requests, which can crash applications and cause denial of service attacks

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of an affected device. The vulnerability is due to insufficient validation of CAPWAP packets. An attacker could exploit this vulnerability by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition. Cisco Catalyst 9000 is a switch made by Cisco in the United States

A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points (AP) could allow an authenticated, local attacker to overwrite files in the flash memory of the device. This vulnerability is due to insufficient input validation for a specific command. An attacker could exploit this vulnerability by issuing a command with crafted arguments. A successful exploit could allow the attacker to overwrite or create files with data that is already present in other files that are hosted on the affected device. Cisco Aironet Access Points (AP) Is vulnerable to a resource leak to the wrong area.Information may be tampered with

A vulnerability in the Cisco IOx application hosting environment of multiple Cisco platforms could allow an authenticated, remote attacker to conduct directory traversal attacks and read and write files on the underlying operating system or host system. This vulnerability occurs because the device does not properly validate URIs in IOx API requests. An attacker could exploit this vulnerability by sending a crafted API request that contains directory traversal character sequences to an affected device. A successful exploit could allow the attacker to read or write arbitrary files on the underlying operating system. Cisco IOx The application contains a path traversal vulnerability.Information may be obtained and information may be tampered with. Cisco Iox is a secure development environment of the US Cisco (Cisco) that combines Cisco IOS and Linux OS for secure network connection and development of IOT applications. A security vulnerability exists in the Cisco IOx application

A vulnerability in the dragonite debugger of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root privilege. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vulnerability by bypassing the consent token mechanism with the residual scripts on the affected device. A successful exploit could allow the attacker to escalate from privilege level 15 to root privilege. Cisco IOS XE Exists in an active debug code vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco IOS XE Software is an operating system of Cisco (Cisco). A single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity

A vulnerability in Address Resolution Protocol (ARP) management of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent an affected device from resolving ARP entries for legitimate hosts on the connected subnets. This vulnerability exists because ARP entries are mismanaged. An attacker could exploit this vulnerability by continuously sending traffic that results in incomplete ARP entries. A successful exploit could allow the attacker to cause ARP requests on the device to be unsuccessful for legitimate hosts, resulting in a denial of service (DoS) condition. Cisco IOS and IOS XE There is a resource management vulnerability in.Denial of service (DoS) It may be put into a state

A vulnerability in the CLI command permissions of Cisco IOS and Cisco IOS XE Software could allow an authenticated, local attacker to retrieve the password for Common Industrial Protocol (CIP) and then remotely configure the device as an administrative user. This vulnerability exists because incorrect permissions are associated with the show cip security CLI command. An attacker could exploit this vulnerability by issuing the command to retrieve the password for CIP on an affected device. A successful exploit could allow the attacker to reconfigure the device. Cisco IOS and IOS XE Exists in an inadequate protection of credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Both Cisco IOS and IOS XE are a set of operating systems developed by Cisco for its network equipment

A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability. Genivia gSOAP Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Genivia gSOAP is a C/C++ software development toolkit with automatic coding function of Genivia Company in the United States

Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these vulnerabilities by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to access the underlying operating system with root privileges. Cisco IOS XE SD-WAN Is vulnerable to input validation.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco IOS XE SD-WAN Software is a software for network management (software-defined networking) applied to the Cisco IOS XE network operating system from Cisco

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying operating system of an affected device. The vulnerability exists because the affected software improperly sanitizes values that are parsed from a specific configuration file. An attacker could exploit this vulnerability by tampering with a specific configuration file and then sending an API call. A successful exploit could allow the attacker to inject arbitrary code that would be executed on the underlying operating system of the affected device. To exploit this vulnerability, the attacker would need to have a privileged set of credentials to the device. Cisco IOS XE Contains a command injection vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco IOS XE Software is an operating system of Cisco (Cisco). A single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity

A vulnerability in a diagnostic command for the Plug-and-Play (PnP) subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to the level of an Administrator user (level 15) on an affected device. The vulnerability is due to insufficient protection of sensitive information. An attacker with low privileges could exploit this vulnerability by issuing the diagnostic CLI show pnp profile when a specific PnP listener is enabled on the device. A successful exploit could allow the attacker to obtain a privileged authentication token. This token can be used to send crafted PnP messages and execute privileged commands on the targeted system. Cisco IOS XE Exists in a vulnerability related to information leakage from log files.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco IOS XE Software is an operating system of Cisco (Cisco). A single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity

A vulnerability in the FlexConnect Upgrade feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, remote attacker to obtain confidential information from an affected device. This vulnerability is due to an unrestricted Trivial File Transfer Protocol (TFTP) configuration. An attacker could exploit this vulnerability by sending a specific TFTP request to an affected device. A successful exploit could allow the attacker to download any file from the filesystem of the affected access point (AP)

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to view arbitrary files on the affected system. Cisco IOS XE SD-WAN Contains a path traversal vulnerability.Information may be obtained

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that can be executed as the root user. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to the web UI of an affected device with arbitrary commands injected into a portion of the request. A successful exploit could allow the attacker to execute arbitrary commands as the root user. Cisco IOS XE Exists in a past traversal vulnerabilityInformation is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco IOS XE Software is an operating system of Cisco (Cisco). A single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system. This vulnerability is due to insufficient validation of the parameters of a specific CLI command. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content of any arbitrary file that resides on the underlying host file system. Cisco IOS XE SD-WAN Software is a software for network management (software-defined networking) applied to the Cisco IOS XE network operating system from Cisco

A vulnerability in the boot logic of Cisco Access Points Software could allow an authenticated, local attacker to execute unsigned code at boot time. The vulnerability is due to an improper check that is performed by the area of code that manages system startup processes. An attacker could exploit this vulnerability by modifying a specific file that is stored on the system, which would allow the attacker to bypass existing protections. A successful exploit could allow the attacker to execute unsigned code at boot time and bypass the software image verification check part of the secure boot process of an affected device. Note: To exploit this vulnerability, the attacker would need to have access to the development shell (devshell) on the device. Cisco Cisco Access Point is a hardware device of Cisco (Cisco). Provides high-density wireless connectivity for small offices

Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Jabber Contains a certificate validation vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco Jabber is a set of unified communication client solutions of Cisco (Cisco). The program provides online status display, instant messaging, voice and other functions. The following products and versions are affected: Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could