VARIoT IoT vulnerabilities database

u'Use after free while installing new security rule in ipcrtr as old one is deleted and this rule could still be in use for checking security permission for particular process' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8996AU, QCA4531, QCA6574AU, QCA9531, QCM2150, QCS605, SDM429W, SDX20, SDX24. plural Qualcomm The product contains a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Qualcomm MDM9206, etc. are all products of Qualcomm (Qualcomm). MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. MSM8996AU is a central processing unit (CPU) product. QCA6574AU is a central processing unit (CPU) product. SDX24 is a modem. SDX20 is a modem. APQ8017 is a central processing unit (CPU) product. APQ8053 is a central processing unit (CPU) product. QCS605 is a central processing unit (CPU) product. Qualcomm APQ8009 is a central processing unit (CPU) product. MSM8905 is a central processing unit (CPU) product. MSM8909 is a central processing unit (CPU) product. IPQ6018 is a central processing unit (CPU) product. Wire etc. are the products of individual developers. Wire is a chat software. Many products have security vulnerabilities, which may cause some software to be used for free

u'When a non standard SIP sigcomp message is received from the network, then there may be chances of using more UDVM cycle or memory overflow' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8017, APQ8037, APQ8053, MDM9250, MDM9607, MDM9628, MDM9640, MDM9650, MSM8108, MSM8208, MSM8209, MSM8608, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, QCM4290, QCM6125, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QM215, QSM8350, SA415M, SA6145P, SA6150P, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SC8180X, SC8180X+SDX55, SC8180XP, SDA429W, SDA640, SDA660, SDA670, SDA845, SDA855, SDM1000, SDM429, SDM429W, SDM439, SDM450, SDM455, SDM630, SDM632, SDM636, SDM640, SDM660, SDM670, SDM710, SDM712, SDM845, SDM850, SDX24, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM7250, SM7250P, SM8150, SM8150P, SM8350, SM8350P, SXR1120, SXR1130. plural Qualcomm The product contains a vulnerability in array index validation.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

u'Integer overflow to buffer overflow occurs while playback of ASF clip having unexpected number of codec entries' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8064AU, APQ8096, APQ8096AU, APQ8096SG, APQ8098, MDM9206, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8996SG, MSM8998, QCM4290, QCM6125, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QM215, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SDA429W, SDA640, SDA660, SDA670, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM455, SDM630, SDM632, SDM636, SDM640, SDM660, SDM670, SDM710, SDM830, SDM845, SDW2500, SDX20, SDX20M, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR1120, SXR1130, SXR2130, SXR2130P, WCD9330. plural Qualcomm The product is vulnerable to integer overflow.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

u'Buffer over read can happen while parsing mkv clip due to improper typecasting of data returned from atomsize' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8064AU, APQ8096, APQ8096AU, APQ8096SG, APQ8098, MDM9206, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8996SG, MSM8998, QCM4290, QCM6125, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDA429W, SDA640, SDA660, SDA670, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM455, SDM630, SDM632, SDM636, SDM640, SDM660, SDM670, SDM710, SDM830, SDM845, SDW2500, SDX20, SDX20M, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR1120, SXR1130, SXR2130, SXR2130P, WCD9330. plural Qualcomm The product contains an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

u'Null-pointer dereference can occur while accessing data buffer beyond its size that leads to access the buffer beyond its range' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8009W, APQ8017, APQ8053, APQ8064AU, APQ8096AU, APQ8098, MDM9206, MDM9650, MSM8909W, MSM8953, MSM8996AU, QCM4290, QCS405, QCS4290, QCS603, QCS605, QM215, QSM8350, SA6155, SA6155P, SA8155, SA8155P, SDA429W, SDA640, SDA660, SDA845, SDA855, SDM1000, SDM429, SDM429W, SDM450, SDM632, SDM640, SDM830, SDM845, SDW2500, SDX20, SDX20M, SDX50M, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6250, SM6350, SM7125, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P, WCD9330. plural Qualcomm The product has NULL A pointer dereference vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

u'information disclosure in gatekeeper trustzone implementation as the throttling mechanism to prevent brute force attempts at getting user`s lock-screen password can be bypassed by performing the standard gatekeeper operations.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8064AU, APQ8096, APQ8096AU, APQ8096SG, APQ8098, MDM8207, MDM9150, MDM9205, MDM9206, MDM9207, MDM9250, MDM9607, MDM9628, MDM9640, MDM9650, MDM9655, MSM8108, MSM8208, MSM8209, MSM8608, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8996SG, MSM8998, QCM4290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QM215, QSM8250, QSM8350, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SC8180X, SC8180XP, SDA429W, SDA640, SDA660, SDA670, SDA845, SDA855, SDM1000, SDM429, SDM429W, SDM439, SDM450, SDM455, SDM630, SDM632, SDM636, SDM640, SDM660, SDM670, SDM710, SDM712, SDM830, SDM845, SDM850, SDW2500, SDX24, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR1120, SXR1130, SXR2130, SXR2130P, WCD9330. plural Qualcomm The product contains unspecified vulnerabilities.Information may be obtained

u'Possible buffer overflow in WMA message processing due to integer overflow occurs when processing command received from user space' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009, APQ8053, APQ8096AU, MDM9206, MDM9250, MDM9628, MDM9640, MDM9650, MSM8996AU, QCS405, SDA845, SDX20, SDX20M, WCD9330. plural Qualcomm The product is vulnerable to integer overflow.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

u'Use after free issue in Bluetooth transport driver when a method in the object is accessed after the object has been deleted due to improper timer handling.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009W, MSM8909W, QCS605, QM215, SA6155, SA6155P, SA8155, SA8155P, SDA640, SDA670, SDA855, SDM1000, SDM640, SDM670, SDM710, SDM845, SDX50M, SDX55, SDX55M, SM6125, SM6350, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR1120, SXR1130, SXR2130, SXR2130P. plural Qualcomm The product contains a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Qualcomm QCS605, etc. are all products of Qualcomm. QCS605 is a central processing unit (CPU) product. Qualcomm MSM8909W is a central processing unit (CPU) product. These are the products of individual developers. It is a javascript code library for managing objects and class loading order. Qualcomm QM215 is a central processing unit. Qualcomm SA6155 is a central processing unit. Qualcomm QCS605 is a central processing unit. Qualcomm APQ8009W is a central processing unit. Qualcomm Bluetooth HOST has a resource management error vulnerability, which stems from the improper management of system resources (such as memory, disk space, files, etc.) by network systems or products

u'Bluetooth devices does not properly restrict the L2CAP payload length allowing users in radio range to cause a buffer overflow via a crafted Link Layer packet(Equivalent to CVE-2019-17060,CVE-2019-17061 and CVE-2019-17517 in Sweyntooth paper)' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music in AR9344. plural Qualcomm The product contains an out-of-bounds read vulnerability. This vulnerability is CVE-2019-17060 , CVE-2019-17061 , CVE-2019-17517 It is the same vulnerability as.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Qualcomm AR9344 is a Qualcomm mobile device chip from Qualcomm. Several components in AR9344 have security vulnerabilities, which can cause buffer overflow problems

PACSystems Rx3i is a programmable automation controller of General Electric Company. GE PACSystems Rx3i has a denial of service vulnerability, which can be exploited by attackers to cause device crashes.

Tianqing Security Isolation and Information Exchange System is an access control switch device with network isolation technology independently developed by Beijing Venustech Information Technology Co., Ltd. It provides high-security isolation protection for key data. Tianqing security isolation and information exchange system has a command execution vulnerability, which can be used by attackers to execute arbitrary operating system commands.

Tianqing Security Isolation and Information Exchange System is an access control switch device with network isolation technology independently developed by Beijing Venustech Information Technology Co., Ltd. It provides high-security isolation protection for key data. Tianqing security isolation and information exchange system has a command execution vulnerability, which can be used by attackers to execute arbitrary operating system commands.

China Mobile Railway Tongyao Router is a home router. China Mobile Railcom Co., Ltd. Yao routing has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Siemens is the world's leading technology company, relying on innovations in the fields of electrification, automation and digitalization to provide customers with solutions in the fields of power generation and transmission and distribution, infrastructure, industrial automation, drives and software. Siemens X200 series industrial Ethernet switches have a stack buffer overflow vulnerability, which can be exploited by attackers to affect usability.

Zhejiang Dahua DSS (digital surveillance system) is a comprehensive management platform that integrates four security subsystem management functions: video, alarm, access control, and intercom. The DSS of Zhejiang Dahua Technology Co., Ltd. has an arbitrary file download vulnerability. Attackers can use this vulnerability to download arbitrary files on the login interface to obtain sensitive information.

Hangzhou Hikvision System Technology Co., Ltd. is a provider of security products and industry solutions. Hangzhou Hikvision System Technology Co., Ltd. video encoding equipment access gateway has a weak password vulnerability. Attackers can use this vulnerability to log in to the gateway backend to obtain sensitive information.

Siemens is the world's leading technology company, relying on innovations in the fields of electrification, automation and digitalization to provide customers with solutions in the fields of power generation and transmission and distribution, infrastructure, industrial automation, drives and software. Siemens X200 series industrial Ethernet switches have a stack buffer overflow vulnerability, which can be exploited by attackers to affect system availability.

Siemens is the world's leading technology company, relying on innovations in the fields of electrification, automation and digitalization to provide customers with solutions in the fields of power generation and transmission and distribution, infrastructure, industrial automation, drives and software. Siemens X200 series industrial Ethernet switches have permission and access control loopholes, which can be exploited by attackers to affect system availability.

New H3C Technology Co., Ltd. is committed to becoming the most reliable partner for customers' business innovation and digital transformation. Main products include routers, big data, switches, Internet of Things, cloud computing, servers, etc. H3C's H3C intrusion prevention system product iWare series has a SQL injection vulnerability. Attackers can use this vulnerability to obtain sensitive database information.

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. There is a security vulnerability in FasterXML Jackson Databind, which can be exploited by an attacker to transmit malicious XML data to FasterXML Jackson Databind to read files, scan sites, or trigger a denial of service. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/): JBEAP-20029 - [GSS](7.3.z) Upgrade Artemis from 2.9.0.redhat-00011 to 2.9.0.redhat-00016 JBEAP-20089 - [GSS] (7.3.z) Upgrade undertow from 2.0.31.SP1-redhat-00001 to 2.0.32.SP1-redhat JBEAP-20119 - [GSS](7.3.z) Upgrade JBoss Remoting from 5.0.18.Final-redhat-00001 to 5.0.19.Final-redhat-00001 JBEAP-20161 - [GSS](7.3.z) Upgrade XNIO from 3.7.9.Final to 3.7.11.Final JBEAP-20222 - Tracker bug for the EAP 7.3.4 release for RHEL-7 JBEAP-20239 - [GSS](7.3.z) Upgrade Hibernate Validator from 6.0.20.Final to 6.0.21.Final JBEAP-20246 - [GSS](7.3.z) Upgrade JBoss Marshalling from 2.0.9.Final to 2.0.10.Final JBEAP-20285 - [GSS](7.3.z) Upgrade HAL from 3.2.10.Final-redhat-00001 to 3.2.11.Final JBEAP-20300 - (7.3.z) Upgrade jasypt from 1.9.3-redhat-00001 to 1.9.3-redhat-00002 JBEAP-20325 - (7.3.z) Upgrade WildFly Arquillian to 3.0.1.Final for the ts.bootable profile JBEAP-20364 - (7.3.z) Upgrade com.github.fge.msg-simple to 1.1.0.redhat-00007 and com.github.fge.btf to 1.2.0.redhat-00007 JBEAP-20368 - (7.3.z) Upgrade Bootable JAR Maven plugin to 2.0.1.Final 7. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Data Grid 7.3.8 security update Advisory ID: RHSA-2020:5410-01 Product: Red Hat JBoss Data Grid Advisory URL: https://access.redhat.com/errata/RHSA-2020:5410 Issue date: 2020-12-14 CVE Names: CVE-2020-25644 CVE-2020-25649 ==================================================================== 1. Summary: An update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project. This release of Red Hat Data Grid 7.3.8 serves as a replacement for Red Hat Data Grid 7.3.7 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum. Security Fix(es): * wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL (CVE-2020-25644) * jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) (CVE-2020-25649) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: To install this update, do the following: 1. Download the Data Grid 7.3.8 server patch from the customer portal. See the download link in the References section. 2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on. 3. Install the Data Grid 7.3.8 server patch. Refer to the 7.3 Release Notes for patching instructions. 4. Restart Data Grid to ensure the changes take effect. 4. Bugs fixed (https://bugzilla.redhat.com/): 1885485 - CVE-2020-25644 wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL 1887664 - CVE-2020-25649 jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) 5. References: https://access.redhat.com/security/cve/CVE-2020-25644 https://access.redhat.com/security/cve/CVE-2020-25649 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product\xdata.grid&downloadType=securityPatches&version=7.3 https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/ 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX9emjtzjgjWX9erEAQiNVxAAi0ep0/wcoyArgPwQSXS3a2JePbmC2VKe /29gx/nj70agJX62B9b5iA+UbbLsYuowH4UKcYII/cD4KWgPjk+G8TdGov2kWy9P OFtQvhP8f9reSlSWfEjzoMlTGfaUIg6xRsP6ClWpBr76xTxb/w07tGX8j1Mn9qjC s29Nfz8lYxWyDNhnUsnPNacDB7qIrHrv38eRqTn+jimZLrXtR8ktJWOmN96XRyIZ iuCkvpGOimVXugkqgITY6f0HYHFYOq6c05Q0M8sShz526l/ewnUpv0PtZzTwyCU6 OzyV5tcF/4VAHF7l/WoLV8R+jdXnq3Zqd1gx509Bwkg4VMNSXB0qBT7ldKmuYrBg BUvErN/LQ27g9kkKnQrLWWlxHTs687KxmNhGn9uKMzO0iBFq4/pt/aVh/RoAkO3H NnZ2SD6t3UAsyVZ/xeVENhzn5+0JT7qhtjwmtKy7PI04B/ikO37lJ4x9lNhhdevt DAuK/qiTTu7467v9V2g3dA8ke+2LVmITNNKrGxXcEvxdhA+m1dnzmzD1h3r8Rm2h NFF0zQlORj+DVQN7rbhx2bN62/C2z5R2J2OjOWZxlME9qste6cwGan3Z/r1xQUmp TXbH4S9aJsggZ6nfdRuWxvvLujiy7hniBPWVKGRx2Po1GawHflK2bA61zDeTesg4 QPDe2x7xQHE=DiHA -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Summary: Updated ovirt-engine packages that fix several bugs and add various enhancements are now available. Description: The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. The Manager is a JBoss Application Server application that provides several interfaces through which the virtual environment can be accessed and interacted with, including an Administration Portal, a VM Portal, and a Representational State Transfer (REST) Application Programming Interface (API). Bug Fix(es): * Red Hat Virtualization Manager now requires Ansible 2.9.15. (BZ#1901946) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/2974891 5. Bugs fixed (https://bugzilla.redhat.com/): 1627997 - [RFE] Allow SPM switching if all tasks have finished via REST-API 1702237 - [RFE] add API for listing disksnapshots under disk resource 1796231 - VM disk remains in locked state if image transfer (image download) timesout due to inactivity. 1868114 - RHV-M UI/Webadmin: The "Disk Snapshots" tab reflects incorrect "Creation Date" information. 1875951 - Disk hot-unplug fails on engine side with NPE in setDiskVmElements after unplugging from the VM. 1879655 - [RFE] Implement searching VM's with partial name or case sensitive vm names in VM Portal. 1880015 - oVirt metrics example Kibana dashboards are broken in Kibana 7.x 1881115 - RHEL VM icons squashed, please adhere to brand rules 1881357 - German language greeting page says Red Hat® 1887664 - CVE-2020-25649 jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) 1893035 - rhv-log-collector-analyzer: check for double quotes in IPTablesConfigSiteCustom 1894298 - ModuleNotFoundError: No module named 'ovirt_engine' raised when starting ovirt-engine-dwhd.py in dev env 1901946 - [RFE] Bump ovirt-engine version lock to the newest Ansible version 1903385 - RFE: rhv-image-discrepancies should report if the truesize from VDSM has different size in images in the engine. 1903595 - [PPC] Can't add PPC host to Engine 6. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7