VARIoT IoT vulnerabilities database

Cross-Site Request Forgery (CSRF) vulnerability in web GUI of Secomea GateManager allows an attacker to execute malicious code. This issue affects: Secomea GateManager All versions prior to 9.4. Secomea GateManager Contains a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Secomea GateManager is a remote access server product of Denmark Secomea Company

Improper Input Validation, Cross-site Scripting (XSS) vulnerability in Web GUI of Secomea GateManager allows an attacker to execute arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4. Secomea GateManager Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Secomea GateManager is a remote access server product of Denmark Secomea Company. The vulnerability stems from incorrect input validation

Cross-site Scripting (XSS) vulnerability in web GUI of Secomea GateManager allows an attacker to inject arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4. Secomea GateManager Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Secomea GateManager is a remote access server product of Denmark Secomea Company

An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has CONFIG_XEN_UNPOPULATED_ALLOC but not CONFIG_XEN_BALLOON_MEMORY_HOTPLUG. Linux kernel 5.9.x through 5.11.3 contains a security vulnerability that could be exploited by an attacker to cause the driver to crash

An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931. This update provides the corresponding Linux kernel updates targeted specifically for Raspberry Pi devices in those same Ubuntu Releases. ========================================================================== Ubuntu Security Notice USN-4984-1 June 04, 2021 linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.8, linux-kvm, linux-oracle vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.10 - Ubuntu 20.04 LTS Summary: Several security issues were fixed in the Linux kernel. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2021-28038) It was discovered that the Realtek RTL8188EU Wireless device driver in the Linux kernel did not properly validate ssid lengths in some situations. An attacker could use this to cause a denial of service (system crash). A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2021-28688) It was discovered that the fuse user space file system implementation in the Linux kernel did not properly handle bad inodes in some situations. A local attacker could possibly use this to cause a denial of service. (CVE-2021-28950) John Stultz discovered that the audio driver for Qualcomm SDM845 systems in the Linux kernel did not properly validate port ID numbers. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-28952) Zygo Blaxell discovered that the btrfs file system implementation in the Linux kernel contained a race condition during certain cloning operations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2021-28964) Vince Weaver discovered that the perf subsystem in the Linux kernel did not properly handle certain PEBS records properly for some Intel Haswell processors. A local attacker could use this to cause a denial of service (system crash). (CVE-2021-28971) It was discovered that the RPA PCI Hotplug driver implementation in the Linux kernel did not properly handle device name writes via sysfs, leading to a buffer overflow. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-28972) It was discovered that the Qualcomm IPC router implementation in the Linux kernel did not properly initialize memory passed to user space. A local attacker could use this to expose sensitive information (kernel memory). A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2021-30002) Dan Carpenter discovered that the block device manager (dm) implementation in the Linux kernel contained a buffer overflow in the ioctl for listing devices. A privileged local attacker could use this to cause a denial of service (system crash). (CVE-2021-31916) It was discovered that the CIPSO implementation in the Linux kernel did not properly perform reference counting in some situations, leading to use- after-free vulnerabilities. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33033) 马哲宇 discovered that the IEEE 1394 (Firewire) nosy packet sniffer driver in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3483) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10: linux-image-5.8.0-1028-kvm 5.8.0-1028.30 linux-image-5.8.0-1031-oracle 5.8.0-1031.32 linux-image-5.8.0-1032-gcp 5.8.0-1032.34 linux-image-5.8.0-1033-azure 5.8.0-1033.35 linux-image-5.8.0-1035-aws 5.8.0-1035.37 linux-image-5.8.0-55-generic 5.8.0-55.62 linux-image-5.8.0-55-generic-64k 5.8.0-55.62 linux-image-5.8.0-55-generic-lpae 5.8.0-55.62 linux-image-5.8.0-55-lowlatency 5.8.0-55.62 linux-image-aws 5.8.0.1035.37 linux-image-azure 5.8.0.1033.33 linux-image-gcp 5.8.0.1032.32 linux-image-generic 5.8.0.55.60 linux-image-generic-64k 5.8.0.55.60 linux-image-generic-lpae 5.8.0.55.60 linux-image-gke 5.8.0.1032.32 linux-image-kvm 5.8.0.1028.30 linux-image-lowlatency 5.8.0.55.60 linux-image-oracle 5.8.0.1031.30 linux-image-virtual 5.8.0.55.60 Ubuntu 20.04 LTS: linux-image-5.8.0-55-generic 5.8.0-55.62~20.04.1 linux-image-5.8.0-55-generic-64k 5.8.0-55.62~20.04.1 linux-image-5.8.0-55-generic-lpae 5.8.0-55.62~20.04.1 linux-image-5.8.0-55-lowlatency 5.8.0-55.62~20.04.1 linux-image-generic-64k-hwe-20.04 5.8.0.55.62~20.04.39 linux-image-generic-hwe-20.04 5.8.0.55.62~20.04.39 linux-image-generic-lpae-hwe-20.04 5.8.0.55.62~20.04.39 linux-image-lowlatency-hwe-20.04 5.8.0.55.62~20.04.39 linux-image-virtual-hwe-20.04 5.8.0.55.62~20.04.39 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-4984-1 CVE-2021-28038, CVE-2021-28660, CVE-2021-28688, CVE-2021-28950, CVE-2021-28952, CVE-2021-28964, CVE-2021-28971, CVE-2021-28972, CVE-2021-29647, CVE-2021-30002, CVE-2021-31916, CVE-2021-33033, CVE-2021-3483 Package Information: https://launchpad.net/ubuntu/+source/linux/5.8.0-55.62 https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1035.37 https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1033.35 https://launchpad.net/ubuntu/+source/linux-gcp/5.8.0-1032.34 https://launchpad.net/ubuntu/+source/linux-kvm/5.8.0-1028.30 https://launchpad.net/ubuntu/+source/linux-oracle/5.8.0-1031.32 https://launchpad.net/ubuntu/+source/linux-hwe-5.8/5.8.0-55.62~20.04.1 . (CVE-2017-16644) It was discovered that the timer stats implementation in the Linux kernel allowed the discovery of a real PID value while inside a PID namespace. (CVE-2021-20261) Olivier Benjamin, Norbert Manthey, Martin Mazein, and Jan H

An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables. Linux Kernel Contains an unspecified vulnerability.Information is obtained and denial of service (DoS) It may be put into a state. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64 3. Bug Fix(es): * System Crash / Core dump while deleting VMs (BZ#1897687) * various patches to stabilize the OPAL error log processing and the powernv dump processing (ESS) (BZ#1907302) * Unable to receive the signal registered using mq_notify(). (BZ#1926111) * SCTP "Address already in use" when no active endpoints from RHEL 8.2 onwards (BZ#1927522) * enable CONFIG_RANDOM_TRUST_CPU (BZ#1928027) * [mm] mm, oom: remove oom_lock from oom_reaper (BZ#1929739) * Configuring the system with non-RT kernel will hang the system (BZ#1930737) * fNIC driver needs a patch fix that addresses crash (BZ#1932460) * OVS mistakenly using local IP as tun_dst for VXLAN packets (?) (BZ#1944670) Enhancement(s): * mlx5: Hairpin Support in Switch Mode (BZ#1924690) * Trace mode enablement in IMC to facilitate perf-kvm support (perf:) (BZ#1929696) * ice: Enable Flow Director Support (BZ#1930780) 4. ========================================================================= Ubuntu Security Notice USN-4901-1 April 06, 2021 linux-lts-trusty vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 ESM Summary: Several security issues were fixed in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-27365) It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data. (CVE-2020-28374) Adam Nichols discovered that the iSCSI subsystem in the Linux kernel did not properly restrict access to iSCSI transport handles. A local attacker could use this to cause a denial of service or expose sensitive information (kernel pointer addresses). A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). (CVE-2021-27364) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM: linux-image-3.13.0-185-generic 3.13.0-185.236~12.04.1 linux-image-generic-lts-trusty 3.13.0.185.170 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Bug Fix(es): * kernel-rt possible livelock: WARNING: CPU: 28 PID: 3109 at kernel/ptrace.c:242 ptrace_check_attach+0xdd/0x1a0 (BZ#1925308) * kernel-rt: update RT source tree to the RHEL-8.3.z3 source tree (BZ#1926369) 4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2021:1071-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1071 Issue date: 2021-04-06 CVE Names: CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Security Fix(es): * kernel: out-of-bounds read in libiscsi module (CVE-2021-27364) * kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365) * kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Customer testing eMMC sees and intermittent boot problem on 7.8+, was not seen on 7.3 (BZ#1918916) * tcm loopback driver causes double-start of scsi command when work is delayed (BZ#1925652) * [Azure][RHEL-7]Mellanox Patches To Prevent Kernel Hang In MLX4 (BZ#1925691) * A patch from upstream c365c292d059 causes us to end up leaving rt_nr_boosted in an inconsistent state, which causes a hard lockup. (BZ#1928082) * [RHEL7.9.z] Add fix to update snd_wl1 in bulk receiver fast path (BZ#1929804) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1930078 - CVE-2021-27365 kernel: heap buffer overflow in the iSCSI subsystem 1930079 - CVE-2021-27363 kernel: iscsi: unrestricted access to sessions and handles 1930080 - CVE-2021-27364 kernel: out-of-bounds read in libiscsi module 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-1160.24.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.24.1.el7.noarch.rpm kernel-doc-3.10.0-1160.24.1.el7.noarch.rpm x86_64: bpftool-3.10.0-1160.24.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.24.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.24.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.24.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.24.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.24.1.el7.x86_64.rpm perf-3.10.0-1160.24.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm python-perf-3.10.0-1160.24.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.24.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.24.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-1160.24.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.24.1.el7.noarch.rpm kernel-doc-3.10.0-1160.24.1.el7.noarch.rpm x86_64: bpftool-3.10.0-1160.24.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.24.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.24.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.24.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.24.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.24.1.el7.x86_64.rpm perf-3.10.0-1160.24.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm python-perf-3.10.0-1160.24.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.24.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.24.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-1160.24.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.24.1.el7.noarch.rpm kernel-doc-3.10.0-1160.24.1.el7.noarch.rpm ppc64: bpftool-3.10.0-1160.24.1.el7.ppc64.rpm bpftool-debuginfo-3.10.0-1160.24.1.el7.ppc64.rpm kernel-3.10.0-1160.24.1.el7.ppc64.rpm kernel-bootwrapper-3.10.0-1160.24.1.el7.ppc64.rpm kernel-debug-3.10.0-1160.24.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1160.24.1.el7.ppc64.rpm kernel-debug-devel-3.10.0-1160.24.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-1160.24.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1160.24.1.el7.ppc64.rpm kernel-devel-3.10.0-1160.24.1.el7.ppc64.rpm kernel-headers-3.10.0-1160.24.1.el7.ppc64.rpm kernel-tools-3.10.0-1160.24.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1160.24.1.el7.ppc64.rpm kernel-tools-libs-3.10.0-1160.24.1.el7.ppc64.rpm perf-3.10.0-1160.24.1.el7.ppc64.rpm perf-debuginfo-3.10.0-1160.24.1.el7.ppc64.rpm python-perf-3.10.0-1160.24.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1160.24.1.el7.ppc64.rpm ppc64le: bpftool-3.10.0-1160.24.1.el7.ppc64le.rpm bpftool-debuginfo-3.10.0-1160.24.1.el7.ppc64le.rpm kernel-3.10.0-1160.24.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-1160.24.1.el7.ppc64le.rpm kernel-debug-3.10.0-1160.24.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1160.24.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1160.24.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1160.24.1.el7.ppc64le.rpm kernel-devel-3.10.0-1160.24.1.el7.ppc64le.rpm kernel-headers-3.10.0-1160.24.1.el7.ppc64le.rpm kernel-tools-3.10.0-1160.24.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1160.24.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-1160.24.1.el7.ppc64le.rpm perf-3.10.0-1160.24.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-1160.24.1.el7.ppc64le.rpm python-perf-3.10.0-1160.24.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1160.24.1.el7.ppc64le.rpm s390x: bpftool-3.10.0-1160.24.1.el7.s390x.rpm bpftool-debuginfo-3.10.0-1160.24.1.el7.s390x.rpm kernel-3.10.0-1160.24.1.el7.s390x.rpm kernel-debug-3.10.0-1160.24.1.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-1160.24.1.el7.s390x.rpm kernel-debug-devel-3.10.0-1160.24.1.el7.s390x.rpm kernel-debuginfo-3.10.0-1160.24.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-1160.24.1.el7.s390x.rpm kernel-devel-3.10.0-1160.24.1.el7.s390x.rpm kernel-headers-3.10.0-1160.24.1.el7.s390x.rpm kernel-kdump-3.10.0-1160.24.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-1160.24.1.el7.s390x.rpm kernel-kdump-devel-3.10.0-1160.24.1.el7.s390x.rpm perf-3.10.0-1160.24.1.el7.s390x.rpm perf-debuginfo-3.10.0-1160.24.1.el7.s390x.rpm python-perf-3.10.0-1160.24.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-1160.24.1.el7.s390x.rpm x86_64: bpftool-3.10.0-1160.24.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.24.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.24.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.24.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.24.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.24.1.el7.x86_64.rpm perf-3.10.0-1160.24.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm python-perf-3.10.0-1160.24.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: bpftool-debuginfo-3.10.0-1160.24.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1160.24.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-1160.24.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1160.24.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1160.24.1.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-1160.24.1.el7.ppc64.rpm perf-debuginfo-3.10.0-1160.24.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1160.24.1.el7.ppc64.rpm ppc64le: bpftool-debuginfo-3.10.0-1160.24.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1160.24.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-1160.24.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1160.24.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1160.24.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1160.24.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-1160.24.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-1160.24.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1160.24.1.el7.ppc64le.rpm x86_64: bpftool-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.24.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.24.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-1160.24.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.24.1.el7.noarch.rpm kernel-doc-3.10.0-1160.24.1.el7.noarch.rpm x86_64: bpftool-3.10.0-1160.24.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.24.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.24.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.24.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.24.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.24.1.el7.x86_64.rpm perf-3.10.0-1160.24.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm python-perf-3.10.0-1160.24.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.24.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.24.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.24.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-27363 https://access.redhat.com/security/cve/CVE-2021-27364 https://access.redhat.com/security/cve/CVE-2021-27365 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYGwp7tzjgjWX9erEAQgQXQ//b1YLCLj3RXDop9pRP30zQj7xj3xDYBK5 7FLTR7K6HVYynrzKBJ87TyJkuhaPpTi8452HYHjLaYt6VYa+j1Jr+PVQr+ZaO+Rz iSRl3Sr5NYynAt9g2vNp6tfeeYPddVSpDpxkUr84EDRZ9Jg8tYtLkanRT9cH02gs +TYPCUZn/2Ii6YQjksIZmv6VVUZepMaO/kDDEi89ivGCffaMvS70Z86498XawgeM eJttBvztEv5K6wvaRtnJegmeonYKxouP1FYDyXh+WAG6zjQDcUEWUKgwdGGn+mXb k4T6F/ktCAx7wSKgt4kMvVmvzOc5jScJ2V0aK3rvm5LnqHoNin5syGOIHm6BM5Jp KTO6MGa9ex7xQdz/pNU/4aqxtKK0G4ceL8xjEGpei5U0gIEXuK4KFySa1bDQa2Xd eN2VtwzajY2tvCe7FrKuwKGb6HyIQK39C8hUHsD2x+JwLCxb12DWBY0ulJzh2C2l LPwWFWMhJqH2GG2wIKh6msCQOMJOGO3zwLtkGMj5dXrmDBHhkkT1FZnL0DdDxL3m JGija+Tr50EFGBFZvS1brChBEqwHqklkUQ3nWVXDj8ipRXJMOOGHbssw9FqnX01B qF414rmDTU1tBHc7bPo8/q5zMXKV5vOixRplzs0sw0hlBJKjvlpVpDMiseo3crlj ghAOW9EzFXk=pxZs -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Bug Fix(es): * Enable CI and changelog for GitLab workflow (BZ#1930934) 4

SonicWall SSO-agent default configuration uses NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypass firewall access controls. SonicWall SSO-agent Contains an authentication vulnerability.Information may be obtained and information may be tampered with. SonicWall SSO-agent is an application software of the US (SonicWall) company. Provides a single login to provide access to multiple network resources based on administrator-configured group membership and policy matching. A security vulnerability exists in the SonicWall SSO-agent that could allow an attacker to bypass firewall access controls

ZXHN F460 is the optical modem of ZTE's EPON mode. ZTE Corporation ZXHN F460 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service attack.

ZTE Corporation is the world's leading provider of integrated communications solutions. ZTE Corporation ZXHN F460S has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service attack.

DIAView is an automated management system with real-time system monitoring, data acquisition and analysis functions. The DIAView configuration software of Delta Electronics Enterprise Management (Shanghai) Co., Ltd. has an arbitrary file reading vulnerability. Attackers can use this vulnerability to obtain sensitive information.

The business scope of Beijing Xinnuoride Software System Co., Ltd. includes: software development; computer system services; technology promotion services; technical development of network equipment, communication products, computer hardware and software, etc. The WiseGrid Huimin application delivery gateway has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

ZTE Corporation is the world's leading provider of integrated communications solutions. ZTE Corporation ZXHN F4600U has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service attack.

An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on the FortiProxy appliance through the Quick Connection functionality. FortiProxy Contains an improper authentication vulnerability.Information may be obtained. Fortinet FortiProxy SSL VPN is an application software of the United States (Fortinet) company. An intrusion detection function is provided. There is a security vulnerability in FortiProxy SSL VPN, which allows attackers to exploit the vulnerability to obtain credentials of SSL VPN users

When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the FortiGate in version below 6.2.5 and below 6.4.2 on port 80/443, it is not redirected to the transparent proxy policy for processing, as it doesn't have a valid HTTP header. FortiGate Contains an unspecified vulnerability.Information may be tampered with. Opera Software Opera is a web browser produced by Opera Software in Norway. It supports multi-window browsing, custom user interface and other functions. HTTPS (Hypertext Transfer Protocol Secure) is a network security transmission protocol, which communicates via Hypertext Transfer Protocol (HTTP) on a computer network, and uses SSL/TLS to encrypt data packets. The main purpose of HTTPS development is to provide identity authentication to web servers and protect the privacy and integrity of exchanged data. Vulnerabilities exist in Opera Software Opera and HTTPS. The following products and versions are affected:

XINJE XL5E-16T is a series of Ethernet controller products. XINJE XL5E-16T ModbusTCP protocol has a denial of service vulnerability. Attackers can use this vulnerability to cause the device to crash and fail to work normally.

Moxa is a leading manufacturer of industrial automation, providing complete industrial equipment networking, industrial computers and industrial network solutions, and is committed to the joint promotion and practice of industrial Internet. The MOXA AWK-1131A Ethernet 802LLC protocol has a denial of service vulnerability, which can be exploited by an attacker to cause the device to fail to work normally.

XINJE XDME-30T4-E is a controller product of the Ethernet series. XINJE XDME-30T4-E ModbusTCP protocol has a denial of service vulnerability. Attackers can use this vulnerability to cause the device to crash and fail to work normally.

Mitsubishi Electric FX5U-32MT/ES is a programmable logic controller (PLC) product of the MELSEC FX series. The ARP protocol of MITSUBISHI Electric FX5U-32MT/ES has a denial of service vulnerability. Attackers can use this vulnerability to cause the device to fail to work normally.

China Mobile Communications Group Co., Ltd. is a mobile communications operator whose business scope includes: basic telecommunications services; value-added telecommunications services, etc. China Mobile Communications Group Co., Ltd. GM619 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

TL-ER7520G is a new generation of all-gigabit enterprise router products. Universal Technology Co., Ltd. TL-ER7520G has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.