An update for openstack-nova is now available for Red Hat OpenStack Platform 16.1 (Train). Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Critical: Red Hat OpenStack Platform 16.1 security update Advisory ID: RHSA-2023:3156-01 Product: Red Hat OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2023:3156 Issue date: 2023-05-17 CVE Names: CVE-2023-2088 ==================================================================== 1. Summary: An update for openstack-nova is now available for Red Hat OpenStack Platform 16.1 (Train). Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 16.1 - noarch 3. Description: Security Fix(es): * EMBARGOED CVE-2023-2088 openstack-cinder: silently access other user's volumes (CVE-2023-2088) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2179587 - CVE-2023-2088 openstack-cinder: silently access other user's volumes 6. Package List: Red Hat OpenStack Platform16.1: Source: openstack-cinder-15.4.0-1.20230510003501.58f0e73.el8ost.src.rpm openstack-nova-20.4.1-1.20221005193232.el8ost.src.rpm python-glance-store-1.0.2-1.20220219073735.el8ost.src.rpm python-os-brick-2.10.5-1.20220112193420.634fb4a.el8ost.src.rpm noarch: openstack-cinder-15.4.0-1.20230510003501.58f0e73.el8ost.noarch.rpm openstack-nova-20.4.1-1.20221005193232.el8ost.noarch.rpm openstack-nova-api-20.4.1-1.20221005193232.el8ost.noarch.rpm openstack-nova-common-20.4.1-1.20221005193232.el8ost.noarch.rpm openstack-nova-compute-20.4.1-1.20221005193232.el8ost.noarch.rpm openstack-nova-conductor-20.4.1-1.20221005193232.el8ost.noarch.rpm openstack-nova-console-20.4.1-1.20221005193232.el8ost.noarch.rpm openstack-nova-migration-20.4.1-1.20221005193232.el8ost.noarch.rpm openstack-nova-novncproxy-20.4.1-1.20221005193232.el8ost.noarch.rpm openstack-nova-scheduler-20.4.1-1.20221005193232.el8ost.noarch.rpm openstack-nova-serialproxy-20.4.1-1.20221005193232.el8ost.noarch.rpm openstack-nova-spicehtml5proxy-20.4.1-1.20221005193232.el8ost.noarch.rpm python3-cinder-15.4.0-1.20230510003501.58f0e73.el8ost.noarch.rpm python3-glance-store-1.0.2-1.20220219073735.el8ost.noarch.rpm python3-nova-20.4.1-1.20221005193232.el8ost.noarch.rpm python3-os-brick-2.10.5-1.20220112193420.634fb4a.el8ost.noarch.rpm Red Hat OpenStack Platform 16.1: Source: openstack-cinder-15.4.0-1.20230510003501.58f0e73.el8ost.src.rpm python-os-brick-2.10.5-1.20220112193420.634fb4a.el8ost.src.rpm noarch: openstack-cinder-15.4.0-1.20230510003501.58f0e73.el8ost.noarch.rpm python3-cinder-15.4.0-1.20230510003501.58f0e73.el8ost.noarch.rpm python3-os-brick-2.10.5-1.20220112193420.634fb4a.el8ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-2088 https://access.redhat.com/security/updates/classification#critical 8. Contact: The Red Hat security contact is . Morecontact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZGRr29zjgjWX9erEAQiVug//TcihV0I2Pf3ztuRxxZg10mh343oDhmKS kovBJNT8n5Cr+Vb6yXeVMrX8KNNfoaVuuI1A9tQCnck9H3KscAxVM3fO3T2rY7/p NqQ7S6B8nwoB9IK+AQjfZt6izlWlTs2C0T2u1JaSQBe+Cct0lJpCkSAba+UwHvu5 kbQt6GaTbHASUs5zY5yat1RIOqhDYGemJYg6dsEmZVA2ZiBFVyT+N5f5o23xofZ4 /ABji0DTlatWt8pGG7hbP00TDYyafswkIns3qnVDUP6PnB5wVhsDzpCHSWdTOuBw sREXOACYy5bXtM2MXdLWm8taafvFu60hnChjLsdtZ/+EV0B32lyDlH0aqi55Iatb NWAWg3B79aVul/CLwhrKmloZRiiyBQTWtLEpXIg5QU+ilF3gGfYX4ff7+PJeCJWW zZMFKY/oFrUbk+gFuID2qD3bwcS6oWqcjWzcHAm4dP1y4OcH5SvbHIrIwbdQF9QJ 6W2mawKCMMsX5CUj9tH+NR4mz8aBuLHr4q7eupPkOlswZmrS57UotJl7NjTUNr7A C8/6Deo3UeQUTBH9Osfy0kUVp3xJxF+WwXDGCNqpKnLLMSE3omvNO8gQOiPooVXW OVjAa/ewsLo+WXUFY4C+w92pzC9Nh2KXj5e714KjNRFBoi2CIXcy0cfj2KlP5BVE xx1mmidLJHw=1uh6 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
An update for openssl-container is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Critical: openssl-container security update Advisory ID: RHSA-2022:7384-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:7384 Issue date: 2022-11-02 CVE Names: CVE-2022-3602 CVE-2022-3786 ==================================================================== 1. Summary: An update for openssl-container is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: The ubi9/openssl image provides provides an openssl command-line tool for using the various functions of the OpenSSL crypto library. Using the OpenSSL tool, you can generate private keys, create certificate signing requests (CSRs), and display certificate information. This updates the ubi9/openssl image in the Red Hat Container Registry. To pull this container image, run one of the following commands: podman pull registry.redhat.io/rhel9/openssl (authenticated) podman pull registry.access.redhat.com/ubi9/openssl (unauthenticated) Security Fix(es): * OpenSSL: X.509 Email Address Buffer Overflow (CVE-2022-3602) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For details on how to apply this update, which includes thechanges described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 4. Bugs fixed (https://bugzilla.redhat.com/): 2134869 - rebuild of openssl-container 9.0 2137723 - CVE-2022-3602 OpenSSL: X.509 Email Address Buffer Overflow 5. References: https://access.redhat.com/security/cve/CVE-2022-3602 https://access.redhat.com/security/cve/CVE-2022-3786 https://access.redhat.com/security/updates/classification#critical https://catalog.redhat.com/en/search https://access.redhat.com/security/vulnerabilities/RHSB-2022-004 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY2MRgtzjgjWX9erEAQgHMBAAgjuU0cGu47ptVYHjuJHUUBIrQaAjqcwW MffMcu54pXHcKaFi0FV7moAJ5mawQWAamunMaleKScdinaYMk9W8RtLg8jO9flpm vN1tTVvIyoSQ9KKe/1jde37VbtkNL5FmV9uWfMCL55qqF4FL0a6zFLbPDjWXaxh9 UvXds0G1JqUkHnSCrxIMP9UJrTvMQRxI06BfBkstMbfdUd26gfmcyTux9IyVZQnc YKnDaYKsMGmy+iX1Fe7FlfnAyA04MEVsqCa82MbD47TDRmFtrkurZO0R71MDGVVZ 75AnDX+Z5o6Z7tZcmXWdz67aEZ4ApPVqvRjtd7D8LDGfJCDZC0HTS0cvUozJOqsL cl3owpI3Kj+bx8S+dtfjgRfMNXU4IRl4T+qSTBwE1jEY/s44NvJjGYDBGUqneUtF V7Hv7JkApSgx5OxLz2zK75DiGqL9fD/qpNHhj73KHWvvSKvNEGlmkIWWF1wkC5XO Z/Ld5Q/FW9bchkQwxEJuxykzukzn2m6xUqVKjfB4ErhCBfoqredYY7jcNLYJcgOU BNaR9kH1kRRp2F55QmA03dxU6FPn4N1CoOHJsrxvF4lIXkrgCzu9QTVPqOONSg+i dQJYzvrv9r7E0AT7iSOzlBj3VUZqL3NktNb+4fOY9RwgRMdkBBi0ofykujSXeI2S 8OZlzBFtsPA=1WnU -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.10.0 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat OpenShift Data Foundation 4.10.0 enhancement, security & bug fix update Advisory ID: RHSA-2022:1372-01 Product: RHODF Advisory URL: https://access.redhat.com/errata/RHSA-2022:1372 Issue date: 2022-04-13 CVE Names: CVE-2021-29923 CVE-2021-34558 CVE-2021-36221 CVE-2021-43565 CVE-2021-44716 CVE-2021-44717 ==================================================================== 1. Summary: Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.10.0 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API. Security Fix(es): * golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565) * golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717) * golang: net/http: limit growth ofheader canonicalization cache (CVE-2021-44716) * golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221) * golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923) * golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558) Bug Fix(es): These updated packages include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes: https://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/4.10/html/4.10_release_notes/index All Red Hat OpenShift Data Foundation users are advised to upgrade to these updated packages, which provide numerous bug fixes and enhancements. or more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information refer to the CVE page(s) listed in the References section. 3. Solution: For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 1898988 - [RFE] OCS CephFS External Mode Multi-tenancy. Add cephfs subvolumegroup and path= caps per cluster. 1954708 - [GSS][RFE] Restrict Noobaa from creating public endpoints for Azure Private Cluster 1956418 - [GSS][RFE] Automatic space reclaimation for RBD 1970123 - [GSS] [Azure] NooBaa insecure StorageAccount does not allow for TLS 1.2 1972190 - Attempt to remove pv-pool based noobaa-default-backing-store fails and makes this pool stuck in Rejected state 1974344 - critical ClusterObjectStoreState alert firing after installation of arbiter storage cluster, likely because ceph object user for cephobjectstore fails to be created, when storagecluster is reinstalled 1981341 - Changing a namespacestore's targetBucket field doesn't check whether thetarget bucket actually exists 1981694 - Restrict Noobaa from creating public endpoints for IBM ROKS Private cluster 1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1991462 - helper pod runs with root privileges during Must-gather collection(affects ODF Managed Services) 1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet 1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic 1996830 - OCS external mode should allow specifying names for all Ceph auth principals 1996833 - ceph-external-cluster-details-exporter.py should have a read-only mode 1999689 - Integrate upgrade testing from ocs-ci to the acceptance job for final builds before important milestones 1999952 - Automate the creation of cephobjectstoreuser for obc metrics collector 2003532 - [Tracker for RHEL BZ #2008825] Node upgrade failed due to "expected target osImageURL" MCD error 2005801 - [KMS] Tenant config does not override backendpath if the key is specified in UPPER_CASE 2005919 - [DR] [Tracker for BZ #2008587] when Relocate action is performed and the Application is deleted completely rbd image is not getting deleted on secondary site 2021313 - [GSS] Cannot delete pool 2022424 - System capacity card shows infinity % as used capacity. 2022693 - [RFE] ODF health should reflect the health of Ceph + NooBaa 2024107 - Retrieval of cached objects with `s3 sync` after change in object size in underlying storage results in an InvalidRange error 2024545 - Overprovision Level Policy Control doesn't support custom storageclass 2026007 - Use ceph 'osd safe-to-destroy' feature in OSD purge job 2027666 - [DR] CephBlockPool resources reports wrong mirroringStatus 2027826 - OSD Removal template needs to expose option to force remove the OSD 2028559 - OBC stuck on pending post node failure recovery 2029413 - [DR] Dummy image size is same as the size of image forwhich it was created 2030602 - MCG not reporting standardized metric correctly for usage 2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error 2030839 - Concecutive dashes in OBC name 2031023 - "dbStorageClassName" goes missing in storage cluster yaml for mcg standalone mode 2031705 - [GSS] OBC is not visible by admin of a Project on Console 2032404 - After a node restart, the RGW pod is stuck in a CrashLoopBackOff state 2032412 - [DR] After Failback and PVC deletion the rbd images are left in trash 2032656 - Rook not recovering when deleting osd deployment with kms encryption 2032969 - No RBD mirroring daemon down alert when daemon is down 2032984 - After creating a new SC it redirects to 404 error page instead of the "StorageSystems" page 2033251 - Fix ODF 4.9 compatibility with OCP 4.10 2034003 - NooBaa endpoint pod Terminated before new one comes in Running state after editing the configmap 2034805 - upgrade not started for ODF 4.10 2034904 - OCS operator version differ in CLI commands. 2035774 - Must Gather, Ceph files do not exist on MG directory 2035995 - [GSS] odf-operator-controller-manager is in CLBO with OOM kill while upgrading OCS-4.8 to ODF-4.9 2036018 - ROOK_CSI_* overrides missing from the CSV in 4.10 2036211 - [GSS] noobaa-endpoint becomes CrashLoopBackOff when uploading metrics data to bucket 2037279 - [Azure] OSDs go into CLBO state while mounting an RBD PVC 2037318 - Helper Pod doesn't come up for MCG only must-gather 2037497 - Concecutive dashes in OBC name 2038884 - noobaa-operator is stuck in a CrashLoopBackOff (r.OBC is nil, invalid memory address or nil pointer dereference) 2039240 - [KMS] Deployment of ODF cluster fails when cluster wide encryption is enabled using service account for KMS auth 2040682 - [GSS] Complete multipart upload operation fails with error ' Cannotread property 'sort' of undefined' 2041507 - Missing add modal for action "add capacity" in UI . 2042866 - must gather does not collect the yaml or describe output of the subscription 2043017 - "CSI Addons" operator is not hidden in OperatorHub and Installed Operators page 2043028 - the CSI-Addons sidecar is not automatically deployed, requires enabling in Rook ConfigMap 2043406 - ReclaimSpaceJob status showing "reclaimedSpace" value as "0" 2043513 - [Tracker for Ceph BZ 2044836] mon is in CLBO after upgrading to 4.10-113 2044447 - ODF 4.9 deployment fails when deployed using the ODF managed service deployer (ocs-osd-deployer) 2044823 - Update CSI sidecars to the latest release for 4.10 2045084 - [SNO] controller-manager state is CreateContainerError 2046186 - A TODO text block in the API browser 2046254 - Topolvm-controller is failing to pull image 2046677 - Reclaimspacecronjob is not created after adding the annotation reclaimspace.csiaddons.openshift.io/schedule in PVC 2046766 - [IBM Z]: csi-rbdplugin pods failed to come up due to ImagePullBackOff from the "csiaddons" registry 2046887 - use KMS_PROVIDER name for IBM key protect service as "ibmkeyprotect" 2047162 - ReclaimSpaceJob failing, fstrim is executed on a non-existing mountpoint/directory 2047201 - Add HPCS secret name to Ceph and NooBaa CR 2047562 - CSI Sidecar containers do not start 2047565 - PVC snapshot creation is not successful 2047625 - Dockerfile changes for topolvm 2047632 - mcg-operator failed to install on 4.10.0-126 2047642 - Replace alpine/openssl image in the downstream build 2048107 - vgmanager cannot list block devices on the node 2048370 - CSI-Addons controller makes node reclaimspace request even when the PVC is not mounted to any pod. 2048458 - python exporter script 'ceph-external-cluster-details-exporter.py' error cap mon does not match on ODF 4.10 2049029 - MCG admission control webhooks don't work 2049075 - openshift-storage namespace is stuck in terminating state during uninstall due to remainingcsi-addons resources 2049081 - ReclaimSpaceJob is failing for RBD RWX PVC 2049424 - ODF Provider/Consumer mode - backport for missing content 2049509 - ocs operator stuck on CrashLoopBackOff while installing with KMS 2049718 - provider/consumer Mode: rook-ceph-csi-config configmap needs to be updated with the relevant subvolumegroup information 2049727 - [DR] Mirror Peer stuck in ExchangingSecret State 2049771 - We can see 2 ODF Multicluster Orchestrator operators in operator hub page 2049790 - Add error handling for GetCurrentStorageClusterRef 2050056 - [GSS][KMS] Tenant configmap does not override vault namespace 2050142 - [DR] MCO operator is setting s3region as empty inside s3storeprofiles 2050402 - Ramen doesn't generate correct VRG spec in sync mode 2050483 - [DR]post creating MirrorPeer, the ramen config map had invalid values 2051249 - [GSS]noobaa-db-pg-0 Pod stuck CrashLoopBackOff state 2051406 - Need commit hash in package json and logs 2051599 - Use AAD while unwrapping the KEY from HPCS/Key Protect KMS 2051913 - [KMS] Skip SC creation for vault SA based kms encryption 2052027 - cephfs: rados omap leak after deletesnapshot 2052438 - [KMS] Storagecluster is in progressing state due to failed RGW deployment when using cluster wide encryption with kubernetes auth method 2052937 - [KMS] Auto-detection of KV version fails when using Vault namespaces 2052996 - ODF deployment fails using RHCS in external mode due to cephobjectstoreuser 2053156 - Avoid worldwide permission mode setting at time of nodestage of CephFS share 2053517 - [DR] Applications are not getting DR protected 2054147 - Provider/Consumer: Provider API server crashloopbackoff 2054755 - Update storagecluster API in the odf-operator 2061251 - [GSS]Object Upload failed with Unhandled exception when not using parameter "UseChunkEncoding = false" in s3 client in ODF 4.9 5.References: https://access.redhat.com/security/cve/CVE-2021-29923 https://access.redhat.com/security/cve/CVE-2021-34558 https://access.redhat.com/security/cve/CVE-2021-36221 https://access.redhat.com/security/cve/CVE-2021-43565 https://access.redhat.com/security/cve/CVE-2021-44716 https://access.redhat.com/security/cve/CVE-2021-44717 https://access.redhat.com/security/updates/classification#important 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYlf0YdzjgjWX9erEAQiBfQ/9GAtNJ4oagyNDaHfbMaeGA/GCeiBiweH9 E3FYVd8Vedz6uxuL02Vm0yY6jlr7QWJADRExIEcRLZ63ctR4hdwzCs2EIWICEuSv 2Wl4MtVXTOe8b95UTNL8frkvTNoijGqAIN7NMpMenPeSJBM38Lwt/gAoYt4//CpK afZmyfFTkGkoEGZ3hKvZpX2rQ/5zr1kAMErPZW71wctVcNAnv85DnThQQ+qy2UzI xyBwU3gGUtTLzy7TRgauMbu8/y6JvRCsuoaeBUU4bLJIOL5ES851OpDP+nzGvx+H M2yXB6ATHJ4YdqBM4wBCzXxApQD+FKFSCZoZMKpr1d1dZXPO0L0CUNFrNFHubLkk xBLqFpHAEB89R+jZcrum1dBGEVB+Q2vqCRe6Udbjlyy20dS06jhBU8Zf2lt2Vo4u Nfwpyb7rByXYXf0Bc+TYhXW6oIJSufvGWQp5pBkmlgi5YeV4VnHCEf4GuLbaPwFL /009HbW6E1D+DTAbqUodpywOUEXeGZnNkSZH6xHazvNw4bXlCv+FlaMiKlrWIWMm CZc98Enap/x84e0Py1gXNaReZedBBqi79US/zjKF9zr5r+yeat7zPAUduV69JMOh vs5mXlCNc2JObCxEfYAGsI0LVOQQdaceIkUpUC9Ejq1Ei3ehhan6UxkFk5TJHOrF TdB2/S/YEtk=2Ut5 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
A security update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Critical: Red Hat Data Grid 8.2.0 security update Advisory ID: RHSA-2021:2139-01 Product: Red Hat JBoss Data Grid Advisory URL: https://access.redhat.com/errata/RHSA-2021:2139 Issue date: 2021-05-26 CVE Names: CVE-2020-10771 CVE-2020-26258 CVE-2020-26259 CVE-2021-21290 CVE-2021-21295 CVE-2021-21341 CVE-2021-21342 CVE-2021-21343 CVE-2021-21344 CVE-2021-21345 CVE-2021-21346 CVE-2021-21347 CVE-2021-21348 CVE-2021-21349 CVE-2021-21350 CVE-2021-21351 CVE-2021-21409 CVE-2021-31917 ==================================================================== 1. Summary: A security update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Data Grid is a distributed, in-memory data store. This release of Red Hat Data Grid 8.2.0 serves as a replacement for Red Hat Data Grid 8.1.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * Infinispan: Authentication bypass on REST endpoints when using DIGEST authentication mechanism (CVE-2021-31917) * XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet (CVE-2021-21344) * XStream: Unsafe deserizaliationof com.sun.corba.se.impl.activation.ServerTableEntry (CVE-2021-21345) * XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue (CVE-2021-21346) * XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator (CVE-2021-21347) * XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader (CVE-2021-21350) * Infinispan: Actions with effects should not be permitted via GET requests using REST API (CVE-2020-10771) * XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling (CVE-2020-26258) * XStream: arbitrary file deletion on the local host when unmarshalling (CVE-2020-26259) * netty: Information disclosure via the local system temporary directory (CVE-2021-21290) * netty: possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295) * XStream: allow a remote attacker to cause DoS only by manipulating the processed input stream (CVE-2021-21341) * XStream: SSRF via crafted input stream (CVE-2021-21342) * XStream: arbitrary file deletion on the local host via crafted input stream (CVE-2021-21343) * XStream: ReDoS vulnerability (CVE-2021-21348) * XStream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host (CVE-2021-21349) * XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream (CVE-2021-21351) * netty: Request smuggling via content-length header (CVE-2021-21409) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Refer to the Data Grid 8.2 Upgrade Guide for instructions on upgrading to this version. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed(https://bugzilla.redhat.com/): 1846293 - CVE-2020-10771 Infinispan: Actions with effects should not be permitted via GET requests using REST API 1908832 - CVE-2020-26258 XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling 1908837 - CVE-2020-26259 XStream: arbitrary file deletion on the local host when unmarshalling 1927028 - CVE-2021-21290 netty: Information disclosure via the local system temporary directory 1937364 - CVE-2021-21295 netty: possible request smuggling in HTTP/2 due missing validation 1942539 - CVE-2021-21341 XStream: allow a remote attacker to cause DoS only by manipulating the processed input stream 1942545 - CVE-2021-21342 XStream: SSRF via crafted input stream 1942550 - CVE-2021-21343 XStream: arbitrary file deletion on the local host via crafted input stream 1942554 - CVE-2021-21344 XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet 1942558 - CVE-2021-21345 XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry 1942578 - CVE-2021-21346 XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue 1942629 - CVE-2021-21347 XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator 1942633 - CVE-2021-21348 XStream: ReDoS vulnerability 1942635 - CVE-2021-21349 XStream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host 1942637 - CVE-2021-21350 XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader 1942642 - CVE-2021-21351 XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream 1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 1955113 - CVE-2021-31917 Infinispan: Authentication bypass on REST endpoints when using DIGEST authentication mechanism 5.References: https://access.redhat.com/security/cve/CVE-2020-10771 https://access.redhat.com/security/cve/CVE-2020-26258 https://access.redhat.com/security/cve/CVE-2020-26259 https://access.redhat.com/security/cve/CVE-2021-21290 https://access.redhat.com/security/cve/CVE-2021-21295 https://access.redhat.com/security/cve/CVE-2021-21341 https://access.redhat.com/security/cve/CVE-2021-21342 https://access.redhat.com/security/cve/CVE-2021-21343 https://access.redhat.com/security/cve/CVE-2021-21344 https://access.redhat.com/security/cve/CVE-2021-21345 https://access.redhat.com/security/cve/CVE-2021-21346 https://access.redhat.com/security/cve/CVE-2021-21347 https://access.redhat.com/security/cve/CVE-2021-21348 https://access.redhat.com/security/cve/CVE-2021-21349 https://access.redhat.com/security/cve/CVE-2021-21350 https://access.redhat.com/security/cve/CVE-2021-21351 https://access.redhat.com/security/cve/CVE-2021-21409 https://access.redhat.com/security/cve/CVE-2021-31917 https://access.redhat.com/security/updates/classification#critical https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=data.grid&version=8.2 https://docs.redhat.com/en/documentation/red_hat_data_grid/8.2/html/upgrading_data_grid/index 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYK7C1tzjgjWX9erEAQiWPg/9HusdDg2N/WJPUeZSoFsYXgm5XgNzleJH 5999VYyebIKZSEAkgPKZOoIAQGoZtVRdqdtGONYMMJfQbNq+5xLiR6jNjF5BSkzN cOAX1R9RtDekdeedVWR1dNf/lX9/Y2h5buNrwEoRimwva7z7lDlC6w9aNhtYgNk4 NIt5WeeNaXirq+lPi2KhMIoQTr+RSrPIcYyOXTtpV1N9ocx20VIXU71OCkoouA7h UzyVojxMpLzT+H93sgqnGDgrMcxraJdGhdl7zVKiCIN1KHVq8rduB78bjQTDMiVN f2cvHUMMIY52ZMmbsMzz9ExEWKurclyiQpWsJcAzq4/n1DL+ojr+a9Ir57Rar19y a86/mnroUPc4M6nNH0HeA6StZgt6+WVHZ/wlTTKRB9C1l40kZOahj/Te0jrgiDj2 g2G9S7gkF167IcmFpXFgqjxRH40FI33fX3uM1sdbZefW86EyDIc/VD5GAI9KKY4x 6oodgPg5XeLvc+Esl9UN14rtaSkY26PQriunwEluYzybmp1ZWJO18Ow8UqTavpPk Y2ubqvXOFhPCBSQCCdxXMpM83fymqhyh1xoZn0LWlVDX5UcEsfYRtANNtkYIsFTn YZF2CNYjSaTwiy9/eOB18+tnPjIBHWlkOZngUuP1QzHceAiUEWix+pHiqDZnrCMm WjIkSEGjy/g=vmHt -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Several security issues were fixed in GNU C Library.. =========================================================================Ubuntu Security Notice USN-4954-1 May 14, 2021 glibc vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Several security issues were fixed in GNU C Library. Software Description: - glibc: GNU C Library Details: Jason Royes and Samuel Dytrych discovered that the memcpy() implementation for 32 bit ARM processors in the GNU C Library contained an integer underflow vulnerability. An attacker could possibly use this to cause a denial of service (application crash) or execute arbitrary code. (CVE-2020-6096) It was discovered that the POSIX regex implementation in the GNU C Library did not properly parse alternatives. An attacker could use this to cause a denial of service. (CVE-2009-5155) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libc6 2.23-0ubuntu11.3 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4954-1 CVE-2009-5155, CVE-2020-6096 . Numerous bugs resolved in the GNU C Library for Ubuntu 16.04 LTS, affecting both system reliability and security measures.. GNU C Library Issues, Ubuntu 16.04 Security, glibc Denial of Service. . LinuxSecurity.com Team
An update for openvswitch2.11, ovn2.11, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 and Red Hat Virtualization Engine 4.3. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Virtualization security, bug fix, and enhancement update Advisory ID: RHSA-2021:0028-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2021:0028 Issue date: 2021-01-06 CVE Names: CVE-2015-8011 ==================================================================== 1. Summary: An update for openvswitch2.11, ovn2.11, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 and Red Hat Virtualization Engine 4.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: RHEL 7-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64 RHV-M 4.3 - x86_64 Red Hat Virtualization 4 Hypervisor for RHEL 7 - noarch Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts - ppc64le, x86_64 3. Description: The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performingadministrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The following packages have been upgraded to a later upstream version: openvswitch2.11 (2.11.3), ovn2.11 (2.11.1), redhat-release-virtualization-host (4.3.12), redhat-virtualization-host (4.3.12). (BZ#1898513, BZ#1907537, BZ#1907538) Security Fix(es): * lldpd: buffer overflow in the lldp_decode function in daemon/protocols/lldp.c (CVE-2015-8011) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/2974891 5. Bugs fixed (https://bugzilla.redhat.com/): 1896536 - CVE-2015-8011 lldpd: buffer overflow in the lldp_decode function in daemon/protocols/lldp.c 1898513 - Rebase RHV-H 4.3 EUS on RHEL-7.9.z #2 6. Package List: Red Hat Virtualization 4 Management Agent for RHEL 7Hosts: Source: openvswitch2.11-2.11.3-77.el7fdp.src.rpm ovn2.11-2.11.1-56.el7fdp.src.rpm ppc64le: openvswitch2.11-2.11.3-77.el7fdp.ppc64le.rpm openvswitch2.11-debuginfo-2.11.3-77.el7fdp.ppc64le.rpm openvswitch2.11-devel-2.11.3-77.el7fdp.ppc64le.rpm ovn2.11-2.11.1-56.el7fdp.ppc64le.rpm ovn2.11-debuginfo-2.11.1-56.el7fdp.ppc64le.rpm ovn2.11-host-2.11.1-56.el7fdp.ppc64le.rpm ovn2.11-vtep-2.11.1-56.el7fdp.ppc64le.rpm python-openvswitch2.11-2.11.3-77.el7fdp.ppc64le.rpm x86_64: openvswitch2.11-2.11.3-77.el7fdp.x86_64.rpm openvswitch2.11-debuginfo-2.11.3-77.el7fdp.x86_64.rpm openvswitch2.11-devel-2.11.3-77.el7fdp.x86_64.rpm ovn2.11-2.11.1-56.el7fdp.x86_64.rpm ovn2.11-debuginfo-2.11.1-56.el7fdp.x86_64.rpm ovn2.11-host-2.11.1-56.el7fdp.x86_64.rpm ovn2.11-vtep-2.11.1-56.el7fdp.x86_64.rpm python-openvswitch2.11-2.11.3-77.el7fdp.x86_64.rpm Red Hat Virtualization 4 Hypervisor for RHEL 7: Source: redhat-virtualization-host-4.3.12-20201216.0.el7_9.src.rpm noarch: redhat-virtualization-host-image-update-4.3.12-20201216.0.el7_9.noarch.rpm RHEL 7-based RHEV-H for RHEV 4 (build requirements): Source: redhat-release-virtualization-host-4.3.12-4.el7ev.src.rpm redhat-virtualization-host-4.3.12-20201216.0.el7_9.src.rpm noarch: redhat-virtualization-host-image-update-4.3.12-20201216.0.el7_9.noarch.rpm redhat-virtualization-host-image-update-placeholder-4.3.12-4.el7ev.noarch.rpm x86_64: redhat-release-virtualization-host-4.3.12-4.el7ev.x86_64.rpm RHV-M 4.3: Source: openvswitch2.11-2.11.3-77.el7fdp.src.rpm ovn2.11-2.11.1-56.el7fdp.src.rpm x86_64: openvswitch2.11-2.11.3-77.el7fdp.x86_64.rpm openvswitch2.11-debuginfo-2.11.3-77.el7fdp.x86_64.rpm openvswitch2.11-devel-2.11.3-77.el7fdp.x86_64.rpm ovn2.11-2.11.1-56.el7fdp.x86_64.rpm ovn2.11-central-2.11.1-56.el7fdp.x86_64.rpm ovn2.11-debuginfo-2.11.1-56.el7fdp.x86_64.rpm ovn2.11-vtep-2.11.1-56.el7fdp.x86_64.rpm python-openvswitch2.11-2.11.3-77.el7fdp.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are availablefrom https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-8011 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX/WeHtzjgjWX9erEAQhq4Q//fdcK49h4XI0Wjh6rSt4t1PtJEeirqeFh ptx1eYMvliONrHebCXjDgXYdMttVgotw26lu9kNzfHsTO/jtA6xkBEEKl5fAWjVL UZYSvy7OL/ht38OQ2hWmML5dUCqavFgA7Jf5SS7jtmnT7O9F7BhjanR7eWIP+eq7 jnx8p9PmywrVeKduh1ozBaBxicnOYzlD/ArTX3d+K5hmXVvDWH7wtL0c8HBpg6QB 5JbRY/86su+QnFN+BagqI27GiOcaGfqEDNSU5pMnxWslECA4PYXHf0OABbcRMebk mxHMP6ZhzZFq2f+paXAMy5dh5fCilJps979qCu5EFSbK2aVkYSEKvHqSyvk7pI+0 SLeU1/YxF5rnDmGGWIatKOMk5+0gMbe8bFZiJLbFkKeY3nzSyUCpoyswt1zWbxob gwmP9DDoH8z7LnDoHB8c7Q8iFQ+zsWMWr7LWt/q7nFNB1QtSKpnhC7EnaoAF4x7U ujHn74JgAAR+AVoMI6ScUDgOJn3Bn5TfhLpR0IzkYLN8bU1o+RgH4yClHgTG4axc kHqW+dMJxVqeXAfuy+1dpSr+NDx+wCAAvAGJxY7dfSTNEZY87h/0F4T6GsGbwpcA Kt7WQZoeyQa3RhihngnKQ3ppJCLXLnCC6247EylJg2KV11MZCs/LC61NwmC7T9UF lO2cuXmA6AI=o+f9 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
It was discovered that missing input validation in the ar/tar implementations of APT, the high level package manager, could cause out-of-bounds reads or infinite loops, resulting in denial of service when processing malformed deb files. . - ----------------------------------------------------------------------- Debian LTS Advisory DLA-2487-1
An update for php is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from . -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Critical: php security update Advisory ID: RHSA-2019:3287-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:3287 Issue date: 2019-10-31 CVE Names: CVE-2019-11043 ==================================================================== 1. Summary: An update for php is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es): * php: underflow in env_path_info in fpm_main.c (CVE-2019-11043) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the Referencessection. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1766378 - CVE-2019-11043 php: underflow in env_path_info in fpm_main.c 6. Package List: Red Hat Enterprise Linux Desktop Optional (v.6): Source: php-5.3.3-50.el6_10.src.rpm i386: php-5.3.3-50.el6_10.i686.rpm php-bcmath-5.3.3-50.el6_10.i686.rpm php-cli-5.3.3-50.el6_10.i686.rpm php-common-5.3.3-50.el6_10.i686.rpm php-dba-5.3.3-50.el6_10.i686.rpm php-debuginfo-5.3.3-50.el6_10.i686.rpm php-devel-5.3.3-50.el6_10.i686.rpm php-embedded-5.3.3-50.el6_10.i686.rpm php-enchant-5.3.3-50.el6_10.i686.rpm php-fpm-5.3.3-50.el6_10.i686.rpm php-gd-5.3.3-50.el6_10.i686.rpm php-imap-5.3.3-50.el6_10.i686.rpm php-intl-5.3.3-50.el6_10.i686.rpm php-ldap-5.3.3-50.el6_10.i686.rpm php-mbstring-5.3.3-50.el6_10.i686.rpm php-mysql-5.3.3-50.el6_10.i686.rpm php-odbc-5.3.3-50.el6_10.i686.rpm php-pdo-5.3.3-50.el6_10.i686.rpm php-pgsql-5.3.3-50.el6_10.i686.rpm php-process-5.3.3-50.el6_10.i686.rpm php-pspell-5.3.3-50.el6_10.i686.rpm php-recode-5.3.3-50.el6_10.i686.rpm php-snmp-5.3.3-50.el6_10.i686.rpm php-soap-5.3.3-50.el6_10.i686.rpm php-tidy-5.3.3-50.el6_10.i686.rpm php-xml-5.3.3-50.el6_10.i686.rpm php-xmlrpc-5.3.3-50.el6_10.i686.rpm php-zts-5.3.3-50.el6_10.i686.rpm x86_64: php-5.3.3-50.el6_10.x86_64.rpm php-bcmath-5.3.3-50.el6_10.x86_64.rpm php-cli-5.3.3-50.el6_10.x86_64.rpm php-common-5.3.3-50.el6_10.x86_64.rpm php-dba-5.3.3-50.el6_10.x86_64.rpm php-debuginfo-5.3.3-50.el6_10.x86_64.rpm php-devel-5.3.3-50.el6_10.x86_64.rpm php-embedded-5.3.3-50.el6_10.x86_64.rpm php-enchant-5.3.3-50.el6_10.x86_64.rpm php-fpm-5.3.3-50.el6_10.x86_64.rpm php-gd-5.3.3-50.el6_10.x86_64.rpm php-imap-5.3.3-50.el6_10.x86_64.rpm php-intl-5.3.3-50.el6_10.x86_64.rpm php-ldap-5.3.3-50.el6_10.x86_64.rpm php-mbstring-5.3.3-50.el6_10.x86_64.rpm php-mysql-5.3.3-50.el6_10.x86_64.rpm php-odbc-5.3.3-50.el6_10.x86_64.rpm php-pdo-5.3.3-50.el6_10.x86_64.rpm php-pgsql-5.3.3-50.el6_10.x86_64.rpm php-process-5.3.3-50.el6_10.x86_64.rpm php-pspell-5.3.3-50.el6_10.x86_64.rpm php-recode-5.3.3-50.el6_10.x86_64.rpm php-snmp-5.3.3-50.el6_10.x86_64.rpm php-soap-5.3.3-50.el6_10.x86_64.rpm php-tidy-5.3.3-50.el6_10.x86_64.rpm php-xml-5.3.3-50.el6_10.x86_64.rpm php-xmlrpc-5.3.3-50.el6_10.x86_64.rpm php-zts-5.3.3-50.el6_10.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: php-5.3.3-50.el6_10.src.rpm x86_64: php-cli-5.3.3-50.el6_10.x86_64.rpm php-common-5.3.3-50.el6_10.x86_64.rpm php-debuginfo-5.3.3-50.el6_10.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: php-5.3.3-50.el6_10.x86_64.rpm php-bcmath-5.3.3-50.el6_10.x86_64.rpm php-dba-5.3.3-50.el6_10.x86_64.rpm php-debuginfo-5.3.3-50.el6_10.x86_64.rpm php-devel-5.3.3-50.el6_10.x86_64.rpm php-embedded-5.3.3-50.el6_10.x86_64.rpm php-enchant-5.3.3-50.el6_10.x86_64.rpm php-fpm-5.3.3-50.el6_10.x86_64.rpm php-gd-5.3.3-50.el6_10.x86_64.rpm php-imap-5.3.3-50.el6_10.x86_64.rpm php-intl-5.3.3-50.el6_10.x86_64.rpm php-ldap-5.3.3-50.el6_10.x86_64.rpm php-mbstring-5.3.3-50.el6_10.x86_64.rpm php-mysql-5.3.3-50.el6_10.x86_64.rpm php-odbc-5.3.3-50.el6_10.x86_64.rpm php-pdo-5.3.3-50.el6_10.x86_64.rpm php-pgsql-5.3.3-50.el6_10.x86_64.rpm php-process-5.3.3-50.el6_10.x86_64.rpm php-pspell-5.3.3-50.el6_10.x86_64.rpm php-recode-5.3.3-50.el6_10.x86_64.rpm php-snmp-5.3.3-50.el6_10.x86_64.rpm php-soap-5.3.3-50.el6_10.x86_64.rpm php-tidy-5.3.3-50.el6_10.x86_64.rpm php-xml-5.3.3-50.el6_10.x86_64.rpm php-xmlrpc-5.3.3-50.el6_10.x86_64.rpm php-zts-5.3.3-50.el6_10.x86_64.rpm Red Hat Enterprise Linux Server (v.6): Source: php-5.3.3-50.el6_10.src.rpm i386: php-5.3.3-50.el6_10.i686.rpm php-cli-5.3.3-50.el6_10.i686.rpm php-common-5.3.3-50.el6_10.i686.rpm php-debuginfo-5.3.3-50.el6_10.i686.rpm php-gd-5.3.3-50.el6_10.i686.rpm php-ldap-5.3.3-50.el6_10.i686.rpm php-mysql-5.3.3-50.el6_10.i686.rpm php-odbc-5.3.3-50.el6_10.i686.rpm php-pdo-5.3.3-50.el6_10.i686.rpm php-pgsql-5.3.3-50.el6_10.i686.rpm php-soap-5.3.3-50.el6_10.i686.rpm php-xml-5.3.3-50.el6_10.i686.rpm php-xmlrpc-5.3.3-50.el6_10.i686.rpm ppc64: php-5.3.3-50.el6_10.ppc64.rpm php-cli-5.3.3-50.el6_10.ppc64.rpm php-common-5.3.3-50.el6_10.ppc64.rpm php-debuginfo-5.3.3-50.el6_10.ppc64.rpm php-gd-5.3.3-50.el6_10.ppc64.rpm php-ldap-5.3.3-50.el6_10.ppc64.rpm php-mysql-5.3.3-50.el6_10.ppc64.rpm php-odbc-5.3.3-50.el6_10.ppc64.rpm php-pdo-5.3.3-50.el6_10.ppc64.rpm php-pgsql-5.3.3-50.el6_10.ppc64.rpm php-soap-5.3.3-50.el6_10.ppc64.rpm php-xml-5.3.3-50.el6_10.ppc64.rpm php-xmlrpc-5.3.3-50.el6_10.ppc64.rpm s390x: php-5.3.3-50.el6_10.s390x.rpm php-cli-5.3.3-50.el6_10.s390x.rpm php-common-5.3.3-50.el6_10.s390x.rpm php-debuginfo-5.3.3-50.el6_10.s390x.rpm php-gd-5.3.3-50.el6_10.s390x.rpm php-ldap-5.3.3-50.el6_10.s390x.rpm php-mysql-5.3.3-50.el6_10.s390x.rpm php-odbc-5.3.3-50.el6_10.s390x.rpm php-pdo-5.3.3-50.el6_10.s390x.rpm php-pgsql-5.3.3-50.el6_10.s390x.rpm php-soap-5.3.3-50.el6_10.s390x.rpm php-xml-5.3.3-50.el6_10.s390x.rpm php-xmlrpc-5.3.3-50.el6_10.s390x.rpm x86_64: php-5.3.3-50.el6_10.x86_64.rpm php-cli-5.3.3-50.el6_10.x86_64.rpm php-common-5.3.3-50.el6_10.x86_64.rpm php-debuginfo-5.3.3-50.el6_10.x86_64.rpm php-gd-5.3.3-50.el6_10.x86_64.rpm php-ldap-5.3.3-50.el6_10.x86_64.rpm php-mysql-5.3.3-50.el6_10.x86_64.rpm php-odbc-5.3.3-50.el6_10.x86_64.rpm php-pdo-5.3.3-50.el6_10.x86_64.rpm php-pgsql-5.3.3-50.el6_10.x86_64.rpm php-soap-5.3.3-50.el6_10.x86_64.rpm php-xml-5.3.3-50.el6_10.x86_64.rpm php-xmlrpc-5.3.3-50.el6_10.x86_64.rpm Red Hat Enterprise Linux Server Optional (v.6): i386: php-bcmath-5.3.3-50.el6_10.i686.rpm php-dba-5.3.3-50.el6_10.i686.rpm php-debuginfo-5.3.3-50.el6_10.i686.rpm php-devel-5.3.3-50.el6_10.i686.rpm php-embedded-5.3.3-50.el6_10.i686.rpm php-enchant-5.3.3-50.el6_10.i686.rpm php-fpm-5.3.3-50.el6_10.i686.rpm php-imap-5.3.3-50.el6_10.i686.rpm php-intl-5.3.3-50.el6_10.i686.rpm php-mbstring-5.3.3-50.el6_10.i686.rpm php-process-5.3.3-50.el6_10.i686.rpm php-pspell-5.3.3-50.el6_10.i686.rpm php-recode-5.3.3-50.el6_10.i686.rpm php-snmp-5.3.3-50.el6_10.i686.rpm php-tidy-5.3.3-50.el6_10.i686.rpm php-zts-5.3.3-50.el6_10.i686.rpm ppc64: php-bcmath-5.3.3-50.el6_10.ppc64.rpm php-dba-5.3.3-50.el6_10.ppc64.rpm php-debuginfo-5.3.3-50.el6_10.ppc64.rpm php-devel-5.3.3-50.el6_10.ppc64.rpm php-embedded-5.3.3-50.el6_10.ppc64.rpm php-enchant-5.3.3-50.el6_10.ppc64.rpm php-fpm-5.3.3-50.el6_10.ppc64.rpm php-imap-5.3.3-50.el6_10.ppc64.rpm php-intl-5.3.3-50.el6_10.ppc64.rpm php-mbstring-5.3.3-50.el6_10.ppc64.rpm php-process-5.3.3-50.el6_10.ppc64.rpm php-pspell-5.3.3-50.el6_10.ppc64.rpm php-recode-5.3.3-50.el6_10.ppc64.rpm php-snmp-5.3.3-50.el6_10.ppc64.rpm php-tidy-5.3.3-50.el6_10.ppc64.rpm php-zts-5.3.3-50.el6_10.ppc64.rpm s390x: php-bcmath-5.3.3-50.el6_10.s390x.rpm php-dba-5.3.3-50.el6_10.s390x.rpm php-debuginfo-5.3.3-50.el6_10.s390x.rpm php-devel-5.3.3-50.el6_10.s390x.rpm php-embedded-5.3.3-50.el6_10.s390x.rpm php-enchant-5.3.3-50.el6_10.s390x.rpm php-fpm-5.3.3-50.el6_10.s390x.rpm php-imap-5.3.3-50.el6_10.s390x.rpm php-intl-5.3.3-50.el6_10.s390x.rpm php-mbstring-5.3.3-50.el6_10.s390x.rpm php-process-5.3.3-50.el6_10.s390x.rpm php-pspell-5.3.3-50.el6_10.s390x.rpm php-recode-5.3.3-50.el6_10.s390x.rpm php-snmp-5.3.3-50.el6_10.s390x.rpm php-tidy-5.3.3-50.el6_10.s390x.rpm php-zts-5.3.3-50.el6_10.s390x.rpm x86_64: php-bcmath-5.3.3-50.el6_10.x86_64.rpm php-dba-5.3.3-50.el6_10.x86_64.rpm php-debuginfo-5.3.3-50.el6_10.x86_64.rpm php-devel-5.3.3-50.el6_10.x86_64.rpm php-embedded-5.3.3-50.el6_10.x86_64.rpm php-enchant-5.3.3-50.el6_10.x86_64.rpm php-fpm-5.3.3-50.el6_10.x86_64.rpm php-imap-5.3.3-50.el6_10.x86_64.rpm php-intl-5.3.3-50.el6_10.x86_64.rpm php-mbstring-5.3.3-50.el6_10.x86_64.rpm php-process-5.3.3-50.el6_10.x86_64.rpm php-pspell-5.3.3-50.el6_10.x86_64.rpm php-recode-5.3.3-50.el6_10.x86_64.rpm php-snmp-5.3.3-50.el6_10.x86_64.rpm php-tidy-5.3.3-50.el6_10.x86_64.rpm php-zts-5.3.3-50.el6_10.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: php-5.3.3-50.el6_10.src.rpm i386: php-5.3.3-50.el6_10.i686.rpm php-cli-5.3.3-50.el6_10.i686.rpm php-common-5.3.3-50.el6_10.i686.rpm php-debuginfo-5.3.3-50.el6_10.i686.rpm php-gd-5.3.3-50.el6_10.i686.rpm php-ldap-5.3.3-50.el6_10.i686.rpm php-mysql-5.3.3-50.el6_10.i686.rpm php-odbc-5.3.3-50.el6_10.i686.rpm php-pdo-5.3.3-50.el6_10.i686.rpm php-pgsql-5.3.3-50.el6_10.i686.rpm php-soap-5.3.3-50.el6_10.i686.rpm php-xml-5.3.3-50.el6_10.i686.rpm php-xmlrpc-5.3.3-50.el6_10.i686.rpm x86_64: php-5.3.3-50.el6_10.x86_64.rpm php-cli-5.3.3-50.el6_10.x86_64.rpm php-common-5.3.3-50.el6_10.x86_64.rpm php-debuginfo-5.3.3-50.el6_10.x86_64.rpm php-gd-5.3.3-50.el6_10.x86_64.rpm php-ldap-5.3.3-50.el6_10.x86_64.rpm php-mysql-5.3.3-50.el6_10.x86_64.rpm php-odbc-5.3.3-50.el6_10.x86_64.rpm php-pdo-5.3.3-50.el6_10.x86_64.rpm php-pgsql-5.3.3-50.el6_10.x86_64.rpm php-soap-5.3.3-50.el6_10.x86_64.rpm php-xml-5.3.3-50.el6_10.x86_64.rpm php-xmlrpc-5.3.3-50.el6_10.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v.6): i386: php-bcmath-5.3.3-50.el6_10.i686.rpm php-dba-5.3.3-50.el6_10.i686.rpm php-debuginfo-5.3.3-50.el6_10.i686.rpm php-devel-5.3.3-50.el6_10.i686.rpm php-embedded-5.3.3-50.el6_10.i686.rpm php-enchant-5.3.3-50.el6_10.i686.rpm php-fpm-5.3.3-50.el6_10.i686.rpm php-imap-5.3.3-50.el6_10.i686.rpm php-intl-5.3.3-50.el6_10.i686.rpm php-mbstring-5.3.3-50.el6_10.i686.rpm php-process-5.3.3-50.el6_10.i686.rpm php-pspell-5.3.3-50.el6_10.i686.rpm php-recode-5.3.3-50.el6_10.i686.rpm php-snmp-5.3.3-50.el6_10.i686.rpm php-tidy-5.3.3-50.el6_10.i686.rpm php-zts-5.3.3-50.el6_10.i686.rpm x86_64: php-bcmath-5.3.3-50.el6_10.x86_64.rpm php-dba-5.3.3-50.el6_10.x86_64.rpm php-debuginfo-5.3.3-50.el6_10.x86_64.rpm php-devel-5.3.3-50.el6_10.x86_64.rpm php-embedded-5.3.3-50.el6_10.x86_64.rpm php-enchant-5.3.3-50.el6_10.x86_64.rpm php-fpm-5.3.3-50.el6_10.x86_64.rpm php-imap-5.3.3-50.el6_10.x86_64.rpm php-intl-5.3.3-50.el6_10.x86_64.rpm php-mbstring-5.3.3-50.el6_10.x86_64.rpm php-process-5.3.3-50.el6_10.x86_64.rpm php-pspell-5.3.3-50.el6_10.x86_64.rpm php-recode-5.3.3-50.el6_10.x86_64.rpm php-snmp-5.3.3-50.el6_10.x86_64.rpm php-tidy-5.3.3-50.el6_10.x86_64.rpm php-zts-5.3.3-50.el6_10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2019-11043 https://access.redhat.com/security/updates/classification#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE-----Version: GnuPGv1 iQIVAwUBXbsa8NzjgjWX9erEAQiGig//Xs2mPtz0M/IGMb/VqQJ0Wvn558mmxnmK odT9D6FSMn8Joaztotyijr22bkETTUZNgl304krwttZ1tRkxvp3NWZ7w7M3vVKN7 O3g1b3iXH0LYh/i6FmZk5dg71bRH1o1zKs0GBn5NwyyUqURyXVZYjW+nSVw03J0d NBpOdpu0Wxj4QeW6wQsnKAYMpOyA2Qbx5TsVODLjuuq36Yk4WYg1RVR0rFHNmthX a4djdXe3Fjm4Pnx3/GRj/iz3K4UMOoKl1SOxfXSSELvVlqDdeYdZvZb4z5jxmyIV 6CKvmoZbCh3DQkimACeC9ykzx4X2sp+SAfuVMx0QN1qZ0zByVTZ7lC9poul1CNfR 55f4oah3mFvY/OMV+nwGHb91SGacIKf9Wimp48YY3rt1pzePMQYQ87xWGM2/KMZ+ VbB563HsQYVKXQ2elJHR+yeTwQ5VZ1cKGCv4G0ROtRh4Bg8SuAF+C0Mlh9o2hJ1N vqEF0AX8GN0sxrVp8J5Jy+HUoHNLHwXInPeftWISS5zwWZcJ4MtmEtLMguxf4dyE hFXCQj3Va83UpgLemYrFJdkdZKYp5uEOIRuUGdJubjPe/jXtD/HGQzKpCiVvKNpP NdKGt9s6HNx2cXJjmM/6NPVfZ5JI0BPiqHgdWkJoRyyugDqeibybh2x3fUt9Mg3z nrHvcIjDnD0=paTe -----END PGP SIGNATURE-------RHSA-announce mailing list
Get the latest Linux and open source security news straight to your inbox.