CERT RSS

Pretplati se na CERT RSS feed CERT RSS
Osvježeno: prije 1 sat 44 minute

Sigurnosni nedostatak programskog paketa python3

pet, 2020-12-04 14:52
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LSU

openSUSE Security Update: Security update for python3
______________________________________________________________________________

Announcement ID: openSUSE-SU-2020:2152-1
Rating: important
References: #1176262 #1179193
Cross-References: CVE-2019-20916
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________

An update that solves one vulnerability and has one errata
is now available.

Description:

This update for python3 fixes the following issues:

Update to 3.6.12 (bsc#1179193), including:

– Fixed a directory traversal in _download_http_url() (bsc#1176262
CVE-2019-20916)

This update was imported from the SUSE:SLE-15:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 15.2:

zypper in -t patch openSUSE-2020-2152=1

Package List:

– openSUSE Leap 15.2 (i586 x86_64):

libpython3_6m1_0-3.6.12-lp152.4.9.1
libpython3_6m1_0-debuginfo-3.6.12-lp152.4.9.1
python3-3.6.12-lp152.4.9.1
python3-base-3.6.12-lp152.4.9.1
python3-base-debuginfo-3.6.12-lp152.4.9.1
python3-base-debugsource-3.6.12-lp152.4.9.1
python3-curses-3.6.12-lp152.4.9.1
python3-curses-debuginfo-3.6.12-lp152.4.9.1
python3-dbm-3.6.12-lp152.4.9.1
python3-dbm-debuginfo-3.6.12-lp152.4.9.1
python3-debuginfo-3.6.12-lp152.4.9.1
python3-debugsource-3.6.12-lp152.4.9.1
python3-devel-3.6.12-lp152.4.9.1
python3-devel-debuginfo-3.6.12-lp152.4.9.1
python3-idle-3.6.12-lp152.4.9.1
python3-testsuite-3.6.12-lp152.4.9.1
python3-testsuite-debuginfo-3.6.12-lp152.4.9.1
python3-tk-3.6.12-lp152.4.9.1
python3-tk-debuginfo-3.6.12-lp152.4.9.1
python3-tools-3.6.12-lp152.4.9.1

– openSUSE Leap 15.2 (x86_64):

libpython3_6m1_0-32bit-3.6.12-lp152.4.9.1
libpython3_6m1_0-32bit-debuginfo-3.6.12-lp152.4.9.1
python3-32bit-3.6.12-lp152.4.9.1
python3-32bit-debuginfo-3.6.12-lp152.4.9.1
python3-base-32bit-3.6.12-lp152.4.9.1
python3-base-32bit-debuginfo-3.6.12-lp152.4.9.1

– openSUSE Leap 15.2 (noarch):

python3-doc-3.6.12-lp152.4.9.1

References:

https://www.suse.com/security/cve/CVE-2019-20916.html
https://bugzilla.suse.com/1176262
https://bugzilla.suse.com/1179193
_______________________________________________
openSUSE Security Announce mailing list — security-announce@lists.opensuse.org
To unsubscribe, email security-announce-leave@lists.opensuse.org
List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette
List Archives: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org

The post Sigurnosni nedostatak programskog paketa python3 appeared first on CERT.hr.

Sigurnosni nedostaci programskog paketa go-toolset-1.14-golang

pet, 2020-12-04 14:52
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LRH

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: go-toolset-1.14-golang security update
Advisory ID: RHSA-2020:5333-01
Product: Red Hat Developer Tools
Advisory URL: https://access.redhat.com/errata/RHSA-2020:5333
Issue date: 2020-12-03
CVE Names: CVE-2020-28362 CVE-2020-28366 CVE-2020-28367
=====================================================================

1. Summary:

An update for go-toolset-1.14-golang is now available for Red Hat Software
Collections.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Developer Tools for Red Hat Enterprise Linux Server (v. 7) – noarch, ppc64le, s390x, x86_64
Red Hat Developer Tools for Red Hat Enterprise Linux Workstation (v. 7) – noarch, x86_64

3. Description:

Go Toolset provides the Go programming language tools and libraries. Go is
alternatively known as golang.

Security Fix(es):

* golang: math/big: panic during recursive division of very large numbers
(CVE-2020-28362)

* golang: malicious symbol names can lead to code execution at build time
(CVE-2020-28366)

* golang: improper validation of cgo flags can lead to code execution at
build time (CVE-2020-28367)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1897635 – CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers
1897643 – CVE-2020-28366 golang: malicious symbol names can lead to code execution at build time
1897646 – CVE-2020-28367 golang: improper validation of cgo flags can lead to code execution at build time

6. Package List:

Red Hat Developer Tools for Red Hat Enterprise Linux Server (v. 7):

Source:
go-toolset-1.14-1.14.12-1.el7_9.src.rpm
go-toolset-1.14-golang-1.14.12-1.el7_9.src.rpm

noarch:
go-toolset-1.14-golang-docs-1.14.12-1.el7_9.noarch.rpm

ppc64le:
go-toolset-1.14-1.14.12-1.el7_9.ppc64le.rpm
go-toolset-1.14-build-1.14.12-1.el7_9.ppc64le.rpm
go-toolset-1.14-golang-1.14.12-1.el7_9.ppc64le.rpm
go-toolset-1.14-golang-bin-1.14.12-1.el7_9.ppc64le.rpm
go-toolset-1.14-golang-misc-1.14.12-1.el7_9.ppc64le.rpm
go-toolset-1.14-golang-src-1.14.12-1.el7_9.ppc64le.rpm
go-toolset-1.14-golang-tests-1.14.12-1.el7_9.ppc64le.rpm
go-toolset-1.14-runtime-1.14.12-1.el7_9.ppc64le.rpm

s390x:
go-toolset-1.14-1.14.12-1.el7_9.s390x.rpm
go-toolset-1.14-build-1.14.12-1.el7_9.s390x.rpm
go-toolset-1.14-golang-1.14.12-1.el7_9.s390x.rpm
go-toolset-1.14-golang-bin-1.14.12-1.el7_9.s390x.rpm
go-toolset-1.14-golang-misc-1.14.12-1.el7_9.s390x.rpm
go-toolset-1.14-golang-src-1.14.12-1.el7_9.s390x.rpm
go-toolset-1.14-golang-tests-1.14.12-1.el7_9.s390x.rpm
go-toolset-1.14-runtime-1.14.12-1.el7_9.s390x.rpm

x86_64:
go-toolset-1.14-1.14.12-1.el7_9.x86_64.rpm
go-toolset-1.14-build-1.14.12-1.el7_9.x86_64.rpm
go-toolset-1.14-golang-1.14.12-1.el7_9.x86_64.rpm
go-toolset-1.14-golang-bin-1.14.12-1.el7_9.x86_64.rpm
go-toolset-1.14-golang-misc-1.14.12-1.el7_9.x86_64.rpm
go-toolset-1.14-golang-race-1.14.12-1.el7_9.x86_64.rpm
go-toolset-1.14-golang-src-1.14.12-1.el7_9.x86_64.rpm
go-toolset-1.14-golang-tests-1.14.12-1.el7_9.x86_64.rpm
go-toolset-1.14-runtime-1.14.12-1.el7_9.x86_64.rpm

Red Hat Developer Tools for Red Hat Enterprise Linux Workstation (v. 7):

Source:
go-toolset-1.14-1.14.12-1.el7_9.src.rpm
go-toolset-1.14-golang-1.14.12-1.el7_9.src.rpm

noarch:
go-toolset-1.14-golang-docs-1.14.12-1.el7_9.noarch.rpm

x86_64:
go-toolset-1.14-1.14.12-1.el7_9.x86_64.rpm
go-toolset-1.14-build-1.14.12-1.el7_9.x86_64.rpm
go-toolset-1.14-golang-1.14.12-1.el7_9.x86_64.rpm
go-toolset-1.14-golang-bin-1.14.12-1.el7_9.x86_64.rpm
go-toolset-1.14-golang-misc-1.14.12-1.el7_9.x86_64.rpm
go-toolset-1.14-golang-race-1.14.12-1.el7_9.x86_64.rpm
go-toolset-1.14-golang-src-1.14.12-1.el7_9.x86_64.rpm
go-toolset-1.14-golang-tests-1.14.12-1.el7_9.x86_64.rpm
go-toolset-1.14-runtime-1.14.12-1.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-28362
https://access.redhat.com/security/cve/CVE-2020-28366
https://access.redhat.com/security/cve/CVE-2020-28367
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_developer_tools/1/html/using_go_1.14.7_toolset

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBX8jJ8tzjgjWX9erEAQiqOBAAo0LBsW8utdiCVJcHcyDiO65nOnCCLqU3
+uyr/CNrXgRa8qTJJuM/vA5BTjp8wzdTp68FckEJom+/WdVE0KbmSSPBgEhm9ELH
IU5UrXNFwoT9kFPe7BjTK1MpPB8ACodlbH0/20WxN8/TXjIsvu7c4mMG+30UI4qi
8UWNObCBT2ZgyeFgt8xbphP/E5BVz+B5i6FhORPXUh23wCmlUyBKVzJ0Bqe8Gvqf
oFvBNs5pq4flGBycN35vuYJEs/mbkjQXZThpVw7mb8+WfCRjMbzJtAYiJC6oXGOn
9v8TocujgoTSVt4E4AkL/IUp8ANWN4ldi8QiDzBwgvPQwZ5iMYSSxTz+M1adoKOL
cxfpgG+c44AaNwF2hxcnuaOuJyX4JM/ptool2682fG8sadSIJUJftRkJ/As8Fe93
oHaXYlf0MbLDhRphA718MAEfLzrn1JgEGcUBycPZU+PHXxXayRWDxjw0XXKJPCFC
mPlOHik3k7oz1wkcLi+2Jfx09VCVyrcgwKfCw0h9XxtXaYrPEAZcGeSQ9y5fEFzn
/Msq4SuTj9Mfx8E3f90eY7QR/jvv/HGj11DN3DZYQRseeJUIw33gvJmDCyy7RAw0
YRFnRdU2dT4P3AkIRNbeat/22D6PCBL73VUlt6gxekgPOZS/6/0bRKYMr/yR9v6+
bLmEmwZJ87o=
=v+qG
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

The post Sigurnosni nedostaci programskog paketa go-toolset-1.14-golang appeared first on CERT.hr.

Sigurnosni nedostaci programskog paketa mariadb

pet, 2020-12-04 14:52
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LSU

openSUSE Security Update: Security update for mariadb
______________________________________________________________________________

Announcement ID: openSUSE-SU-2020:2149-1
Rating: moderate
References: #1175596 #1177472 #1178428
Cross-References: CVE-2020-14765 CVE-2020-14776 CVE-2020-14789
CVE-2020-14812 CVE-2020-15180
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________

An update that fixes 5 vulnerabilities is now available.

Description:

This update for mariadb and mariadb-connector-c fixes the following issues:

– Update mariadb to 10.2.36 GA [bsc#1177472, bsc#1178428] fixing for the
following security vulnerabilities: CVE-2020-14812, CVE-2020-14765,
CVE-2020-14776, CVE-2020-14789 CVE-2020-15180

– Update mariadb-connector-c to 3.1.11 [bsc#1177472 and bsc#1178428]

This update was imported from the SUSE:SLE-15:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-2149=1

Package List:

– openSUSE Leap 15.1 (i586 x86_64):

libmariadb-devel-3.1.11-lp151.3.15.1
libmariadb-devel-debuginfo-3.1.11-lp151.3.15.1
libmariadb3-3.1.11-lp151.3.15.1
libmariadb3-debuginfo-3.1.11-lp151.3.15.1
libmariadb_plugins-3.1.11-lp151.3.15.1
libmariadb_plugins-debuginfo-3.1.11-lp151.3.15.1
libmariadbprivate-3.1.11-lp151.3.15.1
libmariadbprivate-debuginfo-3.1.11-lp151.3.15.1
libmysqld-devel-10.2.36-lp151.2.18.1
libmysqld19-10.2.36-lp151.2.18.1
libmysqld19-debuginfo-10.2.36-lp151.2.18.1
mariadb-10.2.36-lp151.2.18.1
mariadb-bench-10.2.36-lp151.2.18.1
mariadb-bench-debuginfo-10.2.36-lp151.2.18.1
mariadb-client-10.2.36-lp151.2.18.1
mariadb-client-debuginfo-10.2.36-lp151.2.18.1
mariadb-connector-c-debugsource-3.1.11-lp151.3.15.1
mariadb-debuginfo-10.2.36-lp151.2.18.1
mariadb-debugsource-10.2.36-lp151.2.18.1
mariadb-galera-10.2.36-lp151.2.18.1
mariadb-test-10.2.36-lp151.2.18.1
mariadb-test-debuginfo-10.2.36-lp151.2.18.1
mariadb-tools-10.2.36-lp151.2.18.1
mariadb-tools-debuginfo-10.2.36-lp151.2.18.1

– openSUSE Leap 15.1 (noarch):

mariadb-errormessages-10.2.36-lp151.2.18.1

– openSUSE Leap 15.1 (x86_64):

libmariadb3-32bit-3.1.11-lp151.3.15.1
libmariadb3-32bit-debuginfo-3.1.11-lp151.3.15.1

References:

https://www.suse.com/security/cve/CVE-2020-14765.html
https://www.suse.com/security/cve/CVE-2020-14776.html
https://www.suse.com/security/cve/CVE-2020-14789.html
https://www.suse.com/security/cve/CVE-2020-14812.html
https://www.suse.com/security/cve/CVE-2020-15180.html
https://bugzilla.suse.com/1175596
https://bugzilla.suse.com/1177472
https://bugzilla.suse.com/1178428
_______________________________________________
openSUSE Security Announce mailing list — security-announce@lists.opensuse.org
To unsubscribe, email security-announce-leave@lists.opensuse.org
List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette
List Archives: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org

The post Sigurnosni nedostaci programskog paketa mariadb appeared first on CERT.hr.

Sigurnosni nedostatak programskog paketa Red Hat Ceph Storage 4.1

pet, 2020-12-04 14:52
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LRH

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Red Hat Ceph Storage 4.1 security and bug fix update
Advisory ID: RHSA-2020:5325-01
Product: Red Hat Ceph Storage
Advisory URL: https://access.redhat.com/errata/RHSA-2020:5325
Issue date: 2020-12-02
CVE Names: CVE-2020-25660
=====================================================================

1. Summary:

An update is now available for Red Hat Ceph Storage 4.1.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Ceph Storage 4.1 MON – noarch, ppc64le, s390x, x86_64
Red Hat Ceph Storage 4.1 OSD – ppc64le, s390x, x86_64
Red Hat Ceph Storage 4.1 Tools – noarch, ppc64le, s390x, x86_64

3. Description:

Red Hat Ceph Storage is a scalable, open, software-defined storage platform
that combines the most stable version of the Ceph storage system with a
Ceph management platform, deployment utilities, and support services.

Security Fix(es):

* ceph: CEPHX_V2 replay attack protection lost (CVE-2020-25660)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1890354 – CVE-2020-25660 ceph: CEPHX_V2 replay attack protection lost
1892644 – [GSS] S3 client is reporting S3 error: 404 (NoSuchKey) for an object which exists in the cluster
1895040 – ceph: problems with clusters containing nodes on s390x for some specific configurations and workloads
1896555 – mds decoding of enum types on big-endian systems broken

6. Package List:

Red Hat Ceph Storage 4.1 MON:

Source:
ceph-14.2.8-115.el7cp.src.rpm

noarch:
ceph-grafana-dashboards-14.2.8-115.el7cp.noarch.rpm
ceph-mgr-dashboard-14.2.8-115.el7cp.noarch.rpm
ceph-mgr-diskprediction-local-14.2.8-115.el7cp.noarch.rpm
ceph-mgr-k8sevents-14.2.8-115.el7cp.noarch.rpm
ceph-mgr-rook-14.2.8-115.el7cp.noarch.rpm

ppc64le:
ceph-base-14.2.8-115.el7cp.ppc64le.rpm
ceph-common-14.2.8-115.el7cp.ppc64le.rpm
ceph-debuginfo-14.2.8-115.el7cp.ppc64le.rpm
ceph-mgr-14.2.8-115.el7cp.ppc64le.rpm
ceph-mon-14.2.8-115.el7cp.ppc64le.rpm
ceph-selinux-14.2.8-115.el7cp.ppc64le.rpm
ceph-test-14.2.8-115.el7cp.ppc64le.rpm
libcephfs-devel-14.2.8-115.el7cp.ppc64le.rpm
libcephfs2-14.2.8-115.el7cp.ppc64le.rpm
librados-devel-14.2.8-115.el7cp.ppc64le.rpm
librados2-14.2.8-115.el7cp.ppc64le.rpm
libradospp-devel-14.2.8-115.el7cp.ppc64le.rpm
libradosstriper1-14.2.8-115.el7cp.ppc64le.rpm
librbd-devel-14.2.8-115.el7cp.ppc64le.rpm
librbd1-14.2.8-115.el7cp.ppc64le.rpm
librgw-devel-14.2.8-115.el7cp.ppc64le.rpm
librgw2-14.2.8-115.el7cp.ppc64le.rpm
python-ceph-argparse-14.2.8-115.el7cp.ppc64le.rpm
python-cephfs-14.2.8-115.el7cp.ppc64le.rpm
python-rados-14.2.8-115.el7cp.ppc64le.rpm
python-rbd-14.2.8-115.el7cp.ppc64le.rpm
python-rgw-14.2.8-115.el7cp.ppc64le.rpm

x86_64:
ceph-base-14.2.8-115.el7cp.x86_64.rpm
ceph-common-14.2.8-115.el7cp.x86_64.rpm
ceph-debuginfo-14.2.8-115.el7cp.x86_64.rpm
ceph-mgr-14.2.8-115.el7cp.x86_64.rpm
ceph-mon-14.2.8-115.el7cp.x86_64.rpm
ceph-selinux-14.2.8-115.el7cp.x86_64.rpm
ceph-test-14.2.8-115.el7cp.x86_64.rpm
libcephfs-devel-14.2.8-115.el7cp.x86_64.rpm
libcephfs2-14.2.8-115.el7cp.x86_64.rpm
librados-devel-14.2.8-115.el7cp.x86_64.rpm
librados2-14.2.8-115.el7cp.x86_64.rpm
libradospp-devel-14.2.8-115.el7cp.x86_64.rpm
libradosstriper1-14.2.8-115.el7cp.x86_64.rpm
librbd-devel-14.2.8-115.el7cp.x86_64.rpm
librbd1-14.2.8-115.el7cp.x86_64.rpm
librgw-devel-14.2.8-115.el7cp.x86_64.rpm
librgw2-14.2.8-115.el7cp.x86_64.rpm
python-ceph-argparse-14.2.8-115.el7cp.x86_64.rpm
python-cephfs-14.2.8-115.el7cp.x86_64.rpm
python-rados-14.2.8-115.el7cp.x86_64.rpm
python-rbd-14.2.8-115.el7cp.x86_64.rpm
python-rgw-14.2.8-115.el7cp.x86_64.rpm

Red Hat Ceph Storage 4.1 OSD:

Source:
ceph-14.2.8-115.el7cp.src.rpm

ppc64le:
ceph-base-14.2.8-115.el7cp.ppc64le.rpm
ceph-common-14.2.8-115.el7cp.ppc64le.rpm
ceph-debuginfo-14.2.8-115.el7cp.ppc64le.rpm
ceph-osd-14.2.8-115.el7cp.ppc64le.rpm
ceph-selinux-14.2.8-115.el7cp.ppc64le.rpm
ceph-test-14.2.8-115.el7cp.ppc64le.rpm
libcephfs-devel-14.2.8-115.el7cp.ppc64le.rpm
libcephfs2-14.2.8-115.el7cp.ppc64le.rpm
librados-devel-14.2.8-115.el7cp.ppc64le.rpm
librados2-14.2.8-115.el7cp.ppc64le.rpm
libradospp-devel-14.2.8-115.el7cp.ppc64le.rpm
libradosstriper1-14.2.8-115.el7cp.ppc64le.rpm
librbd-devel-14.2.8-115.el7cp.ppc64le.rpm
librbd1-14.2.8-115.el7cp.ppc64le.rpm
librgw-devel-14.2.8-115.el7cp.ppc64le.rpm
librgw2-14.2.8-115.el7cp.ppc64le.rpm
python-ceph-argparse-14.2.8-115.el7cp.ppc64le.rpm
python-cephfs-14.2.8-115.el7cp.ppc64le.rpm
python-rados-14.2.8-115.el7cp.ppc64le.rpm
python-rbd-14.2.8-115.el7cp.ppc64le.rpm
python-rgw-14.2.8-115.el7cp.ppc64le.rpm

x86_64:
ceph-base-14.2.8-115.el7cp.x86_64.rpm
ceph-common-14.2.8-115.el7cp.x86_64.rpm
ceph-debuginfo-14.2.8-115.el7cp.x86_64.rpm
ceph-osd-14.2.8-115.el7cp.x86_64.rpm
ceph-selinux-14.2.8-115.el7cp.x86_64.rpm
ceph-test-14.2.8-115.el7cp.x86_64.rpm
libcephfs-devel-14.2.8-115.el7cp.x86_64.rpm
libcephfs2-14.2.8-115.el7cp.x86_64.rpm
librados-devel-14.2.8-115.el7cp.x86_64.rpm
librados2-14.2.8-115.el7cp.x86_64.rpm
libradospp-devel-14.2.8-115.el7cp.x86_64.rpm
libradosstriper1-14.2.8-115.el7cp.x86_64.rpm
librbd-devel-14.2.8-115.el7cp.x86_64.rpm
librbd1-14.2.8-115.el7cp.x86_64.rpm
librgw-devel-14.2.8-115.el7cp.x86_64.rpm
librgw2-14.2.8-115.el7cp.x86_64.rpm
python-ceph-argparse-14.2.8-115.el7cp.x86_64.rpm
python-cephfs-14.2.8-115.el7cp.x86_64.rpm
python-rados-14.2.8-115.el7cp.x86_64.rpm
python-rbd-14.2.8-115.el7cp.x86_64.rpm
python-rgw-14.2.8-115.el7cp.x86_64.rpm

Red Hat Ceph Storage 4.1 Tools:

Source:
ceph-14.2.8-115.el7cp.src.rpm

noarch:
ceph-grafana-dashboards-14.2.8-115.el7cp.noarch.rpm

ppc64le:
ceph-base-14.2.8-115.el7cp.ppc64le.rpm
ceph-common-14.2.8-115.el7cp.ppc64le.rpm
ceph-debuginfo-14.2.8-115.el7cp.ppc64le.rpm
ceph-fuse-14.2.8-115.el7cp.ppc64le.rpm
ceph-mds-14.2.8-115.el7cp.ppc64le.rpm
ceph-radosgw-14.2.8-115.el7cp.ppc64le.rpm
ceph-selinux-14.2.8-115.el7cp.ppc64le.rpm
libcephfs-devel-14.2.8-115.el7cp.ppc64le.rpm
libcephfs2-14.2.8-115.el7cp.ppc64le.rpm
librados-devel-14.2.8-115.el7cp.ppc64le.rpm
librados2-14.2.8-115.el7cp.ppc64le.rpm
libradospp-devel-14.2.8-115.el7cp.ppc64le.rpm
libradosstriper1-14.2.8-115.el7cp.ppc64le.rpm
librbd-devel-14.2.8-115.el7cp.ppc64le.rpm
librbd1-14.2.8-115.el7cp.ppc64le.rpm
librgw-devel-14.2.8-115.el7cp.ppc64le.rpm
librgw2-14.2.8-115.el7cp.ppc64le.rpm
python-ceph-argparse-14.2.8-115.el7cp.ppc64le.rpm
python-cephfs-14.2.8-115.el7cp.ppc64le.rpm
python-rados-14.2.8-115.el7cp.ppc64le.rpm
python-rbd-14.2.8-115.el7cp.ppc64le.rpm
python-rgw-14.2.8-115.el7cp.ppc64le.rpm
rbd-mirror-14.2.8-115.el7cp.ppc64le.rpm
rbd-nbd-14.2.8-115.el7cp.ppc64le.rpm

x86_64:
ceph-base-14.2.8-115.el7cp.x86_64.rpm
ceph-common-14.2.8-115.el7cp.x86_64.rpm
ceph-debuginfo-14.2.8-115.el7cp.x86_64.rpm
ceph-fuse-14.2.8-115.el7cp.x86_64.rpm
ceph-mds-14.2.8-115.el7cp.x86_64.rpm
ceph-radosgw-14.2.8-115.el7cp.x86_64.rpm
ceph-selinux-14.2.8-115.el7cp.x86_64.rpm
libcephfs-devel-14.2.8-115.el7cp.x86_64.rpm
libcephfs2-14.2.8-115.el7cp.x86_64.rpm
librados-devel-14.2.8-115.el7cp.x86_64.rpm
librados2-14.2.8-115.el7cp.x86_64.rpm
libradospp-devel-14.2.8-115.el7cp.x86_64.rpm
libradosstriper1-14.2.8-115.el7cp.x86_64.rpm
librbd-devel-14.2.8-115.el7cp.x86_64.rpm
librbd1-14.2.8-115.el7cp.x86_64.rpm
librgw-devel-14.2.8-115.el7cp.x86_64.rpm
librgw2-14.2.8-115.el7cp.x86_64.rpm
python-ceph-argparse-14.2.8-115.el7cp.x86_64.rpm
python-cephfs-14.2.8-115.el7cp.x86_64.rpm
python-rados-14.2.8-115.el7cp.x86_64.rpm
python-rbd-14.2.8-115.el7cp.x86_64.rpm
python-rgw-14.2.8-115.el7cp.x86_64.rpm
rbd-mirror-14.2.8-115.el7cp.x86_64.rpm
rbd-nbd-14.2.8-115.el7cp.x86_64.rpm

Red Hat Ceph Storage 4.1 MON:

Source:
ceph-14.2.8-115.el8cp.src.rpm

noarch:
ceph-grafana-dashboards-14.2.8-115.el8cp.noarch.rpm
ceph-mgr-dashboard-14.2.8-115.el8cp.noarch.rpm
ceph-mgr-diskprediction-local-14.2.8-115.el8cp.noarch.rpm
ceph-mgr-k8sevents-14.2.8-115.el8cp.noarch.rpm
ceph-mgr-rook-14.2.8-115.el8cp.noarch.rpm

ppc64le:
ceph-base-14.2.8-115.el8cp.ppc64le.rpm
ceph-base-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
ceph-common-14.2.8-115.el8cp.ppc64le.rpm
ceph-common-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
ceph-debugsource-14.2.8-115.el8cp.ppc64le.rpm
ceph-fuse-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
ceph-mds-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
ceph-mgr-14.2.8-115.el8cp.ppc64le.rpm
ceph-mgr-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
ceph-mon-14.2.8-115.el8cp.ppc64le.rpm
ceph-mon-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
ceph-osd-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
ceph-radosgw-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
ceph-selinux-14.2.8-115.el8cp.ppc64le.rpm
ceph-test-14.2.8-115.el8cp.ppc64le.rpm
ceph-test-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
libcephfs-devel-14.2.8-115.el8cp.ppc64le.rpm
libcephfs2-14.2.8-115.el8cp.ppc64le.rpm
libcephfs2-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
librados-devel-14.2.8-115.el8cp.ppc64le.rpm
librados-devel-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
librados2-14.2.8-115.el8cp.ppc64le.rpm
librados2-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
libradospp-devel-14.2.8-115.el8cp.ppc64le.rpm
libradosstriper1-14.2.8-115.el8cp.ppc64le.rpm
libradosstriper1-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
librbd-devel-14.2.8-115.el8cp.ppc64le.rpm
librbd1-14.2.8-115.el8cp.ppc64le.rpm
librbd1-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
librgw-devel-14.2.8-115.el8cp.ppc64le.rpm
librgw2-14.2.8-115.el8cp.ppc64le.rpm
librgw2-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
python3-ceph-argparse-14.2.8-115.el8cp.ppc64le.rpm
python3-cephfs-14.2.8-115.el8cp.ppc64le.rpm
python3-cephfs-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
python3-rados-14.2.8-115.el8cp.ppc64le.rpm
python3-rados-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
python3-rbd-14.2.8-115.el8cp.ppc64le.rpm
python3-rbd-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
python3-rgw-14.2.8-115.el8cp.ppc64le.rpm
python3-rgw-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
rbd-fuse-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
rbd-mirror-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
rbd-nbd-debuginfo-14.2.8-115.el8cp.ppc64le.rpm

s390x:
ceph-base-14.2.8-115.el8cp.s390x.rpm
ceph-base-debuginfo-14.2.8-115.el8cp.s390x.rpm
ceph-common-14.2.8-115.el8cp.s390x.rpm
ceph-common-debuginfo-14.2.8-115.el8cp.s390x.rpm
ceph-debugsource-14.2.8-115.el8cp.s390x.rpm
ceph-fuse-debuginfo-14.2.8-115.el8cp.s390x.rpm
ceph-mds-debuginfo-14.2.8-115.el8cp.s390x.rpm
ceph-mgr-14.2.8-115.el8cp.s390x.rpm
ceph-mgr-debuginfo-14.2.8-115.el8cp.s390x.rpm
ceph-mon-14.2.8-115.el8cp.s390x.rpm
ceph-mon-debuginfo-14.2.8-115.el8cp.s390x.rpm
ceph-osd-debuginfo-14.2.8-115.el8cp.s390x.rpm
ceph-radosgw-debuginfo-14.2.8-115.el8cp.s390x.rpm
ceph-selinux-14.2.8-115.el8cp.s390x.rpm
ceph-test-14.2.8-115.el8cp.s390x.rpm
ceph-test-debuginfo-14.2.8-115.el8cp.s390x.rpm
libcephfs-devel-14.2.8-115.el8cp.s390x.rpm
libcephfs2-14.2.8-115.el8cp.s390x.rpm
libcephfs2-debuginfo-14.2.8-115.el8cp.s390x.rpm
librados-devel-14.2.8-115.el8cp.s390x.rpm
librados-devel-debuginfo-14.2.8-115.el8cp.s390x.rpm
librados2-14.2.8-115.el8cp.s390x.rpm
librados2-debuginfo-14.2.8-115.el8cp.s390x.rpm
libradospp-devel-14.2.8-115.el8cp.s390x.rpm
libradosstriper1-14.2.8-115.el8cp.s390x.rpm
libradosstriper1-debuginfo-14.2.8-115.el8cp.s390x.rpm
librbd-devel-14.2.8-115.el8cp.s390x.rpm
librbd1-14.2.8-115.el8cp.s390x.rpm
librbd1-debuginfo-14.2.8-115.el8cp.s390x.rpm
librgw-devel-14.2.8-115.el8cp.s390x.rpm
librgw2-14.2.8-115.el8cp.s390x.rpm
librgw2-debuginfo-14.2.8-115.el8cp.s390x.rpm
python3-ceph-argparse-14.2.8-115.el8cp.s390x.rpm
python3-cephfs-14.2.8-115.el8cp.s390x.rpm
python3-cephfs-debuginfo-14.2.8-115.el8cp.s390x.rpm
python3-rados-14.2.8-115.el8cp.s390x.rpm
python3-rados-debuginfo-14.2.8-115.el8cp.s390x.rpm
python3-rbd-14.2.8-115.el8cp.s390x.rpm
python3-rbd-debuginfo-14.2.8-115.el8cp.s390x.rpm
python3-rgw-14.2.8-115.el8cp.s390x.rpm
python3-rgw-debuginfo-14.2.8-115.el8cp.s390x.rpm
rbd-fuse-debuginfo-14.2.8-115.el8cp.s390x.rpm
rbd-mirror-debuginfo-14.2.8-115.el8cp.s390x.rpm
rbd-nbd-debuginfo-14.2.8-115.el8cp.s390x.rpm

x86_64:
ceph-base-14.2.8-115.el8cp.x86_64.rpm
ceph-base-debuginfo-14.2.8-115.el8cp.x86_64.rpm
ceph-common-14.2.8-115.el8cp.x86_64.rpm
ceph-common-debuginfo-14.2.8-115.el8cp.x86_64.rpm
ceph-debugsource-14.2.8-115.el8cp.x86_64.rpm
ceph-fuse-debuginfo-14.2.8-115.el8cp.x86_64.rpm
ceph-mds-debuginfo-14.2.8-115.el8cp.x86_64.rpm
ceph-mgr-14.2.8-115.el8cp.x86_64.rpm
ceph-mgr-debuginfo-14.2.8-115.el8cp.x86_64.rpm
ceph-mon-14.2.8-115.el8cp.x86_64.rpm
ceph-mon-debuginfo-14.2.8-115.el8cp.x86_64.rpm
ceph-osd-debuginfo-14.2.8-115.el8cp.x86_64.rpm
ceph-radosgw-debuginfo-14.2.8-115.el8cp.x86_64.rpm
ceph-selinux-14.2.8-115.el8cp.x86_64.rpm
ceph-test-14.2.8-115.el8cp.x86_64.rpm
ceph-test-debuginfo-14.2.8-115.el8cp.x86_64.rpm
libcephfs-devel-14.2.8-115.el8cp.x86_64.rpm
libcephfs2-14.2.8-115.el8cp.x86_64.rpm
libcephfs2-debuginfo-14.2.8-115.el8cp.x86_64.rpm
librados-devel-14.2.8-115.el8cp.x86_64.rpm
librados-devel-debuginfo-14.2.8-115.el8cp.x86_64.rpm
librados2-14.2.8-115.el8cp.x86_64.rpm
librados2-debuginfo-14.2.8-115.el8cp.x86_64.rpm
libradospp-devel-14.2.8-115.el8cp.x86_64.rpm
libradosstriper1-14.2.8-115.el8cp.x86_64.rpm
libradosstriper1-debuginfo-14.2.8-115.el8cp.x86_64.rpm
librbd-devel-14.2.8-115.el8cp.x86_64.rpm
librbd1-14.2.8-115.el8cp.x86_64.rpm
librbd1-debuginfo-14.2.8-115.el8cp.x86_64.rpm
librgw-devel-14.2.8-115.el8cp.x86_64.rpm
librgw2-14.2.8-115.el8cp.x86_64.rpm
librgw2-debuginfo-14.2.8-115.el8cp.x86_64.rpm
python3-ceph-argparse-14.2.8-115.el8cp.x86_64.rpm
python3-cephfs-14.2.8-115.el8cp.x86_64.rpm
python3-cephfs-debuginfo-14.2.8-115.el8cp.x86_64.rpm
python3-rados-14.2.8-115.el8cp.x86_64.rpm
python3-rados-debuginfo-14.2.8-115.el8cp.x86_64.rpm
python3-rbd-14.2.8-115.el8cp.x86_64.rpm
python3-rbd-debuginfo-14.2.8-115.el8cp.x86_64.rpm
python3-rgw-14.2.8-115.el8cp.x86_64.rpm
python3-rgw-debuginfo-14.2.8-115.el8cp.x86_64.rpm
rbd-fuse-debuginfo-14.2.8-115.el8cp.x86_64.rpm
rbd-mirror-debuginfo-14.2.8-115.el8cp.x86_64.rpm
rbd-nbd-debuginfo-14.2.8-115.el8cp.x86_64.rpm

Red Hat Ceph Storage 4.1 OSD:

Source:
ceph-14.2.8-115.el8cp.src.rpm

ppc64le:
ceph-base-14.2.8-115.el8cp.ppc64le.rpm
ceph-base-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
ceph-common-14.2.8-115.el8cp.ppc64le.rpm
ceph-common-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
ceph-debugsource-14.2.8-115.el8cp.ppc64le.rpm
ceph-fuse-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
ceph-mds-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
ceph-mgr-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
ceph-mon-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
ceph-osd-14.2.8-115.el8cp.ppc64le.rpm
ceph-osd-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
ceph-radosgw-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
ceph-selinux-14.2.8-115.el8cp.ppc64le.rpm
ceph-test-14.2.8-115.el8cp.ppc64le.rpm
ceph-test-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
libcephfs-devel-14.2.8-115.el8cp.ppc64le.rpm
libcephfs2-14.2.8-115.el8cp.ppc64le.rpm
libcephfs2-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
librados-devel-14.2.8-115.el8cp.ppc64le.rpm
librados-devel-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
librados2-14.2.8-115.el8cp.ppc64le.rpm
librados2-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
libradospp-devel-14.2.8-115.el8cp.ppc64le.rpm
libradosstriper1-14.2.8-115.el8cp.ppc64le.rpm
libradosstriper1-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
librbd-devel-14.2.8-115.el8cp.ppc64le.rpm
librbd1-14.2.8-115.el8cp.ppc64le.rpm
librbd1-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
librgw-devel-14.2.8-115.el8cp.ppc64le.rpm
librgw2-14.2.8-115.el8cp.ppc64le.rpm
librgw2-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
python3-ceph-argparse-14.2.8-115.el8cp.ppc64le.rpm
python3-cephfs-14.2.8-115.el8cp.ppc64le.rpm
python3-cephfs-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
python3-rados-14.2.8-115.el8cp.ppc64le.rpm
python3-rados-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
python3-rbd-14.2.8-115.el8cp.ppc64le.rpm
python3-rbd-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
python3-rgw-14.2.8-115.el8cp.ppc64le.rpm
python3-rgw-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
rbd-fuse-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
rbd-mirror-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
rbd-nbd-debuginfo-14.2.8-115.el8cp.ppc64le.rpm

s390x:
ceph-base-14.2.8-115.el8cp.s390x.rpm
ceph-base-debuginfo-14.2.8-115.el8cp.s390x.rpm
ceph-common-14.2.8-115.el8cp.s390x.rpm
ceph-common-debuginfo-14.2.8-115.el8cp.s390x.rpm
ceph-debugsource-14.2.8-115.el8cp.s390x.rpm
ceph-fuse-debuginfo-14.2.8-115.el8cp.s390x.rpm
ceph-mds-debuginfo-14.2.8-115.el8cp.s390x.rpm
ceph-mgr-debuginfo-14.2.8-115.el8cp.s390x.rpm
ceph-mon-debuginfo-14.2.8-115.el8cp.s390x.rpm
ceph-osd-14.2.8-115.el8cp.s390x.rpm
ceph-osd-debuginfo-14.2.8-115.el8cp.s390x.rpm
ceph-radosgw-debuginfo-14.2.8-115.el8cp.s390x.rpm
ceph-selinux-14.2.8-115.el8cp.s390x.rpm
ceph-test-14.2.8-115.el8cp.s390x.rpm
ceph-test-debuginfo-14.2.8-115.el8cp.s390x.rpm
libcephfs-devel-14.2.8-115.el8cp.s390x.rpm
libcephfs2-14.2.8-115.el8cp.s390x.rpm
libcephfs2-debuginfo-14.2.8-115.el8cp.s390x.rpm
librados-devel-14.2.8-115.el8cp.s390x.rpm
librados-devel-debuginfo-14.2.8-115.el8cp.s390x.rpm
librados2-14.2.8-115.el8cp.s390x.rpm
librados2-debuginfo-14.2.8-115.el8cp.s390x.rpm
libradospp-devel-14.2.8-115.el8cp.s390x.rpm
libradosstriper1-14.2.8-115.el8cp.s390x.rpm
libradosstriper1-debuginfo-14.2.8-115.el8cp.s390x.rpm
librbd-devel-14.2.8-115.el8cp.s390x.rpm
librbd1-14.2.8-115.el8cp.s390x.rpm
librbd1-debuginfo-14.2.8-115.el8cp.s390x.rpm
librgw-devel-14.2.8-115.el8cp.s390x.rpm
librgw2-14.2.8-115.el8cp.s390x.rpm
librgw2-debuginfo-14.2.8-115.el8cp.s390x.rpm
python3-ceph-argparse-14.2.8-115.el8cp.s390x.rpm
python3-cephfs-14.2.8-115.el8cp.s390x.rpm
python3-cephfs-debuginfo-14.2.8-115.el8cp.s390x.rpm
python3-rados-14.2.8-115.el8cp.s390x.rpm
python3-rados-debuginfo-14.2.8-115.el8cp.s390x.rpm
python3-rbd-14.2.8-115.el8cp.s390x.rpm
python3-rbd-debuginfo-14.2.8-115.el8cp.s390x.rpm
python3-rgw-14.2.8-115.el8cp.s390x.rpm
python3-rgw-debuginfo-14.2.8-115.el8cp.s390x.rpm
rbd-fuse-debuginfo-14.2.8-115.el8cp.s390x.rpm
rbd-mirror-debuginfo-14.2.8-115.el8cp.s390x.rpm
rbd-nbd-debuginfo-14.2.8-115.el8cp.s390x.rpm

x86_64:
ceph-base-14.2.8-115.el8cp.x86_64.rpm
ceph-base-debuginfo-14.2.8-115.el8cp.x86_64.rpm
ceph-common-14.2.8-115.el8cp.x86_64.rpm
ceph-common-debuginfo-14.2.8-115.el8cp.x86_64.rpm
ceph-debugsource-14.2.8-115.el8cp.x86_64.rpm
ceph-fuse-debuginfo-14.2.8-115.el8cp.x86_64.rpm
ceph-mds-debuginfo-14.2.8-115.el8cp.x86_64.rpm
ceph-mgr-debuginfo-14.2.8-115.el8cp.x86_64.rpm
ceph-mon-debuginfo-14.2.8-115.el8cp.x86_64.rpm
ceph-osd-14.2.8-115.el8cp.x86_64.rpm
ceph-osd-debuginfo-14.2.8-115.el8cp.x86_64.rpm
ceph-radosgw-debuginfo-14.2.8-115.el8cp.x86_64.rpm
ceph-selinux-14.2.8-115.el8cp.x86_64.rpm
ceph-test-14.2.8-115.el8cp.x86_64.rpm
ceph-test-debuginfo-14.2.8-115.el8cp.x86_64.rpm
libcephfs-devel-14.2.8-115.el8cp.x86_64.rpm
libcephfs2-14.2.8-115.el8cp.x86_64.rpm
libcephfs2-debuginfo-14.2.8-115.el8cp.x86_64.rpm
librados-devel-14.2.8-115.el8cp.x86_64.rpm
librados-devel-debuginfo-14.2.8-115.el8cp.x86_64.rpm
librados2-14.2.8-115.el8cp.x86_64.rpm
librados2-debuginfo-14.2.8-115.el8cp.x86_64.rpm
libradospp-devel-14.2.8-115.el8cp.x86_64.rpm
libradosstriper1-14.2.8-115.el8cp.x86_64.rpm
libradosstriper1-debuginfo-14.2.8-115.el8cp.x86_64.rpm
librbd-devel-14.2.8-115.el8cp.x86_64.rpm
librbd1-14.2.8-115.el8cp.x86_64.rpm
librbd1-debuginfo-14.2.8-115.el8cp.x86_64.rpm
librgw-devel-14.2.8-115.el8cp.x86_64.rpm
librgw2-14.2.8-115.el8cp.x86_64.rpm
librgw2-debuginfo-14.2.8-115.el8cp.x86_64.rpm
python3-ceph-argparse-14.2.8-115.el8cp.x86_64.rpm
python3-cephfs-14.2.8-115.el8cp.x86_64.rpm
python3-cephfs-debuginfo-14.2.8-115.el8cp.x86_64.rpm
python3-rados-14.2.8-115.el8cp.x86_64.rpm
python3-rados-debuginfo-14.2.8-115.el8cp.x86_64.rpm
python3-rbd-14.2.8-115.el8cp.x86_64.rpm
python3-rbd-debuginfo-14.2.8-115.el8cp.x86_64.rpm
python3-rgw-14.2.8-115.el8cp.x86_64.rpm
python3-rgw-debuginfo-14.2.8-115.el8cp.x86_64.rpm
rbd-fuse-debuginfo-14.2.8-115.el8cp.x86_64.rpm
rbd-mirror-debuginfo-14.2.8-115.el8cp.x86_64.rpm
rbd-nbd-debuginfo-14.2.8-115.el8cp.x86_64.rpm

Red Hat Ceph Storage 4.1 Tools:

Source:
ceph-14.2.8-115.el8cp.src.rpm

noarch:
ceph-grafana-dashboards-14.2.8-115.el8cp.noarch.rpm

ppc64le:
ceph-base-14.2.8-115.el8cp.ppc64le.rpm
ceph-base-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
ceph-common-14.2.8-115.el8cp.ppc64le.rpm
ceph-common-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
ceph-debugsource-14.2.8-115.el8cp.ppc64le.rpm
ceph-fuse-14.2.8-115.el8cp.ppc64le.rpm
ceph-fuse-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
ceph-mds-14.2.8-115.el8cp.ppc64le.rpm
ceph-mds-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
ceph-mgr-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
ceph-mon-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
ceph-osd-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
ceph-radosgw-14.2.8-115.el8cp.ppc64le.rpm
ceph-radosgw-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
ceph-selinux-14.2.8-115.el8cp.ppc64le.rpm
ceph-test-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
libcephfs-devel-14.2.8-115.el8cp.ppc64le.rpm
libcephfs2-14.2.8-115.el8cp.ppc64le.rpm
libcephfs2-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
librados-devel-14.2.8-115.el8cp.ppc64le.rpm
librados-devel-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
librados2-14.2.8-115.el8cp.ppc64le.rpm
librados2-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
libradospp-devel-14.2.8-115.el8cp.ppc64le.rpm
libradosstriper1-14.2.8-115.el8cp.ppc64le.rpm
libradosstriper1-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
librbd-devel-14.2.8-115.el8cp.ppc64le.rpm
librbd1-14.2.8-115.el8cp.ppc64le.rpm
librbd1-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
librgw-devel-14.2.8-115.el8cp.ppc64le.rpm
librgw2-14.2.8-115.el8cp.ppc64le.rpm
librgw2-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
python3-ceph-argparse-14.2.8-115.el8cp.ppc64le.rpm
python3-cephfs-14.2.8-115.el8cp.ppc64le.rpm
python3-cephfs-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
python3-rados-14.2.8-115.el8cp.ppc64le.rpm
python3-rados-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
python3-rbd-14.2.8-115.el8cp.ppc64le.rpm
python3-rbd-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
python3-rgw-14.2.8-115.el8cp.ppc64le.rpm
python3-rgw-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
rbd-fuse-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
rbd-mirror-14.2.8-115.el8cp.ppc64le.rpm
rbd-mirror-debuginfo-14.2.8-115.el8cp.ppc64le.rpm
rbd-nbd-14.2.8-115.el8cp.ppc64le.rpm
rbd-nbd-debuginfo-14.2.8-115.el8cp.ppc64le.rpm

s390x:
ceph-base-14.2.8-115.el8cp.s390x.rpm
ceph-base-debuginfo-14.2.8-115.el8cp.s390x.rpm
ceph-common-14.2.8-115.el8cp.s390x.rpm
ceph-common-debuginfo-14.2.8-115.el8cp.s390x.rpm
ceph-debugsource-14.2.8-115.el8cp.s390x.rpm
ceph-fuse-14.2.8-115.el8cp.s390x.rpm
ceph-fuse-debuginfo-14.2.8-115.el8cp.s390x.rpm
ceph-mds-14.2.8-115.el8cp.s390x.rpm
ceph-mds-debuginfo-14.2.8-115.el8cp.s390x.rpm
ceph-mgr-debuginfo-14.2.8-115.el8cp.s390x.rpm
ceph-mon-debuginfo-14.2.8-115.el8cp.s390x.rpm
ceph-osd-debuginfo-14.2.8-115.el8cp.s390x.rpm
ceph-radosgw-14.2.8-115.el8cp.s390x.rpm
ceph-radosgw-debuginfo-14.2.8-115.el8cp.s390x.rpm
ceph-selinux-14.2.8-115.el8cp.s390x.rpm
ceph-test-debuginfo-14.2.8-115.el8cp.s390x.rpm
libcephfs-devel-14.2.8-115.el8cp.s390x.rpm
libcephfs2-14.2.8-115.el8cp.s390x.rpm
libcephfs2-debuginfo-14.2.8-115.el8cp.s390x.rpm
librados-devel-14.2.8-115.el8cp.s390x.rpm
librados-devel-debuginfo-14.2.8-115.el8cp.s390x.rpm
librados2-14.2.8-115.el8cp.s390x.rpm
librados2-debuginfo-14.2.8-115.el8cp.s390x.rpm
libradospp-devel-14.2.8-115.el8cp.s390x.rpm
libradosstriper1-14.2.8-115.el8cp.s390x.rpm
libradosstriper1-debuginfo-14.2.8-115.el8cp.s390x.rpm
librbd-devel-14.2.8-115.el8cp.s390x.rpm
librbd1-14.2.8-115.el8cp.s390x.rpm
librbd1-debuginfo-14.2.8-115.el8cp.s390x.rpm
librgw-devel-14.2.8-115.el8cp.s390x.rpm
librgw2-14.2.8-115.el8cp.s390x.rpm
librgw2-debuginfo-14.2.8-115.el8cp.s390x.rpm
python3-ceph-argparse-14.2.8-115.el8cp.s390x.rpm
python3-cephfs-14.2.8-115.el8cp.s390x.rpm
python3-cephfs-debuginfo-14.2.8-115.el8cp.s390x.rpm
python3-rados-14.2.8-115.el8cp.s390x.rpm
python3-rados-debuginfo-14.2.8-115.el8cp.s390x.rpm
python3-rbd-14.2.8-115.el8cp.s390x.rpm
python3-rbd-debuginfo-14.2.8-115.el8cp.s390x.rpm
python3-rgw-14.2.8-115.el8cp.s390x.rpm
python3-rgw-debuginfo-14.2.8-115.el8cp.s390x.rpm
rbd-fuse-debuginfo-14.2.8-115.el8cp.s390x.rpm
rbd-mirror-14.2.8-115.el8cp.s390x.rpm
rbd-mirror-debuginfo-14.2.8-115.el8cp.s390x.rpm
rbd-nbd-14.2.8-115.el8cp.s390x.rpm
rbd-nbd-debuginfo-14.2.8-115.el8cp.s390x.rpm

x86_64:
ceph-base-14.2.8-115.el8cp.x86_64.rpm
ceph-base-debuginfo-14.2.8-115.el8cp.x86_64.rpm
ceph-common-14.2.8-115.el8cp.x86_64.rpm
ceph-common-debuginfo-14.2.8-115.el8cp.x86_64.rpm
ceph-debugsource-14.2.8-115.el8cp.x86_64.rpm
ceph-fuse-14.2.8-115.el8cp.x86_64.rpm
ceph-fuse-debuginfo-14.2.8-115.el8cp.x86_64.rpm
ceph-mds-14.2.8-115.el8cp.x86_64.rpm
ceph-mds-debuginfo-14.2.8-115.el8cp.x86_64.rpm
ceph-mgr-debuginfo-14.2.8-115.el8cp.x86_64.rpm
ceph-mon-debuginfo-14.2.8-115.el8cp.x86_64.rpm
ceph-osd-debuginfo-14.2.8-115.el8cp.x86_64.rpm
ceph-radosgw-14.2.8-115.el8cp.x86_64.rpm
ceph-radosgw-debuginfo-14.2.8-115.el8cp.x86_64.rpm
ceph-selinux-14.2.8-115.el8cp.x86_64.rpm
ceph-test-debuginfo-14.2.8-115.el8cp.x86_64.rpm
libcephfs-devel-14.2.8-115.el8cp.x86_64.rpm
libcephfs2-14.2.8-115.el8cp.x86_64.rpm
libcephfs2-debuginfo-14.2.8-115.el8cp.x86_64.rpm
librados-devel-14.2.8-115.el8cp.x86_64.rpm
librados-devel-debuginfo-14.2.8-115.el8cp.x86_64.rpm
librados2-14.2.8-115.el8cp.x86_64.rpm
librados2-debuginfo-14.2.8-115.el8cp.x86_64.rpm
libradospp-devel-14.2.8-115.el8cp.x86_64.rpm
libradosstriper1-14.2.8-115.el8cp.x86_64.rpm
libradosstriper1-debuginfo-14.2.8-115.el8cp.x86_64.rpm
librbd-devel-14.2.8-115.el8cp.x86_64.rpm
librbd1-14.2.8-115.el8cp.x86_64.rpm
librbd1-debuginfo-14.2.8-115.el8cp.x86_64.rpm
librgw-devel-14.2.8-115.el8cp.x86_64.rpm
librgw2-14.2.8-115.el8cp.x86_64.rpm
librgw2-debuginfo-14.2.8-115.el8cp.x86_64.rpm
python3-ceph-argparse-14.2.8-115.el8cp.x86_64.rpm
python3-cephfs-14.2.8-115.el8cp.x86_64.rpm
python3-cephfs-debuginfo-14.2.8-115.el8cp.x86_64.rpm
python3-rados-14.2.8-115.el8cp.x86_64.rpm
python3-rados-debuginfo-14.2.8-115.el8cp.x86_64.rpm
python3-rbd-14.2.8-115.el8cp.x86_64.rpm
python3-rbd-debuginfo-14.2.8-115.el8cp.x86_64.rpm
python3-rgw-14.2.8-115.el8cp.x86_64.rpm
python3-rgw-debuginfo-14.2.8-115.el8cp.x86_64.rpm
rbd-fuse-debuginfo-14.2.8-115.el8cp.x86_64.rpm
rbd-mirror-14.2.8-115.el8cp.x86_64.rpm
rbd-mirror-debuginfo-14.2.8-115.el8cp.x86_64.rpm
rbd-nbd-14.2.8-115.el8cp.x86_64.rpm
rbd-nbd-debuginfo-14.2.8-115.el8cp.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-25660
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBX8exo9zjgjWX9erEAQgj0Q//YeuzKMfZQiZZMmotVgFLsm0omMLlIA4T
xXA75A1DBkLDGK0SKGukmnHwHvBbJC41b5grgud4BvaJPHZoMWm4v5OLft//VokT
833uSDfP4PYKORKqDChgmKmfx87X5zpHlcRxgrJFmRG1hc7xx0RF/do5B0I1wSws
j9VwtepTDcYnpKUWqyQB/cg/+SqOy/2YiJf+ewyaoZpPZnu91T3IvSD5G5O+v/y6
jzTgZ8yrr78bxNfBTwgMIupMGWjgqU2sVXcyU/P8laaICzOGlcGStbStX0AzH726
HGXRymXB8sXwrKlJ4mXRQDYXnO7v5Hb0GQNu6Fk6Bo4Y3hS0DhChbNegMUcgOlMZ
+w/88ADxXGIltMTpSLIl0y3dZnGxELMFfS5vlbPxoLYmhbS3lxh9TmKPLENRLR42
/BUnWUkyX7w6Ce1/5wUksQ5o32qqye3UTGWr492vtQ4v2+XH91yz3Q8nkN7Bzdlr
evof8cA6I7Tv73w+v0z6rG5Ct/NPAGJyA/xmjA5EL5RJhtnPgcCNeZquLfekvRTd
dp0XJNGLmonCPDGIdg6XrV1te5+vnSets0O+aBGppxRhjDTVfx8GdZHBLSb7hk2b
8lylmse8zltWzM9AMYIUBiDO+MJFEwsJcBUXhTXwjNAg5Zed64jDmpPMVNG7Pbmp
fqia79MGsV0=
=lnLE
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

The post Sigurnosni nedostatak programskog paketa Red Hat Ceph Storage 4.1 appeared first on CERT.hr.

Sigurnosni nedostaci jezgre operacijskog sustava

pet, 2020-12-04 14:52
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4660-1
December 03, 2020

linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp,
linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem,
linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
– Ubuntu 14.04 ESM

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
– linux: Linux kernel
– linux-aws: Linux kernel for Amazon Web Services (AWS) systems
– linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems
– linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems
– linux-gke-4.15: Linux kernel for Google Container Engine (GKE) systems
– linux-kvm: Linux kernel for cloud environments
– linux-oem: Linux kernel for OEM systems
– linux-oracle: Linux kernel for Oracle Cloud systems
– linux-raspi2: Linux kernel for Raspberry Pi (V8) systems
– linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors
– linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems
– linux-azure: Linux kernel for Microsoft Azure Cloud systems
– linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
– linux-hwe: Linux hardware enablement (HWE) kernel

Details:

It was discovered that a race condition existed in the perf subsystem of
the Linux kernel, leading to a use-after-free vulnerability. An attacker
with access to the perf subsystem could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2020-14351)

It was discovered that the frame buffer implementation in the Linux kernel
did not properly handle some edge cases in software scrollback. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-14390)

It was discovered that the netfilter connection tracker for netlink in the
Linux kernel did not properly perform bounds checking in some situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2020-25211)

It was discovered that the Rados block device (rbd) driver in the Linux
kernel did not properly perform privilege checks for access to rbd devices
in some situations. A local attacker could use this to map or unmap rbd
block devices. (CVE-2020-25284)

It was discovered that a race condition existed in the hugetlb sysctl
implementation in the Linux kernel. A privileged attacker could use this to
cause a denial of service (system crash). (CVE-2020-25285)

It was discovered that the block layer subsystem in the Linux kernel did
not properly handle zero-length requests. A local attacker could use this
to cause a denial of service. (CVE-2020-25641)

It was discovered that the HDLC PPP implementation in the Linux kernel did
not properly validate input in some situations. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2020-25643)

It was discovered that the GENEVE tunnel implementation in the Linux kernel
when combined with IPSec did not properly select IP routes in some
situations. An attacker could use this to expose sensitive information
(unencrypted network traffic). (CVE-2020-25645)

It was discovered that the framebuffer implementation in the Linux kernel
did not properly perform range checks in certain situations. A local
attacker could use this to expose sensitive information (kernel memory).
(CVE-2020-28915)

It was discovered that Power 9 processors could be coerced to expose
information from the L1 cache in certain situations. A local attacker could
use this to expose sensitive information. (CVE-2020-4788)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
linux-image-4.15.0-1059-oracle 4.15.0-1059.65
linux-image-4.15.0-1074-gke 4.15.0-1074.79
linux-image-4.15.0-1074-raspi2 4.15.0-1074.79
linux-image-4.15.0-1079-kvm 4.15.0-1079.81
linux-image-4.15.0-1088-aws 4.15.0-1088.93
linux-image-4.15.0-1088-gcp 4.15.0-1088.101
linux-image-4.15.0-1091-snapdragon 4.15.0-1091.100
linux-image-4.15.0-1100-azure 4.15.0-1100.111
linux-image-4.15.0-1103-oem 4.15.0-1103.114
linux-image-4.15.0-126-generic 4.15.0-126.129
linux-image-4.15.0-126-generic-lpae 4.15.0-126.129
linux-image-4.15.0-126-lowlatency 4.15.0-126.129
linux-image-aws-lts-18.04 4.15.0.1088.90
linux-image-azure-lts-18.04 4.15.0.1100.73
linux-image-gcp-lts-18.04 4.15.0.1088.106
linux-image-generic 4.15.0.126.113
linux-image-generic-lpae 4.15.0.126.113
linux-image-gke 4.15.0.1074.78
linux-image-gke-4.15 4.15.0.1074.78
linux-image-kvm 4.15.0.1079.75
linux-image-lowlatency 4.15.0.126.113
linux-image-oem 4.15.0.1103.107
linux-image-oracle-lts-18.04 4.15.0.1059.69
linux-image-powerpc-e500mc 4.15.0.126.113
linux-image-powerpc-smp 4.15.0.126.113
linux-image-powerpc64-emb 4.15.0.126.113
linux-image-powerpc64-smp 4.15.0.126.113
linux-image-raspi2 4.15.0.1074.71
linux-image-snapdragon 4.15.0.1091.94
linux-image-virtual 4.15.0.126.113

Ubuntu 16.04 LTS:
linux-image-4.15.0-1059-oracle 4.15.0-1059.65~16.04.1
linux-image-4.15.0-1088-aws 4.15.0-1088.93~16.04.1
linux-image-4.15.0-1088-gcp 4.15.0-1088.101~16.04.1
linux-image-4.15.0-1100-azure 4.15.0-1100.111~16.04.1
linux-image-4.15.0-126-generic 4.15.0-126.129~16.04.1
linux-image-4.15.0-126-generic-lpae 4.15.0-126.129~16.04.1
linux-image-4.15.0-126-lowlatency 4.15.0-126.129~16.04.1
linux-image-aws-hwe 4.15.0.1088.82
linux-image-azure 4.15.0.1100.93
linux-image-azure-edge 4.15.0.1100.93
linux-image-gcp 4.15.0.1088.89
linux-image-generic-hwe-16.04 4.15.0.126.125
linux-image-generic-lpae-hwe-16.04 4.15.0.126.125
linux-image-gke 4.15.0.1088.89
linux-image-lowlatency-hwe-16.04 4.15.0.126.125
linux-image-oem 4.15.0.126.125
linux-image-oracle 4.15.0.1059.48
linux-image-virtual-hwe-16.04 4.15.0.126.125

Ubuntu 14.04 ESM:
linux-image-4.15.0-1100-azure 4.15.0-1100.111~14.04.1
linux-image-azure 4.15.0.1100.75

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/4660-1
CVE-2020-14351, CVE-2020-14390, CVE-2020-25211, CVE-2020-25284,
CVE-2020-25285, CVE-2020-25641, CVE-2020-25643, CVE-2020-25645,
CVE-2020-28915, CVE-2020-4788

Package Information:
https://launchpad.net/ubuntu/+source/linux/4.15.0-126.129
https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1088.93
https://launchpad.net/ubuntu/+source/linux-azure-4.15/4.15.0-1100.111
https://launchpad.net/ubuntu/+source/linux-gcp-4.15/4.15.0-1088.101
https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1074.79
https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1079.81
https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1103.114
https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1059.65
https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1074.79
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1091.100
https://launchpad.net/ubuntu/+source/linux-aws-hwe/4.15.0-1088.93~16.04.1
https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1100.111~16.04.1
https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1088.101~16.04.1
https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-126.129~16.04.1
https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1059.65~16.04.1

—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl/ITaQACgkQLwmejQBe
gfQR1Q/+Oe90PbPDfsRihAKK0EN97qf6ASX7/CSYHPTm4kynC/DD5RB/+NUxMN4Z
2clYCduYCQ+hBX9MOvw7B750qcX8wsakfKFpWiKcDPOUiUjQPNZmk72+Q3Z0s2yf
K69xoY87ten9cOrIWRJnXy0QumJuWPOuk4VJMKjtopABLO80THhaz3e140fK2IMN
p7/xQBxyK8GRwyidajbDQTXbDdUYsJfPvLw09sbGYWr0YgAu1IW72ZZAL0g5yV83
w0nJuX23LoyWl/ZVLe3oNAA3yyuubQys6d+Nek3B8JokZZVpFmzytv4nxNljA6/y
45EVZrkLiN9fnASodZcT6zbDOGBNbP7uZB4axB7VB0/9jmkVFLkKBSU0PbTZeJZX
1Zc42B3CHQ/Mg8++F56UUxn6EAwYXpYXCZNR1Lt+rCEF4TLmhXQ5hoSeBUAxrREt
J23hc3u/deLFy2vgkFPSfd29B8ozDSjj/9/T89WinxCNxMdZXVRXim1YrVCFZV/X
hgiDkUtxe4XZeh0Q0/Njve7ikNzeW3GYNKw1sk7IS4CNyQheaqFgctD91aqjtF3U
LDdCrcSU4gd3tFK96/kq4d/jiRVnNiRShS4+GmqF/ABEuOe5nTLY2iiE9ODy7AkV
73mNDFcJO3qcKgBukwtUhSvhCOE+I3BV0slAjmtBaFEPQ2Z3PS4=
=EcbD
—–END PGP SIGNATURE—–

The post Sigurnosni nedostaci jezgre operacijskog sustava appeared first on CERT.hr.

Sigurnosni nedostaci programskog paketa xorg server

pet, 2020-12-04 14:52
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LSU

openSUSE Security Update: Security update for xorg-x11-server
______________________________________________________________________________

Announcement ID: openSUSE-SU-2020:2147-1
Rating: important
References: #1174908 #1177596
Cross-References: CVE-2020-14360 CVE-2020-25712
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for xorg-x11-server fixes the following issues:

– CVE-2020-25712: Fixed a heap-based buffer overflow which could have led
to privilege escalation (bsc#1177596).
– CVE-2020-14360: Fixed an out of bounds memory accesses on too short
request which could lead to denial of service (bsc#1174908).

This update was imported from the SUSE:SLE-15-SP2:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 15.2:

zypper in -t patch openSUSE-2020-2147=1

Package List:

– openSUSE Leap 15.2 (i586 x86_64):

xorg-x11-server-1.20.3-lp152.8.12.1
xorg-x11-server-debuginfo-1.20.3-lp152.8.12.1
xorg-x11-server-debugsource-1.20.3-lp152.8.12.1
xorg-x11-server-extra-1.20.3-lp152.8.12.1
xorg-x11-server-extra-debuginfo-1.20.3-lp152.8.12.1
xorg-x11-server-sdk-1.20.3-lp152.8.12.1
xorg-x11-server-source-1.20.3-lp152.8.12.1
xorg-x11-server-wayland-1.20.3-lp152.8.12.1
xorg-x11-server-wayland-debuginfo-1.20.3-lp152.8.12.1

References:

https://www.suse.com/security/cve/CVE-2020-14360.html
https://www.suse.com/security/cve/CVE-2020-25712.html
https://bugzilla.suse.com/1174908
https://bugzilla.suse.com/1177596
_______________________________________________
openSUSE Security Announce mailing list — security-announce@lists.opensuse.org
To unsubscribe, email security-announce-leave@lists.opensuse.org
List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette
List Archives: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org

The post Sigurnosni nedostaci programskog paketa xorg server appeared first on CERT.hr.

Sigurnosni nedostaci programskog paketa postgresql12

pet, 2020-12-04 14:52
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LRH

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: rh-postgresql12-postgresql security update
Advisory ID: RHSA-2020:5317-01
Product: Red Hat Software Collections
Advisory URL: https://access.redhat.com/errata/RHSA-2020:5317
Issue date: 2020-12-02
CVE Names: CVE-2020-25694 CVE-2020-25695 CVE-2020-25696
=====================================================================

1. Summary:

An update for rh-postgresql12-postgresql is now available for Red Hat
Software Collections.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) – ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) – ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) – ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) – x86_64

3. Description:

PostgreSQL is an advanced object-relational database management system
(DBMS).

The following packages have been upgraded to a later upstream version:
rh-postgresql12-postgresql (12.5).

Security Fix(es):

* postgresql: Reconnection can downgrade connection security settings
(CVE-2020-25694)

* postgresql: Multiple features escape “security restricted operation”
sandbox (CVE-2020-25695)

* postgresql: psql’s \gset allows overwriting specially treated variables
(CVE-2020-25696)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

If the postgresql service is running, it will be automatically restarted
after installing this update.

5. Bugs fixed (https://bugzilla.redhat.com/):

1894423 – CVE-2020-25694 postgresql: Reconnection can downgrade connection security settings
1894425 – CVE-2020-25695 postgresql: Multiple features escape “security restricted operation” sandbox
1894430 – CVE-2020-25696 postgresql: psql’s \gset allows overwriting specially treated variables

6. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source:
rh-postgresql12-postgresql-12.5-1.el7.src.rpm

ppc64le:
rh-postgresql12-postgresql-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-contrib-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-contrib-syspaths-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-debuginfo-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-devel-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-docs-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-libs-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-plperl-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-plpython-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-pltcl-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-server-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-server-syspaths-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-static-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-syspaths-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-test-12.5-1.el7.ppc64le.rpm

s390x:
rh-postgresql12-postgresql-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-contrib-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-contrib-syspaths-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-debuginfo-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-devel-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-docs-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-libs-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-plperl-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-plpython-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-pltcl-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-server-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-server-syspaths-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-static-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-syspaths-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-test-12.5-1.el7.s390x.rpm

x86_64:
rh-postgresql12-postgresql-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-contrib-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-contrib-syspaths-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-debuginfo-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-devel-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-docs-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-libs-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-plperl-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-plpython-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-pltcl-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-server-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-server-syspaths-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-static-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-syspaths-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-test-12.5-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):

Source:
rh-postgresql12-postgresql-12.5-1.el7.src.rpm

ppc64le:
rh-postgresql12-postgresql-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-contrib-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-contrib-syspaths-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-debuginfo-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-devel-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-docs-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-libs-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-plperl-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-plpython-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-pltcl-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-server-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-server-syspaths-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-static-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-syspaths-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-test-12.5-1.el7.ppc64le.rpm

s390x:
rh-postgresql12-postgresql-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-contrib-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-contrib-syspaths-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-debuginfo-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-devel-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-docs-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-libs-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-plperl-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-plpython-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-pltcl-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-server-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-server-syspaths-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-static-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-syspaths-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-test-12.5-1.el7.s390x.rpm

x86_64:
rh-postgresql12-postgresql-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-contrib-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-contrib-syspaths-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-debuginfo-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-devel-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-docs-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-libs-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-plperl-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-plpython-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-pltcl-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-server-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-server-syspaths-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-static-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-syspaths-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-test-12.5-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):

Source:
rh-postgresql12-postgresql-12.5-1.el7.src.rpm

ppc64le:
rh-postgresql12-postgresql-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-contrib-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-contrib-syspaths-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-debuginfo-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-devel-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-docs-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-libs-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-plperl-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-plpython-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-pltcl-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-server-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-server-syspaths-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-static-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-syspaths-12.5-1.el7.ppc64le.rpm
rh-postgresql12-postgresql-test-12.5-1.el7.ppc64le.rpm

s390x:
rh-postgresql12-postgresql-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-contrib-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-contrib-syspaths-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-debuginfo-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-devel-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-docs-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-libs-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-plperl-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-plpython-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-pltcl-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-server-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-server-syspaths-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-static-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-syspaths-12.5-1.el7.s390x.rpm
rh-postgresql12-postgresql-test-12.5-1.el7.s390x.rpm

x86_64:
rh-postgresql12-postgresql-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-contrib-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-contrib-syspaths-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-debuginfo-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-devel-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-docs-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-libs-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-plperl-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-plpython-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-pltcl-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-server-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-server-syspaths-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-static-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-syspaths-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-test-12.5-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source:
rh-postgresql12-postgresql-12.5-1.el7.src.rpm

x86_64:
rh-postgresql12-postgresql-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-contrib-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-contrib-syspaths-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-debuginfo-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-devel-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-docs-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-libs-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-plperl-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-plpython-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-pltcl-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-server-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-server-syspaths-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-static-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-syspaths-12.5-1.el7.x86_64.rpm
rh-postgresql12-postgresql-test-12.5-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-25694
https://access.redhat.com/security/cve/CVE-2020-25695
https://access.redhat.com/security/cve/CVE-2020-25696
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBX8dvTtzjgjWX9erEAQhKTw/+OUqM8is9vY+5tRDbnzQZh2+NqU4J9yHq
sg83O3N0JngAwacxYqtEaXbiumCrC3gO3pvr5B8O0Jn8QEgXyEJ1LWFjIL5iLCwE
bMaTrxamwwRdteMRUMYKRAvdoTRC950iE55nMMNf+iy3tkP/vIyaXeT+HypmUCtW
Tsh2g3VURC03TvToKbc2du3l+dtDcPY6d5es/F5nBdfPrDhsph1mkeq29JpQfgCZ
rUy9OjLk+JDveL8BCZyXdlMxhizCiZp9KcnYqQlq22SoJORIgrmUUtTErCO2h+3v
yWZbImY+qSDoeFfYenCpje3/SsbUaWOi0J9mM6SgWWyEqM2n7oPyXto3YrmqUZB6
ZEQXPHeHVo0EBU8YPmlCYq9vSqCuWGh66eMTtQ+opWdLzii5FnsGDBU44acddSc+
VnG1Iyw/LIiJfEsaeWi0uioSgMkKSMa84oo0VIUu3S6oiDY1F68964USNyfOgKl5
A3YRYWNuTRtKYIjIwTujKstgww79du5hW9AI/XosPhY7zzbK2HzNzoD2VAVlVemv
F/iHwvO7I6+qAZIg4IN3yO1mggp2K1MXtOMzm5cHGWXhxWW60UuiK4ROCPxHHYix
0/KI95bT86derr1QtzjCZpPVNMEN2WAA/Xee/bB/VN2la/T9bYo/HWRX7gW4n7r8
dB3JhyhOA+Y=
=tvzJ
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: rh-postgresql10-postgresql security update
Advisory ID: RHSA-2020:5316-01
Product: Red Hat Software Collections
Advisory URL: https://access.redhat.com/errata/RHSA-2020:5316
Issue date: 2020-12-02
CVE Names: CVE-2020-25694 CVE-2020-25695 CVE-2020-25696
=====================================================================

1. Summary:

An update for rh-postgresql10-postgresql is now available for Red Hat
Software Collections.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) – ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) – ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) – ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) – x86_64

3. Description:

PostgreSQL is an advanced object-relational database management system
(DBMS).

The following packages have been upgraded to a later upstream version:
rh-postgresql10-postgresql (10.15).

Security Fix(es):

* postgresql: Reconnection can downgrade connection security settings
(CVE-2020-25694)

* postgresql: Multiple features escape “security restricted operation”
sandbox (CVE-2020-25695)

* postgresql: psql’s \gset allows overwriting specially treated variables
(CVE-2020-25696)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

If the postgresql service is running, it will be automatically restarted
after installing this update.

5. Bugs fixed (https://bugzilla.redhat.com/):

1894423 – CVE-2020-25694 postgresql: Reconnection can downgrade connection security settings
1894425 – CVE-2020-25695 postgresql: Multiple features escape “security restricted operation” sandbox
1894430 – CVE-2020-25696 postgresql: psql’s \gset allows overwriting specially treated variables

6. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source:
rh-postgresql10-postgresql-10.15-1.el7.src.rpm

ppc64le:
rh-postgresql10-postgresql-10.15-1.el7.ppc64le.rpm
rh-postgresql10-postgresql-contrib-10.15-1.el7.ppc64le.rpm
rh-postgresql10-postgresql-contrib-syspaths-10.15-1.el7.ppc64le.rpm
rh-postgresql10-postgresql-debuginfo-10.15-1.el7.ppc64le.rpm
rh-postgresql10-postgresql-devel-10.15-1.el7.ppc64le.rpm
rh-postgresql10-postgresql-docs-10.15-1.el7.ppc64le.rpm
rh-postgresql10-postgresql-libs-10.15-1.el7.ppc64le.rpm
rh-postgresql10-postgresql-plperl-10.15-1.el7.ppc64le.rpm
rh-postgresql10-postgresql-plpython-10.15-1.el7.ppc64le.rpm
rh-postgresql10-postgresql-pltcl-10.15-1.el7.ppc64le.rpm
rh-postgresql10-postgresql-server-10.15-1.el7.ppc64le.rpm
rh-postgresql10-postgresql-server-syspaths-10.15-1.el7.ppc64le.rpm
rh-postgresql10-postgresql-static-10.15-1.el7.ppc64le.rpm
rh-postgresql10-postgresql-syspaths-10.15-1.el7.ppc64le.rpm
rh-postgresql10-postgresql-test-10.15-1.el7.ppc64le.rpm

s390x:
rh-postgresql10-postgresql-10.15-1.el7.s390x.rpm
rh-postgresql10-postgresql-contrib-10.15-1.el7.s390x.rpm
rh-postgresql10-postgresql-contrib-syspaths-10.15-1.el7.s390x.rpm
rh-postgresql10-postgresql-debuginfo-10.15-1.el7.s390x.rpm
rh-postgresql10-postgresql-devel-10.15-1.el7.s390x.rpm
rh-postgresql10-postgresql-docs-10.15-1.el7.s390x.rpm
rh-postgresql10-postgresql-libs-10.15-1.el7.s390x.rpm
rh-postgresql10-postgresql-plperl-10.15-1.el7.s390x.rpm
rh-postgresql10-postgresql-plpython-10.15-1.el7.s390x.rpm
rh-postgresql10-postgresql-pltcl-10.15-1.el7.s390x.rpm
rh-postgresql10-postgresql-server-10.15-1.el7.s390x.rpm
rh-postgresql10-postgresql-server-syspaths-10.15-1.el7.s390x.rpm
rh-postgresql10-postgresql-static-10.15-1.el7.s390x.rpm
rh-postgresql10-postgresql-syspaths-10.15-1.el7.s390x.rpm
rh-postgresql10-postgresql-test-10.15-1.el7.s390x.rpm

x86_64:
rh-postgresql10-postgresql-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-contrib-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-contrib-syspaths-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-debuginfo-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-devel-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-docs-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-libs-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-plperl-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-plpython-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-pltcl-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-server-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-server-syspaths-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-static-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-syspaths-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-test-10.15-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):

Source:
rh-postgresql10-postgresql-10.15-1.el7.src.rpm

ppc64le:
rh-postgresql10-postgresql-10.15-1.el7.ppc64le.rpm
rh-postgresql10-postgresql-contrib-10.15-1.el7.ppc64le.rpm
rh-postgresql10-postgresql-contrib-syspaths-10.15-1.el7.ppc64le.rpm
rh-postgresql10-postgresql-debuginfo-10.15-1.el7.ppc64le.rpm
rh-postgresql10-postgresql-devel-10.15-1.el7.ppc64le.rpm
rh-postgresql10-postgresql-docs-10.15-1.el7.ppc64le.rpm
rh-postgresql10-postgresql-libs-10.15-1.el7.ppc64le.rpm
rh-postgresql10-postgresql-plperl-10.15-1.el7.ppc64le.rpm
rh-postgresql10-postgresql-plpython-10.15-1.el7.ppc64le.rpm
rh-postgresql10-postgresql-pltcl-10.15-1.el7.ppc64le.rpm
rh-postgresql10-postgresql-server-10.15-1.el7.ppc64le.rpm
rh-postgresql10-postgresql-server-syspaths-10.15-1.el7.ppc64le.rpm
rh-postgresql10-postgresql-static-10.15-1.el7.ppc64le.rpm
rh-postgresql10-postgresql-syspaths-10.15-1.el7.ppc64le.rpm
rh-postgresql10-postgresql-test-10.15-1.el7.ppc64le.rpm

s390x:
rh-postgresql10-postgresql-10.15-1.el7.s390x.rpm
rh-postgresql10-postgresql-contrib-10.15-1.el7.s390x.rpm
rh-postgresql10-postgresql-contrib-syspaths-10.15-1.el7.s390x.rpm
rh-postgresql10-postgresql-debuginfo-10.15-1.el7.s390x.rpm
rh-postgresql10-postgresql-devel-10.15-1.el7.s390x.rpm
rh-postgresql10-postgresql-docs-10.15-1.el7.s390x.rpm
rh-postgresql10-postgresql-libs-10.15-1.el7.s390x.rpm
rh-postgresql10-postgresql-plperl-10.15-1.el7.s390x.rpm
rh-postgresql10-postgresql-plpython-10.15-1.el7.s390x.rpm
rh-postgresql10-postgresql-pltcl-10.15-1.el7.s390x.rpm
rh-postgresql10-postgresql-server-10.15-1.el7.s390x.rpm
rh-postgresql10-postgresql-server-syspaths-10.15-1.el7.s390x.rpm
rh-postgresql10-postgresql-static-10.15-1.el7.s390x.rpm
rh-postgresql10-postgresql-syspaths-10.15-1.el7.s390x.rpm
rh-postgresql10-postgresql-test-10.15-1.el7.s390x.rpm

x86_64:
rh-postgresql10-postgresql-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-contrib-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-contrib-syspaths-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-debuginfo-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-devel-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-docs-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-libs-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-plperl-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-plpython-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-pltcl-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-server-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-server-syspaths-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-static-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-syspaths-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-test-10.15-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):

Source:
rh-postgresql10-postgresql-10.15-1.el7.src.rpm

ppc64le:
rh-postgresql10-postgresql-10.15-1.el7.ppc64le.rpm
rh-postgresql10-postgresql-contrib-10.15-1.el7.ppc64le.rpm
rh-postgresql10-postgresql-contrib-syspaths-10.15-1.el7.ppc64le.rpm
rh-postgresql10-postgresql-debuginfo-10.15-1.el7.ppc64le.rpm
rh-postgresql10-postgresql-devel-10.15-1.el7.ppc64le.rpm
rh-postgresql10-postgresql-docs-10.15-1.el7.ppc64le.rpm
rh-postgresql10-postgresql-libs-10.15-1.el7.ppc64le.rpm
rh-postgresql10-postgresql-plperl-10.15-1.el7.ppc64le.rpm
rh-postgresql10-postgresql-plpython-10.15-1.el7.ppc64le.rpm
rh-postgresql10-postgresql-pltcl-10.15-1.el7.ppc64le.rpm
rh-postgresql10-postgresql-server-10.15-1.el7.ppc64le.rpm
rh-postgresql10-postgresql-server-syspaths-10.15-1.el7.ppc64le.rpm
rh-postgresql10-postgresql-static-10.15-1.el7.ppc64le.rpm
rh-postgresql10-postgresql-syspaths-10.15-1.el7.ppc64le.rpm
rh-postgresql10-postgresql-test-10.15-1.el7.ppc64le.rpm

s390x:
rh-postgresql10-postgresql-10.15-1.el7.s390x.rpm
rh-postgresql10-postgresql-contrib-10.15-1.el7.s390x.rpm
rh-postgresql10-postgresql-contrib-syspaths-10.15-1.el7.s390x.rpm
rh-postgresql10-postgresql-debuginfo-10.15-1.el7.s390x.rpm
rh-postgresql10-postgresql-devel-10.15-1.el7.s390x.rpm
rh-postgresql10-postgresql-docs-10.15-1.el7.s390x.rpm
rh-postgresql10-postgresql-libs-10.15-1.el7.s390x.rpm
rh-postgresql10-postgresql-plperl-10.15-1.el7.s390x.rpm
rh-postgresql10-postgresql-plpython-10.15-1.el7.s390x.rpm
rh-postgresql10-postgresql-pltcl-10.15-1.el7.s390x.rpm
rh-postgresql10-postgresql-server-10.15-1.el7.s390x.rpm
rh-postgresql10-postgresql-server-syspaths-10.15-1.el7.s390x.rpm
rh-postgresql10-postgresql-static-10.15-1.el7.s390x.rpm
rh-postgresql10-postgresql-syspaths-10.15-1.el7.s390x.rpm
rh-postgresql10-postgresql-test-10.15-1.el7.s390x.rpm

x86_64:
rh-postgresql10-postgresql-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-contrib-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-contrib-syspaths-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-debuginfo-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-devel-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-docs-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-libs-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-plperl-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-plpython-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-pltcl-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-server-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-server-syspaths-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-static-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-syspaths-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-test-10.15-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source:
rh-postgresql10-postgresql-10.15-1.el7.src.rpm

x86_64:
rh-postgresql10-postgresql-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-contrib-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-contrib-syspaths-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-debuginfo-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-devel-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-docs-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-libs-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-plperl-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-plpython-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-pltcl-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-server-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-server-syspaths-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-static-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-syspaths-10.15-1.el7.x86_64.rpm
rh-postgresql10-postgresql-test-10.15-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-25694
https://access.redhat.com/security/cve/CVE-2020-25695
https://access.redhat.com/security/cve/CVE-2020-25696
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBX8dumtzjgjWX9erEAQjowQ/+PBCoOhVUUxcU717L4PR6jgs9ZtenO3Ku
cLlo9qjlEDMuHUQt1Nx1Xc+v/Msh1GBUth7EArU5oyho1M6qwPMz7y/kB+gmV1rU
FCLEtFigmcWrFo1f6ypUsik9Q9vjpg3GDbHHeaRjD01yDuqaEGTf7cHRGZNj35Pw
H0weQGtU8AEaff86V8EG1pECqIj2VaiA/yfXkGX/YMPYoT/kWLDgBaaJ4p+/FYT0
MIn8qmjMllsu9Q2S2ip/Beb38RVLbJLJeBMihA0okSZzMrv+E6voSWY/3Jm/rPgq
LoaSGDSbJjTT5SThYSSs6q0FSj2yVZ2uvmKLcWsyGoDgjHezr5370ZyypDNGweC6
raTpSeZeoBgckssEQA1jgU/XYhqGCVWF6iPgJiWMla8gtNzlXsOi+hisIpvi6bXQ
6fueGEb7NlqaVKkO3Yerbelw2+bm/9G617Ei+V5G/P/aVPot5so1bQISpn7QoA0i
konvMh08IhmT0uXrJRRrHDOlmPEfbdDf0QOkebWl90xRDctScLj0BeaIl3zsV1q5
z20h4J2NqrVqNimddBXNC9tCqzMfAXILc76Zhb6ZcrQrDjA4RTIYx0uELZd1GHYZ
iG56rLG72SLji2sYJyglqwAJX62qoyt55CwH10loVTBC8oVqg6rB3YQECi+A5Gs0
1r58k0ljr3I=
=VxlD
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

The post Sigurnosni nedostaci programskog paketa postgresql12 appeared first on CERT.hr.

Sigurnosni nedostaci programskog paketa php pear

pet, 2020-12-04 14:52
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

——————————————————————————–
Fedora Update Notification
FEDORA-2020-f351eb14e3
2020-12-02 10:39:54.177827
——————————————————————————–

Name : php-pear
Product : Fedora 33
Version : 1.10.12
Release : 4.fc33
URL : http://pear.php.net/package/PEAR
Summary : PHP Extension and Application Repository framework
Description :
PEAR is a framework and distribution system for reusable PHP
components. This package contains the basic PEAR components.

——————————————————————————–
Update Information:

* Fix Bug #27002: Filename manipulation vulnerabilities (CVE-2020-28948 /
CVE-2020-28949) [mrook]
——————————————————————————–
ChangeLog:

* Mon Nov 23 2020 Remi Collet <remi@remirepo.net> – 1:1.10.12-4
– update Archive_Tar to 1.4.11
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-f351eb14e3’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

——————————————————————————–
Fedora Update Notification
FEDORA-2020-5271a896ff
2020-12-02 10:39:53.044367
——————————————————————————–

Name : php-pear
Product : Fedora 32
Version : 1.10.12
Release : 4.fc32
URL : http://pear.php.net/package/PEAR
Summary : PHP Extension and Application Repository framework
Description :
PEAR is a framework and distribution system for reusable PHP
components. This package contains the basic PEAR components.

——————————————————————————–
Update Information:

* Fix Bug #27002: Filename manipulation vulnerabilities (CVE-2020-28948 /
CVE-2020-28949) [mrook]
——————————————————————————–
ChangeLog:

* Mon Nov 23 2020 Remi Collet <remi@remirepo.net> – 1:1.10.12-4
– update Archive_Tar to 1.4.11
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-5271a896ff’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

The post Sigurnosni nedostaci programskog paketa php pear appeared first on CERT.hr.

Sigurnosni nedostatak programskog paketa perl Convert ASN1

pet, 2020-12-04 14:52
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

——————————————————————————–
Fedora Update Notification
FEDORA-2020-d8bc3a9874
2020-12-02 10:39:53.044515
——————————————————————————–

Name : perl-Convert-ASN1
Product : Fedora 32
Version : 0.27
Release : 19.fc32
URL : https://metacpan.org/release/Convert-ASN1
Summary : ASN.1 encode/decode library
Description :
Convert::ASN1 encodes and decodes ASN.1 data structures using BER/DER rules.

——————————————————————————–
Update Information:

Security fix for CVE-2013-7488
——————————————————————————–
ChangeLog:

* Mon Nov 23 2020 Jitka Plesnikova <jplesnik@redhat.com> – 0.27-19
– Fix unsafe decoding in indef case (CVE-2013-7488)
——————————————————————————–
References:

[ 1 ] Bug #1821879 – CVE-2013-7488 perl-Convert-ASN1: allows remote attackers to cause an infinite loop via unexpected input
https://bugzilla.redhat.com/show_bug.cgi?id=1821879
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-d8bc3a9874’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

The post Sigurnosni nedostatak programskog paketa perl Convert ASN1 appeared first on CERT.hr.

Sigurnosni nedostaci jezgre operacijskog sustava

pet, 2020-12-04 14:52
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4657-1
December 02, 2020

linux, linux-aws, linux-azure, linux-kvm, linux-lts-trusty, linux-raspi2,
linux-snapdragon vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS
– Ubuntu 14.04 ESM

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
– linux: Linux kernel
– linux-aws: Linux kernel for Amazon Web Services (AWS) systems
– linux-kvm: Linux kernel for cloud environments
– linux-raspi2: Linux kernel for Raspberry Pi (V8) systems
– linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors
– linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty

Details:

Elena Petrova discovered that the pin controller device tree implementation
in the Linux kernel did not properly handle string references. A local
attacker could use this to expose sensitive information (kernel memory).
(CVE-2020-0427)

Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered
that legacy pairing and secure-connections pairing authentication in the
Bluetooth protocol could allow an unauthenticated user to complete
authentication without pairing credentials via adjacent access. A
physically proximate attacker could use this to impersonate a previously
paired Bluetooth device. (CVE-2020-10135)

Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux
kernel did not properly initialize memory in some situations. A physically
proximate remote attacker could use this to expose sensitive information
(kernel memory). (CVE-2020-12352)

It was discovered that a race condition existed in the perf subsystem of
the Linux kernel, leading to a use-after-free vulnerability. An attacker
with access to the perf subsystem could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2020-14351)

It was discovered that the frame buffer implementation in the Linux kernel
did not properly handle some edge cases in software scrollback. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-14390)

It was discovered that the netfilter connection tracker for netlink in the
Linux kernel did not properly perform bounds checking in some situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2020-25211)

It was discovered that the Rados block device (rbd) driver in the Linux
kernel did not properly perform privilege checks for access to rbd devices
in some situations. A local attacker could use this to map or unmap rbd
block devices. (CVE-2020-25284)

It was discovered that the HDLC PPP implementation in the Linux kernel did
not properly validate input in some situations. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2020-25643)

It was discovered that the GENEVE tunnel implementation in the Linux kernel
when combined with IPSec did not properly select IP routes in some
situations. An attacker could use this to expose sensitive information
(unencrypted network traffic). (CVE-2020-25645)

Keyu Man discovered that the ICMP global rate limiter in the Linux kernel
could be used to assist in scanning open UDP ports. A remote attacker could
use to facilitate attacks on UDP based services that depend on source port
randomization. (CVE-2020-25705)

It was discovered that the framebuffer implementation in the Linux kernel
did not properly perform range checks in certain situations. A local
attacker could use this to expose sensitive information (kernel memory).
(CVE-2020-28915)

It was discovered that Power 9 processors could be coerced to expose
information from the L1 cache in certain situations. A local attacker could
use this to expose sensitive information. (CVE-2020-4788)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
linux-image-4.4.0-1084-kvm 4.4.0-1084.93
linux-image-4.4.0-1118-aws 4.4.0-1118.132
linux-image-4.4.0-1142-raspi2 4.4.0-1142.152
linux-image-4.4.0-1146-snapdragon 4.4.0-1146.156
linux-image-4.4.0-197-generic 4.4.0-197.229
linux-image-4.4.0-197-generic-lpae 4.4.0-197.229
linux-image-4.4.0-197-lowlatency 4.4.0-197.229
linux-image-4.4.0-197-powerpc-e500mc 4.4.0-197.229
linux-image-4.4.0-197-powerpc-smp 4.4.0-197.229
linux-image-4.4.0-197-powerpc64-emb 4.4.0-197.229
linux-image-4.4.0-197-powerpc64-smp 4.4.0-197.229
linux-image-aws 4.4.0.1118.123
linux-image-generic 4.4.0.197.203
linux-image-generic-lpae 4.4.0.197.203
linux-image-kvm 4.4.0.1084.82
linux-image-lowlatency 4.4.0.197.203
linux-image-powerpc-e500mc 4.4.0.197.203
linux-image-powerpc-smp 4.4.0.197.203
linux-image-powerpc64-emb 4.4.0.197.203
linux-image-powerpc64-smp 4.4.0.197.203
linux-image-raspi2 4.4.0.1142.142
linux-image-snapdragon 4.4.0.1146.138
linux-image-virtual 4.4.0.197.203

Ubuntu 14.04 ESM:
linux-image-4.4.0-1082-aws 4.4.0-1082.86
linux-image-4.4.0-197-generic 4.4.0-197.229~14.04.1
linux-image-4.4.0-197-generic-lpae 4.4.0-197.229~14.04.1
linux-image-4.4.0-197-lowlatency 4.4.0-197.229~14.04.1
linux-image-4.4.0-197-powerpc-e500mc 4.4.0-197.229~14.04.1
linux-image-4.4.0-197-powerpc-smp 4.4.0-197.229~14.04.1
linux-image-4.4.0-197-powerpc64-emb 4.4.0-197.229~14.04.1
linux-image-4.4.0-197-powerpc64-smp 4.4.0-197.229~14.04.1
linux-image-aws 4.4.0.1082.79
linux-image-generic-lpae-lts-xenial 4.4.0.197.172
linux-image-generic-lts-xenial 4.4.0.197.172
linux-image-lowlatency-lts-xenial 4.4.0.197.172
linux-image-powerpc-e500mc-lts-xenial 4.4.0.197.172
linux-image-powerpc-smp-lts-xenial 4.4.0.197.172
linux-image-powerpc64-emb-lts-xenial 4.4.0.197.172
linux-image-powerpc64-smp-lts-xenial 4.4.0.197.172
linux-image-virtual-lts-xenial 4.4.0.197.172

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/4657-1
CVE-2020-0427, CVE-2020-10135, CVE-2020-12352, CVE-2020-14351,
CVE-2020-14390, CVE-2020-25211, CVE-2020-25284, CVE-2020-25643,
CVE-2020-25645, CVE-2020-25705, CVE-2020-28915, CVE-2020-4788

Package Information:
https://launchpad.net/ubuntu/+source/linux/4.4.0-197.229
https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1118.132
https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1084.93
https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1142.152
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1146.156

—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl/G/NIACgkQLwmejQBe
gfRfCBAAnVRCEzdLDXUVySl356Ug4gJyqNosKWpX7PF4Q0K36R9hQRzQCHllBDLi
Fp6wQsXmcflgNlGv/0j6UAOS+7efBbwrzfYKrgWSxb6QpAslje8iWM9bY5/XF4ao
g4Gn2scpgFJYawnq9DekAGHmOoNnjTS14gMXJ5PCFksL4E8u0zHLUVe1yAoUO7js
SrQLvNE6e+tOcX1S0tnr8QCpNb7N4fh2gw3oR/KU3b5SwHouuKT0DL+nBLVeHRRu
7vAOGcnQwW2uD+TzflDXG52gLer+X6nAdX0PThu/vTra7dZXga75OhAw1Z3yE43Z
QEU60q1P3zEHjGi25/vGenls55VhwTeVlZBvrg4cDy5v88nQD90MlwlBrpX8C+Kl
3ML0nTh3uHp/gQe1ZL26dyldpdF5qQtLJoMUCLuXMeWL2XPVSOF+b0TCKUHk8Pop
6HiC6BPimhGsTCnaUQMXPRBWDdXs81B3J6Xv7AXykwgdCtZTb7f8wNuFxfdBEXAB
aIao1O0yVyaSKv9xcZ9CC1fx/vmAMtJVyc1SM5WWb3MVYOXzqZ4xRsh2NNB+Cz4b
XBHZNsCyqldcziMDGzGosMVNl/MPTrNJQ9iTQTJ54Q55Vx7mHIxzPjZFeWaujZoR
pvHBO1tv4dg9b18mvaXuy2uuJUy6Xutt8ue2iz7ehX0XCtHI0hM=
=L/2T
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-4659-1
December 02, 2020

linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oracle,
linux-raspi vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 20.10

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
– linux: Linux kernel
– linux-aws: Linux kernel for Amazon Web Services (AWS) systems
– linux-azure: Linux kernel for Microsoft Azure Cloud systems
– linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
– linux-kvm: Linux kernel for cloud environments
– linux-oracle: Linux kernel for Oracle Cloud systems
– linux-raspi: Linux kernel for Raspberry Pi (V8) systems

Details:

It was discovered that a race condition existed in the binder IPC
implementation in the Linux kernel, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2020-0423)

Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered
that legacy pairing and secure-connections pairing authentication in the
Bluetooth protocol could allow an unauthenticated user to complete
authentication without pairing credentials via adjacent access. A
physically proximate attacker could use this to impersonate a previously
paired Bluetooth device. (CVE-2020-10135)

It was discovered that a race condition existed in the perf subsystem of
the Linux kernel, leading to a use-after-free vulnerability. An attacker
with access to the perf subsystem could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2020-14351)

Keyu Man discovered that the ICMP global rate limiter in the Linux kernel
could be used to assist in scanning open UDP ports. A remote attacker could
use to facilitate attacks on UDP based services that depend on source port
randomization. (CVE-2020-25705)

It was discovered that the KVM hypervisor in the Linux kernel did not
properly handle interrupts in certain situations. A local attacker in a
guest VM could possibly use this to cause a denial of service (host system
crash). (CVE-2020-27152)

It was discovered that the framebuffer implementation in the Linux kernel
did not properly perform range checks in certain situations. A local
attacker could use this to expose sensitive information (kernel memory).
(CVE-2020-28915)

It was discovered that Power 9 processors could be coerced to expose
information from the L1 cache in certain situations. A local attacker could
use this to expose sensitive information. (CVE-2020-4788)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
linux-image-5.8.0-1008-raspi 5.8.0-1008.11
linux-image-5.8.0-1008-raspi-nolpae 5.8.0-1008.11
linux-image-5.8.0-1011-kvm 5.8.0-1011.12
linux-image-5.8.0-1011-oracle 5.8.0-1011.11
linux-image-5.8.0-1012-gcp 5.8.0-1012.12
linux-image-5.8.0-1013-azure 5.8.0-1013.14
linux-image-5.8.0-1014-aws 5.8.0-1014.15
linux-image-5.8.0-31-generic 5.8.0-31.33
linux-image-5.8.0-31-generic-64k 5.8.0-31.33
linux-image-5.8.0-31-generic-lpae 5.8.0-31.33
linux-image-5.8.0-31-lowlatency 5.8.0-31.33
linux-image-aws 5.8.0.1014.16
linux-image-azure 5.8.0.1013.13
linux-image-gcp 5.8.0.1012.12
linux-image-generic 5.8.0.31.36
linux-image-generic-64k 5.8.0.31.36
linux-image-generic-lpae 5.8.0.31.36
linux-image-gke 5.8.0.1012.12
linux-image-kvm 5.8.0.1011.12
linux-image-lowlatency 5.8.0.31.36
linux-image-oem-20.04 5.8.0.31.36
linux-image-oracle 5.8.0.1011.11
linux-image-raspi 5.8.0.1008.11
linux-image-raspi-nolpae 5.8.0.1008.11
linux-image-virtual 5.8.0.31.36

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/4659-1
CVE-2020-0423, CVE-2020-10135, CVE-2020-14351, CVE-2020-25705,
CVE-2020-27152, CVE-2020-28915, CVE-2020-4788

Package Information:
https://launchpad.net/ubuntu/+source/linux/5.8.0-31.33
https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1014.15
https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1013.14
https://launchpad.net/ubuntu/+source/linux-gcp/5.8.0-1012.12
https://launchpad.net/ubuntu/+source/linux-kvm/5.8.0-1011.12
https://launchpad.net/ubuntu/+source/linux-oracle/5.8.0-1011.11
https://launchpad.net/ubuntu/+source/linux-raspi/5.8.0-1008.11

—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl/G/PMACgkQLwmejQBe
gfQamhAAgPKpcRy0qsZNTNeiOjnX2bdig8K3+00P6JQ9ODQLCmuFpqA3RtcEDr3B
QCCu1J68ysAI+e//Q5prWuV2XocuucipwiD7szoPB5Uu3mOBr9QmMMHHloIAMp5Q
LTj/wxj0uEKP/plOSOhWx1S4jfwUS99fUYR2OlnzqqHgB9NOaW6r2P3LudYIA7TF
rCX4OOW6pLKOqhWox6GjhwCtOiiqdpS7AnbreRH/yeAL2iwSm3Rr649YIvuxkJku
GVtrJ6sYKmSoPjcov7+KynPFAjPDa72g1coVXfWAfXNVJtXqBDzU9vIHftECNqSR
Phrdmyc4oA9Zxu8nEXUa+B2M3numhxsYfng/nO+wBFiNHf0xP+H1Ee1QHkqRKac/
YLZtcUuRVaNTQotNhZ+9yRbg8xdnW3uC8ssDzmJ/IsaKKGRc+0J5cVW2LJjsx2J9
mfW3eQkY371moZQa6mQx6aEWlWXdi2Dygkd4JrNgnTZVr0pYDUl5zXafBwZ2og13
Xe0voAIcUiPrIf8V1/zpYq2JEF6aeUzRYgKdAT4bRJBVcActobCFjtOWawbZCJ6o
BvHqAz2zFhT4fOfsXOrZ/81rRY6Vtf0yAkGORv0Cy8OHsVv3ijkub780WdCKprON
/7J8a2y94CKArjYVWgSGxbiiELHpxn4R0SpwQBttrfGZizbIIfI=
=K1hI
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-4658-1
December 02, 2020

linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp,
linux-gcp-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4
vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 20.04 LTS
– Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
– linux: Linux kernel
– linux-aws: Linux kernel for Amazon Web Services (AWS) systems
– linux-azure: Linux kernel for Microsoft Azure Cloud systems
– linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
– linux-kvm: Linux kernel for cloud environments
– linux-oracle: Linux kernel for Oracle Cloud systems
– linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems
– linux-azure-5.4: Linux kernel for Microsoft Azure cloud systems
– linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems
– linux-hwe-5.4: Linux hardware enablement (HWE) kernel
– linux-oracle-5.4: Linux kernel for Oracle Cloud systems

Details:

It was discovered that a race condition existed in the binder IPC
implementation in the Linux kernel, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2020-0423)

Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered
that legacy pairing and secure-connections pairing authentication in the
Bluetooth protocol could allow an unauthenticated user to complete
authentication without pairing credentials via adjacent access. A
physically proximate attacker could use this to impersonate a previously
paired Bluetooth device. (CVE-2020-10135)

It was discovered that a race condition existed in the perf subsystem of
the Linux kernel, leading to a use-after-free vulnerability. An attacker
with access to the perf subsystem could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2020-14351)

It was discovered that the frame buffer implementation in the Linux kernel
did not properly handle some edge cases in software scrollback. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-14390)

It was discovered that the netfilter connection tracker for netlink in the
Linux kernel did not properly perform bounds checking in some situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2020-25211)

It was discovered that the Rados block device (rbd) driver in the Linux
kernel did not properly perform privilege checks for access to rbd devices
in some situations. A local attacker could use this to map or unmap rbd
block devices. (CVE-2020-25284)

It was discovered that the HDLC PPP implementation in the Linux kernel did
not properly validate input in some situations. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2020-25643)

It was discovered that the GENEVE tunnel implementation in the Linux kernel
when combined with IPSec did not properly select IP routes in some
situations. An attacker could use this to expose sensitive information
(unencrypted network traffic). (CVE-2020-25645)

Keyu Man discovered that the ICMP global rate limiter in the Linux kernel
could be used to assist in scanning open UDP ports. A remote attacker could
use to facilitate attacks on UDP based services that depend on source port
randomization. (CVE-2020-25705)

It was discovered that the framebuffer implementation in the Linux kernel
did not properly perform range checks in certain situations. A local
attacker could use this to expose sensitive information (kernel memory).
(CVE-2020-28915)

It was discovered that Power 9 processors could be coerced to expose
information from the L1 cache in certain situations. A local attacker could
use this to expose sensitive information. (CVE-2020-4788)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
linux-image-5.4.0-1028-kvm 5.4.0-1028.29
linux-image-5.4.0-1030-aws 5.4.0-1030.31
linux-image-5.4.0-1030-gcp 5.4.0-1030.32
linux-image-5.4.0-1030-oracle 5.4.0-1030.32
linux-image-5.4.0-1032-azure 5.4.0-1032.33
linux-image-5.4.0-56-generic 5.4.0-56.62
linux-image-5.4.0-56-generic-lpae 5.4.0-56.62
linux-image-5.4.0-56-lowlatency 5.4.0-56.62
linux-image-aws 5.4.0.1030.31
linux-image-azure 5.4.0.1032.30
linux-image-gcp 5.4.0.1030.38
linux-image-generic 5.4.0.56.59
linux-image-generic-hwe-20.04 5.4.0.56.59
linux-image-generic-lpae 5.4.0.56.59
linux-image-generic-lpae-hwe-20.04 5.4.0.56.59
linux-image-gke 5.4.0.1030.38
linux-image-kvm 5.4.0.1028.26
linux-image-lowlatency 5.4.0.56.59
linux-image-lowlatency-hwe-20.04 5.4.0.56.59
linux-image-oem 5.4.0.56.59
linux-image-oem-osp1 5.4.0.56.59
linux-image-oracle 5.4.0.1030.27
linux-image-virtual 5.4.0.56.59
linux-image-virtual-hwe-20.04 5.4.0.56.59

Ubuntu 18.04 LTS:
linux-image-5.4.0-1030-aws 5.4.0-1030.31~18.04.1
linux-image-5.4.0-1030-gcp 5.4.0-1030.32~18.04.1
linux-image-5.4.0-1030-oracle 5.4.0-1030.32~18.04.1
linux-image-5.4.0-1032-azure 5.4.0-1032.33~18.04.1
linux-image-5.4.0-56-generic 5.4.0-56.62~18.04.1
linux-image-5.4.0-56-generic-lpae 5.4.0-56.62~18.04.1
linux-image-5.4.0-56-lowlatency 5.4.0-56.62~18.04.1
linux-image-aws 5.4.0.1030.15
linux-image-azure 5.4.0.1032.14
linux-image-gcp 5.4.0.1030.18
linux-image-generic-hwe-18.04 5.4.0.56.62~18.04.50
linux-image-generic-lpae-hwe-18.04 5.4.0.56.62~18.04.50
linux-image-lowlatency-hwe-18.04 5.4.0.56.62~18.04.50
linux-image-oem-osp1 5.4.0.56.62~18.04.50
linux-image-oracle 5.4.0.1030.14
linux-image-snapdragon-hwe-18.04 5.4.0.56.62~18.04.50
linux-image-virtual-hwe-18.04 5.4.0.56.62~18.04.50

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/4658-1
CVE-2020-0423, CVE-2020-10135, CVE-2020-14351, CVE-2020-14390,
CVE-2020-25211, CVE-2020-25284, CVE-2020-25643, CVE-2020-25645,
CVE-2020-25705, CVE-2020-28915, CVE-2020-4788

Package Information:
https://launchpad.net/ubuntu/+source/linux/5.4.0-56.62
https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1030.31
https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1032.33
https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1030.32
https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1028.29
https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1030.32
https://launchpad.net/ubuntu/+source/linux-aws-5.4/5.4.0-1030.31~18.04.1
https://launchpad.net/ubuntu/+source/linux-azure-5.4/5.4.0-1032.33~18.04.1
https://launchpad.net/ubuntu/+source/linux-gcp-5.4/5.4.0-1030.32~18.04.1
https://launchpad.net/ubuntu/+source/linux-hwe-5.4/5.4.0-56.62~18.04.1
https://launchpad.net/ubuntu/+source/linux-oracle-5.4/5.4.0-1030.32~18.04.1

—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl/G/OUACgkQLwmejQBe
gfQsNA/+OBAoiaF3vxuVUPBisCW5wsg6Pf0+kCMmp/3cR9ZN6nAe8LCkf2pwZB30
faKxzLzJzL9JxeFgJoeWZQTJuGfcV61kjKiR/W3dY6J38LE8ZVWsmaDkwtCzxNFx
8JxX509CLIwEClqpJWk4vQ6EHeDR+xpHA4p+vfG0H6q9R1hvvXmz4Bk/M2O0DM37
i6c2RvBuCUowZv1QjKa/AKWcCP9NkcTKQyIrEhk7ai8631Sqx1MpIpOOzHyPsjiz
kcQMtFTS4bMJQyxDuTvG2h/JdG0aUfY8lttQ3FrkJuJMqhp6u7WHtTGb3xtppfMV
p2CsyFRxcMloL6w8SdO2Qe6atjO/l7iy/6PEEAm6rGotGJ0dQ1bGE1Of+jXmrjEF
Vg5kTqU+Vk4bC5Srcx7dqFXlj+K5OHPuQxTCyg/uMrvZ+3BtiioeUCP9z/TtnJKB
P/kTCbSGAs8u5Rnxq1NJiY42F6cl3iCXCDDeWHQ+2cyjbRFKHUCl92pAookYrTsw
iemNDD+xRF3OX5knGrs+n4n0EBah+Uj5HP24hL4snJCLIZbWCNbEDMELC5fF9iqz
dkKviduWqEw4gdQYU6sc0HVBys+fNf1jkQLEpp5aKLgFzvHLj5wOc+C8h1Wxl8VJ
wADKdYtMOWXwJC9u6UHK4vnZlc03Pc+9e0dmueoZpFGn9J/QA7g=
=v1Oy
—–END PGP SIGNATURE—–

The post Sigurnosni nedostaci jezgre operacijskog sustava appeared first on CERT.hr.

Sigurnosni nedostaci programskog paketa poppler

pon, 2020-11-30 17:34
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4646-1
November 25, 2020

poppler vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in poppler.

Software Description:
– poppler: PDF rendering library

Details:

It was discovered that Poppler incorrectly handled certain files. If a user
or automated system were tricked into opening a crafted PDF file, an
attacker could cause a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
libpoppler73 0.62.0-2ubuntu2.11
poppler-utils 0.62.0-2ubuntu2.11

Ubuntu 16.04 LTS:
libpoppler58 0.41.0-0ubuntu1.15
poppler-utils 0.41.0-0ubuntu1.15

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4646-1
CVE-2018-21009, CVE-2019-10871, CVE-2019-13283, CVE-2019-9959,
CVE-2020-27778

Package Information:
https://launchpad.net/ubuntu/+source/poppler/0.62.0-2ubuntu2.11
https://launchpad.net/ubuntu/+source/poppler/0.41.0-0ubuntu1.15

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl++qRMACgkQZWnYVadE
vpNE/w//UQIbcjKPUxdJRFsfP3HNwYaQCJBxDhLvyoLeGZNAJNh5gluOogOYXETQ
j9ATn/4+aIIZ6p1H7PGlzh09nMSlhNmSlV7oyPad4z7/M5Bj77R1HP417wzwLBEd
X5EMIDzy5NRzzgflSf0ccfScawl31/6Kft8kfCa9DGEHk/o05B4CdYfSqZr2c8do
/K4TPsIdGIst12xC+ujrOcHZhoL/O4YGkqyurHAeF1osWvTm5Nohd8kB2AQph/+Y
1qhM1vRAz+5ZH/5YeBRJRiw4jhBCLfDnU7xXzB2cyzOvuA+ON49/SIglwb0NTkzd
mn1jH3d8hq3CZr6Bh9OYyqhHIsOutgG2NS1Bj0SqyeETvHomUjU8GqwBIdt0z5aO
YtoplTNCqNX6oO8Arzm3pAoDC6Bb+BGA7nyY/evKY1kw9TNvczOWZmh5jedGXExw
kQ4W1ZBwaNZudC76rnWJYJZXRy5QkIgmm/a9PlfhNLmiGfzMQ5kdsiWrbVH2RuLn
kgluWcOACYgRfTtftdvgeFKOGv0zrX9BC6ExxI+eC1m1l0U5+s+0e4yb0mJlKSDt
lnk24JV55XyLyvLU2DTVryygz9qdm9mu0t7h8oN9ChjtEi8eiLftwmE928m/HZAp
4nKcprBEzbIQ83dyHeK0Eh6ZgZ9HK/OdVmsc5r7pHtlVkxhfE7M=
=mhI9
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-4646-2
November 26, 2020

poppler regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

USN-4646-1 introduced a regression in poppler.

Software Description:
– poppler: PDF rendering library

Details:

USN-4646-1 fixed vulnerabilities in poppler. The fix for CVE-2019-10871
introduced a regression causing certain applications linked against poppler
to fail. This update backs out the fix pending further investigation.

We apologize for the inconvenience.

Original advisory details:

It was discovered that Poppler incorrectly handled certain files. If a user
or automated system were tricked into opening a crafted PDF file, an
attacker could cause a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
libpoppler73 0.62.0-2ubuntu2.12
poppler-utils 0.62.0-2ubuntu2.12

Ubuntu 16.04 LTS:
libpoppler58 0.41.0-0ubuntu1.16
poppler-utils 0.41.0-0ubuntu1.16

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4646-2
https://usn.ubuntu.com/4646-1
https://launchpad.net/bugs/1905741

Package Information:
https://launchpad.net/ubuntu/+source/poppler/0.62.0-2ubuntu2.12
https://launchpad.net/ubuntu/+source/poppler/0.41.0-0ubuntu1.16

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl/ABN0ACgkQZWnYVadE
vpM+Vw//bpNM0iu/fR/E2vtOPYhQO6tjFOwuZ+aBPrngr+UmGn9qC1MB5ESpjYZ8
5Jzwv5/XSW3zYg6ROOClpgp8XRh42PB8qnqoBhJDKRcg65jjQbITJjD4fmtyxjzh
b7X7OsTpsHtiQhLVsFNWxlbzVyZaZ2Cwd4/PkP3oVeLJSMXQVwI04fMx/EIoqe+Q
GOly1+yQPImiDo9aopTTKcEICvxtS+iDXeNi58Z1VJskcvvQ8/Qol8tEfdVOUapI
KAD+cpN0j74L2vj8PphQtHVLiJTfRET0BuV2nUizDaIiH4G3b07RHk4ik9jl6JIB
hxH1Xh0F7XNRc21rOoLmtN2dQ6XyEzGXcq850iqrjWUesyNH8Dpmfv0Vod4wfY7B
tX0Srwh2zeVBdF5pmbWSGTLeMrJpL4pK/ABiT96ee/tlCM15MYKbEGgAYHiBcL7y
XXgnn10fQ2Br4bBqlNfWVrft4wfwAHSdZUQQXHIN6aPU6Ddygz3AkI+NFAbR8APP
gnVSLX2DG5ZxzgNNboNJAWyO6ued77oNh3y/kFkzwrVi6+/WhZ03vEs8l1SVLzVT
NpDzeib+ABRWeS3DRnWCE26XuMfOGIbrPX5hKsa6AKU0d7pQy6lUWKE1iMc97mBJ
PR7qRm6FpqWUN77IVYOvNuiwT7Tmi2+lKHuomR3RGekkQYbuGKA=
=r6VB
—–END PGP SIGNATURE—–

The post Sigurnosni nedostaci programskog paketa poppler appeared first on CERT.hr.

Sigurnosni nedostatak programskog paketa libxml2

pon, 2020-11-30 17:34
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

——————————————————————————–
Fedora Update Notification
FEDORA-2020-b6aaf25741
2020-11-27 01:11:05.570018
——————————————————————————–

Name : libxml2
Product : Fedora 32
Version : 2.9.10
Release : 8.fc32
URL : http://xmlsoft.org/
Summary : Library providing XML and HTML support
Description :
This library allows to manipulate XML files. It includes support
to read, modify and write XML and HTML files. There is DTDs support
this includes parsing and validation even with complex DtDs, either
at parse time or later once the document has been modified. The output
can be a simple SAX stream or and in-memory DOM like representations.
In this case one can use the built-in XPath and XPointer implementation
to select sub nodes or ranges. A flexible Input/Output mechanism is
available, with existing HTTP and FTP modules and combined to an
URI library.

——————————————————————————–
Update Information:

Add correct fix for CVE-2020-24977 (RHBZ#1877788), thanks: Jan de Groot.
——————————————————————————–
ChangeLog:

* Wed Nov 11 2020 Richard W.M. Jones <rjones@redhat.com> – 2.9.10-8
– Add correct fix for CVE-2020-24977 (RHBZ#1877788), thanks: Jan de Groot.
——————————————————————————–
References:

[ 1 ] Bug #1877788 – CVE-2020-24977 libxml2: Buffer Overflow vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c
https://bugzilla.redhat.com/show_bug.cgi?id=1877788
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-b6aaf25741’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

The post Sigurnosni nedostatak programskog paketa libxml2 appeared first on CERT.hr.

Sigurnosni nedostaci programskog paketa go

pon, 2020-11-30 17:34
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LSU

openSUSE Security Update: Security update for go1.14
______________________________________________________________________________

Announcement ID: openSUSE-SU-2020:2047-1
Rating: moderate
References: #1164903 #1178750 #1178752 #1178753
Cross-References: CVE-2020-28362 CVE-2020-28366 CVE-2020-28367

Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________

An update that solves three vulnerabilities and has one
errata is now available.

Description:

This update for go1.14 fixes the following issues:

– go1.14.12 (released 2020-11-12) includes security fixes to the cmd/go
and math/big packages.
* go#42553 math/big: panic during recursive division of very large
numbers (bsc#1178750 CVE-2020-28362)
* go#42560 cmd/go: arbitrary code can be injected into cgo generated
files (bsc#1178752 CVE-2020-28367)
* go#42557 cmd/go: improper validation of cgo flags can lead to remote
code execution at build time (bsc#1178753 CVE-2020-28366)
* go#42155 time: Location interprets wrong timezone (DST) with slim
zoneinfo
* go#42112 x/net/http2: the first write error on a connection will cause
all subsequent write requests to fail blindly
* go#41991 runtime: macOS-only segfault on 1.14+ with “split stack
overflow”
* go#41913 net/http: request.Clone doesn’t deep copy TransferEncoding
* go#41703 runtime: macOS syscall.Exec can get SIGILL due to preemption
signal
* go#41386 x/net/http2: connection-level flow control not returned if
stream errors, causes server hang

This update was imported from the SUSE:SLE-15:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-2047=1

Package List:

– openSUSE Leap 15.1 (x86_64):

go1.14-1.14.12-lp151.22.1
go1.14-doc-1.14.12-lp151.22.1
go1.14-race-1.14.12-lp151.22.1

References:

https://www.suse.com/security/cve/CVE-2020-28362.html
https://www.suse.com/security/cve/CVE-2020-28366.html
https://www.suse.com/security/cve/CVE-2020-28367.html
https://bugzilla.suse.com/1164903
https://bugzilla.suse.com/1178750
https://bugzilla.suse.com/1178752
https://bugzilla.suse.com/1178753
_______________________________________________
openSUSE Security Announce mailing list — security-announce@lists.opensuse.org
To unsubscribe, email security-announce-leave@lists.opensuse.org
List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette
List Archives: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org

The post Sigurnosni nedostaci programskog paketa go appeared first on CERT.hr.

Sigurnosni nedostatak programskog paketa swtpm

pon, 2020-11-30 17:34
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

——————————————————————————–
Fedora Update Notification
FEDORA-2020-00d28cf56b
2020-11-27 01:20:50.552915
——————————————————————————–

Name : swtpm
Product : Fedora 33
Version : 0.5.1
Release : 2.20201117git96f5a04.fc33
URL : http://github.com/stefanberger/swtpm
Summary : TPM Emulator
Description :
TPM emulator built on libtpms providing TPM functionality for QEMU VMs

——————————————————————————–
Update Information:

Another build of v0.5.1 after more fixes
——————————————————————————–
ChangeLog:

* Fri Nov 13 2020 Stefan Berger <stefanb@linux.ibm.com> – 0.5.1-2.20201117git96f5a04c
– Another build of v0.5.1 after more fixes
* Fri Nov 13 2020 Stefan Berger <stefanb@linux.ibm.com> – 0.5.1-1.20201113git390f5bd4
– Update to v0.5.1 addressing potential symlink attack issue (CVE-2020-28407)
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-00d28cf56b’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

——————————————————————————–
Fedora Update Notification
FEDORA-2020-c707fcb91f
2020-11-27 01:11:05.570183
——————————————————————————–

Name : swtpm
Product : Fedora 32
Version : 0.5.1
Release : 2.20201117git96f5a04.fc32
URL : http://github.com/stefanberger/swtpm
Summary : TPM Emulator
Description :
TPM emulator built on libtpms providing TPM functionality for QEMU VMs

——————————————————————————–
Update Information:

Another build of v0.5.1 after more fixes
——————————————————————————–
ChangeLog:

* Fri Nov 13 2020 Stefan Berger <stefanb@linux.ibm.com> – 0.5.1-2.20201117git96f5a04c
– Another build of v0.5.1 after more fixes
* Fri Nov 13 2020 Stefan Berger <stefanb@linux.ibm.com> – 0.5.1-1.20201113git390f5bd4
– Update to v0.5.1 addressing potential symlink attack issue (CVE-2020-28407)
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-c707fcb91f’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

The post Sigurnosni nedostatak programskog paketa swtpm appeared first on CERT.hr.

Sigurnosni nedostaci programskog paketa openjdk

pon, 2020-11-30 17:34
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LSU

openSUSE Security Update: Security update for java-1_8_0-openjdk
______________________________________________________________________________

Announcement ID: openSUSE-SU-2020:2048-1
Rating: moderate
References: #1174157 #1177943
Cross-References: CVE-2020-14556 CVE-2020-14577 CVE-2020-14578
CVE-2020-14579 CVE-2020-14581 CVE-2020-14583
CVE-2020-14593 CVE-2020-14621 CVE-2020-14779
CVE-2020-14781 CVE-2020-14782 CVE-2020-14792
CVE-2020-14796 CVE-2020-14797 CVE-2020-14798
CVE-2020-14803
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________

An update that fixes 16 vulnerabilities is now available.

Description:

This update for java-1_8_0-openjdk fixes the following issues:

– Fix regression “8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)”,
introduced in October 2020 CPU.

– Update to version jdk8u272 (icedtea 3.17.0) (July 2020 CPU, bsc#1174157,
and October 2020 CPU, bsc#1177943)
* New features
+ JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7
+ PR3796: Allow the number of curves supported to be specified
* Security fixes
+ JDK-8028431, CVE-2020-14579: NullPointerException in
DerValue.equals(DerValue)
+ JDK-8028591, CVE-2020-14578: NegativeArraySizeException in
sun.security.util.DerInputStream.getUnalignedBitString()
+ JDK-8230613: Better ASCII conversions
+ JDK-8231800: Better listing of arrays
+ JDK-8232014: Expand DTD support
+ JDK-8233255: Better Swing Buttons
+ JDK-8233624: Enhance JNI linkage
+ JDK-8234032: Improve basic calendar services
+ JDK-8234042: Better factory production of certificates
+ JDK-8234418: Better parsing with CertificateFactory
+ JDK-8234836: Improve serialization handling
+ JDK-8236191: Enhance OID processing
+ JDK-8236196: Improve string pooling
+ JDK-8236862, CVE-2020-14779: Enhance support of Proxy class
+ JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior
+ JDK-8237592, CVE-2020-14577: Enhance certificate verification
+ JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts
+ JDK-8237995, CVE-2020-14782: Enhance certificate processing
+ JDK-8238002, CVE-2020-14581: Better matrix operations
+ JDK-8238804: Enhance key handling process
+ JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable
+ JDK-8238843: Enhanced font handing
+ JDK-8238920, CVE-2020-14583: Better Buffer support
+ JDK-8238925: Enhance WAV file playback
+ JDK-8240119, CVE-2020-14593: Less Affine Transformations
+ JDK-8240124: Better VM Interning
+ JDK-8240482: Improved WAV file playback
+ JDK-8241114, CVE-2020-14792: Better range handling
+ JDK-8241379: Update JCEKS support
+ JDK-8241522: Manifest improved jar headers redux
+ JDK-8242136, CVE-2020-14621: Better XML namespace handling
+ JDK-8242680, CVE-2020-14796: Improved URI Support
+ JDK-8242685, CVE-2020-14797: Better Path Validation
+ JDK-8242695, CVE-2020-14798: Enhanced buffer support
+ JDK-8243302: Advanced class supports
+ JDK-8244136, CVE-2020-14803: Improved Buffer supports
+ JDK-8244479: Further constrain certificates
+ JDK-8244955: Additional Fix for JDK-8240124
+ JDK-8245407: Enhance zoning of times
+ JDK-8245412: Better class definitions
+ JDK-8245417: Improve certificate chain handling
+ JDK-8248574: Improve jpeg processing
+ JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit
+ JDK-8253019: Enhanced JPEG decoding
* Import of OpenJDK 8 u262 build 01
+ JDK-4949105: Access Bridge lacks html tags parsing
+ JDK-8003209: JFR events for network utilization
+ JDK-8030680: 292 cleanup from default method code assessment
+ JDK-8035633: TEST_BUG: java/net/NetworkInterface/Equals.java and
some tests failed on windows intermittently
+ JDK-8041626: Shutdown tracing event
+ JDK-8141056: Erroneous assignment in HeapRegionSet.cpp
+ JDK-8149338: JVM Crash caused by Marlin renderer not handling NaN
coordinates
+ JDK-8151582: (ch) test java/nio/channels/
/AsyncCloseAndInterrupt.java failing due to “Connection succeeded”
+ JDK-8165675: Trace event for thread park has incorrect unit for
timeout
+ JDK-8176182: 4 security tests are not run
+ JDK-8178910: Problemlist sample tests
+ JDK-8183925: Decouple crash protection from watcher thread
+ JDK-8191393: Random crashes during cfree+0x1c
+ JDK-8195817: JFR.stop should require name of recording
+ JDK-8195818: JFR.start should increase autogenerated name by
one
+ JDK-8195819: Remove recording=x from jcmd JFR.check output
+ JDK-8199712: Flight Recorder
+ JDK-8202578: Revisit location for class unload events
+ JDK-8202835: jfr/event/os/TestSystemProcess.java fails on missing
events
+ JDK-8203287: Zero fails to build after JDK-8199712 (Flight Recorder)
+ JDK-8203346: JFR: Inconsistent signature of jfr_add_string_constant
+ JDK-8203664: JFR start failure after AppCDS archive created with JFR
StartFlightRecording
+ JDK-8203921: JFR thread sampling is missing fixes from JDK-8194552
+ JDK-8203929: Limit amount of data for JFR.dump
+ JDK-8205516: JFR tool
+ JDK-8207392: [PPC64] Implement JFR profiling
+ JDK-8207829: FlightRecorderMXBeanImpl is leaking the first
classloader which calls it
+ JDK-8209960: -Xlog:jfr* doesn’t work with the JFR
+ JDK-8210024: JFR calls virtual is_Java_thread from ~Thread()
+ JDK-8210776: Upgrade X Window System 6.8.2 to the latest XWD 1.0.7
+ JDK-8211239: Build fails without JFR: empty JFR events signatures
mismatch
+ JDK-8212232: Wrong metadata for the configuration of the cutoff for
old object sample events
+ JDK-8213015: Inconsistent settings between JFR.configure and
-XX:FlightRecorderOptions
+ JDK-8213421: Line number information for execution samples always 0
+ JDK-8213617: JFR should record the PID of the recorded process
+ JDK-8213734: SAXParser.parse(File, ..) does not close resources when
Exception occurs.
+ JDK-8213914: [TESTBUG] Several JFR VM events are not covered by tests
+ JDK-8213917: [TESTBUG] Shutdown JFR event is not covered by test
+ JDK-8213966: The ZGC JFR events should be marked as experimental
+ JDK-8214542: JFR: Old Object Sample event slow on a deep heap in
debug builds
+ JDK-8214750: Unnecessary <p> tags in jfr classes
+ JDK-8214896: JFR Tool left files behind
+ JDK-8214906: [TESTBUG] jfr/event/sampling/TestNative.java fails with
UnsatisfiedLinkError
+ JDK-8214925: JFR tool fails to execute
+ JDK-8215175: Inconsistencies in JFR event metadata
+ JDK-8215237: jdk.jfr.Recording javadoc does not compile
+ JDK-8215284: Reduce noise induced by periodic task getFileSize()
+ JDK-8215355: Object monitor deadlock with no threads holding the
monitor (using jemalloc 5.1)
+ JDK-8215362: JFR GTest JfrTestNetworkUtilization fails
+ JDK-8215771: The jfr tool should pretty print reference chains
+ JDK-8216064: -XX:StartFlightRecording:settings= doesn’t work properly
+ JDK-8216486: Possibility of integer overflow in
JfrThreadSampler::run()
+ JDK-8216528: test/jdk/java/rmi/transport/
/runtimeThreadInheritanceLeak/ /RuntimeThreadInheritanceLeak.java
failing with Xcomp
+ JDK-8216559: [JFR] Native libraries not correctly parsed from
/proc/self/maps
+ JDK-8216578: Remove unused/obsolete method in JFR code
+ JDK-8216995: Clean up JFR command line processing
+ JDK-8217744: [TESTBUG] JFR TestShutdownEvent fails on some systems
due to process surviving SIGINT
+ JDK-8217748: [TESTBUG] Exclude TestSig test case from JFR
TestShutdownEvent
+ JDK-8218935: Make jfr strncpy uses GCC 8.x friendly
+ JDK-8223147: JFR Backport
+ JDK-8223689: Add JFR Thread Sampling Support
+ JDK-8223690: Add JFR BiasedLock Event Support
+ JDK-8223691: Add JFR G1 Region Type Change Event Support
+ JDK-8223692: Add JFR G1 Heap Summary Event Support
+ JDK-8224172: assert(jfr_is_event_enabled(id)) failed: invariant
+ JDK-8224475: JTextPane does not show images in HTML rendering
+ JDK-8226253: JAWS reports wrong number of radio buttons when buttons
are hidden.
+ JDK-8226779: [TESTBUG] Test JFR API from Java agent
+ JDK-8226892: ActionListeners on JRadioButtons don’t get notified
when selection is changed with arrow keys
+ JDK-8227011: Starting a JFR recording in response to JVMTI VMInit
and / or Java agent premain corrupts memory
+ JDK-8227605: Kitchensink fails “assert((((klass)->trace_id() &
(JfrTraceIdEpoch::leakp_in_use_this_epoch_bit())) != 0)) failed:
invariant”
+ JDK-8229366: JFR backport allows unchecked writing to memory
+ JDK-8229401: Fix JFR code cache test failures
+ JDK-8229708: JFR backport code does not initialize
+ JDK-8229873: 8229401 broke jdk8u-jfr-incubator
+ JDK-8230448: [test] JFRSecurityTestSuite.java is failing on Windows
+ JDK-8230707: JFR related tests are failing
+ JDK-8230782: Robot.createScreenCapture() fails if “awt.robot.gtk” is
set to false
+ JDK-8230856: Java_java_net_NetworkInterface_getByName0 on unix
misses ReleaseStringUTFChars in early return
+ JDK-8230947: TestLookForUntestedEvents.java is failing after
JDK-8230707
+ JDK-8231995: two jtreg tests failed after 8229366 is fixed
+ JDK-8233623: Add classpath exception to copyright in
EventHandlerProxyCreator.java file
+ JDK-8236002: CSR for JFR backport suggests not leaving out the
package-info
+ JDK-8236008: Some backup files were accidentally left in the hotspot
tree
+ JDK-8236074: Missed package-info
+ JDK-8236174: Should update javadoc since tags
+ JDK-8238076: Fix OpenJDK 7 Bootstrap Broken by JFR Backport
+ JDK-8238452: Keytool generates wrong expiration date if validity is
set to 2050/01/01
+ JDK-8238555: Allow Initialization of SunPKCS11 with NSS when there
are external FIPS modules in the NSSDB
+ JDK-8238589: Necessary code cleanup in JFR for JDK8u
+ JDK-8238590: Enable JFR by default during compilation in 8u
+ JDK-8239055: Wrong implementation of VMState.hasListener
+ JDK-8239476: JDK-8238589 broke windows build by moving OrderedPair
+ JDK-8239479: minimal1 and zero builds are failing
+ JDK-8239867: correct over use of INCLUDE_JFR macro
+ JDK-8240375: Disable JFR by default for July 2020 release
+ JDK-8241444: Metaspace::_class_vsm not initialized if compressed
class pointers are disabled
+ JDK-8241902: AIX Build broken after integration of JDK-8223147 (JFR
Backport)
+ JDK-8242788: Non-PCH build is broken after JDK-8191393
* Import of OpenJDK 8 u262 build 02
+ JDK-8130737: AffineTransformOp can’t handle child raster with
non-zero x-offset
+ JDK-8172559: [PIT][TEST_BUG] Move @test to be 1st annotation in
java/awt/image/Raster/TestChildRasterOp.java
+ JDK-8230926: [macosx] Two apostrophes are entered instead of
one with “U.S. International – PC” layout
+ JDK-8240576: JVM crashes after transformation in C2
IdealLoopTree::merge_many_backedges
+ JDK-8242883: Incomplete backport of JDK-8078268: backport test part
* Import of OpenJDK 8 u262 build 03
+ JDK-8037866: Replace the Fun class in tests with lambdas
+ JDK-8146612: C2: Precedence edges specification violated
+ JDK-8150986: serviceability/sa/jmap-hprof/
/JMapHProfLargeHeapTest.java failing because expects HPROF JAVA
PROFILE 1.0.1 file format
+ JDK-8229888: (zipfs) Updating an existing zip file does not preserve
original permissions
+ JDK-8230597: Update GIFlib library to the 5.2.1
+ JDK-8230769: BufImg_SetupICM add ReleasePrimitiveArrayCritical call
in early return
+ JDK-8233880, PR3798: Support compilers with multi-digit major
version numbers
+ JDK-8239852: java/util/concurrent tests fail with
-XX:+VerifyGraphEdges: assert(!VerifyGraphEdges) failed:
verification should have failed
+ JDK-8241638: launcher time metrics always report 1 on Linux when
_JAVA_LAUNCHER_DEBUG set
+ JDK-8243059: Build fails when –with-vendor-name contains a comma
+ JDK-8243474: [TESTBUG] removed three tests of 0 bytes
+ JDK-8244461: [JDK 8u] Build fails with glibc 2.32
+ JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion() returns
wrong result
* Import of OpenJDK 8 u262 build 04
+ JDK-8067796: (process) Process.waitFor(timeout, unit) doesn’t throw
NPE if timeout is less than, or equal to zero when unit == null
+ JDK-8148886: SEGV in sun.java2d.marlin.Renderer._endRendering
+ JDK-8171934:
ObjectSizeCalculator.getEffectiveMemoryLayoutSpecification() does
not recognize OpenJDK’s HotSpot VM
+ JDK-8196969: JTreg Failure: serviceability/sa/ClhsdbJstack.java
causes NPE
+ JDK-8243539: Copyright info (Year) should be updated for fix
of 8241638
+ JDK-8244777: ClassLoaderStats VM Op uses constant hash value
* Import of OpenJDK 8 u262 build 05
+ JDK-7147060: com/sun/org/apache/xml/internal/security/
/transforms/ClassLoaderTest.java doesn’t run in agentvm mode
+ JDK-8178374: Problematic ByteBuffer handling in
CipherSpi.bufferCrypt method
+ JDK-8181841: A TSA server returns timestamp with precision higher
than milliseconds
+ JDK-8227269: Slow class loading when running with JDWP
+ JDK-8229899: Make java.io.File.isInvalid() less racy
+ JDK-8236996: Incorrect Roboto font rendering on Windows with
subpixel antialiasing
+ JDK-8241750: x86_32 build failure after JDK-8227269
+ JDK-8244407: JVM crashes after transformation in C2
IdealLoopTree::split_fall_in
+ JDK-8244843: JapanEraNameCompatTest fails
* Import of OpenJDK 8 u262 build 06
+ JDK-8246223: Windows build fails after JDK-8227269
* Import of OpenJDK 8 u262 build 07
+ JDK-8233197: Invert JvmtiExport::post_vm_initialized() and
Jfr:on_vm_start() start-up order for correct option parsing
+ JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a
+ JDK-8245167: Top package in method profiling shows null in JMC
+ JDK-8246703: [TESTBUG] Add test for JDK-8233197
* Import of OpenJDK 8 u262 build 08
+ JDK-8220293: Deadlock in JFR string pool
+ JDK-8225068: Remove DocuSign root certificate that is expiring in
May 2020
+ JDK-8225069: Remove Comodo root certificate that is expiring in May
2020
* Import of OpenJDK 8 u262 build 09
+ JDK-8248399: Build installs jfr binary when JFR is disabled
* Import of OpenJDK 8 u262 build 10
+ JDK-8248715: New JavaTimeSupplementary localisation for ‘in’
installed in wrong package
* Import of OpenJDK 8 u265 build 01
+ JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool
behavior
+ JDK-8250546: Expect changed behaviour reported in JDK-8249846
* Import of OpenJDK 8 u272 build 01
+ JDK-8006205: [TESTBUG] NEED_TEST: please JTREGIFY
test/compiler/7177917/Test7177917.java
+ JDK-8035493: JVMTI PopFrame capability must instruct compilers not
to prune locals
+ JDK-8036088: Replace strtok() with its safe equivalent strtok_s() in
DefaultProxySelector.c
+ JDK-8039082: [TEST_BUG] Test java/awt/dnd/
/BadSerializationTest/BadSerializationTest.java fails
+ JDK-8075774: Small readability and performance improvements for zipfs
+ JDK-8132206: move ScanTest.java into OpenJDK
+ JDK-8132376: Add @requires os.family to the client tests with access
to internal OS-specific API
+ JDK-8132745: minor cleanup of java/util/Scanner/ScanTest.java
+ JDK-8137087: [TEST_BUG] Cygwin failure of java/awt/
/appletviewer/IOExceptionIfEncodedURLTest/
/IOExceptionIfEncodedURLTest.sh
+ JDK-8145808: java/awt/Graphics2D/MTGraphicsAccessTest/
/MTGraphicsAccessTest.java hangs on Win. 8
+ JDK-8151788: NullPointerException from ntlm.Client.type3
+ JDK-8151834: Test SmallPrimeExponentP.java times out intermittently
+ JDK-8153430: jdk regression test MletParserLocaleTest,
ParserInfiniteLoopTest reduce default timeout
+ JDK-8153583: Make OutputAnalyzer.reportDiagnosticSummary public
+ JDK-8156169: Some sound tests rarely hangs because of incorrect
synchronization
+ JDK-8165936: Potential Heap buffer overflow when seaching timezone
info files
+ JDK-8166148: Fix for JDK-8165936 broke solaris builds
+ JDK-8167300: Scheduling failures during gcm should be fatal
+ JDK-8167615: Opensource unit/regression tests for JavaSound
+ JDK-8172012: [TEST_BUG] delays needed in
javax/swing/JTree/4633594/bug4633594.java
+ JDK-8177628: Opensource unit/regression tests for ImageIO
+ JDK-8183341: Better cleanup for javax/imageio/AllowSearch.java
+ JDK-8183351: Better cleanup for jdk/test/javax/imageio/spi/
/AppletContextTest/BadPluginConfigurationTest.sh
+ JDK-8193137: Nashorn crashes when given an empty script file
+ JDK-8194298: Add support for per Socket configuration of TCP
keepalive
+ JDK-8198004: javax/swing/JFileChooser/6868611/bug6868611.java throws
error
+ JDK-8200313: java/awt/Gtk/GtkVersionTest/GtkVersionTest.java fails
+ JDK-8210147: adjust some WSAGetLastError usages in windows network
coding
+ JDK-8211714: Need to update vm_version.cpp to recognise VS2017 minor
versions
+ JDK-8214862: assert(proj != __null) at compile.cpp:3251
+ JDK-8217606: LdapContext#reconnect always opens a new connection
+ JDK-8217647: JFR: recordings on 32-bit systems unreadable
+ JDK-8226697: Several tests which need the @key headful keyword are
missing it.
+ JDK-8229378: jdwp library loader in linker_md.c quietly truncates on
buffer overflow
+ JDK-8230303: JDB hangs when running monitor command
+ JDK-8230711: ConnectionGraph::unique_java_object(Node* N) return
NULL if n is not in the CG
+ JDK-8234617: C1: Incorrect result of field load due to missing
narrowing conversion
+ JDK-8235243: handle VS2017 15.9 and VS2019 in abstract_vm_version
+ JDK-8235325: build failure on Linux after 8235243
+ JDK-8235687: Contents/MacOS/libjli.dylib cannot be a symlink
+ JDK-8237951: CTW: C2 compilation fails with “malformed control flow”
+ JDK-8238225: Issues reported after replacing symlink at
Contents/MacOS/libjli.dylib with binary
+ JDK-8239385: KerberosTicket client name refers wrongly to
sAMAccountName in AD
+ JDK-8239819: XToolkit: Misread of screen information memory
+ JDK-8240295: hs_err elapsed time in seconds is not accurate enough
+ JDK-8241888: Mirror jdk.security.allowNonCaAnchor system property
with a security one
+ JDK-8242498: Invalid “sun.awt.TimedWindowEvent” object leads to JVM
crash
+ JDK-8243489: Thread CPU Load event may contain wrong data for CPU
time under certain conditions
+ JDK-8244818: Java2D Queue Flusher crash while moving application
window to external monitor
+ JDK-8246310: Clean commented-out code about ModuleEntry and
PackageEntry in JFR
+ JDK-8246384: Enable JFR by default on supported architectures for
October 2020 release
+ JDK-8248643: Remove extra leading space in JDK-8240295 8u backport
+ JDK-8249610: Make
sun.security.krb5.Config.getBooleanObject(String… keys) method
public
* Import of OpenJDK 8 u272 build 02
+ JDK-8023697: failed class resolution reports different class name in
detail message for the first and subsequent times
+ JDK-8025886: replace [[ and == bash extensions in regtest
+ JDK-8046274: Removing dependency on jakarta-regexp
+ JDK-8048933: -XX:+TraceExceptions output should include the message
+ JDK-8076151: [TESTBUG] Test java/awt/FontClass/CreateFont/
/fileaccess/FontFile.java fails
+ JDK-8148854: Class names “SomeClass” and “LSomeClass;” treated by
JVM as an equivalent
+ JDK-8154313: Generated javadoc scattered all over the place
+ JDK-8163251: Hard coded loop limit prevents reading of smart card
data greater than 8k
+ JDK-8173300: [TESTBUG]compiler/tiered/NonTieredLevelsTest.java fails
with compiler.whitebox.SimpleTestCaseHelper(int) must be compiled
+ JDK-8183349: Better cleanup for jdk/test/javax/imageio/
/plugins/shared/CanWriteSequence.java and WriteAfterAbort.java
+ JDK-8191678: [TESTBUG] Add keyword headful in java/awt
FocusTransitionTest test.
+ JDK-8201633: Problems with AES-GCM native acceleration
+ JDK-8211049: Second parameter of “initialize” method is not used
+ JDK-8219566: JFR did not collect call stacks when
MaxJavaStackTraceDepth is set to zero
+ JDK-8220165: Encryption using GCM results in RuntimeException- input
length out of bound
+ JDK-8220555: JFR tool shows potentially misleading message when it
cannot access a file
+ JDK-8224217: RecordingInfo should use textual representation
of path
+ JDK-8231779: crash HeapWord*ParallelScavengeHeap::failed_mem_allocate
+ JDK-8238380, PR3798: java.base/unix/native/libjava/childproc.c
“multiple definition” link errors with GCC10
+ JDK-8238386, PR3798: (sctp) jdk.sctp/unix/native/libsctp/ /SctpNet.c
“multiple definition” link errors with GCC10
+ JDK-8238388, PR3798: libj2gss/NativeFunc.o “multiple definition”
link errors with GCC10
+ JDK-8242556: Cannot load RSASSA-PSS public key with non-null params
from byte array
+ JDK-8250755: Better cleanup for jdk/test/javax/imageio/
/plugins/shared/CanWriteSequence.java
* Import of OpenJDK 8 u272 build 03
+ JDK-6574989: TEST_BUG: javax/sound/sampled/Clip/bug5070081.java
fails sometimes
+ JDK-8148754: C2 loop unrolling fails due to unexpected graph shape
+ JDK-8192953: sun/management/jmxremote/bootstrap/*.sh tests fail with
error : revokeall.exe: Permission denied
+ JDK-8203357: Container Metrics
+ JDK-8209113: Use WeakReference for lastFontStrike for created Fonts
+ JDK-8216283: Allow shorter method sampling interval than 10 ms
+ JDK-8221569: JFR tool produces incorrect output when both
–categories and –events are specified
+ JDK-8233097: Fontmetrics for large Fonts has zero width
+ JDK-8248851: CMS: Missing memory fences between free chunk check and
klass read
+ JDK-8250875: Incorrect parameter type for update_number in
JDK_Version::jdk_update
* Import of OpenJDK 8 u272 build 04
+ JDK-8061616: HotspotDiagnosticMXBean.getVMOption() throws
IllegalArgumentException for flags of type double
+ JDK-8177334: Update xmldsig implementation to Apache Santuario 2.1.1
+ JDK-8217878: ENVELOPING XML signature no longer works in JDK 11
+ JDK-8218629: XML Digital Signature throws NAMESPACE_ERR exception on
OpenJDK 11, works 8/9/10
+ JDK-8243138: Enhance BaseLdapServer to support starttls extended
request
* Import of OpenJDK 8 u272 build 05
+ JDK-8026236: Add PrimeTest for BigInteger
+ JDK-8057003: Large reference arrays cause extremely long
synchronization times
+ JDK-8060721: Test runtime/SharedArchiveFile/ /LimitSharedSizes.java
fails in jdk 9 fcs new platforms/compiler
+ JDK-8152077: (cal) Calendar.roll does not always roll the hours
during daylight savings
+ JDK-8168517: java/lang/ProcessBuilder/Basic.java failed
+ JDK-8211163: UNIX version of Java_java_io_Console_echo does not
return a clean boolean
+ JDK-8220674: [TESTBUG] MetricsMemoryTester failcount test in docker
container only works with debug JVMs
+ JDK-8231213: Migrate SimpleDateFormatConstTest to JDK Repo
+ JDK-8236645: JDK 8u231 introduces a regression with incompatible
handling of XML messages
+ JDK-8240676: Meet not symmetric failure when running lucene
on jdk8
+ JDK-8243321: Add Entrust root CA – G4 to Oracle Root CA program
+ JDK-8249158: THREAD_START and THREAD_END event posted in primordial
phase
+ JDK-8250627: Use -XX:+/-UseContainerSupport for enabling/disabling
Java container metrics
+ JDK-8251546: 8u backport of JDK-8194298 breaks AIX and Solaris builds
+ JDK-8252084: Minimal VM fails to bootcycle: undefined symbol:
AgeTableTracer::is_tenuring_distribution_event_enabled
* Import of OpenJDK 8 u272 build 06
+ JDK-8064319: Need to enable -XX:+TraceExceptions in release builds
+ JDK-8080462, PR3801: Update SunPKCS11 provider with PKCS11 v2.40
support
+ JDK-8160768: Add capability to custom resolve host/domain names
within the default JNDI LDAP provider
+ JDK-8161973: PKIXRevocationChecker.getSoftFailExceptions() not
working
+ JDK-8169925, PR3801: PKCS #11 Cryptographic Token Interface license
+ JDK-8184762: ZapStackSegments should use optimized memset
+ JDK-8193234: When using -Xcheck:jni an internally allocated buffer
can leak
+ JDK-8219919: RuntimeStub name lost with PrintFrameConverterAssembly
+ JDK-8220313: [TESTBUG] Update base image for Docker testing to OL 7.6
+ JDK-8222079: Don’t use memset to initialize fields decode_env
constructor in disassembler.cpp
+ JDK-8225695: 32-bit build failures after JDK-8080462 (Update
SunPKCS11 provider with PKCS11 v2.40 support)
+ JDK-8226575: OperatingSystemMXBean should be made container aware
+ JDK-8226809: Circular reference in printed stack trace is not
correctly indented & ambiguous
+ JDK-8228835: Memory leak in PKCS11 provider when using AES GCM
+ JDK-8233621: Mismatch in jsse.enableMFLNExtension property name
+ JDK-8238898, PR3801: Missing hash characters for header on license
file
+ JDK-8243320: Add SSL root certificates to Oracle Root CA program
+ JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest release
1.8.26
+ JDK-8245467: Remove 8u TLSv1.2 implementation files
+ JDK-8245469: Remove DTLS protocol implementation
+ JDK-8245470: Fix JDK8 compatibility issues
+ JDK-8245471: Revert JDK-8148188
+ JDK-8245472: Backport JDK-8038893 to JDK8
+ JDK-8245473: OCSP stapling support
+ JDK-8245474: Add TLS_KRB5 cipher suites support according to RFC-2712
+ JDK-8245476: Disable TLSv1.3 protocol in the ClientHello message by
default
+ JDK-8245477: Adjust TLS tests location
+ JDK-8245653: Remove 8u TLS tests
+ JDK-8245681: Add TLSv1.3 regression test from 11.0.7
+ JDK-8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher
+ JDK-8251120, PR3793: [8u] HotSpot build assumes ENABLE_JFR is set to
either true or false
+ JDK-8251341: Minimal Java specification change
+ JDK-8251478: Backport TLSv1.3 regression tests to JDK8u
* Import of OpenJDK 8 u272 build 07
+ JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ
* Import of OpenJDK 8 u272 build 08
+ JDK-8062947: Fix exception message to correctly represent LDAP
connection failure
+ JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed due to
timeout on DeadServerNoTimeoutTest is incorrect
+ JDK-8252573: 8u: Windows build failed after 8222079 backport
* Import of OpenJDK 8 u272 build 09
+ JDK-8252886: [TESTBUG] sun/security/ec/TestEC.java : Compilation
failed
* Import of OpenJDK 8 u272 build 10
+ JDK-8254673: Call to JvmtiExport::post_vm_start() was removed by the
fix for JDK-8249158
+ JDK-8254937: Revert JDK-8148854 for 8u272
* Backports
+ JDK-8038723, PR3806: Openup some PrinterJob tests
+ JDK-8041480, PR3806: ArrayIndexOutOfBoundsException when JTable
contains certain string
+ JDK-8058779, PR3805: Faster implementation of
String.replace(CharSequence, CharSequence)
+ JDK-8130125, PR3806: [TEST_BUG] add @modules to the several client
tests unaffected by the automated bulk update
+ JDK-8144015, PR3806: [PIT] failures of text layout font tests
+ JDK-8144023, PR3806: [PIT] failure of text measurements in
javax/swing/text/html/parser/Parser/6836089/bug6836089.java
+ JDK-8144240, PR3806: [macosx][PIT] AIOOB in
closed/javax/swing/text/GlyphPainter2/6427244/bug6427244.java
+ JDK-8145542, PR3806: The case failed automatically and thrown
java.lang.ArrayIndexOutOfBoundsException exception
+ JDK-8151725, PR3806: [macosx] ArrayIndexOOB exception when
displaying Devanagari text in JEditorPane
+ JDK-8152358, PR3800: code and comment cleanups found during the hunt
for 8077392
+ JDK-8152545, PR3804: Use preprocessor instead of compiling a program
to generate native nio constants
+ JDK-8152680, PR3806: Regression in GlyphVector.getGlyphCharIndex
behaviour
+ JDK-8158924, PR3806: Incorrect i18n text document layout
+ JDK-8166003, PR3806: [PIT][TEST_BUG] missing helper for
javax/swing/text/GlyphPainter2/6427244/bug6427244.java
+ JDK-8166068, PR3806: test/java/awt/font/GlyphVector/
/GetGlyphCharIndexTest.java does not compile
+ JDK-8169879, PR3806: [TEST_BUG] javax/swing/text/
/GlyphPainter2/6427244/bug6427244.java – compilation failed
+ JDK-8191512, PR3806: T2K font rasterizer code removal
+ JDK-8191522, PR3806: Remove Bigelow&Holmes Lucida fonts from JDK
sources
+ JDK-8236512, PR3801: PKCS11 Connection closed after Cipher.doFinal
and NoPadding
+ JDK-8254177, PR3809: (tz) Upgrade time-zone data to tzdata2020b
* Bug fixes
+ PR3798: Fix format-overflow error on GCC 10, caused by passing NULL
to a ‘%s’ directive
+ PR3795: ECDSAUtils for XML digital signatures should support the
same curve set as the rest of the JDK
+ PR3799: Adapt elliptic curve patches to JDK-8245468: Add TLSv1.3
implementation classes from 11.0.7
+ PR3808: IcedTea does not install the JFR *.jfc files
+ PR3810: Enable JFR on x86 (32-bit) now that JDK-8252096 has fixed
its use with Shenandoah
+ PR3811: Don’t attempt to install JFR files when JFR is disabled
* Shenandoah
+ [backport] 8221435: Shenandoah should not mark through weak roots
+ [backport] 8221629: Shenandoah: Cleanup class unloading logic
+ [backport] 8222992: Shenandoah: Pre-evacuate all roots
+ [backport] 8223215: Shenandoah: Support verifying subset of roots
+ [backport] 8223774: Shenandoah: Refactor ShenandoahRootProcessor and
family
+ [backport] 8224210: Shenandoah: Refactor ShenandoahRootScanner to
support scanning CSet codecache roots
+ [backport] 8224508: Shenandoah: Need to update thread roots in final
mark for piggyback ref update cycle
+ [backport] 8224579: ResourceMark not declared in
shenandoahRootProcessor.inline.hpp with
–disable-precompiled-headers
+ [backport] 8224679: Shenandoah: Make
ShenandoahParallelCodeCacheIterator noncopyable
+ [backport] 8224751: Shenandoah: Shenandoah Verifier should select
proper roots according to current GC cycle
+ [backport] 8225014: Separate ShenandoahRootScanner method for
object_iterate
+ [backport] 8225216: gc/logging/TestMetaSpaceLog.java doesn’t work
for Shenandoah
+ [backport] 8225573: Shenandoah: Enhance ShenandoahVerifier to ensure
roots to-space invariant
+ [backport] 8225590: Shenandoah: Refactor
ShenandoahClassLoaderDataRoots API
+ [backport] 8226413: Shenandoah: Separate root scanner for
SH::object_iterate()
+ [backport] 8230853: Shenandoah: replace leftover assert(is_in(…))
with rich asserts
+ [backport] 8231198: Shenandoah: heap walking should visit all roots
most of the time
+ [backport] 8231244: Shenandoah: all-roots heap walking misses some
weak roots
+ [backport] 8237632: Shenandoah: accept NULL fwdptr to cooperate with
JVMTI and JFR
+ [backport] 8239786: Shenandoah: print per-cycle statistics
+ [backport] 8239926: Shenandoah: Shenandoah needs to mark nmethod’s
metadata
+ [backport] 8240671: Shenandoah: refactor ShenandoahPhaseTimings
+ [backport] 8240749: Shenandoah: refactor ShenandoahUtils
+ [backport] 8240750: Shenandoah: remove leftover files and mentions
of ShenandoahAllocTracker
+ [backport] 8240868: Shenandoah: remove CM-with-UR piggybacking cycles
+ [backport] 8240872: Shenandoah: Avoid updating new regions from
start of evacuation
+ [backport] 8240873: Shenandoah: Short-cut arraycopy barriers
+ [backport] 8240915: Shenandoah: Remove unused fields in init mark
tasks
+ [backport] 8240948: Shenandoah: cleanup not-forwarded-objects paths
after JDK-8240868
+ [backport] 8241007: Shenandoah: remove
ShenandoahCriticalControlThreadPriority support
+ [backport] 8241062: Shenandoah: rich asserts trigger “empty
statement” inspection
+ [backport] 8241081: Shenandoah: Do not modify update-watermark
concurrently
+ [backport] 8241093: Shenandoah: editorial changes in flag
descriptions
+ [backport] 8241139: Shenandoah: distribute mark-compact work exactly
to minimize fragmentation
+ [backport] 8241142: Shenandoah: should not use parallel reference
processing with single GC thread
+ [backport] 8241351: Shenandoah: fragmentation metrics overhaul
+ [backport] 8241435: Shenandoah: avoid disabling pacing with
“aggressive”
+ [backport] 8241520: Shenandoah: simplify region sequence numbers
handling
+ [backport] 8241534: Shenandoah: region status should include update
watermark
+ [backport] 8241574: Shenandoah: remove ShenandoahAssertToSpaceClosure
+ [backport] 8241583: Shenandoah: turn heap lock asserts into macros
+ [backport] 8241668: Shenandoah: make ShenandoahHeapRegion not derive
from ContiguousSpace
+ [backport] 8241673: Shenandoah: refactor anti-false-sharing padding
+ [backport] 8241675: Shenandoah: assert(n->outcnt() > 0) at
shenandoahSupport.cpp:2858 with
java/util/Collections/FindSubList.java
+ [backport] 8241692: Shenandoah: remove
ShenandoahHeapRegion::_reserved
+ [backport] 8241700: Shenandoah: Fold ShenandoahKeepAliveBarrier flag
into ShenandoahSATBBarrier
+ [backport] 8241740: Shenandoah: remove ShenandoahHeapRegion::_heap
+ [backport] 8241743: Shenandoah: refactor and inline
ShenandoahHeap::heap()
+ [backport] 8241748: Shenandoah: inline MarkingContext TAMS methods
+ [backport] 8241838: Shenandoah: no need to trash cset during final
mark
+ [backport] 8241841: Shenandoah: ditch one of allocation type
counters in ShenandoahHeapRegion
+ [backport] 8241842: Shenandoah: inline
ShenandoahHeapRegion::region_number
+ [backport] 8241844: Shenandoah: rename
ShenandoahHeapRegion::region_number
+ [backport] 8241845: Shenandoah: align ShenandoahHeapRegions to cache
lines
+ [backport] 8241926: Shenandoah: only print heap changes for
operations that directly affect it
+ [backport] 8241983: Shenandoah: simplify FreeSet logging
+ [backport] 8241985: Shenandoah: simplify collectable garbage logging
+ [backport] 8242040: Shenandoah: print allocation failure type
+ [backport] 8242041: Shenandoah: adaptive heuristics should account
evac reserve in free target
+ [backport] 8242042: Shenandoah: tune down ShenandoahGarbageThreshold
+ [backport] 8242054: Shenandoah: New incremental-update mode
+ [backport] 8242075: Shenandoah: rename ShenandoahHeapRegionSize flag
+ [backport] 8242082: Shenandoah: Purge Traversal mode
+ [backport] 8242083: Shenandoah: split “Prepare Evacuation” tracking
into cset/freeset counters
+ [backport] 8242089: Shenandoah: per-worker stats should be summed
up, not averaged
+ [backport] 8242101: Shenandoah: coalesce and parallelise heap region
walks during the pauses
+ [backport] 8242114: Shenandoah: remove
ShenandoahHeapRegion::reset_alloc_metadata_to_shared
+ [backport] 8242130: Shenandoah: Simplify arraycopy-barrier
dispatching
+ [backport] 8242211: Shenandoah: remove
ShenandoahHeuristics::RegionData::_seqnum_last_alloc
+ [backport] 8242212: Shenandoah: initialize
ShenandoahHeuristics::_region_data eagerly
+ [backport] 8242213: Shenandoah: remove
ShenandoahHeuristics::_bytes_in_cset
+ [backport] 8242217: Shenandoah: Enable GC mode to be
diagnostic/experimental and have a name
+ [backport] 8242227: Shenandoah: transit regions to cset state when
adding to collection set
+ [backport] 8242228: Shenandoah: remove unused
ShenandoahCollectionSet methods
+ [backport] 8242229: Shenandoah: inline ShenandoahHeapRegion
liveness-related methods
+ [backport] 8242267: Shenandoah: regions space needs to be aligned by
os::vm_allocation_granularity()
+ [backport] 8242271: Shenandoah: add test to verify GC mode unlock
+ [backport] 8242273: Shenandoah: accept either SATB or IU barriers,
but not both
+ [backport] 8242301: Shenandoah: Inline LRB runtime call
+ [backport] 8242316: Shenandoah: Turn NULL-check into assert in SATB
slow-path entry
+ [backport] 8242353: Shenandoah: micro-optimize region liveness
handling
+ [backport] 8242365: Shenandoah: use uint16_t instead of jushort for
liveness cache
+ [backport] 8242375: Shenandoah: Remove
ShenandoahHeuristic::record_gc_start/end methods
+ [backport] 8242641: Shenandoah: clear live data and update TAMS
optimistically
+ [backport] 8243238: Shenandoah: explicit GC request should wait for
a complete GC cycle
+ [backport] 8243301: Shenandoah: ditch ShenandoahAllowMixedAllocs
+ [backport] 8243307: Shenandoah: remove ShCollectionSet::live_data
+ [backport] 8243395: Shenandoah: demote guarantee in
ShenandoahPhaseTimings::record_workers_end
+ [backport] 8243463: Shenandoah: ditch total_pause counters
+ [backport] 8243464: Shenandoah: print statistic counters in time
order
+ [backport] 8243465: Shenandoah: ditch unused pause_other, conc_other
counters
+ [backport] 8243487: Shenandoah: make _num_phases illegal phase type
+ [backport] 8243494: Shenandoah: set counters once per cycle
+ [backport] 8243573: Shenandoah: rename GCParPhases and related code
+ [backport] 8243848: Shenandoah: Windows build fails after JDK-8239786
+ [backport] 8244180: Shenandoah: carry Phase to
ShWorkerTimingsTracker explicitly
+ [backport] 8244200: Shenandoah: build breakages after JDK-8241743
+ [backport] 8244226: Shenandoah: per-cycle statistics contain worker
data from previous cycles
+ [backport] 8244326: Shenandoah: global statistics should not accept
bogus samples
+ [backport] 8244509: Shenandoah: refactor
ShenandoahBarrierC2Support::test_* methods
+ [backport] 8244551: Shenandoah: Fix racy update of update_watermark
+ [backport] 8244667: Shenandoah: SBC2Support::test_gc_state takes
loop for wrong control
+ [backport] 8244730: Shenandoah: gc/shenandoah/options/
/TestHeuristicsUnlock.java should only verify the heuristics
+ [backport] 8244732: Shenandoah: move heuristics code to
gc/shenandoah/heuristics
+ [backport] 8244737: Shenandoah: move mode code to gc/shenandoah/mode
+ [backport] 8244739: Shenandoah: break superclass dependency
on ShenandoahNormalMode
+ [backport] 8244740: Shenandoah: rename ShenandoahNormalMode to
ShenandoahSATBMode
+ [backport] 8245461: Shenandoah: refine mode name()-s
+ [backport] 8245463: Shenandoah: refine ShenandoahPhaseTimings
constructor arguments
+ [backport] 8245464: Shenandoah: allocate collection set bitmap at
lower addresses
+ [backport] 8245465: Shenandoah: test_in_cset can use more efficient
encoding
+ [backport] 8245726: Shenandoah: lift/cleanup ShenandoahHeuristics
names and properties
+ [backport] 8245754: Shenandoah: ditch ShenandoahAlwaysPreTouch
+ [backport] 8245757: Shenandoah: AlwaysPreTouch should not disable
heap resizing or uncommits
+ [backport] 8245773: Shenandoah: Windows assertion failure after
JDK-8245464
+ [backport] 8245812: Shenandoah: compute root phase parallelism
+ [backport] 8245814: Shenandoah: reconsider format specifiers for
stats
+ [backport] 8245825: Shenandoah: Remove diagnostic flag
ShenandoahConcurrentScanCodeRoots
+ [backport] 8246162: Shenandoah: full GC does not mark code roots
when class unloading is off
+ [backport] 8247310: Shenandoah: pacer should not affect interrupt
status
+ [backport] 8247358: Shenandoah: reconsider free budget slice for
marking
+ [backport] 8247367: Shenandoah: pacer should wait on lock instead of
exponential backoff
+ [backport] 8247474: Shenandoah: Windows build warning after
JDK-8247310
+ [backport] 8247560: Shenandoah: heap iteration holds root locks all
the time
+ [backport] 8247593: Shenandoah: should not block pacing reporters
+ [backport] 8247751: Shenandoah: options tests should run with
smaller heaps
+ [backport] 8247754: Shenandoah: mxbeans tests can be shorter
+ [backport] 8247757: Shenandoah: split heavy tests by heuristics to
improve parallelism
+ [backport] 8247860: Shenandoah: add update watermark line in rich
assert failure message
+ [backport] 8248041: Shenandoah: pre-Full GC root updates may miss
some roots
+ [backport] 8248652: Shenandoah: SATB buffer handling may assume no
forwarded objects
+ [backport] 8249560: Shenandoah: Fix racy GC request handling
+ [backport] 8249649: Shenandoah: provide per-cycle pacing stats
+ [backport] 8249801: Shenandoah: Clear soft-refs on requested GC cycle
+ [backport] 8249953: Shenandoah: gc/shenandoah/mxbeans tests should
account for corner cases
+ Fix slowdebug build after JDK-8230853 backport
+ JDK-8252096: Shenandoah: adjust SerialPageShiftCount for x86_32 and
JFR
+ JDK-8252366: Shenandoah: revert/cleanup changes in graphKit.cpp
+ Shenandoah: add JFR roots to root processor after JFR integration
+ Shenandoah: add root statistics for string dedup table/queues
+ Shenandoah: enable low-frequency STW class unloading
+ Shenandoah: fix build failures after JDK-8244737 backport
+ Shenandoah: Fix build failure with +JFR -PCH
+ Shenandoah: fix forceful pacer claim
+ Shenandoah: fix formats in ShenandoahStringSymbolTableUnlinkTask
+ Shenandoah: fix runtime linking failure due to non-compiled
shenandoahBarrierSetC1
+ Shenandoah: hook statistics printing to PrintGCDetails, not PrintGC
+ Shenandoah: JNI weak roots are always cleared before Full GC mark
+ Shenandoah: missing SystemDictionary roots in
ShenandoahHeapIterationRootScanner
+ Shenandoah: move barrier sets to their proper locations
+ Shenandoah: move parallelCleaning.* to shenandoah/
+ Shenandoah: pacer should use proper Atomics for intptr_t
+ Shenandoah: properly deallocates class loader metadata
+ Shenandoah: specialize String Table scans for better pause
performance
+ Shenandoah: Zero build fails after recent Atomic cleanup in Pacer
* AArch64 port
+ JDK-8161072, PR3797: AArch64: jtreg
compiler/uncommontrap/TestDeoptOOM failure
+ JDK-8171537, PR3797: aarch64: compiler/c1/Test6849574.java generates
guarantee failure in C1
+ JDK-8183925, PR3797: [AArch64] Decouple crash protection from
watcher thread
+ JDK-8199712, PR3797: [AArch64] Flight Recorder
+ JDK-8203481, PR3797: Incorrect constraint for unextended_sp in
frame:safe_for_sender
+ JDK-8203699, PR3797: java/lang/invoke/SpecialInterfaceCall fails
with SIGILL on aarch64
+ JDK-8209413, PR3797: AArch64: NPE in clhsdb jstack command
+ JDK-8215961, PR3797: jdk/jfr/event/os/TestCPUInformation.java fails
on AArch64
+ JDK-8216989, PR3797:
CardTableBarrierSetAssembler::gen_write_ref_array_post_barrier()
does not check for zero length on AARCH64
+ JDK-8217368, PR3797: AArch64: C2 recursive stack locking
optimisation not triggered
+ JDK-8221658, PR3797: aarch64: add necessary predicate for ubfx
patterns
+ JDK-8237512, PR3797: AArch64: aarch64TestHook leaks a BufferBlob
+ JDK-8246482, PR3797: Build failures with +JFR -PCH
+ JDK-8247979, PR3797: aarch64: missing side effect of killing flags
for clearArray_reg_reg
+ JDK-8248219, PR3797: aarch64: missing memory barrier in
fast_storefield and fast_accessfield

This update was imported from the SUSE:SLE-15:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-2048=1

Package List:

– openSUSE Leap 15.1 (i586 x86_64):

java-1_8_0-openjdk-1.8.0.272-lp151.2.15.1
java-1_8_0-openjdk-accessibility-1.8.0.272-lp151.2.15.1
java-1_8_0-openjdk-debuginfo-1.8.0.272-lp151.2.15.1
java-1_8_0-openjdk-debugsource-1.8.0.272-lp151.2.15.1
java-1_8_0-openjdk-demo-1.8.0.272-lp151.2.15.1
java-1_8_0-openjdk-demo-debuginfo-1.8.0.272-lp151.2.15.1
java-1_8_0-openjdk-devel-1.8.0.272-lp151.2.15.1
java-1_8_0-openjdk-devel-debuginfo-1.8.0.272-lp151.2.15.1
java-1_8_0-openjdk-headless-1.8.0.272-lp151.2.15.1
java-1_8_0-openjdk-headless-debuginfo-1.8.0.272-lp151.2.15.1
java-1_8_0-openjdk-src-1.8.0.272-lp151.2.15.1

– openSUSE Leap 15.1 (noarch):

java-1_8_0-openjdk-javadoc-1.8.0.272-lp151.2.15.1

References:

https://www.suse.com/security/cve/CVE-2020-14556.html
https://www.suse.com/security/cve/CVE-2020-14577.html
https://www.suse.com/security/cve/CVE-2020-14578.html
https://www.suse.com/security/cve/CVE-2020-14579.html
https://www.suse.com/security/cve/CVE-2020-14581.html
https://www.suse.com/security/cve/CVE-2020-14583.html
https://www.suse.com/security/cve/CVE-2020-14593.html
https://www.suse.com/security/cve/CVE-2020-14621.html
https://www.suse.com/security/cve/CVE-2020-14779.html
https://www.suse.com/security/cve/CVE-2020-14781.html
https://www.suse.com/security/cve/CVE-2020-14782.html
https://www.suse.com/security/cve/CVE-2020-14792.html
https://www.suse.com/security/cve/CVE-2020-14796.html
https://www.suse.com/security/cve/CVE-2020-14797.html
https://www.suse.com/security/cve/CVE-2020-14798.html
https://www.suse.com/security/cve/CVE-2020-14803.html
https://bugzilla.suse.com/1174157
https://bugzilla.suse.com/1177943
_______________________________________________
openSUSE Security Announce mailing list — security-announce@lists.opensuse.org
To unsubscribe, email security-announce-leave@lists.opensuse.org
List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette
List Archives: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org

The post Sigurnosni nedostaci programskog paketa openjdk appeared first on CERT.hr.

Sigurnosni nedostaci jezgre operacijskog sustava

pon, 2020-11-30 17:34
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LSU

openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: openSUSE-SU-2020:2034-1
Rating: important
References: #1050549 #1067665 #1170630 #1172873 #1175306
#1175721 #1176855 #1176983 #1177397 #1177703
#1177819 #1177820 #1178182 #1178393 #1178589
#1178686 #1178765 #1178782 #1178838 #1178853
#1178854 #1178878 #1178886 #927455
Cross-References: CVE-2020-25669 CVE-2020-25704 CVE-2020-25705
CVE-2020-28915
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________

An update that solves four vulnerabilities and has 20 fixes
is now available.

Description:

The openSUSE Leap 15.1 kernel was updated to receive various security and
bugfixes.

The following security bugs were fixed:

– CVE-2020-28915: A buffer over-read (at the framebuffer layer) in the
fbcon code could be used by local attackers to read kernel memory, aka
CID-6735b4632def (bnc#1178886).
– CVE-2020-25669: A use-after-free in teardown paths of sunkbd was fixed
(bsc#1178182).
– CVE-2020-25705: A flaw in the way reply ICMP packets are limited in the
Linux kernel functionality was found that allowed to quickly scan open
UDP ports. This flaw allowed an off-path remote user to effectively
bypassing source port UDP randomization. The highest threat from this
vulnerability is to confidentiality and possibly integrity, because
software that relies on UDP source port randomization are indirectly
affected as well. Kernel versions may be vulnerable to this issue
(bnc#1175721 bnc#1178782).
– CVE-2020-25704: A a memory leak in perf_event_parse_addr_filter() was
foxed (bsc#1178393, CVE-2020-25704).

The following non-security bugs were fixed:

– ACPI: NFIT: Fix comparison to ‘-ENXIO’ (git-fixes).
– bpf: Zero-fill re-used per-cpu map element (git-fixes).
– can: af_can: prevent potential access of uninitialized member in
canfd_rcv() (git-fixes).
– can: af_can: prevent potential access of uninitialized member in
can_rcv() (git-fixes).
– can: dev: can_restart(): post buffer from the right context (git-fixes).
– can: m_can: m_can_handle_state_change(): fix state change (git-fixes).
– can: m_can: m_can_stop(): set device to software init mode before
closing (git-fixes).
– can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to
can_put_echo_skb() (git-fixes).
– can: peak_usb: fix potential integer overflow on shift of a int
(git-fixes).
– docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes).
– drbd: code cleanup by using sendpage_ok() to check page for
kernel_sendpage() (bsc#1172873).
– drm/i915: Break up error capture compression loops with cond_resched()
(git-fixes).
– drm/vc4: drv: Add error handding for bind (git-fixes).
– Drop sysctl files for dropped archs, add ppc64le and arm64
(bsc#1178838). Also fix the ppc64 page size.
– fs/proc/array.c: allow reporting eip/esp for all coredumping threads
(bsc#1050549).
– ftrace: Fix recursion check for NMI test (git-fixes).
– ftrace: Handle tracing when switching between context (git-fixes).
– futex: Do not enable IRQs unconditionally in put_pi_state()
(bsc#1067665).
– futex: Handle transient “ownerless” rtmutex state correctly
(bsc#1067665).
– hv_netvsc: Add XDP support (bsc#1177819, bsc#1177820).
– hv_netvsc: deal with bpf API differences in 4.12 (bsc#1177819,
bsc#1177820).
– hv_netvsc: Fix XDP refcnt for synthetic and VF NICs (bsc#1177819,
bsc#1177820).
– hv_netvsc: make recording RSS hash depend on feature flag (bsc#1178853,
bsc#1178854).
– hv_netvsc: record hardware hash in skb (bsc#1178853, bsc#1178854).
– hyperv_fb: Update screen_info after removing old framebuffer
(bsc#1175306).
– inet_diag: Fix error path to cancel the meseage in inet_req_diag_fill()
(git-fixes).
– Input: adxl34x – clean up a data type in adxl34x_probe() (git-fixes).
– kthread_worker: prevent queuing delayed work from timer_fn when it is
being canceled (git-fixes).
– libceph: use sendpage_ok() in ceph_tcp_sendpage() (bsc#1172873).
– locking/lockdep: Add debug_locks check in __lock_downgrade()
(bsc#1050549).
– locking/percpu-rwsem: Use this_cpu_{inc,dec}() for read_count
(bsc#1050549).
– locktorture: Print ratio of acquisitions, not failures (bsc#1050549).
– mac80211: minstrel: fix tx status processing corner case (git-fixes).
– mac80211: minstrel: remove deferred sampling code (git-fixes).
– memcg: fix NULL pointer dereference in
__mem_cgroup_usage_unregister_event (bsc#1177703).
– mmc: sdhci-of-esdhc: Handle pulse width detection erratum for more SoCs
(git-fixes).
– mm/memcg: fix refcount error while moving and swapping (bsc#1178686).
– net: add WARN_ONCE in kernel_sendpage() for improper zero-copy send
(bsc#1172873).
– net: ena: Capitalize all log strings and improve code readability
(bsc#1177397).
– net: ena: Change license into format to SPDX in all files (bsc#1177397).
– net: ena: Change log message to netif/dev function (bsc#1177397).
– net: ena: Change RSS related macros and variables names (bsc#1177397).
– net: ena: ethtool: Add new device statistics (bsc#1177397).
– net: ena: ethtool: add stats printing to XDP queues (bsc#1177397).
– net: ena: ethtool: convert stat_offset to 64 bit resolution
(bsc#1177397).
– net: ena: Fix all static chekers’ warnings (bsc#1177397).
– net: ena: Remove redundant print of placement policy (bsc#1177397).
– net: ena: xdp: add queue counters for xdp actions (bsc#1177397).
– netfilter: nat: can’t use dst_hold on noref dst (bsc#1178878).
– net: introduce helper sendpage_ok() in include/linux/net.h
(bsc#1172873). kABI workaround for including mm.h in include/linux/net.h
(bsc#1172873).
– net/mlx4_core: Fix init_hca fields offset (git-fixes).
– net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition (git-fixes).
– NFSv4.1: fix handling of backchannel binding in BIND_CONN_TO_SESSION
(bsc#1170630).
– nvme-tcp: check page by sendpage_ok() before calling kernel_sendpage()
(bsc#1172873).
– pinctrl: intel: Set default bias in case no particular value given
(git-fixes).
– powerpc/pseries/cpuidle: add polling idle for shared processor guests
(bsc#1178765 ltc#188968).
– powerpc/vnic: Extend “failover pending” window (bsc#1176855 ltc#187293).
– powerpc/vnic: Extend “failover pending” window (bsc#1176855 ltc#187293).
– regulator: avoid resolve_supply() infinite recursion (git-fixes).
– regulator: fix memory leak with repeated set_machine_constraints()
(git-fixes).
– regulator: ti-abb: Fix array out of bound read access on the first
transition (git-fixes).
– regulator: workaround self-referent regulators (git-fixes).
– Revert “cdc-acm: hardening against malicious devices” (git-fixes).
– ring-buffer: Fix recursion protection transitions between interrupt
context (git-fixes).
– scsi: libiscsi: use sendpage_ok() in iscsi_tcp_segment_map()
(bsc#1172873).
– scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported
(git-fixes).
– thunderbolt: Add the missed ida_simple_remove() in ring_request_msix()
(git-fixes).
– time: Prevent undefined behaviour in timespec64_to_ns() (git-fixes).
– USB: Add NO_LPM quirk for Kingston flash drive (git-fixes).
– usb: core: driver: fix stray tabs in error messages (git-fixes).
– usb: host: ehci-tegra: Fix error handling in tegra_ehci_probe()
(git-fixes).
– USB: serial: cyberjack: fix write-URB completion race (git-fixes).
– USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters
(git-fixes).
– USB: serial: option: add Cellient MPL200 card (git-fixes).
– USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231
(git-fixes).
– USB: serial: option: add Quectel EC200T module support (git-fixes).
– USB: serial: option: add Telit FN980 composition 0x1055 (git-fixes).
– USB: serial: option: Add Telit FT980-KS composition (git-fixes).
– USB: serial: pl2303: add device-id for HP GC device (git-fixes).
– video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host
(bsc#1175306).
– video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer
driver (bsc#1175306).
– video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs
(bsc#1175306).
– vt: Disable KD_FONT_OP_COPY (bsc#1178589).
– x86/kexec: Use up-to-dated screen_info copy to fill boot params
(bsc#1175306).
– xfs: fix a missing unlock on error in xfs_fs_map_blocks (git-fixes).
– xfs: fix flags argument to rmap lookup when converting shared file rmaps
(git-fixes).
– xfs: fix rmap key and record comparison functions (git-fixes).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-2034=1

Package List:

– openSUSE Leap 15.1 (noarch):

kernel-devel-4.12.14-lp151.28.83.1
kernel-docs-4.12.14-lp151.28.83.1
kernel-docs-html-4.12.14-lp151.28.83.1
kernel-macros-4.12.14-lp151.28.83.1
kernel-source-4.12.14-lp151.28.83.1
kernel-source-vanilla-4.12.14-lp151.28.83.1

– openSUSE Leap 15.1 (x86_64):

kernel-debug-4.12.14-lp151.28.83.1
kernel-debug-base-4.12.14-lp151.28.83.1
kernel-debug-base-debuginfo-4.12.14-lp151.28.83.1
kernel-debug-debuginfo-4.12.14-lp151.28.83.1
kernel-debug-debugsource-4.12.14-lp151.28.83.1
kernel-debug-devel-4.12.14-lp151.28.83.1
kernel-debug-devel-debuginfo-4.12.14-lp151.28.83.1
kernel-default-4.12.14-lp151.28.83.1
kernel-default-base-4.12.14-lp151.28.83.1
kernel-default-base-debuginfo-4.12.14-lp151.28.83.1
kernel-default-debuginfo-4.12.14-lp151.28.83.1
kernel-default-debugsource-4.12.14-lp151.28.83.1
kernel-default-devel-4.12.14-lp151.28.83.1
kernel-default-devel-debuginfo-4.12.14-lp151.28.83.1
kernel-kvmsmall-4.12.14-lp151.28.83.1
kernel-kvmsmall-base-4.12.14-lp151.28.83.1
kernel-kvmsmall-base-debuginfo-4.12.14-lp151.28.83.1
kernel-kvmsmall-debuginfo-4.12.14-lp151.28.83.1
kernel-kvmsmall-debugsource-4.12.14-lp151.28.83.1
kernel-kvmsmall-devel-4.12.14-lp151.28.83.1
kernel-kvmsmall-devel-debuginfo-4.12.14-lp151.28.83.1
kernel-obs-build-4.12.14-lp151.28.83.1
kernel-obs-build-debugsource-4.12.14-lp151.28.83.1
kernel-obs-qa-4.12.14-lp151.28.83.1
kernel-syms-4.12.14-lp151.28.83.1
kernel-vanilla-4.12.14-lp151.28.83.1
kernel-vanilla-base-4.12.14-lp151.28.83.1
kernel-vanilla-base-debuginfo-4.12.14-lp151.28.83.1
kernel-vanilla-debuginfo-4.12.14-lp151.28.83.1
kernel-vanilla-debugsource-4.12.14-lp151.28.83.1
kernel-vanilla-devel-4.12.14-lp151.28.83.1
kernel-vanilla-devel-debuginfo-4.12.14-lp151.28.83.1

References:

https://www.suse.com/security/cve/CVE-2020-25669.html
https://www.suse.com/security/cve/CVE-2020-25704.html
https://www.suse.com/security/cve/CVE-2020-25705.html
https://www.suse.com/security/cve/CVE-2020-28915.html
https://bugzilla.suse.com/1050549
https://bugzilla.suse.com/1067665
https://bugzilla.suse.com/1170630
https://bugzilla.suse.com/1172873
https://bugzilla.suse.com/1175306
https://bugzilla.suse.com/1175721
https://bugzilla.suse.com/1176855
https://bugzilla.suse.com/1176983
https://bugzilla.suse.com/1177397
https://bugzilla.suse.com/1177703
https://bugzilla.suse.com/1177819
https://bugzilla.suse.com/1177820
https://bugzilla.suse.com/1178182
https://bugzilla.suse.com/1178393
https://bugzilla.suse.com/1178589
https://bugzilla.suse.com/1178686
https://bugzilla.suse.com/1178765
https://bugzilla.suse.com/1178782
https://bugzilla.suse.com/1178838
https://bugzilla.suse.com/1178853
https://bugzilla.suse.com/1178854
https://bugzilla.suse.com/1178878
https://bugzilla.suse.com/1178886
https://bugzilla.suse.com/927455
_______________________________________________
openSUSE Security Announce mailing list — security-announce@lists.opensuse.org
To unsubscribe, email security-announce-leave@lists.opensuse.org
List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette
List Archives: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org

The post Sigurnosni nedostaci jezgre operacijskog sustava appeared first on CERT.hr.

Sigurnosni nedostaci programskog paketa perl DBI

pon, 2020-11-30 17:34
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LSU

openSUSE Security Update: Security update for perl-DBI
______________________________________________________________________________

Announcement ID: openSUSE-SU-2020:2051-1
Rating: moderate
References: #1176492
Cross-References: CVE-2014-10401 CVE-2014-10402
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for perl-DBI fixes the following issues:

– DBD::File drivers could open files from folders other than those
specifically passed via the f_dir attribute in the data source name
(DSN). [bsc#1176492, CVE-2014-10401, CVE-2014-10402]

This update was imported from the SUSE:SLE-15:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-2051=1

Package List:

– openSUSE Leap 15.1 (i586 x86_64):

perl-DBI-1.639-lp151.3.16.1
perl-DBI-debuginfo-1.639-lp151.3.16.1
perl-DBI-debugsource-1.639-lp151.3.16.1

References:

https://www.suse.com/security/cve/CVE-2014-10401.html
https://www.suse.com/security/cve/CVE-2014-10402.html
https://bugzilla.suse.com/1176492
_______________________________________________
openSUSE Security Announce mailing list — security-announce@lists.opensuse.org
To unsubscribe, email security-announce-leave@lists.opensuse.org
List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette
List Archives: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org

The post Sigurnosni nedostaci programskog paketa perl DBI appeared first on CERT.hr.

Sigurnosni nedostatak programskog paketa xdg-utils

pon, 2020-11-30 17:34
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4649-1
November 26, 2020

xdg-utils vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 20.10
– Ubuntu 20.04 LTS
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

xdg-utils could be made to expose sensitive information.

Software Description:
– xdg-utils: desktop integration utilities from freedesktop.org

Details:

Jens Mueller discovered that xdg-utils incorrectly handled certain URI.
An attacker could possibly use this issue to expose sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
xdg-utils 1.1.3-2ubuntu1.20.10.1

Ubuntu 20.04 LTS:
xdg-utils 1.1.3-2ubuntu1.20.04.1

Ubuntu 18.04 LTS:
xdg-utils 1.1.2-1ubuntu2.4

Ubuntu 16.04 LTS:
xdg-utils 1.1.1-1ubuntu1.16.04.4

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4649-1
CVE-2020-27748

Package Information:
https://launchpad.net/ubuntu/+source/xdg-utils/1.1.3-2ubuntu1.20.10.1
https://launchpad.net/ubuntu/+source/xdg-utils/1.1.3-2ubuntu1.20.04.1
https://launchpad.net/ubuntu/+source/xdg-utils/1.1.2-1ubuntu2.4
https://launchpad.net/ubuntu/+source/xdg-utils/1.1.1-1ubuntu1.16.04.4
—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl+/zPoACgkQRbznW4QL
H2mw6Q//fHAfOiKNfsDilytAy9hLSGhgnNYEfm7YiAz7bPZTU/+mcxrWABJnLZqn
0PJWvO/lvjrVjGKD0GavSdwmrJflqNWub7TwYglF3jZLp9t3/Dn6k+cJsMCTBjfa
O5ls8e8I4MIyJw0MGdw3vXgVfu6Qcpaptpo7kf7Rt26h7PROBEqiIK/a1BSZpiLB
6rLMCDtIqYmddBdNyFegGtYuXn0cNmptXQ2SeIPm2gpbcuKy8XgEij9XHg3VMasX
LEwAtstmIuhTR6VcBGRchQBg1VVmaKZMJk5kI0C/VXRh8enKgVhSDaySz8wgZhrR
fml/V7iAXb6r3eBWlOvnODNgExpOUNINt1TtsY0dT8ZH/P0yr9PAOx242p95vHgr
jqNgDX3YnOI7QHOJFdOMkmk+G+hYJ15oxsrhcUdlFrkNgSS7EAJ9Au4GzlXApmMX
u5aP1OvUEmdui2j043G13eyYDjrRO6qTD3ybeiE64x5rL30HGeUG6xCHjO3Q/01s
ZTR9NUzApywXRHyFGcXUIbjqtUBAQMW1dqXFfnff2rnDKTRsfg8tT9dd0b4YwfW1
hyjPPPA2i5hI9PrYi69JzoW1yVr+pkaasty7RqGwWEtGqDe+8IfqAspaa7CS7t/N
Ck2uhZZcYBfwfMgpuLLK9hGG5OjcoIbdvBX9CwLurS5Vz2dBkIA=
=q7bu
—–END PGP SIGNATURE—–

The post Sigurnosni nedostatak programskog paketa xdg-utils appeared first on CERT.hr.

Sigurnosni nedostatak programskog paketa c ares

pon, 2020-11-30 17:34
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LSU

openSUSE Security Update: Security update for c-ares
______________________________________________________________________________

Announcement ID: openSUSE-SU-2020:2045-1
Rating: moderate
References: #1178882
Cross-References: CVE-2020-8277
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for c-ares fixes the following issues:

– Version update to 1.17.0
* CVE-2020-8277: Fixed a Denial of Service through DNS request
(bsc#1178882)
* For further details see https://c-ares.haxx.se/changelog.html

This update was imported from the SUSE:SLE-15:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-2045=1

Package List:

– openSUSE Leap 15.1 (i586 x86_64):

c-ares-debugsource-1.17.0-lp151.3.6.1
c-ares-devel-1.17.0-lp151.3.6.1
c-ares-utils-1.17.0-lp151.3.6.1
c-ares-utils-debuginfo-1.17.0-lp151.3.6.1
libcares2-1.17.0-lp151.3.6.1
libcares2-debuginfo-1.17.0-lp151.3.6.1

– openSUSE Leap 15.1 (x86_64):

libcares2-32bit-1.17.0-lp151.3.6.1
libcares2-32bit-debuginfo-1.17.0-lp151.3.6.1

References:

https://www.suse.com/security/cve/CVE-2020-8277.html
https://bugzilla.suse.com/1178882
_______________________________________________
openSUSE Security Announce mailing list — security-announce@lists.opensuse.org
To unsubscribe, email security-announce-leave@lists.opensuse.org
List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette
List Archives: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org

The post Sigurnosni nedostatak programskog paketa c ares appeared first on CERT.hr.

Sigurnosni nedostaci programskog paketa slurm

pon, 2020-11-30 17:34
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

——————————————————————————–
Fedora Update Notification
FEDORA-2020-98a5098030
2020-11-27 01:11:05.570195
——————————————————————————–

Name : slurm
Product : Fedora 32
Version : 19.05.8
Release : 1.fc32
URL : https://slurm.schedmd.com/
Summary : Simple Linux Utility for Resource Management
Description :
Slurm is an open source, fault-tolerant, and highly scalable
cluster management and job scheduling system for Linux clusters.
Components include machine status, partition management,
job management, scheduling and accounting modules.

——————————————————————————–
Update Information:

Update to 19.05.08. Closes security issues CVE-2020-27745 and CVE-2020-27746
——————————————————————————–
ChangeLog:

* Tue Nov 17 2020 Philip Kovacs <pkfed@fedoraproject.org> – 19.05.8-1
– Release of 19.05.8
– Closes security issues CVE-2020-27745 and CVE-2020-27746
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-98a5098030’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

——————————————————————————–
Fedora Update Notification
FEDORA-2020-49b97c38e7
2020-11-27 01:20:50.552924
——————————————————————————–

Name : slurm
Product : Fedora 33
Version : 20.02.6
Release : 1.fc33
URL : https://slurm.schedmd.com/
Summary : Simple Linux Utility for Resource Management
Description :
Slurm is an open source, fault-tolerant, and highly scalable
cluster management and job scheduling system for Linux clusters.
Components include machine status, partition management,
job management, scheduling and accounting modules.

——————————————————————————–
Update Information:

Update to 20.02.6. Closes security issues CVE-2020-27745 and CVE-2020-27746.
——————————————————————————–
ChangeLog:

* Tue Nov 17 2020 Philip Kovacs <pkfed@fedoraproject.org> – 20.02.6-1
– Release of 20.02.6
– Closes security issues CVE-2020-27745 and CVE-2020-27746
——————————————————————————–
References:

[ 1 ] Bug #1898122 – CVE-2020-27745 slurm: potential buffer overflows from use of unpackmem() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1898122
[ 2 ] Bug #1898128 – CVE-2020-27746 slurm: CVE-2020-27746: slurm: potential leak of the magic cookie when sent as an argument to the xauth command [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1898128
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-49b97c38e7’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

The post Sigurnosni nedostaci programskog paketa slurm appeared first on CERT.hr.

Stranice