AusCERT - Security Bulletins

Subscribe to AusCERT - Security Bulletins hírcsatorna
Latest published security bulletins. See https://www.auscert.org.au/rss/ for feed information.
Frissítve: 2 óra 53 perc
2022. május 12.

ESB-2022.2298 - [RedHat] .NET 6.0: CVSS (Max): 7.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2298 .NET 6.0 security, bug fix, and enhancement update 12 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: .NET 6.0 Publisher: Red Hat Operating System: Red Hat Resolution: Patch/Upgrade CVE Names: CVE-2022-29145 CVE-2022-29117 CVE-2022-23267 Original Bulletin: https://access.redhat.com/errata/RHSA-2022:2199 Comment: CVSS (Max): 7.5 CVE-2022-29145 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVSS Source: Red Hat Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: .NET 6.0 security, bug fix, and enhancement update Advisory ID: RHSA-2022:2199-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:2199 Issue date: 2022-05-11 CVE Names: CVE-2022-23267 CVE-2022-29117 CVE-2022-29145 ===================================================================== 1. Summary: An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, s390x, x86_64 Red Hat Enterprise Linux AppStream (v. 8) - aarch64, s390x, x86_64 3. Description: .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 6.0.105 and .NET Core Runtime 6.0.5. Security Fix(es): * dotnet: excess memory allocation via HttpClient causes DoS (CVE-2022-23267) * dotnet: malicious content causes high CPU and memory usage (CVE-2022-29117) * dotnet: parsing HTML causes Denial of Service (CVE-2022-29145) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2083647 - CVE-2022-29117 dotnet: malicious content causes high CPU and memory usage 2083649 - CVE-2022-29145 dotnet: parsing HTML causes Denial of Service 2083650 - CVE-2022-23267 dotnet: excess memory allocation via HttpClient causes DoS 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: dotnet6.0-6.0.105-1.el8_6.src.rpm aarch64: aspnetcore-runtime-6.0-6.0.5-1.el8_6.aarch64.rpm aspnetcore-targeting-pack-6.0-6.0.5-1.el8_6.aarch64.rpm dotnet-6.0.105-1.el8_6.aarch64.rpm dotnet-apphost-pack-6.0-6.0.5-1.el8_6.aarch64.rpm dotnet-apphost-pack-6.0-debuginfo-6.0.5-1.el8_6.aarch64.rpm dotnet-host-6.0.5-1.el8_6.aarch64.rpm dotnet-host-debuginfo-6.0.5-1.el8_6.aarch64.rpm dotnet-hostfxr-6.0-6.0.5-1.el8_6.aarch64.rpm dotnet-hostfxr-6.0-debuginfo-6.0.5-1.el8_6.aarch64.rpm dotnet-runtime-6.0-6.0.5-1.el8_6.aarch64.rpm dotnet-runtime-6.0-debuginfo-6.0.5-1.el8_6.aarch64.rpm dotnet-sdk-6.0-6.0.105-1.el8_6.aarch64.rpm dotnet-sdk-6.0-debuginfo-6.0.105-1.el8_6.aarch64.rpm dotnet-targeting-pack-6.0-6.0.5-1.el8_6.aarch64.rpm dotnet-templates-6.0-6.0.105-1.el8_6.aarch64.rpm dotnet6.0-debuginfo-6.0.105-1.el8_6.aarch64.rpm dotnet6.0-debugsource-6.0.105-1.el8_6.aarch64.rpm netstandard-targeting-pack-2.1-6.0.105-1.el8_6.aarch64.rpm s390x: aspnetcore-runtime-6.0-6.0.5-1.el8_6.s390x.rpm aspnetcore-targeting-pack-6.0-6.0.5-1.el8_6.s390x.rpm dotnet-6.0.105-1.el8_6.s390x.rpm dotnet-apphost-pack-6.0-6.0.5-1.el8_6.s390x.rpm dotnet-apphost-pack-6.0-debuginfo-6.0.5-1.el8_6.s390x.rpm dotnet-host-6.0.5-1.el8_6.s390x.rpm dotnet-host-debuginfo-6.0.5-1.el8_6.s390x.rpm dotnet-hostfxr-6.0-6.0.5-1.el8_6.s390x.rpm dotnet-hostfxr-6.0-debuginfo-6.0.5-1.el8_6.s390x.rpm dotnet-runtime-6.0-6.0.5-1.el8_6.s390x.rpm dotnet-runtime-6.0-debuginfo-6.0.5-1.el8_6.s390x.rpm dotnet-sdk-6.0-6.0.105-1.el8_6.s390x.rpm dotnet-sdk-6.0-debuginfo-6.0.105-1.el8_6.s390x.rpm dotnet-targeting-pack-6.0-6.0.5-1.el8_6.s390x.rpm dotnet-templates-6.0-6.0.105-1.el8_6.s390x.rpm dotnet6.0-debuginfo-6.0.105-1.el8_6.s390x.rpm dotnet6.0-debugsource-6.0.105-1.el8_6.s390x.rpm netstandard-targeting-pack-2.1-6.0.105-1.el8_6.s390x.rpm x86_64: aspnetcore-runtime-6.0-6.0.5-1.el8_6.x86_64.rpm aspnetcore-targeting-pack-6.0-6.0.5-1.el8_6.x86_64.rpm dotnet-6.0.105-1.el8_6.x86_64.rpm dotnet-apphost-pack-6.0-6.0.5-1.el8_6.x86_64.rpm dotnet-apphost-pack-6.0-debuginfo-6.0.5-1.el8_6.x86_64.rpm dotnet-host-6.0.5-1.el8_6.x86_64.rpm dotnet-host-debuginfo-6.0.5-1.el8_6.x86_64.rpm dotnet-hostfxr-6.0-6.0.5-1.el8_6.x86_64.rpm dotnet-hostfxr-6.0-debuginfo-6.0.5-1.el8_6.x86_64.rpm dotnet-runtime-6.0-6.0.5-1.el8_6.x86_64.rpm dotnet-runtime-6.0-debuginfo-6.0.5-1.el8_6.x86_64.rpm dotnet-sdk-6.0-6.0.105-1.el8_6.x86_64.rpm dotnet-sdk-6.0-debuginfo-6.0.105-1.el8_6.x86_64.rpm dotnet-targeting-pack-6.0-6.0.5-1.el8_6.x86_64.rpm dotnet-templates-6.0-6.0.105-1.el8_6.x86_64.rpm dotnet6.0-debuginfo-6.0.105-1.el8_6.x86_64.rpm dotnet6.0-debugsource-6.0.105-1.el8_6.x86_64.rpm netstandard-targeting-pack-2.1-6.0.105-1.el8_6.x86_64.rpm Red Hat CodeReady Linux Builder (v. 8): aarch64: dotnet-apphost-pack-6.0-debuginfo-6.0.5-1.el8_6.aarch64.rpm dotnet-host-debuginfo-6.0.5-1.el8_6.aarch64.rpm dotnet-hostfxr-6.0-debuginfo-6.0.5-1.el8_6.aarch64.rpm dotnet-runtime-6.0-debuginfo-6.0.5-1.el8_6.aarch64.rpm dotnet-sdk-6.0-debuginfo-6.0.105-1.el8_6.aarch64.rpm dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el8_6.aarch64.rpm dotnet6.0-debuginfo-6.0.105-1.el8_6.aarch64.rpm dotnet6.0-debugsource-6.0.105-1.el8_6.aarch64.rpm s390x: dotnet-apphost-pack-6.0-debuginfo-6.0.5-1.el8_6.s390x.rpm dotnet-host-debuginfo-6.0.5-1.el8_6.s390x.rpm dotnet-hostfxr-6.0-debuginfo-6.0.5-1.el8_6.s390x.rpm dotnet-runtime-6.0-debuginfo-6.0.5-1.el8_6.s390x.rpm dotnet-sdk-6.0-debuginfo-6.0.105-1.el8_6.s390x.rpm dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el8_6.s390x.rpm dotnet6.0-debuginfo-6.0.105-1.el8_6.s390x.rpm dotnet6.0-debugsource-6.0.105-1.el8_6.s390x.rpm x86_64: dotnet-apphost-pack-6.0-debuginfo-6.0.5-1.el8_6.x86_64.rpm dotnet-host-debuginfo-6.0.5-1.el8_6.x86_64.rpm dotnet-hostfxr-6.0-debuginfo-6.0.5-1.el8_6.x86_64.rpm dotnet-runtime-6.0-debuginfo-6.0.5-1.el8_6.x86_64.rpm dotnet-sdk-6.0-debuginfo-6.0.105-1.el8_6.x86_64.rpm dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el8_6.x86_64.rpm dotnet6.0-debuginfo-6.0.105-1.el8_6.x86_64.rpm dotnet6.0-debugsource-6.0.105-1.el8_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-23267 https://access.redhat.com/security/cve/CVE-2022-29117 https://access.redhat.com/security/cve/CVE-2022-29145 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYnw2btzjgjWX9erEAQiO/Q/9EDfVGLJ6E75Os4iZ84mphnHDYdEh7t6m aUdv9ACW973+ze8QtvxWRlJTQrSyIbhhVvgYY3MCnRChYPCDRrMf2Fq8siGJEiva 3ybp+Lt/YgxnGy+klrQeB6htaSj+NsvUhcHOxcqwXCOerwNW9DblD/TqrD9Fg7DS IveSztgA/2uZKgj2TAcgy6SFC6QlybVcQhv/DyGk7nZlI/Y1HX7bHdAJcR+1cXVc ox6p2UyV9K+a9HoVcSNIKymxyBoSFiPzZvuNu19lKSIUShwfI90wJhj2x0FxXvkf nmG8SvTSA2agiqZKVbSH/p9obtsPXcVue7lHBfUWXhqG61Su+ptt9SlsLjVN1si8 BMgJ3c2DbevzV8wdzndG1LAF1qZ/E0pgeN2NQ9ybqwQSeBTXRJmTIbZr8eG15SF/ wChv4kqoTEY/tKT6ESU0mhYP7O8aJoOsCWGNohMxCvb0Et1ovqxfXrZNEgZcS+LQ ea0gFbXutFeFugy3q6pwaViEgiJqnx26TbKEIiTAoohmPUX2spwxa6OvGWb2pRPN gtTbQI+ISCcMa7HOlXdboFQCuTSBrIe4c4z9/a8nYplapBrG8Ga8As5rZamo8YYD GZ+yyK1TqnhH2v7UEmOwrPFE6lgLGYBSljGz2Q/ldXVbcnkElEYZ3c8+cv/wX7QZ KwDrWHN07qA= =mTMH - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYnxIaskNZI30y1K9AQjBBQ/9GBkCcOjwJUr72rbzCAk7mRWHc8W9Fvl1 naAVHIwWGVfow70q0U50D4ONQ0VuKYVfEUb+7SCAT7QKsvbOH80O4JlZ8SQXrl3B VhkyGv/AUjOmh9ZRTdYtjAx0//smSGDR4CYSysy72+DnKqifSTPEzPlNiT4ea+3C d7zo0EXivt85UGUcGoHhb9Fsf9SseQGsMIzvoYewRZnqxWv0HW/xSxlOFPbLsmOn YvgS8Yih5F7oxmMBlGmhIL2EekBNSa3oSeSmmQc4BZERbhD20jUHpThdNxpeqqnC nUxHdog1Ih4urL/PXLvat6dNYSCIu+3u1T9JdKKlPcGjGekdMNzey+vjYXUTnWK2 /0yeY7JOJOcQsx/oPY6n38VP0/76eays+s31aR3TvYRfxqTtzGLfioFdFHAa+Vi1 7sI6ECtzcMwQo4H/uwog6bPC8NnHWs+SYVSWvTXY7bQGOmEmTOmemZmK26HxW+bF dEaG0psnia33rSV3IOHZ3fHnNlwEByf4Q/Ear4rXlp4fReH5/VQYjnwOaV768hB/ FOlUL8wB3zgGu35a7OApI6+XyzsuoB/itwoMtlqQx0gxeyPrZjBT3kzoMbWj58c6 bg2IlDwZRoQeMxtqRurAoQbvOSGiObmDcw6GSXg1XxCSyGIWvMdtPcY/jCPzs7PP NBwgLOGZ1S4= =9d1n -----END PGP SIGNATURE-----
2022. május 12.

ESB-2022.2297 - [RedHat] rsync: CVSS (Max): 8.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2297 rsync security update 12 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: rsync Publisher: Red Hat Operating System: Red Hat Resolution: Patch/Upgrade CVE Names: CVE-2018-25032 Original Bulletin: https://access.redhat.com/errata/RHSA-2022:2198 Comment: CVSS (Max): 8.2 CVE-2018-25032 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H) CVSS Source: Red Hat Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: rsync security update Advisory ID: RHSA-2022:2198-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:2198 Issue date: 2022-05-11 CVE Names: CVE-2018-25032 ===================================================================== 1. Summary: An update for rsync is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS EUS (v.8.4) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Security Fix(es): * zlib: A flaw found in zlib when compressing (not decompressing) certain inputs (CVE-2018-25032) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2067945 - CVE-2018-25032 zlib: A flaw found in zlib when compressing (not decompressing) certain inputs 6. Package List: Red Hat Enterprise Linux BaseOS EUS (v.8.4): Source: rsync-3.1.3-12.el8_4.1.src.rpm aarch64: rsync-3.1.3-12.el8_4.1.aarch64.rpm rsync-debuginfo-3.1.3-12.el8_4.1.aarch64.rpm rsync-debugsource-3.1.3-12.el8_4.1.aarch64.rpm noarch: rsync-daemon-3.1.3-12.el8_4.1.noarch.rpm ppc64le: rsync-3.1.3-12.el8_4.1.ppc64le.rpm rsync-debuginfo-3.1.3-12.el8_4.1.ppc64le.rpm rsync-debugsource-3.1.3-12.el8_4.1.ppc64le.rpm s390x: rsync-3.1.3-12.el8_4.1.s390x.rpm rsync-debuginfo-3.1.3-12.el8_4.1.s390x.rpm rsync-debugsource-3.1.3-12.el8_4.1.s390x.rpm x86_64: rsync-3.1.3-12.el8_4.1.x86_64.rpm rsync-debuginfo-3.1.3-12.el8_4.1.x86_64.rpm rsync-debugsource-3.1.3-12.el8_4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-25032 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYnw2GNzjgjWX9erEAQgXBA/8C4sqhDQD8AYcMhZFpKJZo98oATR+q7Z1 sZIPpD7tvBkq0MRgQNwdFB4SxKf1BQ20Vm9Zc5u8JeJZot6dvvoLtLJ4+RpeZKg1 rPSY7euA9siBL4jbroram2pWF0vW98wCVmi9FJdX5k8n2YBfQyyxreTlDPDOKAMF HNNoRIBSZMQm33w29Qv36zKzhjMvweSa/P4RvbnaljST0aS88FAk7HkiPTSwsEZI 0G6s/Kp6+NmbTJTweBjVKq/hQn8dKTE4OhN4SMXxaJsxLW5SRTfgPjLmn/dk+sFn c9m262+IEj5ES3Af96FO31ih1j9TeByOu7bJxgY2OKg/44L4HpG13/asLmz/u7nF WBlKG4sKePjF1qtIr4+9zHhHFwUTMEVnngIMQV0rypgyhLKyHDNbxyKgJlTG2YR5 lf+sB3Alqa65NsbkT4D4XmjHdawmiNkEgaIc49W6XfLNZRXwPw72vpaJMEMo4Cb0 lN7RJFE5dyoctj5n/Yl1IeTwuLmKfhqMYp0Bp2JI9ZZFSawyiYA/PmI92Xzcz5WI FeekDdVF28sWB4aWZMJ+rg/lh8zQzlRyRNpJ4vhQWAVIZqEOfFtUstVAPbHLkpW0 C53qcqykWRntJEYEvupUt/fCbyANEmsvDFQD6YgEEJ/CrBDrMONmFdaovAYCnqq/ 8D6/sUF5jP0= =/GCf - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYnxISckNZI30y1K9AQg8EQ//VG6446ULTi0yVs/l2z5xVadWROxCqeRr wXdv2hgHdm4twZdLC4KNiLpDkUMbCLFTH+KiYh+7J/HIgpvpc9gtgqblbe/lQzkV C/fPcnz0ibwGkVI8KbEB2hYYEk3F+h1khkmmA+SfIITH1D7rxf6Q0W5cOhqhmQWW 0E823S2uAH1fVevaVX/h/Bb3uqwKDID0/oor2X/QJt6CHjr+KLfLOzmNIXM3TUVY 4LwTjhVTPKVDa24zRPKg4Yb15zvaodAtws3Cm/4tyb2gv5RtJlB+DLpkeWg9DxhS /J/lwYsbdvVps/XuaDjciIqb2uOONhj7XZShGphNaxV335iApvWrjbTn6S/DHUPP OjxmoOgSdFjz9pqU+h6DEvfPmCOsg64DhmvQUjNiPMhIwrnHMuPg9tm4NEZzGr6z IfQhulBrSuu6W+i91CGgHi59o5FVxaAvwh28/WwdvVwYgAcR0AIoBunqtWs1a1/q 3Xvjpfi2R2zB0DMcnvKLX0/gkVIE+vJNyy/vjadjcsEHBGUKYMWyGHXHvcIXve+p PGPZ9CsCGrYBbxtasFgTce4tIowPPh998ZIq91axAwAJVUxNKRtEqq/8uxRppYJx JQou4HyKHWsteFjNK/ehrJKXBsYGfTaxu7YSqlHnyW+OBhgbT1lSQAQe5r0NYpSU KeD3mAJRnes= =6VjP -----END PGP SIGNATURE-----
2022. május 12.

ESB-2022.2296 - [RedHat] rsync: CVSS (Max): 8.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2296 rsync security update 12 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: rsync Publisher: Red Hat Operating System: Red Hat Resolution: Patch/Upgrade CVE Names: CVE-2018-25032 Original Bulletin: https://access.redhat.com/errata/RHSA-2022:2197 Comment: CVSS (Max): 8.2 CVE-2018-25032 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H) CVSS Source: Red Hat Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: rsync security update Advisory ID: RHSA-2022:2197-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:2197 Issue date: 2022-05-11 CVE Names: CVE-2018-25032 ===================================================================== 1. Summary: An update for rsync is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS E4S (v. 8.1) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Security Fix(es): * zlib: A flaw found in zlib when compressing (not decompressing) certain inputs (CVE-2018-25032) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2067945 - CVE-2018-25032 zlib: A flaw found in zlib when compressing (not decompressing) certain inputs 6. Package List: Red Hat Enterprise Linux BaseOS E4S (v. 8.1): Source: rsync-3.1.3-6.el8_1.1.src.rpm aarch64: rsync-3.1.3-6.el8_1.1.aarch64.rpm rsync-debuginfo-3.1.3-6.el8_1.1.aarch64.rpm rsync-debugsource-3.1.3-6.el8_1.1.aarch64.rpm noarch: rsync-daemon-3.1.3-6.el8_1.1.noarch.rpm ppc64le: rsync-3.1.3-6.el8_1.1.ppc64le.rpm rsync-debuginfo-3.1.3-6.el8_1.1.ppc64le.rpm rsync-debugsource-3.1.3-6.el8_1.1.ppc64le.rpm s390x: rsync-3.1.3-6.el8_1.1.s390x.rpm rsync-debuginfo-3.1.3-6.el8_1.1.s390x.rpm rsync-debugsource-3.1.3-6.el8_1.1.s390x.rpm x86_64: rsync-3.1.3-6.el8_1.1.x86_64.rpm rsync-debuginfo-3.1.3-6.el8_1.1.x86_64.rpm rsync-debugsource-3.1.3-6.el8_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-25032 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYnw19dzjgjWX9erEAQiq+w//YUJEvnSSUG1jh+EplRlwXQhmFYxtQ//a 885yoz9+xqVBMFKRuA0BzbxyOEjHhcINGbxM+YoToQk8w2NSI3bmaYaVgMACrG5a tjQ4KkfbfBb+S20BbFfWhBIZdljOH/1sRfIOJYVgweyJgF1ucDqsghwk8eq/uU16 FEaOc3WA4sKvjPZdKBRy7fzrW39ODnIUzqwtCceT29Hewa+q+rS3PkuFqinK0UBo 1HD94FMF+s44FoGggcD4biu1pz3ROjPVbpykXvm7X3dQ2SPrSmIHYwGX4hLbO2DM /jWGg9KWhHnv7GG+ygttNsaxw91rzdQHcvtDrkWb8deCnhnw9qxkqwW5M/AEcIY2 kC8btY95+a7cErvhAX1u+VCHOVuBcAhBUg3Qtk9LBLo6doHXfrKBYay8kgTiu0rv Y4RvnU0wfZN3nKyTBSyUaUBjB+VRsi9okTh43XfPruUfmWtdIJ7R9XjO3iSfC/MN fG0FSsl4RLePNMMIyBXCn/+gydu8B+VmY4kPiu5HeaY+ieESPgoXK94sGyWHfKLz fslAzT/9vOLgJRiQepiey9cmJ5HDCDk9BstlWQwmhe8oWDmLMkWiHChuc/lClMpf HiWexWTphW1J79MkcYPSt6v+1FHjameF2nuHHKRFTk2QbptBLBe3UbUV8kg1atPJ 8kiir+JRyME= =o1J2 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYnxIOskNZI30y1K9AQip/BAAi1SAWC5FRNWD1XgqMn1wOZB7IXueddvP X1w7nXeNna7zyxLcXE5DbfMlLxCW9XA7m8xz8/kNCKZeiRxrH2cjb6jNT9Q+3Z9/ VmN2NtstaoBZdRZFHeppxNTerDqbpQaR2GyKtDxhZZvR/FsSsIaAJC4QN+DvKeF6 dZQ+EuKWtfcmBxoOSDiFA30F1QwhWExmzqMn5RzsurVRj6so9s2Tz+iYiEJbvYSa HeGZOAYTOIrhgK2+r620j33Iq+ojeZxr/NFwg5MH+OFW05r7mcS/bI8Os7TXjmkK w5vVd7x+QAomi7LiYVkfXd6cGS7Y/oAdhlEkE0sQsGterp9zLozhTz5BNK6z5W1N zdodggHxIT9WE+1yrB8vxttJJV3YYnuZbnz8en0flE2u30Z5LPNK3r9s5zeuypoP qQFSCcmqfKEMu2b2JLdOdRKvzNziy29j5T2dcxxNUHK1M/NMBZGoEtz6U0PbVR1Z 4Ize4rZYV9lrK3ay81+9nXrnZjIeiPgmPyY8EVzuZsDKU4gKclC8SqjwFFDNO4IX NhqlwTDvcVL4O+O51vZ6J1LL/8XsYmoU+wjzGvOL9A1cbxeq6Zo6lvXrdPEBUh7F OaI7/7LzLBZXRLPy2y8Gy7ZUuTNz+vzi18MHdrF9RJwyrXkr7oq8v8mAE4DK27Wi jmBncq8vn3Q= =04CX -----END PGP SIGNATURE-----
2022. május 12.

ESB-2022.2295 - [RedHat] .NET 5.0: CVSS (Max): 7.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2295 .NET 5.0 on RHEL 7 security and bugfix update 12 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: .NET 5.0 Publisher: Red Hat Operating System: Red Hat Resolution: Patch/Upgrade CVE Names: CVE-2022-29145 CVE-2022-29117 CVE-2022-23267 Original Bulletin: https://access.redhat.com/errata/RHSA-2022:2196 Comment: CVSS (Max): 7.5 CVE-2022-29145 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVSS Source: Red Hat Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: .NET 5.0 on RHEL 7 security and bugfix update Advisory ID: RHSA-2022:2196-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:2196 Issue date: 2022-05-11 CVE Names: CVE-2022-23267 CVE-2022-29117 CVE-2022-29145 ===================================================================== 1. Summary: An update for .NET 5.0 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 5.0.214 and .NET Core Runtime 5.0.17. Security Fix(es): * dotnet: excess memory allocation via HttpClient causes DoS (CVE-2022-23267) * dotnet: malicious content causes high CPU and memory usage (CVE-2022-29117) * dotnet: parsing HTML causes Denial of Service (CVE-2022-29145) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2083647 - CVE-2022-29117 dotnet: malicious content causes high CPU and memory usage 2083649 - CVE-2022-29145 dotnet: parsing HTML causes Denial of Service 2083650 - CVE-2022-23267 dotnet: excess memory allocation via HttpClient causes DoS 6. Package List: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnet50-dotnet-5.0.214-1.el7_9.src.rpm x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.17-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.17-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.214-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.17-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.214-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.17-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.17-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.17-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.214-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-5.0.214-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.17-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.214-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.214-1.el7_9.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnet50-dotnet-5.0.214-1.el7_9.src.rpm x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.17-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.17-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.214-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.17-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.214-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.17-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.17-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.17-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.214-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-5.0.214-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.17-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.214-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.214-1.el7_9.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnet50-dotnet-5.0.214-1.el7_9.src.rpm x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.17-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.17-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.214-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.17-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.214-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.17-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.17-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.17-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.214-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-5.0.214-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.17-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.214-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.214-1.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-23267 https://access.redhat.com/security/cve/CVE-2022-29117 https://access.redhat.com/security/cve/CVE-2022-29145 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYnw2YNzjgjWX9erEAQjnKw/+JKVVw/lPCVmNc3PInnIvxrqA3Agao/nW TjOOqmpcQ4v0oQcEZhaXzmCLj7q1etnykHOhLMtO2FYaVIKI+wV9KwCub2ZAsVil IVIyab9QgMvQKtX6MijnYovPz4F2Nuhg7XzVwu7XkVdT5HzsxZRSCgwop61LYhM3 /T1okpi2EoVxv1jsslxy7Ir91XXr4qJKSuX9ogD4h9us10VoFEleUCVTgghW7azx YecvnzGBGuDG68pWUd/Sh0g2QUisQvFxH7b5g2XlUdvD8FOTKa0ktI3T0G93xC16 aYnoz5CPv6AkRaQf6wxEzcdNnr6Sy8MlZwQHTHutUUeTEKwvpWXBzYdEFHwAS49p vdIhQx5ryYSHtc3AU8Lq9m3+0ZNKXQ2gn9RcgpUUwKhRYAx3aMURfrtPogFAGyy7 MXjYO7wvGF6l8NfMb2cq66St4QT+Io8jB5W9D0or691kADyyE4kbytQnChjgFv+K 72v0rLruwie097nHZbhDjH1gROrfNfzAjvgNZALMiA4tGWg6XGCtf5udZJo71vAb CYe5u7Yem3AnE2MQ12vA1/hDbSIfDccNYNVXcOy6DoSyYFe60yVaaWwi4mKFc7bZ 3VaDWe6i57KFf1SRDPLlDm2zpccQOskBOKz2FGH1VHf2Gyv8tmLwBwwt+FMYl4kU lkBj6YcyB1E= =b0at - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYnxIJckNZI30y1K9AQiEMRAAqqbamlwZyA52A5dJNhC/uIGacdMSsFsO u2DpHzSRbJGc5chTOU4Vb9g1boP5XLWFEv30NOEJw/blf/NrHzQDqkWQIp4gqJQe R4Y3jxlJrI4ba4U8lkRbTOvfXuOkrMkPbpaMZh7ImCT8VhDYMO6lO/GP0W/awcP1 p7TxRlvzWeibCI5Ug3FGzwQI3qiZCMzwhVXkeoQ0zGHJCh79PTnQ889bVkOplkAJ 5g9Cfgo+knuEarvnbSs/GxSsaGUVlJHnIGXDYat18066xGavF/lb3OM75xPKuDJE xA7Z+5jgHLnQaUh3YqtUAiycmTAghV1nDtTgtlopQrLX6SkaNiUrjfEEb0wFkmtA fOa7JhE5OPaqRMprrAbGqv/UTau7oVMiiKNV47yV+0H3tUb0ZiRu2L4byuPsCX/q dqNED0br7yigN4YRt9cDMad6esnbBYR5su9H5zXb5U1LrPgwaWhC4201q7+alxQY 2qGV04Id6dClFOcya/LdEOyINUuW8uHrf+Hqc3qJWgG0aCvJd6EGBDrx6iweVZZT o6DZF0Gu4glF0h1A5OlD1z9nG+Z2M0X0KU6xF/l6W1b3OBsJjhv1KEFH7XiQqxLS FNGIkDzmv/fjWebX8nVO7SAOn5a/vydqhur4UGikqIiKSFsNspxqLy4vCZVGLwk4 p3VgU9EArTE= =ixHN -----END PGP SIGNATURE-----
2022. május 12.

ESB-2022.2294 - [RedHat] .NET 6.0: CVSS (Max): 7.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2294 .NET 6.0 on RHEL 7 security and bugfix update 12 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: .NET 6.0 Publisher: Red Hat Operating System: Red Hat Resolution: Patch/Upgrade CVE Names: CVE-2022-29145 CVE-2022-29117 CVE-2022-23267 Original Bulletin: https://access.redhat.com/errata/RHSA-2022:2195 Comment: CVSS (Max): 7.5 CVE-2022-29145 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVSS Source: Red Hat Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: .NET 6.0 on RHEL 7 security and bugfix update Advisory ID: RHSA-2022:2195-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:2195 Issue date: 2022-05-11 CVE Names: CVE-2022-23267 CVE-2022-29117 CVE-2022-29145 ===================================================================== 1. Summary: An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 6.0.105 and .NET Core Runtime 6.0.5. Security Fix(es): * dotnet: excess memory allocation via HttpClient causes DoS (CVE-2022-23267) * dotnet: malicious content causes high CPU and memory usage (CVE-2022-29117) * dotnet: parsing HTML causes Denial of Service (CVE-2022-29145) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2083647 - CVE-2022-29117 dotnet: malicious content causes high CPU and memory usage 2083649 - CVE-2022-29145 dotnet: parsing HTML causes Denial of Service 2083650 - CVE-2022-23267 dotnet: excess memory allocation via HttpClient causes DoS 6. Package List: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnet60-dotnet-6.0.105-1.el7_9.src.rpm x86_64: rh-dotnet60-aspnetcore-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-apphost-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-debuginfo-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-host-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-hostfxr-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-templates-6.0-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-netstandard-targeting-pack-2.1-6.0.105-1.el7_9.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnet60-dotnet-6.0.105-1.el7_9.src.rpm x86_64: rh-dotnet60-aspnetcore-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-apphost-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-debuginfo-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-host-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-hostfxr-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-templates-6.0-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-netstandard-targeting-pack-2.1-6.0.105-1.el7_9.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnet60-dotnet-6.0.105-1.el7_9.src.rpm x86_64: rh-dotnet60-aspnetcore-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-apphost-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-debuginfo-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-host-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-hostfxr-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-templates-6.0-6.0.105-1.el7_9.x86_64.rpm rh-dotnet60-netstandard-targeting-pack-2.1-6.0.105-1.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-23267 https://access.redhat.com/security/cve/CVE-2022-29117 https://access.redhat.com/security/cve/CVE-2022-29145 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYnw2ZtzjgjWX9erEAQhfsA//XM/8Ih5T9J+ql5cd6IgYWbT1UOM8KE17 4abvuRvxBqSfJyACbCEbRNm+GZzqWF6SHYamS3lAfs5Gt/SmIcEtyWZTaEkiZtbi sIsJ2Hd802Sm8K1gcU0MFOMhT5zwI3ogteixbvzkN6y5NxHitkVTUZqOIjvpcNzn Mc0bfAgeIzODP6F5hfneYantgPhQC3j5eWDcRBOrvxD2cRDnQ6CzL37wUsdSd+TA f8b7Ck2lg9poj+v/4L/HVLZJi47HM3C3ouqJClTx3kL89ktEZkhavcLua4wX8aY5 n1MPCnMe9OrPwfzAzyCrZqKezAutuu3QfXaWy37RW4M4Tza1dfP/4eJ2fBH19JcB 3iUmFmQmR36WFLBMCrUzLNH8FsBXzp1MLiiKuRgV/MXa+M2ZwMeqTFQuAsAA8lTE 0Qeoyf7JmWP/iDcODWKU/+eApCsRKBnmB952x3UroOq0H57m1RPJKZRlwwqy1S2a Tc2xXDB/w6SaORozEXlGnyrzHBIM7FdHkNS4zdWSNH4GRkO3bbwsi2CPgzIkXvyZ j1Q4NEtntVC3FmkKHUoSw3XRmBNrBNAD3JRKWYXEmN1JAfXSAsrbOqlj9sCE/nTJ rDNXwYArh73UwTMfU2+JL/2XE1mgV+LWBtAMsoBGHAg31HdXQQOe1UoJEaKjX7p3 zq2nVL/qVmM= =le1K - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYnxIE8kNZI30y1K9AQhaNRAAj3FummySaZ/0GsSYUvRPwuayCep8+D3f Hculrhc5HaLK5UVSuwt+umjU1r9BI9k9JgiGywvwTVyIE3iZswlc3pwC8vitRW/4 c95+40W23+sE7VIBa2fSOJ7TBuZoCBclzOANJdqfZ6DkqkLXinfiKdsEWaALbfde RGdLE8vHNB9L6TAQ4qYNVG1pkuxeej2AjtUykpUjn53Xl6oZjNMvaoJvu4qfZL5x YWLTkvNrBfOQ1HFV1G+XAHhfc0ARqKPpCadZpMSIBtE1P4INnZTn7u4Q0WQU6ov6 JNJWPyvm6XEXTbBEhkVVTEPWdnDitq7SnBLOFZm0OIHB66a9TcbXu+Ad8N7aefuk WG5lqSTvS7NfIbYk9HA3SOt/5/lm6yVqGmYxQmkbCwnpiRVRyuJiYtqmp9AxDSbO wedxwYWCuuVa2NB7JIINFXq8/TvqgMlPBWNSFnY31O9Mu8I19ZTDj1gxEKSodxl4 5wRVwxJjn8Nn/ZA9GQyAZe/VjywPlj1FVCccsDytFT0uPn3ukN29QCT0sQgV/5yo brAf7NQYcwWy5B/xMmcBACV4RxozFKi86qSxNyJnrIfCnwYmMkfKA4VSIw+bLToo bujzM2+QZ2NEhq2qG2Hh37/6vSOyE/MmDE1j87QyGlkQw+0QrHbb1rLyFsSYNUhk XpKhDbvy9I8= =Ms2c -----END PGP SIGNATURE-----
2022. május 12.

ESB-2022.2293 - [RedHat] .NET Core 3.1: CVSS (Max): 7.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2293 .NET Core 3.1 on RHEL 7 security and bugfix update 12 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: .NET Core 3.1 Publisher: Red Hat Operating System: Red Hat Resolution: Patch/Upgrade CVE Names: CVE-2022-29145 CVE-2022-29117 CVE-2022-23267 Original Bulletin: https://access.redhat.com/errata/RHSA-2022:2194 Comment: CVSS (Max): 7.5 CVE-2022-29145 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVSS Source: Red Hat Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: .NET Core 3.1 on RHEL 7 security and bugfix update Advisory ID: RHSA-2022:2194-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:2194 Issue date: 2022-05-11 CVE Names: CVE-2022-23267 CVE-2022-29117 CVE-2022-29145 ===================================================================== 1. Summary: An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.419 and .NET Core Runtime 3.1.25. Security Fix(es): * dotnet: excess memory allocation via HttpClient causes DoS (CVE-2022-23267) * dotnet: malicious content causes high CPU and memory usage (CVE-2022-29117) * dotnet: parsing HTML causes Denial of Service (CVE-2022-29145) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2083647 - CVE-2022-29117 dotnet: malicious content causes high CPU and memory usage 2083649 - CVE-2022-29145 dotnet: parsing HTML causes Denial of Service 2083650 - CVE-2022-23267 dotnet: excess memory allocation via HttpClient causes DoS 6. Package List: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnet31-dotnet-3.1.419-1.el7_9.src.rpm x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.25-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.25-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.419-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.25-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.419-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.25-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.25-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.25-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.419-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-3.1.419-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.25-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.419-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.419-1.el7_9.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnet31-dotnet-3.1.419-1.el7_9.src.rpm x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.25-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.25-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.419-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.25-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.419-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.25-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.25-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.25-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.419-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-3.1.419-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.25-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.419-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.419-1.el7_9.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnet31-dotnet-3.1.419-1.el7_9.src.rpm x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.25-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.25-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.419-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.25-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.419-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.25-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.25-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.25-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.419-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-3.1.419-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.25-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.419-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.419-1.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-23267 https://access.redhat.com/security/cve/CVE-2022-29117 https://access.redhat.com/security/cve/CVE-2022-29145 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYnw2KNzjgjWX9erEAQhTphAAjPBnbfSK/O0HPspxL7zVPyqXg9tnTIoj Z4UMUXV1j3x2rJwMGIwzcdhEwU0IpSo7JBSfXdNEUvR2wxwNrrKYjRr8ZeebOwmv gETbXBwAwTAMVg7WmyQHCB8HCKYMKquy4Y84BKFe+2YqIACvMSJAf09DYtLpT86X tSz+59jMPXkihnwSoIbTwHECfm+sJg+3WOzVhdpbDlPYnEQsk4WkJM0pUf3q6NEn LXpd68kcsqgb53oMycME2/AtQCbhBf+pdo6gU5ihr6SZi8AMivvyFf7q1Eni4Bta zFdhX5WqHGIwpo6UhZGfJY6ZFbF7HpmoavtH6UrI5ocEkkaCrCtuoycqRnFVSExX mrs8PntdybjfXd+OsWkVNI8WFsWzlLzv/WL9XcHZx2GFqQloUnguKNw5np85QLri eR89VDXxOdjx//q0l8nBQJHW/sA1R5ztjBLBDtkNe8fcSI0yG/wT3SupZ1ST6feH bOuIlRWtMH1kzmdh/PV7pBI273XGH6SCeRqM+Ipj0WYdmGpTuCw7WX86BVE7GzNK yQjk7JJStvjE47eoal7xqi9Bt3FNq0khDmisthuvpijuXcd4OzPT1lLVIhnvu1k8 nT9t6teLdcrIUANTvCVg7sxHmzPFRlfCQDUYIJBVY3tU7Eo/z6y1d/j0LSY3AqyE 5b8ffjCq9ps= =jVZ/ - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYnxIBskNZI30y1K9AQjjIQ/+JilamcE1v4mlWALrkS0vrrGu+7HFGj28 /VMSlp66hbZn3T/6rPMFWxVFJDnTkEuS6QzPDkQldjDRSCjcO9LWIGXsVva9wiFM yk+vonNPTLCl5XzCHZa4dcgXSkP3pJ/P8XNDg2MBj4HM8DQrdqDyJAwRQP5EPcAi r05kpCrWixqHVt9W++1LqhSOgvSP5UhzBc8/QW0YK44OW6f/Stl2IhMg65U/DylY bmBi0e4YHUgbn9ji8DQYlO9DT5/L20rUXsae+/2NALpEjpwiGBhKomzOLyiWnOAf TLYF45vO+Y33lFzOjwPEdHR2NUMo+AEqFN7GYwO1NdKEkwW5tmkKnTSADhLqMBtJ AXdBxfz51GM6cNhIsLa0guUY9j4nkS8gymy03srrygpOfJnVUzkFL5QIZwSxGm9Y 1okX7HNNa6rA0eYNl8/CdSzmAUs39OhB8YAWCNoyP+dsi1WGJIkHn67CYCG+Flu1 YqFs8tI7XdtqtfgKHkPUHhXgPAiJxinQtC8QA23aAl1gH2o1urtMYOfF3NlIaS0X mz6P/RzqyB618KKTQz/jgWiv2iwQws/zSNRKy2eJY+zaFWwjker91Fajv2b+eGN/ hPjdaWR7HK7Ttw1SMMuXad4ov+tAQwk3v3zQSrJait5LK/U3ZWKQZrcKaz60qs8t 9gRmy/I48YI= =dSV4 -----END PGP SIGNATURE-----
2022. május 12.

ESB-2022.2292 - [RedHat] rsync: CVSS (Max): 8.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2292 rsync security update 12 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: rsync Publisher: Red Hat Operating System: Red Hat Resolution: Patch/Upgrade CVE Names: CVE-2018-25032 Original Bulletin: https://access.redhat.com/errata/RHSA-2022:2192 Comment: CVSS (Max): 8.2 CVE-2018-25032 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H) CVSS Source: Red Hat Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: rsync security update Advisory ID: RHSA-2022:2192-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:2192 Issue date: 2022-05-11 CVE Names: CVE-2018-25032 ===================================================================== 1. Summary: An update for rsync is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Security Fix(es): * zlib: A flaw found in zlib when compressing (not decompressing) certain inputs (CVE-2018-25032) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2067945 - CVE-2018-25032 zlib: A flaw found in zlib when compressing (not decompressing) certain inputs 6. Package List: Red Hat Enterprise Linux BaseOS EUS (v. 8.2): Source: rsync-3.1.3-7.el8_2.1.src.rpm aarch64: rsync-3.1.3-7.el8_2.1.aarch64.rpm rsync-debuginfo-3.1.3-7.el8_2.1.aarch64.rpm rsync-debugsource-3.1.3-7.el8_2.1.aarch64.rpm noarch: rsync-daemon-3.1.3-7.el8_2.1.noarch.rpm ppc64le: rsync-3.1.3-7.el8_2.1.ppc64le.rpm rsync-debuginfo-3.1.3-7.el8_2.1.ppc64le.rpm rsync-debugsource-3.1.3-7.el8_2.1.ppc64le.rpm s390x: rsync-3.1.3-7.el8_2.1.s390x.rpm rsync-debuginfo-3.1.3-7.el8_2.1.s390x.rpm rsync-debugsource-3.1.3-7.el8_2.1.s390x.rpm x86_64: rsync-3.1.3-7.el8_2.1.x86_64.rpm rsync-debuginfo-3.1.3-7.el8_2.1.x86_64.rpm rsync-debugsource-3.1.3-7.el8_2.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-25032 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYnw169zjgjWX9erEAQi4PQ//fQFCIJUmQsCjZThmW5zUh4iOHMLgJh8C m138R81Kk1ezYUO/WQBez+Hn2fXth7/hgTEXMQuUfm/LYbkxJ7DQu540hQoL7jz9 955Nq+kU5Q8XNuTWbzGBOUCKS4C0ELgBKQiCOGgkuW0GGYBPwbCxqTrkrQNasIdb 8WEvm6kwvJVs8V/0WtvCnO4rSyoSzYyPPgh/oqK0Z+vvUMd2Vhi6KIzgNouGBDGb 2fzDpFOTX6nHldEsjy2VzxTQjO9icP/gZgxGWrz3beIKD8S+aV1D76BhG9jYnCau G9093Xjzu3svrF4zRfXjAAbbtJRO6Auaw7Jn2zipfSRD99QMwQP2tbTcFP1GR7aa Tl68kMUK+DzI9BUAWFU9nt5u4Xw5LLzTL5UsQw5AEM7R4MEKeZbGQM8pXrLoqsPj qdWd5OULNRZCcyL0jNsDvBA/CJIu4+tPbDR6hIqfyy2rsJvB4MpnF4G/9SzP31ut mw4bO9zAvpJwxKQfDzusNxdmzr9fs2+V2Fzfh+4npSmFXFUN1koTjsBXIxZvjcpQ YnDZreBmJ+YQ9pFB6Q57HztPW1Kbs+CIm6E7bNL82hfeQ3nWNtUL3qmHeV03YEsW ygCB/DvnRhSuwSxhkD0hDl672o95LEMKgQt7J1rYGFAIvRW+Fr/0HoqJ3jBT8m6X ABdLup8HjeY= =Z+CX - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYnxH+ckNZI30y1K9AQhZbA/+M2JV7XloueVNo2IXUanPMaVeoV+o6392 A+qwa6wKzwRm4ZnfI+vmvcHy4N9rBk1V1Zoj+fN6MYGN8pKal/3nBzBRATkf09lW 6SGDuGzBINLybnfwAjDTr/DZZ1Y15uhZOO6MO/fPbe2CcilmAS/sFVAi2Zo63ggo /cxiB56cVj7iRIKUjhOrB7s1Nj24WhxwONoDk6hBdeizVm3YcENQs5EQxTUHM32W zm9U7hulAgKMnAYfOOD0aLhGVYs/GiXNWoniah60auL5f7Y4hf4pfMT20niWGpNu H7N3QubRHbltWLcUFoaYL1ONTEuMYRYM8prGdhMlzKMHVaa04iq1Kq0xL69flljf 2oaBv70VK5pzGb5wY0eajyxLyZ7C1gOrOXf5Ym6oc6hyBDNtp72QbHRPfUVeGHWu ws5ZXvVEdnrGMWDTj5Al4BWaiTlEdvy2xleIulHKWIGOywWyWrXxiAmJwq/JX7qG oY/vVeD3dOjQzTPI++/1l6VsZIZwCn8tfh+s1NpxfrMG8lyJW5hekLNuovcdWX1R RehpSSafPsMIlPo2Ie83k7sc2iixU3WGWzs0pDttcxGjGombAyOTqsJk+pie78HF n7FeVjx3/roCrndf9FkoG+XT2Coaz6vBrZy9SmcsfEFcIjIgsVEYzib2noBsZ+97 azLvOljdrTw= =OaFC -----END PGP SIGNATURE-----
2022. május 12.

ESB-2022.2291 - [RedHat] gzip: CVSS (Max): 7.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2291 gzip security update 12 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: gzip Publisher: Red Hat Operating System: Red Hat Resolution: Patch/Upgrade CVE Names: CVE-2022-1271 Original Bulletin: https://access.redhat.com/errata/RHSA-2022:2191 Comment: CVSS (Max): 7.1 CVE-2022-1271 (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H) CVSS Source: Red Hat Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: gzip security update Advisory ID: RHSA-2022:2191-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:2191 Issue date: 2022-05-11 CVE Names: CVE-2022-1271 ===================================================================== 1. Summary: An update for gzip is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: The gzip packages contain the gzip (GNU zip) data compression utility. gzip is used to compress regular files. It replaces them with files containing the .gz extension, while retaining ownership modes, access, and modification times. Security Fix(es): * gzip: arbitrary-file-write vulnerability (CVE-2022-1271) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2073310 - CVE-2022-1271 gzip: arbitrary-file-write vulnerability 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: gzip-1.5-11.el7_9.src.rpm x86_64: gzip-1.5-11.el7_9.x86_64.rpm gzip-debuginfo-1.5-11.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: gzip-1.5-11.el7_9.src.rpm x86_64: gzip-1.5-11.el7_9.x86_64.rpm gzip-debuginfo-1.5-11.el7_9.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: gzip-1.5-11.el7_9.src.rpm ppc64: gzip-1.5-11.el7_9.ppc64.rpm gzip-debuginfo-1.5-11.el7_9.ppc64.rpm ppc64le: gzip-1.5-11.el7_9.ppc64le.rpm gzip-debuginfo-1.5-11.el7_9.ppc64le.rpm s390x: gzip-1.5-11.el7_9.s390x.rpm gzip-debuginfo-1.5-11.el7_9.s390x.rpm x86_64: gzip-1.5-11.el7_9.x86_64.rpm gzip-debuginfo-1.5-11.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: gzip-1.5-11.el7_9.src.rpm x86_64: gzip-1.5-11.el7_9.x86_64.rpm gzip-debuginfo-1.5-11.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYnw2EtzjgjWX9erEAQiLhg/9H2aZbZdZ9kxJ5xI/0CcYL4469A6+mi4R tKky9IcbxYKBvnX98AIGDCS5BP88T7avpHUK1+aIcbf09gX+RSuX8sDL97ysHeLy i3CMdPy8FjVYTpTzRgWrd7HRiSp+nzL/2nhBF2nOzehGsq28h3RPzUKKPpqkoKKs +0BVUNEikff0BWhfU0u2HNivaXNNACQSf0O9nzpWlFrmDW6XShQs1Nbg+G6L8q+f ydxFNVuaCWSvzeF9tkWkwy+D+c2FRQdKiZa1QMLf0itFfP38p1bL9GE84w7ZycAS d3MuYs1Z3wtptegJcHQXrH2K7ckQvUm+2blc4NSFYOUuBnmrzJLvsOv7hunKhxEg eX6CM/yBB5EFGayhjXlxj2oqUEjpgRv9zsTIny5o02OAbLB3OlDGgjjcJttGgV9R xsELTOeXxsc7IwyzuzXCRyUlobohj90i0UBUBZtIALauHO9lnFWV59E8YftyDFxK lmSTXs4b3kVUCY8UdcotySOdxp/IjKZcOPDDta3iPSdTKuv2RybZfNsp6TMRfEqD eZuZQUWW2HeprLYi6WNkNGSQdrYDx0G/fRk42A7Gy98Av4vA1oyPq7KacmVOPma6 vpaxsHTyDnPxrg6BPXZ/Fnt8fLfmBt7IzKCBK5e6wY0SbLknZorPvUPvl7sLUtEF FfoWAD978A8= =7VPS - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYnxH7MkNZI30y1K9AQj0hBAAob+ttaygYJZjmIDHkEHkCl2V7Soi0MiY ftwcuQu50LwrBRRTPKfZ4FKxA6GePFlKCIOolav7SMFuqbBj3cGVHHxJWFDY+1Rf U1T1shNRBzgPl8k5OXPKWJ/nnWtiM/6vr2ZHj+nM0AhBn+xe3RJAI1Q2jmDyrt8j y21/QHYLUZcc+LHmaWasq0jYRRwAKw4xhHEUSWhRh4tAk0/RS51ObhMsCxQNdz2b dPqtzlo2A6fFoRJS+ww3NYCQImji1P30SzQB+tMr/dkGOXoVR6yGDdhK+xlJ+sNa ivRI2uaMLZZHaXZ5rWXMKRtpm+IvZoB8srfsuiU/ImZ/QEOOLyDk24bHGL4zeDPP IvqGM9LI3k8goMSEhSNVOkE5tSRvSfPOZuYzwuH2SbDghxsZ6u5N7Fn1Fpu+Kefk EbCuKcWQ3ddGF60TFj6YRmCFk/DSkSQqfNaJxJnKHoRET8qsWBwt82vtKSjD+rV5 dNc54zNe7P0Y8fe9FVKV6Pv8CNUYhwYEHdxOPd/+dIKVuvnd6c8POwM5WBQ+Kkio 7ypOb0QiELCNTFpbYNArHXlOpikLC2MqXlN/GIlgOUR8/jDoKbKwDisTDpcvBNi+ K21iZBA6Y4widb0FFnwOGpo5NTaDUon6p7eAX6lWZazZJrM7Gu8agGiKFCc9SoJ3 6UtgTEic4hk= =qFlc -----END PGP SIGNATURE-----
2022. május 12.

ESB-2022.2290 - [RedHat] podman: CVSS (Max): 8.0

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2290 podman security update 12 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: podman Publisher: Red Hat Operating System: Red Hat Resolution: Patch/Upgrade CVE Names: CVE-2022-1227 Original Bulletin: https://access.redhat.com/errata/RHSA-2022:2190 Comment: CVSS (Max): 8.0 CVE-2022-1227 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H) CVSS Source: Red Hat Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: podman security update Advisory ID: RHSA-2022:2190-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://access.redhat.com/errata/RHSA-2022:2190 Issue date: 2022-05-11 CVE Names: CVE-2022-1227 ===================================================================== 1. Summary: An update for podman is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux 7 Extras - noarch, ppc64le, s390x, x86_64 3. Description: The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fix(es): * psgo: Privilege escalation in 'podman top' (CVE-2022-1227) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2070368 - CVE-2022-1227 psgo: Privilege escalation in 'podman top' 6. Package List: Red Hat Enterprise Linux 7 Extras: Source: podman-1.6.4-32.el7_9.src.rpm noarch: podman-docker-1.6.4-32.el7_9.noarch.rpm ppc64le: podman-1.6.4-32.el7_9.ppc64le.rpm podman-debuginfo-1.6.4-32.el7_9.ppc64le.rpm s390x: podman-1.6.4-32.el7_9.s390x.rpm podman-debuginfo-1.6.4-32.el7_9.s390x.rpm x86_64: podman-1.6.4-32.el7_9.x86_64.rpm podman-debuginfo-1.6.4-32.el7_9.x86_64.rpm Red Hat Enterprise Linux 7 Extras: Source: podman-1.6.4-32.el7_9.src.rpm noarch: podman-docker-1.6.4-32.el7_9.noarch.rpm x86_64: podman-1.6.4-32.el7_9.x86_64.rpm podman-debuginfo-1.6.4-32.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-1227 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYnw2DNzjgjWX9erEAQiTZg//a3YoBqdp8tYzxsRYtg7yS1hNalQHmqnm mduXm+hpMva9ZU1lzFSKvVKKebapsSpVJt1Ek4AXnnlqj2srNCFWFGUldnDYPXtP cjPP5L8jRptRfpjXhDhbNHIqoP1koLMyq2SQ2V0kzv7nkDJNLHF+aqiTW9FNGsug RxQmsM0xdydLG+Zhs53kikfYFZB2k0gXCvOjKONdf8XOF0uw+UvNg47/W8Zq2Pjh 59gOd5idDFeBcs9VQi+ZUW8yS0V5rqTGEcfDELGy10yB72OzbUXwAnJAROecRZXE 4GYOMh/Lxk/d6sa5kV5JfrOQdwJsPFn3/P2sZUNCJs8fji73zKVmjCmh0rIjUgk6 KiABF6E6BzFIXb8BYXwHkqlTjjTwZa9cysCuEzp2UfF+kcyX9VvQRevfW66NxCvj 7lF+lhz5CF0WSHx46j+pPY6vXijwgKWv8ns5sf7bFL+QNlUk/P1ZEqptqxl7Ffla sRxyJ7GKvxzJr3ZvzSDITdRJp8w3/t1XAcjx48Olhu9Jq9qmI18nzqZDUdguPN3N DZ3b6RiMY80lHwuZAyRbukxrDzg/o8JQdpXj+rWYtJzZmXnxRmU1otgVe3I5gHvX z5In7WpmqvEAcIqSp9iKem+C48qDws1W+otsVQyo9DXdr0GCysXZWOZ/3Tf5jjdp RrowpA7c64s= =nKmr - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYnxH3skNZI30y1K9AQgD3g//VtC617Y6xdBnT4oV7mWrMOjuZFlIb7A8 8nJqIXyEWDsFCDoreap3UTNPONZylI/sxJVRsOmjdQL0PjssNcVeQmL9iVZMi/zp SzqqsbOIgS0twyMg6JJzwYsr7sBGJQGwqgifCFRfA8o2uFc8zNgCQqP6Vx90yjGZ JnWh4hdoBpOw5r8DfhfgzZ3/T90Tscp4LL9p46/zEnb1nwjIZPlaBzD1SxZwTQ2N gVQhfIjn/UM7mrAu3EVS53qHJ1HklgmH9OEpWHukN2wZurIM4AtGoaUs+Iq5CykK BiwLWZC1EntA5lTdn1TuZja7hpIK0xzoAAO2FMu0rhSH/S+oTgkEtSWwBHs04sgk mM+z44r+Y62f5ojPZ7+4/Vzh9uxtaJFBiLr1CH64qRw1hPByMs/bMlOpNAdfuYX1 VpURv94YLvC7nSMOkKwPmerQVZDHqFlKJDo+TBdUqsxzGioCQAcKKIru261G+zPh WV5IeI42MEUuYDJ4F/VtA4fQgMzy85/eNf3iUdqe83o+ara41N4hn/E0mydXY+RN pjsvrQI5LS96JQbuprzwSTlLJpZaRJko1n6Ssgyskoh31Yk62XUlyW+WuqawGVsy mcRLiCzQxtekvdx1j2HrdI8eQETpwWLPe/1gtSeOu6NO7Tkn+HsYfUaL2Y5rGLBP ukjetIUOrjI= =tYSJ -----END PGP SIGNATURE-----
2022. május 12.

ESB-2022.2289 - [RedHat] kernel: CVSS (Max): 7.0

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2289 kernel security and bug fix update 12 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: kernel Publisher: Red Hat Operating System: Red Hat Resolution: Patch/Upgrade CVE Names: CVE-2022-0492 CVE-2021-4028 Original Bulletin: https://access.redhat.com/errata/RHSA-2022:2186 Comment: CVSS (Max): 7.0 CVE-2022-0492 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSS Source: Red Hat Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2022:2186-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:2186 Issue date: 2022-05-11 CVE Names: CVE-2021-4028 CVE-2022-0492 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update Support, and Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.6) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.6) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.6) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.6) - noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: use-after-free in RDMA listen() (CVE-2021-4028) * kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Extend /sys/devices/system/cpu/smt/* interface to all architectures [7.6.z] (BZ#2060991) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2027201 - CVE-2021-4028 kernel: use-after-free in RDMA listen() 2051505 - CVE-2022-0492 kernel: cgroups v1 release_agent feature may allow privilege escalation 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.6): Source: kernel-3.10.0-957.94.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-957.94.1.el7.noarch.rpm kernel-doc-3.10.0-957.94.1.el7.noarch.rpm x86_64: bpftool-3.10.0-957.94.1.el7.x86_64.rpm kernel-3.10.0-957.94.1.el7.x86_64.rpm kernel-debug-3.10.0-957.94.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-957.94.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-957.94.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.94.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.94.1.el7.x86_64.rpm kernel-devel-3.10.0-957.94.1.el7.x86_64.rpm kernel-headers-3.10.0-957.94.1.el7.x86_64.rpm kernel-tools-3.10.0-957.94.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.94.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-957.94.1.el7.x86_64.rpm perf-3.10.0-957.94.1.el7.x86_64.rpm perf-debuginfo-3.10.0-957.94.1.el7.x86_64.rpm python-perf-3.10.0-957.94.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.94.1.el7.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.6): Source: kernel-3.10.0-957.94.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-957.94.1.el7.noarch.rpm kernel-doc-3.10.0-957.94.1.el7.noarch.rpm ppc64le: kernel-3.10.0-957.94.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-957.94.1.el7.ppc64le.rpm kernel-debug-3.10.0-957.94.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-957.94.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-957.94.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-957.94.1.el7.ppc64le.rpm kernel-devel-3.10.0-957.94.1.el7.ppc64le.rpm kernel-headers-3.10.0-957.94.1.el7.ppc64le.rpm kernel-tools-3.10.0-957.94.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-957.94.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-957.94.1.el7.ppc64le.rpm perf-3.10.0-957.94.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-957.94.1.el7.ppc64le.rpm python-perf-3.10.0-957.94.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-957.94.1.el7.ppc64le.rpm x86_64: kernel-3.10.0-957.94.1.el7.x86_64.rpm kernel-debug-3.10.0-957.94.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-957.94.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-957.94.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.94.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.94.1.el7.x86_64.rpm kernel-devel-3.10.0-957.94.1.el7.x86_64.rpm kernel-headers-3.10.0-957.94.1.el7.x86_64.rpm kernel-tools-3.10.0-957.94.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.94.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-957.94.1.el7.x86_64.rpm perf-3.10.0-957.94.1.el7.x86_64.rpm perf-debuginfo-3.10.0-957.94.1.el7.x86_64.rpm python-perf-3.10.0-957.94.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.94.1.el7.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.6): Source: kernel-3.10.0-957.94.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-957.94.1.el7.noarch.rpm kernel-doc-3.10.0-957.94.1.el7.noarch.rpm x86_64: bpftool-3.10.0-957.94.1.el7.x86_64.rpm kernel-3.10.0-957.94.1.el7.x86_64.rpm kernel-debug-3.10.0-957.94.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-957.94.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-957.94.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.94.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.94.1.el7.x86_64.rpm kernel-devel-3.10.0-957.94.1.el7.x86_64.rpm kernel-headers-3.10.0-957.94.1.el7.x86_64.rpm kernel-tools-3.10.0-957.94.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.94.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-957.94.1.el7.x86_64.rpm perf-3.10.0-957.94.1.el7.x86_64.rpm perf-debuginfo-3.10.0-957.94.1.el7.x86_64.rpm python-perf-3.10.0-957.94.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.94.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.6): x86_64: kernel-debug-debuginfo-3.10.0-957.94.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.94.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.94.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.94.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-957.94.1.el7.x86_64.rpm perf-debuginfo-3.10.0-957.94.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.94.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional E4S (v. 7.6): ppc64le: kernel-debug-debuginfo-3.10.0-957.94.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-957.94.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-957.94.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-957.94.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-957.94.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-957.94.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-957.94.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-957.94.1.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-957.94.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.94.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.94.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.94.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-957.94.1.el7.x86_64.rpm perf-debuginfo-3.10.0-957.94.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.94.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 7.6): x86_64: kernel-debug-debuginfo-3.10.0-957.94.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.94.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.94.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.94.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-957.94.1.el7.x86_64.rpm perf-debuginfo-3.10.0-957.94.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.94.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-4028 https://access.redhat.com/security/cve/CVE-2022-0492 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYnw2dNzjgjWX9erEAQjB1w/9EL/pU48+hw4VVVDQV+1MaFqLDgw8EtYN m+L+CV6T9P7OEoMfVO50kIMLSr0Twswu2V+43nouI7ALP40h9Fl1uv/lCWY1mlu7 QJVatG2BhI9BT1ANxJ7gcj1JVE59gllmEAowzOAtfMAw8p31u/Q0AEynJLC1d2pq 8l3aSUcRabPZcvOYltNEAUkGpmHIrn0DoIo6B0ZujolJkwhk6qXLeKb1uF+Pu2kN C56GUdwQ/R0TY3MeeyjV96oNWhxdxl52U89N4MlzwWajsTNK/9Wt2TsFtvQWM6Sh sgAAc8ihSHVEKk6PZDs9WmS7OBzDlxapNLcXfGOSuvDRPXkC4bVW0EKu4P8FClOE VrX0G8vftvqOnFmbH4qmbmhAw7Eikvk0QX2qXhzmrQPyE4V8rm4+lpm+T82qgJtD PQDQLTrk6wfZqb2p2iu+jVLg9bzZUQOdr+0VYpQX8F1dc+xJP6GiyDcNKoAMFMXO MAtVEaQoTbcjduo1xJ/2pDmZTd6Uzsrj4wLuuW3/fnySX3VXsnTrW11XDHCe1Ey+ Ooc9htuTxqBBfSLPlJhhYj4gGsilk0hnZ+zSpPAKZc5YB80P7MjshZQqfBgD/NZj ky4nH9vHI9ahKRfdt+C5JJhnVnD2nBUtjxB1LejVBZyM589lFMYfvaaK7Jy7LENd 1rpdS47XM1A= =kUcg - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYnxHzskNZI30y1K9AQhUjA/+KE+RPWZcTvtVr+ouDjFIGMIae/Q4rPqV BwYuikbLtJrODfk7Ovr6elnorETL2AKUSEXuSx9W8qtyqwnuYAoDHb28mgKzMCjC J6K4KoIif1iiuhLLC7VYliLwv4HxD3YfkBoZjAM/cBHDRQKS4WAu0frosKBuOq5w a1zSE5zYgVhNlXeeZpE6HNtoALhwIqKiwXJ3bpBH/l+NuHNyTw08M/LmE6MCN8NR GTjUzy/9WfQxRNfG/IIGXTC4MkXymLWL9QM2beeUnfdYHi5OTuf2fjbpmb+4jxtU mp0IaDpQ0FXG6siadWwfLwT8UlV2+hNTeBKp7l84eey35eQ3K/m3fn5p49ck/U3t COFAdnFarKUOu6BPK+f4Z3hqgxDZo3j5whAofRnMj1Hk0XCMnoYyni92JpJ6mTlU x7mJJ/qyF8fAafhnEyd8ne/HCi7eA+PngjJTaMwh0uOs5p699RwioZj7T3fswPSp ehH0kSBGW1/EtOyUOHkFCY8XIZmJrHgaTeXWpgMbL2N+FtVtqbxA97L11QJscKxi IopnFZm/RfbSiEl+lQ1uudHhb0t3n+yrxE8IWtTtuWlYhYVxSVH0F/PwxVGGjn3M 0E3cDjE7WqIRfJto2bnckJ7URaZnZi9MuTxAnDGZzuNyPawzyBCMDYQQngFVEJki MtGaRb64T98= =O1CK -----END PGP SIGNATURE-----
2022. május 12.

ESB-2022.2288 - [Win][UNIX/Linux] Intel Processors: CVSS (Max): 4.9

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2288 IPU - Intel SGX Advisory 12 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Intel Processors Publisher: Intel Operating System: Windows UNIX variants (UNIX, Linux, OSX) Resolution: Patch/Upgrade CVE Names: CVE-2022-0005 Original Bulletin: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00614.html Comment: CVSS (Max): 4.9 CVE-2022-0005 (CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N CVSS Source: Intel Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N - --------------------------BEGIN INCLUDED TEXT-------------------- Intel ID: INTEL-SA-00614 Advisory Category: Hardware Impact of vulnerability : Information Disclosure Severity rating : MEDIUM Original release: 05/10/2022 Last revised: 05/10/2022 Summary: A potential security vulnerability in the Intel Software Guard Extensions (SGX) Platform may allow information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2022-0005 Description: Sensitive information accessible by physical probing of JTAG interface for some Intel(R) Processors with SGX may allow an unprivileged user to potentially enable information disclosure via physical access. CVSS Base Score: 4.9 Medium CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Affected Products: +-----------------------------------------------------+-------------------------------------+---------------+------------+------------+ |Product Family |Segment |Processor |Stepping |CPUID | +-----------------------------------------------------+-------------------------------------+---------------+------------+------------+ |6 ^th Generation Intel Core Processor Family |Mobile |06_4EH |3 |406E3 | +-----------------------------------------------------+-------------------------------------+---------------+------------+------------+ |1. Intel Xeon E processor family |1. Server Workstation Embedded |06_5EH |3 |506E3 | |2. 6th Generation Intel Core Processor Family |2. Mobile Desktop | | | | +-----------------------------------------------------+-------------------------------------+---------------+------------+------------+ |3 ^rd Gen Intel Xeon Scalable processor family |Server |06_6AH |4, 5, 6 |606AX | +-----------------------------------------------------+-------------------------------------+---------------+------------+------------+ |10 ^th Generation Intel Core Processor Family |Mobile |06_7EH |5 |706E5 | +-----------------------------------------------------+-------------------------------------+---------------+------------+------------+ |8 ^th Generation Intel Core Processor Family | | | | | | |Mobile |06_8EH |9 |806E9 | |7 ^th Generation Intel Core Processor Family | | | | | +-----------------------------------------------------+-------------------------------------+---------------+------------+------------+ |8 ^th Generation Intel Core Processor Family |Mobile |06_8EH |A |806EA | +-----------------------------------------------------+-------------------------------------+---------------+------------+------------+ |8 ^th Generation Intel Core Processors |Mobile |06_8EH |B |806EB | +-----------------------------------------------------+-------------------------------------+---------------+------------+------------+ |8 ^th Generation Intel Core Processors 10 ^th | | | | | |Generation Intel Core Processor Family |Mobile |06_8EH |C |806EC | |Intel Pentium Gold Processor Series | | | | | |Intel Celeron Processor 5000 Series | | | | | +-----------------------------------------------------+-------------------------------------+---------------+------------+------------+ |1, 2. 7 ^th Generation Intel Core Processor Family |1. Desktop Embedded | | | | |3. 8 ^th Generation Intel Core Processor Family |2. Mobile Embedded | | | | |3. Intel Pentium Processor Family |3. Mobile |06_9EH |9 |906E9 | |4. Intel Core X-series Processors |4. Desktop | | | | |5. Intel Xeon E processor family |5. Server Workstation Embedded | | | | +-----------------------------------------------------+-------------------------------------+---------------+------------+------------+ |1. 8 ^th Generation Intel Core Processor Family |1. Mobile | | | | |2. Intel Xeon E processor family |2. Workstation AMT Server |06_9EH |A |906EA | |3. 8 ^th Generation Intel Core Processor Family |3,4. Desktop | | | | |4. 8 ^th Generation Intel Core Processor Family | | | | | +-----------------------------------------------------+-------------------------------------+---------------+------------+------------+ |8 ^th Generation Intel Core Processor Family Intel | | | | | |Pentium Gold Processor Series |Desktop |06_9EH |B |906EB | |Intel Celeron Processor G Series | | | | | +-----------------------------------------------------+-------------------------------------+---------------+------------+------------+ |9 ^th Generation Intel Core Processor Family |Desktop |06_9EH |C |906EC | +-----------------------------------------------------+-------------------------------------+---------------+------------+------------+ |1, 2. 9 ^th Generation Intel Core Processor Family |1. Mobile | | | | |3. Intel Xeon E processor family |2. Desktop |06_9EH |D |906ED | | |3. Workstation AMT Server | | | | +-----------------------------------------------------+-------------------------------------+---------------+------------+------------+ |10th Generation Intel Core Processor Family |Mobile |06_A5H |2 |A0652 | |Intel Xeon W processor family |Workstation | | | | +-----------------------------------------------------+-------------------------------------+---------------+------------+------------+ |10th Generation Intel Core Processor Family | | | | | |Intel Pentium Gold Processor Family |Desktop Workstation |06_A5H |3 |A0653 | |Intel Celeron Processor Family | | | | | |Intel Xeon W processor family | | | | | +-----------------------------------------------------+-------------------------------------+---------------+------------+------------+ |10th Generation Intel Core Processor Family |Desktop Workstation |06_A5H |5 |A0655 | |Intel Xeon W processor family | | | | | +-----------------------------------------------------+-------------------------------------+---------------+------------+------------+ |10th Generation Intel Core Processor Family |Mobile |06_A6H |1 |A0660 | +-----------------------------------------------------+-------------------------------------+---------------+------------+------------+ |10th Generation Intel Core Processor Family |Mobile Desktop |06_A6H |<=1 |A0661 | |Intel Xeon W processor family | | | | | +-----------------------------------------------------+-------------------------------------+---------------+------------+------------+ |11th Generation Intel Core Processor Family |Desktop |06_A7H |1 |A0671 | +-----------------------------------------------------+-------------------------------------+---------------+------------+------------+ Recommendations: Intel recommends that users of affected Intel Processors update to the latest version firmware provided by the system manufacturer that addresses these issues. Intel has released microcode updates for the affected Intel Processors that are currently supported on the public github repository. Please see details below on access to the microcode: GitHub*: Public Github: https://github.com/intel/ Intel-Linux-Processor-Microcode-Data-Files This CVE requires a Microcode Security Version Number (SVN) update. To address this vulnerability, a SGX TCB recovery a SGX TCB-R is planned in Q2 2022. Refer to Intel SGX Attestation Technical Details for more information on the SGX TCB recovery process. Acknowledgements: The following issue was found internally by Intel employees. Intel would like to thank Ilya Alexandrovich for reporting this issue. Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available. Revision History Revision Date Description 1.0 05/10/2022 Initial Release - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYnxHgMkNZI30y1K9AQhDvhAAm0PwCBYifOIn/vYj1VDA+owFlGrIXXnW G+EJQTqljV2Yyxc9EwjRUh8LSDaEGQDWqg/tsBgxcowGGj7iY3CrWmarXrMxWJVX UTvyicSZI870mDtOv9f5Oq8ujtX6YoIJ2Id2nsmh5FB1YPxmnmc+KX/LC3BqLrod 57LNO6Lnsy4exnqbMhvlNPIvZTiZu13QbsUjr250Sx1qD/UPBMpy82vhcSZ7MS7r IPqhfoS6tJdo7d3dOaM9tQzQBg61jrQuKqttflpzQWqCurimG+x6U/+htzMsmpK3 buaOfgOZWSJjuX+j4Xx2orHk/ZdgfCFEG0dLYcls24DKZK9MYBC8AxSona3bWkUg +n0eY/75J7mDql3Q3g/Hv3KJoX4WAg6kiV9la8nbu1CyyC7w6DCalKhW3ZaG1XdA RAO/4M/9pUQRoAuxpZ0elBpcjX747BSxkqvaiu9BX4MmvHnhSicI8QfbonL1pDfy ykfLtRJgZ9RuHKzChxhjkjm+cFjkHME7qF+e1cEIJAaxCTE4HdTXmuWKvswp3FJ9 6GNAmX0KWdTMkKEN2bcmTjmj/yy92UJpRTDrrgOL8GBrqGxaVodCZ54FvzKzoopl 88UG9uaomvXtZdNFGsdZw5m8vk3D4MXj69l3B97PbVx0hGVnI8a3vy1+qevuEl0x cN/4ZUTnmTc= =JV6Z -----END PGP SIGNATURE-----
2022. május 12.

ESB-2022.2287 - [Win][UNIX/Linux] Intel Processors: CVSS (Max): 5.3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2287 IPU - Intel Processor Advisory 12 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Intel Processors Publisher: intel Operating System: Windows UNIX variants (UNIX, Linux, OSX) Resolution: Patch/Upgrade CVE Names: CVE-2022-21151 Original Bulletin: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00617.html Comment: CVSS (Max): 5.3 CVE-2022-21151 (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N) CVSS Source: Intel Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N - --------------------------BEGIN INCLUDED TEXT-------------------- Intel ID: INTEL-SA-00617 Advisory Category: Firmware Impact of vulnerability : Information Disclosure Severity rating : MEDIUM Original release: 05/10/2022 Last revised: 05/10/2022 Summary: A potential security vulnerability in some Intel Processors may allow information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2022-21151 Description: Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. CVSS Base Score: 5.3 Medium CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N Affected Products: +--------------------------------------------------+---------------+---------+-------------+ |Product Collection |Vertical |CPU ID |Platform ID | | |Segment | | | +--------------------------------------------------+---------------+---------+-------------+ |10th Generation Intel Core Processor Family |Mobile |706E5 |80 | +--------------------------------------------------+---------------+---------+-------------+ |Intel Pentium Processor Silver Series |Desktop | | | | | | | | |Intel Celeron Processor J Series |Mobile |706A1 |01 | | | | | | |Intel Celeron Processor N Series" | | | | +--------------------------------------------------+---------------+---------+-------------+ |8th Generation Intel Core Processor Family |Desktop |906EB |02 | +--------------------------------------------------+---------------+---------+-------------+ |8th Generation Intel Core Processors |Mobile |806EC |94 | +--------------------------------------------------+---------------+---------+-------------+ |10th Generation Intel Core Processor Family |Desktop |A0653 |22 | | | | | | | |Mobile |A0655 |02 | | | | | | | | |AO661 |80 | | | | | | | | |806EC |94 | +--------------------------------------------------+---------------+---------+-------------+ |6th Generation Intel Core Processor Family |Desktop |506E3 |36 | | | | | | | |Mobile |406E3 |C0 | +--------------------------------------------------+---------------+---------+-------------+ |7th Generation Intel Core Processor Family |Desktop |906E9 |2A | | | | | | | |Mobile |806E9 |C0 | +--------------------------------------------------+---------------+---------+-------------+ |9th Generation Intel Core Processor Family |Desktop |A0671 |02 | +--------------------------------------------------+---------------+---------+-------------+ |3rd Generation Intel Xeon Scalable Processors |Server |606AX |0x87 | +--------------------------------------------------+---------------+---------+-------------+ Recommendations: Intel recommends that users of affected Intel Processors update to the latest version firmware provided by the system manufacturer that addresses these issues. Intel has released microcode updates for the affected Intel Processors that are currently supported on the public github repository. Please see details below on access to the microcode: GitHub*: Public Github: https://github.com/intel/ Intel-Linux-Processor-Microcode-Data-Files This CVE requires a Microcode Security Version Number (SVN) update. To address this vulnerability, a SGX TCB recovery a SGX TCB-R is planned in Q2 2022. Refer to Intel SGX Attestation Technical Details for more information on the SGX TCB recovery process. Acknowledgements: This issue was found internally by Intel employees. Intel would like to thank Alysa Milburn, Jason Brandt, Avishai Redelman, Nir Lavi for reporting this issue. Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available. Revision History Revision Date Description 1.0 05/10/2022 Initial Release - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYnxHZ8kNZI30y1K9AQhScRAAqY78wNaG9WbOuASi76X84Ul9YmgZ+s4G xZTNj97IHU7SxjG1HxcBVoh/n3NIPGSIxQRrTEvLKRgHcuNG4yWI6AqaDO1SsejG uKJkiCIjKrAwU5TBNgwoO92e0DXx09bfTWWBbJeKm9QP7L9ohDVz1oattFOQpeKJ o1eaWtde84yG6m0golqRCjnKCtVWvOe5EW8ULkA8bzWbqPys/ATLA40HrISL7GXk aOqFPcMMCItx4LPygtxbFX5NT6RAbSQjQKq6Nxfu0eprBnFqs4IA0NpVbiHxZJeA aR4K6x3vfX1Q7rH5YCBf0Mvj1IWsuedh/P7CydnyGISbHr0U/SQW1z1TRM+xNgEn LS5yU3tKjHRFkINv9+46gsgR5BHBCfEOQr6GUhaIOd7y6LT3LQqmXB8TdL4PG8jc YkRJ491Xu/50Hdlx64S2Vh9DpWwFcVOR6YXl2HNF2QnoB3ATC1/yoxXbvmvl9AUF l8dVFqh6YGEHX3WyJReIGyNSE4slUNZhgnQWWROcjb3G/j+WsrOeD+fyuOpAycSt ZmophNMa/5F3VVbm7csII4mUNGNZ2uyJsCicaBN4jYZkt6ieKgMfS9nLSCrKBN+C wehor9vJTDrdJUC3n8Fsft6EBHYZZHah36l3eiSoMFw1JoBnSjvW3CLxqodPmoVL CxiNU9DgDXk= =vbtw -----END PGP SIGNATURE-----
2022. május 12.

ESB-2022.2286 - [RedHat] kernel: CVSS (Max): 7.4

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2286 kernel security update 12 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: kernel Publisher: Red Hat Operating System: Red Hat Resolution: Patch/Upgrade CVE Names: CVE-2022-0492 CVE-2021-4083 CVE-2021-4028 Original Bulletin: https://access.redhat.com/errata/RHSA-2022:2189 Comment: CVSS (Max): 7.4 CVE-2021-4083 (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSS Source: Red Hat Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2022:2189-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:2189 Issue date: 2022-05-11 CVE Names: CVE-2021-4028 CVE-2021-4083 CVE-2022-0492 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.3) - noarch, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.3) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: use-after-free in RDMA listen() (CVE-2021-4028) * kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083) * kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2027201 - CVE-2021-4028 kernel: use-after-free in RDMA listen() 2029923 - CVE-2021-4083 kernel: fget: check that the fd still exists after getting a ref to it 2051505 - CVE-2022-0492 kernel: cgroups v1 release_agent feature may allow privilege escalation 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.3): Source: kernel-3.10.0-514.101.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-514.101.1.el7.noarch.rpm kernel-doc-3.10.0-514.101.1.el7.noarch.rpm x86_64: kernel-3.10.0-514.101.1.el7.x86_64.rpm kernel-debug-3.10.0-514.101.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-514.101.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-514.101.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.101.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.101.1.el7.x86_64.rpm kernel-devel-3.10.0-514.101.1.el7.x86_64.rpm kernel-headers-3.10.0-514.101.1.el7.x86_64.rpm kernel-tools-3.10.0-514.101.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.101.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-514.101.1.el7.x86_64.rpm perf-3.10.0-514.101.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.101.1.el7.x86_64.rpm python-perf-3.10.0-514.101.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.101.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.3): x86_64: kernel-debug-debuginfo-3.10.0-514.101.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.101.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.101.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.101.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-514.101.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.101.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.101.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-4028 https://access.redhat.com/security/cve/CVE-2021-4083 https://access.redhat.com/security/cve/CVE-2022-0492 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYnvxsNzjgjWX9erEAQhaEg/8C1U0jgxb3hgPLUkhP6Dl7rcQywOALKWc 4KGkUpW9b+RBhzO4oApL13njUWVaFtOHe2XRW5+o/RUYzpZUNrfqwWGUHeu2OBJK y7cim7/f3fKjAb5uERFay3aHaTZZfuDkl55gQBfXRan1ISTKLxsEBBmdVPfx0Lj/ 3VsFjjXIXtXAl7QbhoB1xR8XtwEWJj00o4vR8DjLagdJlMLLozBaimBpU4X/ecEr B62infsNqNTYl+VFxJbDZchl/WOb47XSw3/bI0laWpiraXCaHWEUw923gpLuBwrW eh4yQCszqa4NvI1hHmNOfbry9yn8CBBd3qHWbZ9RnBgrPuiVo0/agS7SyIAy1L1H GgMKrEFIvnG+UL5s1p7f3rlKNnyEkih4TXBYwFMAc0dxuF5fdzNUuVZ5vih/JpZw V6zBsgwUFIG9n04/SX8ox6boCcHYkWoZRngEunCfhYh3NkM3uG+Pzu/xOqA50nU0 +E9aDV6yg55D0WiY3K76CxfbaAAYEANGtdAMON+0Fo7LbopAVsUK8Ia8YbODVJ5/ WW+5MsvKuM7gnyEYMrqIfVGV3LNLUBbCiFlJsl3bpqyKcJTTjt8FexilD2XqcuoY 4M0yiFJybO4gUevPD892r5cFoNtBjJTV83Dxa52MpqV7JNUc8cW+oX4jbG/b9Htn NO69ME6oAD8= =pKm6 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYnw/gMkNZI30y1K9AQgQZA/+IDtDW8TNMA7JSMRO/nNUhkzwaElOEmo9 9xZqsvZH7vdiNyuKlM8gt1Qt3J/l+GrkvfAxxUHvTRe5xEqRYhAfsFv/pLEA+PO0 vBWlwZ27IbX6iYhhQx4jwkvpNy7aMfSlYURLC4RZSOoTHHnf9N5d2UEIyDuosVv2 FVl+c2TR8MtOz+pkWXgURq9P6oWJMbxTT7lU8zTNmtGTXL0HuskEFNv21I5M7dQ4 pSvRJ894u4a9HVxrSWuhO2SqXQCToWYtsWJEJW9ZoJ6PgQiqfv+Ia4RwQyy35gZd msK+LybWR6XheWeFaRGCdhSqPgPFEuFnANCF4Lg/QtByUCS2i00ME2hgcc5Ljh9R Pz++6nvuu8upWEkapHO6N2TEu6Q5QikpScD7QWMoHL//rJ5bTkubsI0TWij+Bps0 RmfOHvjghtS1vEL491PAMP5YH5/j/iEKr6IS8Q2y/uac38lqStWZu4bXm3/wRaUa IJ3BfdVMV4dDQP72nUK0j7iLv0Y93TMD1f069sjY3vgA6vlxkRx6wJTXJQqPm/Ax kUMqvzo6vySAc+j5HXXjhB4vNVots0peB/RfZ6wFM3zfGE1Lg1JOhOUchdqHL1XF A+8O6Tooo6hWUBQyD1i8CaBaeascEBJJvZ8g6c27+UltaRjscr5io6UbaxwnQ0PF 2gDKG1pvDZI= =VwBy -----END PGP SIGNATURE-----
2022. május 12.

ESB-2022.2285 - [RedHat] kernel: CVSS (Max): 7.0

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2285 kernel security update 12 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: kernel Publisher: Red Hat Operating System: Red Hat Resolution: Patch/Upgrade CVE Names: CVE-2021-4028 Original Bulletin: https://access.redhat.com/errata/RHSA-2022:2188 Comment: CVSS (Max): 7.0 CVE-2021-4028 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSS Source: Red Hat Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2022:2188-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:2188 Issue date: 2022-05-11 CVE Names: CVE-2021-4028 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.4) - noarch, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: use-after-free in RDMA listen() (CVE-2021-4028) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2027201 - CVE-2021-4028 kernel: use-after-free in RDMA listen() 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.4): Source: kernel-3.10.0-693.100.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.100.1.el7.noarch.rpm kernel-doc-3.10.0-693.100.1.el7.noarch.rpm x86_64: kernel-3.10.0-693.100.1.el7.x86_64.rpm kernel-debug-3.10.0-693.100.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.100.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.100.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.100.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.100.1.el7.x86_64.rpm kernel-devel-3.10.0-693.100.1.el7.x86_64.rpm kernel-headers-3.10.0-693.100.1.el7.x86_64.rpm kernel-tools-3.10.0-693.100.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.100.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.100.1.el7.x86_64.rpm perf-3.10.0-693.100.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.100.1.el7.x86_64.rpm python-perf-3.10.0-693.100.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.100.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.4): x86_64: kernel-debug-debuginfo-3.10.0-693.100.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.100.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.100.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.100.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.100.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.100.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.100.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-4028 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYnvxv9zjgjWX9erEAQishg/6Axs+mtynl4e6ma6bWP+WheTW3eqTc0GS owMt7X6GYB0kKza0fcx5+J5iq+NwyJVPwdOn4DJFjqqvSCZFULcvFLDahmiUsMWd 6BoycZ/Fpc0oCMadMh9puYMaJBY0fRMcu56gUIL8Xun6t7DZaVh648J//R2Un1ff /towRDfY9EEGD2BWbJ/79mBabS8C752HoyOvtwc70dhXVDF3YGH4tV2jqpp11rH7 PZUAXtfXD0oJ76i1rYKrbq/m4uD0meN/tCgn+tF867fkGrZWrOm1qdSU7SBkt+kK 4h0Slr/6Bj4sFs3C9U1SRwGkUAK+3WXLcQDFhAlsxVcuFsdZk6Tk5DS769EkUfKn RrgtEwMHWDrmU4eJS+VjuuImgSbqZJl6BI+5LetM3qAJlvPSRwecVWcGScqhoVpg pX3tH0kAnH1+zAxAGqHczh4x1GCGKo0qLX/whIltvwnOml4q135N8i/fGCw4OTVb dcuaD6kELi+i4DIaoc7v6mSmTzOVwUB2wk5abbCApSeIN4y+Tkexkxsy7/XM6k05 GDvMICq0sEVRrPC+m6jq+J7vbENsIiAeMWHQP/atbW/FMQDeUCRqkQewUKjFhkhi HSYfHfW/X3yfvq3Mc7aoMAkZzo3XmKUpxS3x+Bx3WKoC2lkK8L9VT64az5/A0F76 eA4+w/hwpak= =+YMJ - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYnw/W8kNZI30y1K9AQhxEg//Tbk3MyowlnL/I2JyVS4RsZPhebWb8DkX pQiyRoUf9JQDMgrQ6kLBegPzKTM5CACe3N1qvbKHRx0YkwJznyVxTjjdyGfvHiEh YIDjLPl7+G29qGXXAgbUwHUEut6a7LtbM0mIwXS2Fq/u6Un2wpgHo0lW78dU9yg2 CP5A0ACL2wr+jPAF/zRE73EdCJGSvGl639e88DnW6Jl3G76ihMwrgY+S7weEKJHG ks2jggLGbR7ojITj/ohdZ/ZdYh+Kl8v7y0xCHCfHL0mdDEN67Mqeu98KIoGzfsEu CGEza9Q9Q9pX/XrKsGdaAXrtg6ne4NnZmrtmriKeDauF3QT/z1gPc9ZB8uvtx5jt dIZkJgDXr4J9wMleJYYqnFPuhk9PlLjdEmpsj4Cua59avr/qyUZcUibDSSXXXl3Q PsXq1P4Pd3BrN3NemE2u4vY70OfT7tiPfHlg+kqJ3eNbakxPqNUWUkBLlrj+gemS 7xvIYbhOGXPFvMVs1261GhOFEFC/zD5t+oHJvpFSmjheWi5uBINc35zghDN5QDiI C1045J83oYsFB9MMRTYs8DkJHB0jdj9wwmoaN9L6Ey8Ju8s/kB7tW4YEZJdO/ZGu 2Cj02WWvgRUG44ApkttblNDsg6fe5GYW4a5fkyFgU5cS1/G3yBspOgQQLgmWKnmk Um4C01cmCX4= =02C/ -----END PGP SIGNATURE-----
2022. május 12.

ESB-2022.2284 - [RedHat] containers for OSP 16.2.z director operator: CVSS (Max): 8.8

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2284 Release of containers for OSP 16.2.z director operator tech preview 12 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: containers for OSP 16.2.z director operator Publisher: Red Hat Operating System: Red Hat Resolution: Patch/Upgrade CVE Names: CVE-2022-1271 CVE-2022-1154 CVE-2021-32760 CVE-2021-29482 CVE-2020-15257 CVE-2019-19794 CVE-2019-11253 CVE-2018-25032 Original Bulletin: https://access.redhat.com/errata/RHSA-2022:2183 Comment: CVSS (Max): 8.8 CVE-2020-15257 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSS Source: Red Hat Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Release of containers for OSP 16.2.z director operator tech preview Advisory ID: RHSA-2022:2183-01 Product: Red Hat OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2022:2183 Issue date: 2022-05-11 CVE Names: CVE-2018-25032 CVE-2019-11253 CVE-2019-19794 CVE-2020-15257 CVE-2021-29482 CVE-2021-32760 CVE-2022-1154 CVE-2022-1271 ===================================================================== 1. Summary: Red Hat OpenStack Platform 16.2 (Train) director Operator containers are available for technology preview. 2. Description: Release osp-director-operator images Security Fix(es): * golang: kubernetes: YAML parsing vulnerable to "Billion Laughs" attack, allowing for remote (CVE-2019-11253) * golang: golang-github-miekg-dns: predictable TXID can lead to response forgeries (CVE-2019-19794) * golang: containerd: unrestricted access to abstract Unix domain socket can lead to privileges (CVE-2020-15257) * golang: ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482) * golang: containerd: pulling and extracting crafted container image may result in Unix file permission changes (CVE-2021-32760) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. 3. Solution: OSP 16.2 Release - OSP Director Operator Containers tech preview 4. Bugs fixed (https://bugzilla.redhat.com/): 1757701 - CVE-2019-11253 kubernetes: YAML parsing vulnerable to "Billion Laughs" attack, allowing for remote denial of service 1786761 - CVE-2019-19794 golang-github-miekg-dns: predictable TXID can lead to response forgeries 1899487 - CVE-2020-15257 containerd: unrestricted access to abstract Unix domain socket can lead to privileges escalation 1954368 - CVE-2021-29482 ulikunitz/xz: Infinite loop in readUvarint allows for denial of service 1982681 - CVE-2021-32760 containerd: pulling and extracting crafted container image may result in Unix file permission changes 2079447 - Rebase tech preview on latest upstream v1.2.x branch 5. References: https://access.redhat.com/security/cve/CVE-2018-25032 https://access.redhat.com/security/cve/CVE-2019-11253 https://access.redhat.com/security/cve/CVE-2019-19794 https://access.redhat.com/security/cve/CVE-2020-15257 https://access.redhat.com/security/cve/CVE-2021-29482 https://access.redhat.com/security/cve/CVE-2021-32760 https://access.redhat.com/security/cve/CVE-2022-1154 https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYnvx49zjgjWX9erEAQifFg//TCQNGh/8hkZ1S3v71P6N+j3RHuuxNg3G 1vq4Per7WcfFjeyBw/LCFp+Ul8Qb7XgtAAY1L5FW4m6uUgrgqcd3RtGS1m5xbO9/ jyRo90kvUEfh1kIJXFVBf5OOI9r0BaYcxlmdAmL7nDZTTQJyjjSHKv0XN/4Ic7r7 +R6TtwDNy2RlcPY6pggctR6MuxxUqsgkVWcfHBABcdvMyF2XEmrPkC9tzQXx6BdP 8HpxlvD2J/MXthqAcKxqPEmszOV41JTwsi/SFdk+5aA5XLlFwrNHvCRyK0FANO0P sM1EdU1ZnUK/Jo0G2xmMG+aExLC1IPaAQ0yA0LvBoV0Wh0oh3pJDB+8BVjnCJk3o AwdcNb+FOUaI4ZHlJ0wMQki97HyBazTG3NMVCfvko8/LCgkBA8ROQRSxOOjxhG0J T5uO0QYi16wWUQMmBj9S2LW0IX/iTpI4POTlVXD6b9PUR3WQ4bki4s1D61Ub7Uny /QCRDMAxQSZ4xFhfX+d3Q3V35C9Kyg3Bhce5KdDGmp1mVZRh1NmG46IW/1/GWfpv JljVcvbWH/4+rRF3fN7h2jAULRRziCeLin+noj1hqPTR+5DnNbGammKZjU8RafcA 4WbJO5kCqE4mjSfzPgyd26CxzES5vtlIpjYlglGfNwcCOc/oXshtARjrusOHfb1r uegJW1UHUAo= =ny/g - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYnw/Q8kNZI30y1K9AQjOPxAAi/XxpLnqN4LNNDKyBT5Vz7UHHGSPo/k9 lJ5YLpzBWL+0ruqdvXiJNdE/PzDjg3OBQ9VEcMpYJMBlXwMYGvsB0WTBRFEPm6W1 RqvVQTxuFbIfW4J9ATTv05VDQ/mly9ezGidwAhVmscgpl9PYcwv+bBcvr3ZD4T9C vP4cdbN1U/rQLwE84VOeSYFJtalG5rxi7zJVtW2BnwXRro3McOUz8Dgu0s0T923y IoarRAA7cWzpfXZRTbOuqXyBjLIypUtyFbQG7dds0Yaoa85KviaVavOCeeBuDbUj a41D5JEMxxOqQ9u0xJBTZt4b0mGf4fSd7t66gi4TvhudPjsMX1i2svs5LrL+TADO sDNyjUmS86M9j0/t+OCMDtOmopdZlI5quD320/SGPwfBzhTfXSYMfwfEQ50myD+z +T56oW/o3Vix4QulwDa9ND3OAzhlIFmkH4u+zQ3CKLHLzERLhSrLzCsXEkywVB2W q3BwHP2d7cPfKp+yo13P+XQIfICRP/ACy7Xz3zJh77OGSfUb2Xm6bemM6OmxnpZv Xzj/xXKs/wai8XJWXagbhP+HGEmV1T5rQ4U+ZmbP9ZokyA7VV86zNEqOJnTUYicC jxkVZBOQ72/b4Cdp/Q2N+VJ1wJcqZxZSK5SucqeaouV/cMkUcktkLvQxK6yB44Xz m1l60xc0f5Y= =XNsZ -----END PGP SIGNATURE-----
2022. május 12.

ESB-2022.2283 - [RedHat] virt:av and virt-devel:av: CVSS (Max): 4.8

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2283 virt:av and virt-devel:av security update 12 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: virt:av and virt-devel:av Publisher: Red Hat Operating System: Red Hat Resolution: Patch/Upgrade CVE Names: CVE-2022-0485 Original Bulletin: https://access.redhat.com/errata/RHSA-2022:2181 Comment: CVSS (Max): 4.8 CVE-2022-0485 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) CVSS Source: Red Hat Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: virt:av and virt-devel:av security update Advisory ID: RHSA-2022:2181-01 Product: Advanced Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2022:2181 Issue date: 2022-05-11 CVE Names: CVE-2022-0485 ===================================================================== 1. Summary: An update for the virt:av and virt-devel:av modules is now available for Advanced Virtualization for RHEL 8.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Advanced Virtualization CodeReady Builder for RHEL 8.6.0 - aarch64, ppc64le, s390x, x86_64 Advanced Virtualization for RHEL 8.6.0 - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix(es): * libnbd: nbdcopy: missing error handling may create corrupted destination image (CVE-2022-0485) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2050324 - CVE-2022-0485 libnbd: nbdcopy: missing error handling may create corrupted destination image 6. Package List: Advanced Virtualization for RHEL 8.6.0: Source: SLOF-20210217-1.module+el8.6.0+12721+8d053ff2.src.rpm hivex-1.3.18-23.module+el8.6.0+12721+8d053ff2.src.rpm libguestfs-1.44.0-5.module+el8.6.0+13879+1439f356.src.rpm libguestfs-winsupport-8.6-1.module+el8.6.0+12721+8d053ff2.src.rpm libiscsi-1.18.0-8.module+el8.4.0+8855+a9e237a9.src.rpm libnbd-1.6.0-5.module+el8.6.0+14167+61b0e671.src.rpm libtpms-0.9.1-0.20211126git1ff6fe1f43.module+el8.6.0+13879+1439f356.src.rpm libvirt-8.0.0-5.module+el8.6.0+14495+7194fa43.src.rpm libvirt-dbus-1.3.0-2.module+el8.6.0+12721+8d053ff2.src.rpm libvirt-python-8.0.0-1.module+el8.6.0+13896+a8fa8f67.src.rpm nbdkit-1.24.0-4.module+el8.6.0+14167+61b0e671.src.rpm netcf-0.2.8-12.module+el8.4.0+8855+a9e237a9.src.rpm perl-Sys-Virt-8.0.0-1.module+el8.6.0+13896+a8fa8f67.src.rpm qemu-kvm-6.2.0-11.module+el8.6.0+14712+f96656d3.src.rpm seabios-1.15.0-1.module+el8.6.0+13879+1439f356.src.rpm sgabios-0.20170427git-3.module+el8.4.0+8855+a9e237a9.src.rpm supermin-5.2.1-1.module+el8.6.0+12721+8d053ff2.src.rpm swtpm-0.7.0-1.20211109gitb79fd91.module+el8.6.0+13879+1439f356.src.rpm virt-v2v-1.42.0-18.module+el8.6.0+13879+1439f356.src.rpm aarch64: hivex-1.3.18-23.module+el8.6.0+12721+8d053ff2.aarch64.rpm hivex-debuginfo-1.3.18-23.module+el8.6.0+12721+8d053ff2.aarch64.rpm hivex-debugsource-1.3.18-23.module+el8.6.0+12721+8d053ff2.aarch64.rpm hivex-devel-1.3.18-23.module+el8.6.0+12721+8d053ff2.aarch64.rpm libguestfs-1.44.0-5.module+el8.6.0+13879+1439f356.aarch64.rpm libguestfs-appliance-1.44.0-5.module+el8.6.0+13879+1439f356.aarch64.rpm libguestfs-debuginfo-1.44.0-5.module+el8.6.0+13879+1439f356.aarch64.rpm libguestfs-debugsource-1.44.0-5.module+el8.6.0+13879+1439f356.aarch64.rpm libguestfs-devel-1.44.0-5.module+el8.6.0+13879+1439f356.aarch64.rpm libguestfs-gfs2-1.44.0-5.module+el8.6.0+13879+1439f356.aarch64.rpm libguestfs-gobject-1.44.0-5.module+el8.6.0+13879+1439f356.aarch64.rpm libguestfs-gobject-debuginfo-1.44.0-5.module+el8.6.0+13879+1439f356.aarch64.rpm libguestfs-gobject-devel-1.44.0-5.module+el8.6.0+13879+1439f356.aarch64.rpm libguestfs-java-1.44.0-5.module+el8.6.0+13879+1439f356.aarch64.rpm libguestfs-java-debuginfo-1.44.0-5.module+el8.6.0+13879+1439f356.aarch64.rpm libguestfs-java-devel-1.44.0-5.module+el8.6.0+13879+1439f356.aarch64.rpm libguestfs-rescue-1.44.0-5.module+el8.6.0+13879+1439f356.aarch64.rpm libguestfs-rsync-1.44.0-5.module+el8.6.0+13879+1439f356.aarch64.rpm libguestfs-tools-c-1.44.0-5.module+el8.6.0+13879+1439f356.aarch64.rpm libguestfs-tools-c-debuginfo-1.44.0-5.module+el8.6.0+13879+1439f356.aarch64.rpm libguestfs-winsupport-8.6-1.module+el8.6.0+12721+8d053ff2.aarch64.rpm libguestfs-xfs-1.44.0-5.module+el8.6.0+13879+1439f356.aarch64.rpm libiscsi-1.18.0-8.module+el8.4.0+8855+a9e237a9.aarch64.rpm libiscsi-debuginfo-1.18.0-8.module+el8.4.0+8855+a9e237a9.aarch64.rpm libiscsi-debugsource-1.18.0-8.module+el8.4.0+8855+a9e237a9.aarch64.rpm libiscsi-devel-1.18.0-8.module+el8.4.0+8855+a9e237a9.aarch64.rpm libiscsi-utils-1.18.0-8.module+el8.4.0+8855+a9e237a9.aarch64.rpm libiscsi-utils-debuginfo-1.18.0-8.module+el8.4.0+8855+a9e237a9.aarch64.rpm libnbd-1.6.0-5.module+el8.6.0+14167+61b0e671.aarch64.rpm libnbd-debuginfo-1.6.0-5.module+el8.6.0+14167+61b0e671.aarch64.rpm libnbd-debugsource-1.6.0-5.module+el8.6.0+14167+61b0e671.aarch64.rpm libnbd-devel-1.6.0-5.module+el8.6.0+14167+61b0e671.aarch64.rpm libtpms-0.9.1-0.20211126git1ff6fe1f43.module+el8.6.0+13879+1439f356.aarch64.rpm libtpms-debuginfo-0.9.1-0.20211126git1ff6fe1f43.module+el8.6.0+13879+1439f356.aarch64.rpm libtpms-debugsource-0.9.1-0.20211126git1ff6fe1f43.module+el8.6.0+13879+1439f356.aarch64.rpm libtpms-devel-0.9.1-0.20211126git1ff6fe1f43.module+el8.6.0+13879+1439f356.aarch64.rpm libvirt-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-client-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-client-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-daemon-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-daemon-config-network-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-daemon-config-nwfilter-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-daemon-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-daemon-driver-interface-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-daemon-driver-interface-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-daemon-driver-network-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-daemon-driver-network-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-daemon-driver-nodedev-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-daemon-driver-nodedev-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-daemon-driver-nwfilter-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-daemon-driver-nwfilter-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-daemon-driver-qemu-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-daemon-driver-qemu-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-daemon-driver-secret-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-daemon-driver-secret-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-daemon-driver-storage-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-daemon-driver-storage-core-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-daemon-driver-storage-core-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-daemon-driver-storage-disk-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-daemon-driver-storage-disk-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-daemon-driver-storage-gluster-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-daemon-driver-storage-gluster-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-daemon-driver-storage-iscsi-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-daemon-driver-storage-iscsi-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-daemon-driver-storage-iscsi-direct-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-daemon-driver-storage-iscsi-direct-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-daemon-driver-storage-logical-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-daemon-driver-storage-logical-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-daemon-driver-storage-mpath-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-daemon-driver-storage-mpath-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-daemon-driver-storage-rbd-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-daemon-driver-storage-rbd-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-daemon-driver-storage-scsi-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-daemon-driver-storage-scsi-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-daemon-kvm-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-dbus-1.3.0-2.module+el8.6.0+12721+8d053ff2.aarch64.rpm libvirt-dbus-debuginfo-1.3.0-2.module+el8.6.0+12721+8d053ff2.aarch64.rpm libvirt-dbus-debugsource-1.3.0-2.module+el8.6.0+12721+8d053ff2.aarch64.rpm libvirt-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-debugsource-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-devel-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-docs-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-libs-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-libs-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-lock-sanlock-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-lock-sanlock-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-nss-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-nss-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-python-debugsource-8.0.0-1.module+el8.6.0+13896+a8fa8f67.aarch64.rpm libvirt-wireshark-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm libvirt-wireshark-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.aarch64.rpm lua-guestfs-1.44.0-5.module+el8.6.0+13879+1439f356.aarch64.rpm lua-guestfs-debuginfo-1.44.0-5.module+el8.6.0+13879+1439f356.aarch64.rpm nbdfuse-1.6.0-5.module+el8.6.0+14167+61b0e671.aarch64.rpm nbdfuse-debuginfo-1.6.0-5.module+el8.6.0+14167+61b0e671.aarch64.rpm nbdkit-1.24.0-4.module+el8.6.0+14167+61b0e671.aarch64.rpm nbdkit-basic-filters-1.24.0-4.module+el8.6.0+14167+61b0e671.aarch64.rpm nbdkit-basic-filters-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.aarch64.rpm nbdkit-basic-plugins-1.24.0-4.module+el8.6.0+14167+61b0e671.aarch64.rpm nbdkit-basic-plugins-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.aarch64.rpm nbdkit-curl-plugin-1.24.0-4.module+el8.6.0+14167+61b0e671.aarch64.rpm nbdkit-curl-plugin-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.aarch64.rpm nbdkit-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.aarch64.rpm nbdkit-debugsource-1.24.0-4.module+el8.6.0+14167+61b0e671.aarch64.rpm nbdkit-devel-1.24.0-4.module+el8.6.0+14167+61b0e671.aarch64.rpm nbdkit-example-plugins-1.24.0-4.module+el8.6.0+14167+61b0e671.aarch64.rpm nbdkit-example-plugins-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.aarch64.rpm nbdkit-gzip-filter-1.24.0-4.module+el8.6.0+14167+61b0e671.aarch64.rpm nbdkit-gzip-filter-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.aarch64.rpm nbdkit-gzip-plugin-1.24.0-4.module+el8.6.0+14167+61b0e671.aarch64.rpm nbdkit-gzip-plugin-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.aarch64.rpm nbdkit-linuxdisk-plugin-1.24.0-4.module+el8.6.0+14167+61b0e671.aarch64.rpm nbdkit-linuxdisk-plugin-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.aarch64.rpm nbdkit-nbd-plugin-1.24.0-4.module+el8.6.0+14167+61b0e671.aarch64.rpm nbdkit-nbd-plugin-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.aarch64.rpm nbdkit-python-plugin-1.24.0-4.module+el8.6.0+14167+61b0e671.aarch64.rpm nbdkit-python-plugin-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.aarch64.rpm nbdkit-server-1.24.0-4.module+el8.6.0+14167+61b0e671.aarch64.rpm nbdkit-server-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.aarch64.rpm nbdkit-ssh-plugin-1.24.0-4.module+el8.6.0+14167+61b0e671.aarch64.rpm nbdkit-ssh-plugin-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.aarch64.rpm nbdkit-tar-filter-1.24.0-4.module+el8.6.0+14167+61b0e671.aarch64.rpm nbdkit-tar-filter-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.aarch64.rpm nbdkit-tar-plugin-1.24.0-4.module+el8.6.0+14167+61b0e671.aarch64.rpm nbdkit-tar-plugin-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.aarch64.rpm nbdkit-tmpdisk-plugin-1.24.0-4.module+el8.6.0+14167+61b0e671.aarch64.rpm nbdkit-tmpdisk-plugin-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.aarch64.rpm nbdkit-xz-filter-1.24.0-4.module+el8.6.0+14167+61b0e671.aarch64.rpm nbdkit-xz-filter-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.aarch64.rpm netcf-0.2.8-12.module+el8.4.0+8855+a9e237a9.aarch64.rpm netcf-debuginfo-0.2.8-12.module+el8.4.0+8855+a9e237a9.aarch64.rpm netcf-debugsource-0.2.8-12.module+el8.4.0+8855+a9e237a9.aarch64.rpm netcf-devel-0.2.8-12.module+el8.4.0+8855+a9e237a9.aarch64.rpm netcf-libs-0.2.8-12.module+el8.4.0+8855+a9e237a9.aarch64.rpm netcf-libs-debuginfo-0.2.8-12.module+el8.4.0+8855+a9e237a9.aarch64.rpm perl-Sys-Guestfs-1.44.0-5.module+el8.6.0+13879+1439f356.aarch64.rpm perl-Sys-Guestfs-debuginfo-1.44.0-5.module+el8.6.0+13879+1439f356.aarch64.rpm perl-Sys-Virt-8.0.0-1.module+el8.6.0+13896+a8fa8f67.aarch64.rpm perl-Sys-Virt-debuginfo-8.0.0-1.module+el8.6.0+13896+a8fa8f67.aarch64.rpm perl-Sys-Virt-debugsource-8.0.0-1.module+el8.6.0+13896+a8fa8f67.aarch64.rpm perl-hivex-1.3.18-23.module+el8.6.0+12721+8d053ff2.aarch64.rpm perl-hivex-debuginfo-1.3.18-23.module+el8.6.0+12721+8d053ff2.aarch64.rpm python3-hivex-1.3.18-23.module+el8.6.0+12721+8d053ff2.aarch64.rpm python3-hivex-debuginfo-1.3.18-23.module+el8.6.0+12721+8d053ff2.aarch64.rpm python3-libguestfs-1.44.0-5.module+el8.6.0+13879+1439f356.aarch64.rpm python3-libguestfs-debuginfo-1.44.0-5.module+el8.6.0+13879+1439f356.aarch64.rpm python3-libnbd-1.6.0-5.module+el8.6.0+14167+61b0e671.aarch64.rpm python3-libnbd-debuginfo-1.6.0-5.module+el8.6.0+14167+61b0e671.aarch64.rpm python3-libvirt-8.0.0-1.module+el8.6.0+13896+a8fa8f67.aarch64.rpm python3-libvirt-debuginfo-8.0.0-1.module+el8.6.0+13896+a8fa8f67.aarch64.rpm qemu-guest-agent-6.2.0-11.module+el8.6.0+14712+f96656d3.aarch64.rpm qemu-guest-agent-debuginfo-6.2.0-11.module+el8.6.0+14712+f96656d3.aarch64.rpm qemu-img-6.2.0-11.module+el8.6.0+14712+f96656d3.aarch64.rpm qemu-img-debuginfo-6.2.0-11.module+el8.6.0+14712+f96656d3.aarch64.rpm qemu-kvm-6.2.0-11.module+el8.6.0+14712+f96656d3.aarch64.rpm qemu-kvm-block-curl-6.2.0-11.module+el8.6.0+14712+f96656d3.aarch64.rpm qemu-kvm-block-curl-debuginfo-6.2.0-11.module+el8.6.0+14712+f96656d3.aarch64.rpm qemu-kvm-block-iscsi-6.2.0-11.module+el8.6.0+14712+f96656d3.aarch64.rpm qemu-kvm-block-iscsi-debuginfo-6.2.0-11.module+el8.6.0+14712+f96656d3.aarch64.rpm qemu-kvm-block-rbd-6.2.0-11.module+el8.6.0+14712+f96656d3.aarch64.rpm qemu-kvm-block-rbd-debuginfo-6.2.0-11.module+el8.6.0+14712+f96656d3.aarch64.rpm qemu-kvm-block-ssh-6.2.0-11.module+el8.6.0+14712+f96656d3.aarch64.rpm qemu-kvm-block-ssh-debuginfo-6.2.0-11.module+el8.6.0+14712+f96656d3.aarch64.rpm qemu-kvm-common-6.2.0-11.module+el8.6.0+14712+f96656d3.aarch64.rpm qemu-kvm-common-debuginfo-6.2.0-11.module+el8.6.0+14712+f96656d3.aarch64.rpm qemu-kvm-core-6.2.0-11.module+el8.6.0+14712+f96656d3.aarch64.rpm qemu-kvm-core-debuginfo-6.2.0-11.module+el8.6.0+14712+f96656d3.aarch64.rpm qemu-kvm-debuginfo-6.2.0-11.module+el8.6.0+14712+f96656d3.aarch64.rpm qemu-kvm-debugsource-6.2.0-11.module+el8.6.0+14712+f96656d3.aarch64.rpm qemu-kvm-docs-6.2.0-11.module+el8.6.0+14712+f96656d3.aarch64.rpm ruby-hivex-1.3.18-23.module+el8.6.0+12721+8d053ff2.aarch64.rpm ruby-hivex-debuginfo-1.3.18-23.module+el8.6.0+12721+8d053ff2.aarch64.rpm ruby-libguestfs-1.44.0-5.module+el8.6.0+13879+1439f356.aarch64.rpm ruby-libguestfs-debuginfo-1.44.0-5.module+el8.6.0+13879+1439f356.aarch64.rpm supermin-5.2.1-1.module+el8.6.0+12721+8d053ff2.aarch64.rpm supermin-debuginfo-5.2.1-1.module+el8.6.0+12721+8d053ff2.aarch64.rpm supermin-debugsource-5.2.1-1.module+el8.6.0+12721+8d053ff2.aarch64.rpm supermin-devel-5.2.1-1.module+el8.6.0+12721+8d053ff2.aarch64.rpm swtpm-0.7.0-1.20211109gitb79fd91.module+el8.6.0+13879+1439f356.aarch64.rpm swtpm-debuginfo-0.7.0-1.20211109gitb79fd91.module+el8.6.0+13879+1439f356.aarch64.rpm swtpm-debugsource-0.7.0-1.20211109gitb79fd91.module+el8.6.0+13879+1439f356.aarch64.rpm swtpm-devel-0.7.0-1.20211109gitb79fd91.module+el8.6.0+13879+1439f356.aarch64.rpm swtpm-libs-0.7.0-1.20211109gitb79fd91.module+el8.6.0+13879+1439f356.aarch64.rpm swtpm-libs-debuginfo-0.7.0-1.20211109gitb79fd91.module+el8.6.0+13879+1439f356.aarch64.rpm swtpm-tools-0.7.0-1.20211109gitb79fd91.module+el8.6.0+13879+1439f356.aarch64.rpm swtpm-tools-debuginfo-0.7.0-1.20211109gitb79fd91.module+el8.6.0+13879+1439f356.aarch64.rpm swtpm-tools-pkcs11-0.7.0-1.20211109gitb79fd91.module+el8.6.0+13879+1439f356.aarch64.rpm virt-dib-1.44.0-5.module+el8.6.0+13879+1439f356.aarch64.rpm virt-dib-debuginfo-1.44.0-5.module+el8.6.0+13879+1439f356.aarch64.rpm noarch: SLOF-20210217-1.module+el8.6.0+12721+8d053ff2.noarch.rpm libguestfs-bash-completion-1.44.0-5.module+el8.6.0+13879+1439f356.noarch.rpm libguestfs-inspect-icons-1.44.0-5.module+el8.6.0+13879+1439f356.noarch.rpm libguestfs-javadoc-1.44.0-5.module+el8.6.0+13879+1439f356.noarch.rpm libguestfs-man-pages-ja-1.44.0-5.module+el8.6.0+13879+1439f356.noarch.rpm libguestfs-man-pages-uk-1.44.0-5.module+el8.6.0+13879+1439f356.noarch.rpm libguestfs-tools-1.44.0-5.module+el8.6.0+13879+1439f356.noarch.rpm libnbd-bash-completion-1.6.0-5.module+el8.6.0+14167+61b0e671.noarch.rpm nbdkit-bash-completion-1.24.0-4.module+el8.6.0+14167+61b0e671.noarch.rpm seabios-bin-1.15.0-1.module+el8.6.0+13879+1439f356.noarch.rpm seavgabios-bin-1.15.0-1.module+el8.6.0+13879+1439f356.noarch.rpm sgabios-bin-0.20170427git-3.module+el8.4.0+8855+a9e237a9.noarch.rpm virt-v2v-bash-completion-1.42.0-18.module+el8.6.0+13879+1439f356.noarch.rpm virt-v2v-man-pages-ja-1.42.0-18.module+el8.6.0+13879+1439f356.noarch.rpm virt-v2v-man-pages-uk-1.42.0-18.module+el8.6.0+13879+1439f356.noarch.rpm ppc64le: hivex-1.3.18-23.module+el8.6.0+12721+8d053ff2.ppc64le.rpm hivex-debuginfo-1.3.18-23.module+el8.6.0+12721+8d053ff2.ppc64le.rpm hivex-debugsource-1.3.18-23.module+el8.6.0+12721+8d053ff2.ppc64le.rpm hivex-devel-1.3.18-23.module+el8.6.0+12721+8d053ff2.ppc64le.rpm libguestfs-1.44.0-5.module+el8.6.0+13879+1439f356.ppc64le.rpm libguestfs-appliance-1.44.0-5.module+el8.6.0+13879+1439f356.ppc64le.rpm libguestfs-debuginfo-1.44.0-5.module+el8.6.0+13879+1439f356.ppc64le.rpm libguestfs-debugsource-1.44.0-5.module+el8.6.0+13879+1439f356.ppc64le.rpm libguestfs-devel-1.44.0-5.module+el8.6.0+13879+1439f356.ppc64le.rpm libguestfs-gfs2-1.44.0-5.module+el8.6.0+13879+1439f356.ppc64le.rpm libguestfs-gobject-1.44.0-5.module+el8.6.0+13879+1439f356.ppc64le.rpm libguestfs-gobject-debuginfo-1.44.0-5.module+el8.6.0+13879+1439f356.ppc64le.rpm libguestfs-gobject-devel-1.44.0-5.module+el8.6.0+13879+1439f356.ppc64le.rpm libguestfs-java-1.44.0-5.module+el8.6.0+13879+1439f356.ppc64le.rpm libguestfs-java-debuginfo-1.44.0-5.module+el8.6.0+13879+1439f356.ppc64le.rpm libguestfs-java-devel-1.44.0-5.module+el8.6.0+13879+1439f356.ppc64le.rpm libguestfs-rescue-1.44.0-5.module+el8.6.0+13879+1439f356.ppc64le.rpm libguestfs-rsync-1.44.0-5.module+el8.6.0+13879+1439f356.ppc64le.rpm libguestfs-tools-c-1.44.0-5.module+el8.6.0+13879+1439f356.ppc64le.rpm libguestfs-tools-c-debuginfo-1.44.0-5.module+el8.6.0+13879+1439f356.ppc64le.rpm libguestfs-winsupport-8.6-1.module+el8.6.0+12721+8d053ff2.ppc64le.rpm libguestfs-xfs-1.44.0-5.module+el8.6.0+13879+1439f356.ppc64le.rpm libiscsi-1.18.0-8.module+el8.4.0+8855+a9e237a9.ppc64le.rpm libiscsi-debuginfo-1.18.0-8.module+el8.4.0+8855+a9e237a9.ppc64le.rpm libiscsi-debugsource-1.18.0-8.module+el8.4.0+8855+a9e237a9.ppc64le.rpm libiscsi-devel-1.18.0-8.module+el8.4.0+8855+a9e237a9.ppc64le.rpm libiscsi-utils-1.18.0-8.module+el8.4.0+8855+a9e237a9.ppc64le.rpm libiscsi-utils-debuginfo-1.18.0-8.module+el8.4.0+8855+a9e237a9.ppc64le.rpm libnbd-1.6.0-5.module+el8.6.0+14167+61b0e671.ppc64le.rpm libnbd-debuginfo-1.6.0-5.module+el8.6.0+14167+61b0e671.ppc64le.rpm libnbd-debugsource-1.6.0-5.module+el8.6.0+14167+61b0e671.ppc64le.rpm libnbd-devel-1.6.0-5.module+el8.6.0+14167+61b0e671.ppc64le.rpm libtpms-0.9.1-0.20211126git1ff6fe1f43.module+el8.6.0+13879+1439f356.ppc64le.rpm libtpms-debuginfo-0.9.1-0.20211126git1ff6fe1f43.module+el8.6.0+13879+1439f356.ppc64le.rpm libtpms-debugsource-0.9.1-0.20211126git1ff6fe1f43.module+el8.6.0+13879+1439f356.ppc64le.rpm libtpms-devel-0.9.1-0.20211126git1ff6fe1f43.module+el8.6.0+13879+1439f356.ppc64le.rpm libvirt-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-client-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-client-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-daemon-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-daemon-config-network-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-daemon-config-nwfilter-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-daemon-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-daemon-driver-interface-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-daemon-driver-interface-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-daemon-driver-network-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-daemon-driver-network-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-daemon-driver-nodedev-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-daemon-driver-nodedev-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-daemon-driver-nwfilter-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-daemon-driver-nwfilter-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-daemon-driver-qemu-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-daemon-driver-qemu-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-daemon-driver-secret-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-daemon-driver-secret-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-daemon-driver-storage-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-daemon-driver-storage-core-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-daemon-driver-storage-core-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-daemon-driver-storage-disk-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-daemon-driver-storage-disk-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-daemon-driver-storage-gluster-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-daemon-driver-storage-gluster-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-daemon-driver-storage-iscsi-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-daemon-driver-storage-iscsi-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-daemon-driver-storage-iscsi-direct-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-daemon-driver-storage-iscsi-direct-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-daemon-driver-storage-logical-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-daemon-driver-storage-logical-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-daemon-driver-storage-mpath-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-daemon-driver-storage-mpath-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-daemon-driver-storage-rbd-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-daemon-driver-storage-rbd-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-daemon-driver-storage-scsi-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-daemon-driver-storage-scsi-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-daemon-kvm-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-dbus-1.3.0-2.module+el8.6.0+12721+8d053ff2.ppc64le.rpm libvirt-dbus-debuginfo-1.3.0-2.module+el8.6.0+12721+8d053ff2.ppc64le.rpm libvirt-dbus-debugsource-1.3.0-2.module+el8.6.0+12721+8d053ff2.ppc64le.rpm libvirt-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-debugsource-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-devel-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-docs-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-libs-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-libs-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-lock-sanlock-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-lock-sanlock-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-nss-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-nss-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-python-debugsource-8.0.0-1.module+el8.6.0+13896+a8fa8f67.ppc64le.rpm libvirt-wireshark-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm libvirt-wireshark-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.ppc64le.rpm lua-guestfs-1.44.0-5.module+el8.6.0+13879+1439f356.ppc64le.rpm lua-guestfs-debuginfo-1.44.0-5.module+el8.6.0+13879+1439f356.ppc64le.rpm nbdfuse-1.6.0-5.module+el8.6.0+14167+61b0e671.ppc64le.rpm nbdfuse-debuginfo-1.6.0-5.module+el8.6.0+14167+61b0e671.ppc64le.rpm nbdkit-1.24.0-4.module+el8.6.0+14167+61b0e671.ppc64le.rpm nbdkit-basic-filters-1.24.0-4.module+el8.6.0+14167+61b0e671.ppc64le.rpm nbdkit-basic-filters-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.ppc64le.rpm nbdkit-basic-plugins-1.24.0-4.module+el8.6.0+14167+61b0e671.ppc64le.rpm nbdkit-basic-plugins-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.ppc64le.rpm nbdkit-curl-plugin-1.24.0-4.module+el8.6.0+14167+61b0e671.ppc64le.rpm nbdkit-curl-plugin-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.ppc64le.rpm nbdkit-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.ppc64le.rpm nbdkit-debugsource-1.24.0-4.module+el8.6.0+14167+61b0e671.ppc64le.rpm nbdkit-devel-1.24.0-4.module+el8.6.0+14167+61b0e671.ppc64le.rpm nbdkit-example-plugins-1.24.0-4.module+el8.6.0+14167+61b0e671.ppc64le.rpm nbdkit-example-plugins-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.ppc64le.rpm nbdkit-gzip-filter-1.24.0-4.module+el8.6.0+14167+61b0e671.ppc64le.rpm nbdkit-gzip-filter-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.ppc64le.rpm nbdkit-gzip-plugin-1.24.0-4.module+el8.6.0+14167+61b0e671.ppc64le.rpm nbdkit-gzip-plugin-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.ppc64le.rpm nbdkit-linuxdisk-plugin-1.24.0-4.module+el8.6.0+14167+61b0e671.ppc64le.rpm nbdkit-linuxdisk-plugin-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.ppc64le.rpm nbdkit-nbd-plugin-1.24.0-4.module+el8.6.0+14167+61b0e671.ppc64le.rpm nbdkit-nbd-plugin-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.ppc64le.rpm nbdkit-python-plugin-1.24.0-4.module+el8.6.0+14167+61b0e671.ppc64le.rpm nbdkit-python-plugin-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.ppc64le.rpm nbdkit-server-1.24.0-4.module+el8.6.0+14167+61b0e671.ppc64le.rpm nbdkit-server-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.ppc64le.rpm nbdkit-ssh-plugin-1.24.0-4.module+el8.6.0+14167+61b0e671.ppc64le.rpm nbdkit-ssh-plugin-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.ppc64le.rpm nbdkit-tar-filter-1.24.0-4.module+el8.6.0+14167+61b0e671.ppc64le.rpm nbdkit-tar-filter-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.ppc64le.rpm nbdkit-tar-plugin-1.24.0-4.module+el8.6.0+14167+61b0e671.ppc64le.rpm nbdkit-tar-plugin-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.ppc64le.rpm nbdkit-tmpdisk-plugin-1.24.0-4.module+el8.6.0+14167+61b0e671.ppc64le.rpm nbdkit-tmpdisk-plugin-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.ppc64le.rpm nbdkit-xz-filter-1.24.0-4.module+el8.6.0+14167+61b0e671.ppc64le.rpm nbdkit-xz-filter-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.ppc64le.rpm netcf-0.2.8-12.module+el8.4.0+8855+a9e237a9.ppc64le.rpm netcf-debuginfo-0.2.8-12.module+el8.4.0+8855+a9e237a9.ppc64le.rpm netcf-debugsource-0.2.8-12.module+el8.4.0+8855+a9e237a9.ppc64le.rpm netcf-devel-0.2.8-12.module+el8.4.0+8855+a9e237a9.ppc64le.rpm netcf-libs-0.2.8-12.module+el8.4.0+8855+a9e237a9.ppc64le.rpm netcf-libs-debuginfo-0.2.8-12.module+el8.4.0+8855+a9e237a9.ppc64le.rpm perl-Sys-Guestfs-1.44.0-5.module+el8.6.0+13879+1439f356.ppc64le.rpm perl-Sys-Guestfs-debuginfo-1.44.0-5.module+el8.6.0+13879+1439f356.ppc64le.rpm perl-Sys-Virt-8.0.0-1.module+el8.6.0+13896+a8fa8f67.ppc64le.rpm perl-Sys-Virt-debuginfo-8.0.0-1.module+el8.6.0+13896+a8fa8f67.ppc64le.rpm perl-Sys-Virt-debugsource-8.0.0-1.module+el8.6.0+13896+a8fa8f67.ppc64le.rpm perl-hivex-1.3.18-23.module+el8.6.0+12721+8d053ff2.ppc64le.rpm perl-hivex-debuginfo-1.3.18-23.module+el8.6.0+12721+8d053ff2.ppc64le.rpm python3-hivex-1.3.18-23.module+el8.6.0+12721+8d053ff2.ppc64le.rpm python3-hivex-debuginfo-1.3.18-23.module+el8.6.0+12721+8d053ff2.ppc64le.rpm python3-libguestfs-1.44.0-5.module+el8.6.0+13879+1439f356.ppc64le.rpm python3-libguestfs-debuginfo-1.44.0-5.module+el8.6.0+13879+1439f356.ppc64le.rpm python3-libnbd-1.6.0-5.module+el8.6.0+14167+61b0e671.ppc64le.rpm python3-libnbd-debuginfo-1.6.0-5.module+el8.6.0+14167+61b0e671.ppc64le.rpm python3-libvirt-8.0.0-1.module+el8.6.0+13896+a8fa8f67.ppc64le.rpm python3-libvirt-debuginfo-8.0.0-1.module+el8.6.0+13896+a8fa8f67.ppc64le.rpm qemu-guest-agent-6.2.0-11.module+el8.6.0+14712+f96656d3.ppc64le.rpm qemu-guest-agent-debuginfo-6.2.0-11.module+el8.6.0+14712+f96656d3.ppc64le.rpm qemu-img-6.2.0-11.module+el8.6.0+14712+f96656d3.ppc64le.rpm qemu-img-debuginfo-6.2.0-11.module+el8.6.0+14712+f96656d3.ppc64le.rpm qemu-kvm-6.2.0-11.module+el8.6.0+14712+f96656d3.ppc64le.rpm qemu-kvm-block-curl-6.2.0-11.module+el8.6.0+14712+f96656d3.ppc64le.rpm qemu-kvm-block-curl-debuginfo-6.2.0-11.module+el8.6.0+14712+f96656d3.ppc64le.rpm qemu-kvm-block-iscsi-6.2.0-11.module+el8.6.0+14712+f96656d3.ppc64le.rpm qemu-kvm-block-iscsi-debuginfo-6.2.0-11.module+el8.6.0+14712+f96656d3.ppc64le.rpm qemu-kvm-block-rbd-6.2.0-11.module+el8.6.0+14712+f96656d3.ppc64le.rpm qemu-kvm-block-rbd-debuginfo-6.2.0-11.module+el8.6.0+14712+f96656d3.ppc64le.rpm qemu-kvm-block-ssh-6.2.0-11.module+el8.6.0+14712+f96656d3.ppc64le.rpm qemu-kvm-block-ssh-debuginfo-6.2.0-11.module+el8.6.0+14712+f96656d3.ppc64le.rpm qemu-kvm-common-6.2.0-11.module+el8.6.0+14712+f96656d3.ppc64le.rpm qemu-kvm-common-debuginfo-6.2.0-11.module+el8.6.0+14712+f96656d3.ppc64le.rpm qemu-kvm-core-6.2.0-11.module+el8.6.0+14712+f96656d3.ppc64le.rpm qemu-kvm-core-debuginfo-6.2.0-11.module+el8.6.0+14712+f96656d3.ppc64le.rpm qemu-kvm-debuginfo-6.2.0-11.module+el8.6.0+14712+f96656d3.ppc64le.rpm qemu-kvm-debugsource-6.2.0-11.module+el8.6.0+14712+f96656d3.ppc64le.rpm qemu-kvm-docs-6.2.0-11.module+el8.6.0+14712+f96656d3.ppc64le.rpm ruby-hivex-1.3.18-23.module+el8.6.0+12721+8d053ff2.ppc64le.rpm ruby-hivex-debuginfo-1.3.18-23.module+el8.6.0+12721+8d053ff2.ppc64le.rpm ruby-libguestfs-1.44.0-5.module+el8.6.0+13879+1439f356.ppc64le.rpm ruby-libguestfs-debuginfo-1.44.0-5.module+el8.6.0+13879+1439f356.ppc64le.rpm supermin-5.2.1-1.module+el8.6.0+12721+8d053ff2.ppc64le.rpm supermin-debuginfo-5.2.1-1.module+el8.6.0+12721+8d053ff2.ppc64le.rpm supermin-debugsource-5.2.1-1.module+el8.6.0+12721+8d053ff2.ppc64le.rpm supermin-devel-5.2.1-1.module+el8.6.0+12721+8d053ff2.ppc64le.rpm swtpm-0.7.0-1.20211109gitb79fd91.module+el8.6.0+13879+1439f356.ppc64le.rpm swtpm-debuginfo-0.7.0-1.20211109gitb79fd91.module+el8.6.0+13879+1439f356.ppc64le.rpm swtpm-debugsource-0.7.0-1.20211109gitb79fd91.module+el8.6.0+13879+1439f356.ppc64le.rpm swtpm-devel-0.7.0-1.20211109gitb79fd91.module+el8.6.0+13879+1439f356.ppc64le.rpm swtpm-libs-0.7.0-1.20211109gitb79fd91.module+el8.6.0+13879+1439f356.ppc64le.rpm swtpm-libs-debuginfo-0.7.0-1.20211109gitb79fd91.module+el8.6.0+13879+1439f356.ppc64le.rpm swtpm-tools-0.7.0-1.20211109gitb79fd91.module+el8.6.0+13879+1439f356.ppc64le.rpm swtpm-tools-debuginfo-0.7.0-1.20211109gitb79fd91.module+el8.6.0+13879+1439f356.ppc64le.rpm swtpm-tools-pkcs11-0.7.0-1.20211109gitb79fd91.module+el8.6.0+13879+1439f356.ppc64le.rpm virt-dib-1.44.0-5.module+el8.6.0+13879+1439f356.ppc64le.rpm virt-dib-debuginfo-1.44.0-5.module+el8.6.0+13879+1439f356.ppc64le.rpm s390x: hivex-1.3.18-23.module+el8.6.0+12721+8d053ff2.s390x.rpm hivex-debuginfo-1.3.18-23.module+el8.6.0+12721+8d053ff2.s390x.rpm hivex-debugsource-1.3.18-23.module+el8.6.0+12721+8d053ff2.s390x.rpm hivex-devel-1.3.18-23.module+el8.6.0+12721+8d053ff2.s390x.rpm libguestfs-1.44.0-5.module+el8.6.0+13879+1439f356.s390x.rpm libguestfs-appliance-1.44.0-5.module+el8.6.0+13879+1439f356.s390x.rpm libguestfs-debuginfo-1.44.0-5.module+el8.6.0+13879+1439f356.s390x.rpm libguestfs-debugsource-1.44.0-5.module+el8.6.0+13879+1439f356.s390x.rpm libguestfs-devel-1.44.0-5.module+el8.6.0+13879+1439f356.s390x.rpm libguestfs-gfs2-1.44.0-5.module+el8.6.0+13879+1439f356.s390x.rpm libguestfs-gobject-1.44.0-5.module+el8.6.0+13879+1439f356.s390x.rpm libguestfs-gobject-debuginfo-1.44.0-5.module+el8.6.0+13879+1439f356.s390x.rpm libguestfs-gobject-devel-1.44.0-5.module+el8.6.0+13879+1439f356.s390x.rpm libguestfs-java-1.44.0-5.module+el8.6.0+13879+1439f356.s390x.rpm libguestfs-java-debuginfo-1.44.0-5.module+el8.6.0+13879+1439f356.s390x.rpm libguestfs-java-devel-1.44.0-5.module+el8.6.0+13879+1439f356.s390x.rpm libguestfs-rescue-1.44.0-5.module+el8.6.0+13879+1439f356.s390x.rpm libguestfs-rsync-1.44.0-5.module+el8.6.0+13879+1439f356.s390x.rpm libguestfs-tools-c-1.44.0-5.module+el8.6.0+13879+1439f356.s390x.rpm libguestfs-tools-c-debuginfo-1.44.0-5.module+el8.6.0+13879+1439f356.s390x.rpm libguestfs-winsupport-8.6-1.module+el8.6.0+12721+8d053ff2.s390x.rpm libguestfs-xfs-1.44.0-5.module+el8.6.0+13879+1439f356.s390x.rpm libiscsi-1.18.0-8.module+el8.4.0+8855+a9e237a9.s390x.rpm libiscsi-debuginfo-1.18.0-8.module+el8.4.0+8855+a9e237a9.s390x.rpm libiscsi-debugsource-1.18.0-8.module+el8.4.0+8855+a9e237a9.s390x.rpm libiscsi-devel-1.18.0-8.module+el8.4.0+8855+a9e237a9.s390x.rpm libiscsi-utils-1.18.0-8.module+el8.4.0+8855+a9e237a9.s390x.rpm libiscsi-utils-debuginfo-1.18.0-8.module+el8.4.0+8855+a9e237a9.s390x.rpm libnbd-1.6.0-5.module+el8.6.0+14167+61b0e671.s390x.rpm libnbd-debuginfo-1.6.0-5.module+el8.6.0+14167+61b0e671.s390x.rpm libnbd-debugsource-1.6.0-5.module+el8.6.0+14167+61b0e671.s390x.rpm libnbd-devel-1.6.0-5.module+el8.6.0+14167+61b0e671.s390x.rpm libtpms-0.9.1-0.20211126git1ff6fe1f43.module+el8.6.0+13879+1439f356.s390x.rpm libtpms-debuginfo-0.9.1-0.20211126git1ff6fe1f43.module+el8.6.0+13879+1439f356.s390x.rpm libtpms-debugsource-0.9.1-0.20211126git1ff6fe1f43.module+el8.6.0+13879+1439f356.s390x.rpm libtpms-devel-0.9.1-0.20211126git1ff6fe1f43.module+el8.6.0+13879+1439f356.s390x.rpm libvirt-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-client-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-client-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-daemon-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-daemon-config-network-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-daemon-config-nwfilter-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-daemon-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-daemon-driver-interface-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-daemon-driver-interface-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-daemon-driver-network-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-daemon-driver-network-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-daemon-driver-nodedev-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-daemon-driver-nodedev-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-daemon-driver-nwfilter-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-daemon-driver-nwfilter-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-daemon-driver-qemu-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-daemon-driver-qemu-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-daemon-driver-secret-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-daemon-driver-secret-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-daemon-driver-storage-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-daemon-driver-storage-core-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-daemon-driver-storage-core-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-daemon-driver-storage-disk-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-daemon-driver-storage-disk-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-daemon-driver-storage-gluster-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-daemon-driver-storage-gluster-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-daemon-driver-storage-iscsi-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-daemon-driver-storage-iscsi-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-daemon-driver-storage-iscsi-direct-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-daemon-driver-storage-iscsi-direct-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-daemon-driver-storage-logical-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-daemon-driver-storage-logical-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-daemon-driver-storage-mpath-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-daemon-driver-storage-mpath-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-daemon-driver-storage-rbd-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-daemon-driver-storage-rbd-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-daemon-driver-storage-scsi-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-daemon-driver-storage-scsi-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-daemon-kvm-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-dbus-1.3.0-2.module+el8.6.0+12721+8d053ff2.s390x.rpm libvirt-dbus-debuginfo-1.3.0-2.module+el8.6.0+12721+8d053ff2.s390x.rpm libvirt-dbus-debugsource-1.3.0-2.module+el8.6.0+12721+8d053ff2.s390x.rpm libvirt-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-debugsource-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-devel-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-docs-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-libs-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-libs-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-lock-sanlock-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-lock-sanlock-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-nss-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-nss-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-python-debugsource-8.0.0-1.module+el8.6.0+13896+a8fa8f67.s390x.rpm libvirt-wireshark-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm libvirt-wireshark-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.s390x.rpm lua-guestfs-1.44.0-5.module+el8.6.0+13879+1439f356.s390x.rpm lua-guestfs-debuginfo-1.44.0-5.module+el8.6.0+13879+1439f356.s390x.rpm nbdfuse-1.6.0-5.module+el8.6.0+14167+61b0e671.s390x.rpm nbdfuse-debuginfo-1.6.0-5.module+el8.6.0+14167+61b0e671.s390x.rpm nbdkit-1.24.0-4.module+el8.6.0+14167+61b0e671.s390x.rpm nbdkit-basic-filters-1.24.0-4.module+el8.6.0+14167+61b0e671.s390x.rpm nbdkit-basic-filters-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.s390x.rpm nbdkit-basic-plugins-1.24.0-4.module+el8.6.0+14167+61b0e671.s390x.rpm nbdkit-basic-plugins-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.s390x.rpm nbdkit-curl-plugin-1.24.0-4.module+el8.6.0+14167+61b0e671.s390x.rpm nbdkit-curl-plugin-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.s390x.rpm nbdkit-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.s390x.rpm nbdkit-debugsource-1.24.0-4.module+el8.6.0+14167+61b0e671.s390x.rpm nbdkit-devel-1.24.0-4.module+el8.6.0+14167+61b0e671.s390x.rpm nbdkit-example-plugins-1.24.0-4.module+el8.6.0+14167+61b0e671.s390x.rpm nbdkit-example-plugins-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.s390x.rpm nbdkit-gzip-filter-1.24.0-4.module+el8.6.0+14167+61b0e671.s390x.rpm nbdkit-gzip-filter-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.s390x.rpm nbdkit-gzip-plugin-1.24.0-4.module+el8.6.0+14167+61b0e671.s390x.rpm nbdkit-gzip-plugin-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.s390x.rpm nbdkit-linuxdisk-plugin-1.24.0-4.module+el8.6.0+14167+61b0e671.s390x.rpm nbdkit-linuxdisk-plugin-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.s390x.rpm nbdkit-nbd-plugin-1.24.0-4.module+el8.6.0+14167+61b0e671.s390x.rpm nbdkit-nbd-plugin-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.s390x.rpm nbdkit-python-plugin-1.24.0-4.module+el8.6.0+14167+61b0e671.s390x.rpm nbdkit-python-plugin-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.s390x.rpm nbdkit-server-1.24.0-4.module+el8.6.0+14167+61b0e671.s390x.rpm nbdkit-server-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.s390x.rpm nbdkit-ssh-plugin-1.24.0-4.module+el8.6.0+14167+61b0e671.s390x.rpm nbdkit-ssh-plugin-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.s390x.rpm nbdkit-tar-filter-1.24.0-4.module+el8.6.0+14167+61b0e671.s390x.rpm nbdkit-tar-filter-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.s390x.rpm nbdkit-tar-plugin-1.24.0-4.module+el8.6.0+14167+61b0e671.s390x.rpm nbdkit-tar-plugin-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.s390x.rpm nbdkit-tmpdisk-plugin-1.24.0-4.module+el8.6.0+14167+61b0e671.s390x.rpm nbdkit-tmpdisk-plugin-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.s390x.rpm nbdkit-xz-filter-1.24.0-4.module+el8.6.0+14167+61b0e671.s390x.rpm nbdkit-xz-filter-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.s390x.rpm netcf-0.2.8-12.module+el8.4.0+8855+a9e237a9.s390x.rpm netcf-debuginfo-0.2.8-12.module+el8.4.0+8855+a9e237a9.s390x.rpm netcf-debugsource-0.2.8-12.module+el8.4.0+8855+a9e237a9.s390x.rpm netcf-devel-0.2.8-12.module+el8.4.0+8855+a9e237a9.s390x.rpm netcf-libs-0.2.8-12.module+el8.4.0+8855+a9e237a9.s390x.rpm netcf-libs-debuginfo-0.2.8-12.module+el8.4.0+8855+a9e237a9.s390x.rpm perl-Sys-Guestfs-1.44.0-5.module+el8.6.0+13879+1439f356.s390x.rpm perl-Sys-Guestfs-debuginfo-1.44.0-5.module+el8.6.0+13879+1439f356.s390x.rpm perl-Sys-Virt-8.0.0-1.module+el8.6.0+13896+a8fa8f67.s390x.rpm perl-Sys-Virt-debuginfo-8.0.0-1.module+el8.6.0+13896+a8fa8f67.s390x.rpm perl-Sys-Virt-debugsource-8.0.0-1.module+el8.6.0+13896+a8fa8f67.s390x.rpm perl-hivex-1.3.18-23.module+el8.6.0+12721+8d053ff2.s390x.rpm perl-hivex-debuginfo-1.3.18-23.module+el8.6.0+12721+8d053ff2.s390x.rpm python3-hivex-1.3.18-23.module+el8.6.0+12721+8d053ff2.s390x.rpm python3-hivex-debuginfo-1.3.18-23.module+el8.6.0+12721+8d053ff2.s390x.rpm python3-libguestfs-1.44.0-5.module+el8.6.0+13879+1439f356.s390x.rpm python3-libguestfs-debuginfo-1.44.0-5.module+el8.6.0+13879+1439f356.s390x.rpm python3-libnbd-1.6.0-5.module+el8.6.0+14167+61b0e671.s390x.rpm python3-libnbd-debuginfo-1.6.0-5.module+el8.6.0+14167+61b0e671.s390x.rpm python3-libvirt-8.0.0-1.module+el8.6.0+13896+a8fa8f67.s390x.rpm python3-libvirt-debuginfo-8.0.0-1.module+el8.6.0+13896+a8fa8f67.s390x.rpm qemu-guest-agent-6.2.0-11.module+el8.6.0+14712+f96656d3.s390x.rpm qemu-guest-agent-debuginfo-6.2.0-11.module+el8.6.0+14712+f96656d3.s390x.rpm qemu-img-6.2.0-11.module+el8.6.0+14712+f96656d3.s390x.rpm qemu-img-debuginfo-6.2.0-11.module+el8.6.0+14712+f96656d3.s390x.rpm qemu-kvm-6.2.0-11.module+el8.6.0+14712+f96656d3.s390x.rpm qemu-kvm-block-curl-6.2.0-11.module+el8.6.0+14712+f96656d3.s390x.rpm qemu-kvm-block-curl-debuginfo-6.2.0-11.module+el8.6.0+14712+f96656d3.s390x.rpm qemu-kvm-block-iscsi-6.2.0-11.module+el8.6.0+14712+f96656d3.s390x.rpm qemu-kvm-block-iscsi-debuginfo-6.2.0-11.module+el8.6.0+14712+f96656d3.s390x.rpm qemu-kvm-block-rbd-6.2.0-11.module+el8.6.0+14712+f96656d3.s390x.rpm qemu-kvm-block-rbd-debuginfo-6.2.0-11.module+el8.6.0+14712+f96656d3.s390x.rpm qemu-kvm-block-ssh-6.2.0-11.module+el8.6.0+14712+f96656d3.s390x.rpm qemu-kvm-block-ssh-debuginfo-6.2.0-11.module+el8.6.0+14712+f96656d3.s390x.rpm qemu-kvm-common-6.2.0-11.module+el8.6.0+14712+f96656d3.s390x.rpm qemu-kvm-common-debuginfo-6.2.0-11.module+el8.6.0+14712+f96656d3.s390x.rpm qemu-kvm-core-6.2.0-11.module+el8.6.0+14712+f96656d3.s390x.rpm qemu-kvm-core-debuginfo-6.2.0-11.module+el8.6.0+14712+f96656d3.s390x.rpm qemu-kvm-debuginfo-6.2.0-11.module+el8.6.0+14712+f96656d3.s390x.rpm qemu-kvm-debugsource-6.2.0-11.module+el8.6.0+14712+f96656d3.s390x.rpm qemu-kvm-docs-6.2.0-11.module+el8.6.0+14712+f96656d3.s390x.rpm ruby-hivex-1.3.18-23.module+el8.6.0+12721+8d053ff2.s390x.rpm ruby-hivex-debuginfo-1.3.18-23.module+el8.6.0+12721+8d053ff2.s390x.rpm ruby-libguestfs-1.44.0-5.module+el8.6.0+13879+1439f356.s390x.rpm ruby-libguestfs-debuginfo-1.44.0-5.module+el8.6.0+13879+1439f356.s390x.rpm supermin-5.2.1-1.module+el8.6.0+12721+8d053ff2.s390x.rpm supermin-debuginfo-5.2.1-1.module+el8.6.0+12721+8d053ff2.s390x.rpm supermin-debugsource-5.2.1-1.module+el8.6.0+12721+8d053ff2.s390x.rpm supermin-devel-5.2.1-1.module+el8.6.0+12721+8d053ff2.s390x.rpm swtpm-0.7.0-1.20211109gitb79fd91.module+el8.6.0+13879+1439f356.s390x.rpm swtpm-debuginfo-0.7.0-1.20211109gitb79fd91.module+el8.6.0+13879+1439f356.s390x.rpm swtpm-debugsource-0.7.0-1.20211109gitb79fd91.module+el8.6.0+13879+1439f356.s390x.rpm swtpm-devel-0.7.0-1.20211109gitb79fd91.module+el8.6.0+13879+1439f356.s390x.rpm swtpm-libs-0.7.0-1.20211109gitb79fd91.module+el8.6.0+13879+1439f356.s390x.rpm swtpm-libs-debuginfo-0.7.0-1.20211109gitb79fd91.module+el8.6.0+13879+1439f356.s390x.rpm swtpm-tools-0.7.0-1.20211109gitb79fd91.module+el8.6.0+13879+1439f356.s390x.rpm swtpm-tools-debuginfo-0.7.0-1.20211109gitb79fd91.module+el8.6.0+13879+1439f356.s390x.rpm swtpm-tools-pkcs11-0.7.0-1.20211109gitb79fd91.module+el8.6.0+13879+1439f356.s390x.rpm virt-dib-1.44.0-5.module+el8.6.0+13879+1439f356.s390x.rpm virt-dib-debuginfo-1.44.0-5.module+el8.6.0+13879+1439f356.s390x.rpm x86_64: hivex-1.3.18-23.module+el8.6.0+12721+8d053ff2.x86_64.rpm hivex-debuginfo-1.3.18-23.module+el8.6.0+12721+8d053ff2.x86_64.rpm hivex-debugsource-1.3.18-23.module+el8.6.0+12721+8d053ff2.x86_64.rpm hivex-devel-1.3.18-23.module+el8.6.0+12721+8d053ff2.x86_64.rpm libguestfs-1.44.0-5.module+el8.6.0+13879+1439f356.x86_64.rpm libguestfs-appliance-1.44.0-5.module+el8.6.0+13879+1439f356.x86_64.rpm libguestfs-debuginfo-1.44.0-5.module+el8.6.0+13879+1439f356.x86_64.rpm libguestfs-debugsource-1.44.0-5.module+el8.6.0+13879+1439f356.x86_64.rpm libguestfs-devel-1.44.0-5.module+el8.6.0+13879+1439f356.x86_64.rpm libguestfs-gfs2-1.44.0-5.module+el8.6.0+13879+1439f356.x86_64.rpm libguestfs-gobject-1.44.0-5.module+el8.6.0+13879+1439f356.x86_64.rpm libguestfs-gobject-debuginfo-1.44.0-5.module+el8.6.0+13879+1439f356.x86_64.rpm libguestfs-gobject-devel-1.44.0-5.module+el8.6.0+13879+1439f356.x86_64.rpm libguestfs-java-1.44.0-5.module+el8.6.0+13879+1439f356.x86_64.rpm libguestfs-java-debuginfo-1.44.0-5.module+el8.6.0+13879+1439f356.x86_64.rpm libguestfs-java-devel-1.44.0-5.module+el8.6.0+13879+1439f356.x86_64.rpm libguestfs-rescue-1.44.0-5.module+el8.6.0+13879+1439f356.x86_64.rpm libguestfs-rsync-1.44.0-5.module+el8.6.0+13879+1439f356.x86_64.rpm libguestfs-tools-c-1.44.0-5.module+el8.6.0+13879+1439f356.x86_64.rpm libguestfs-tools-c-debuginfo-1.44.0-5.module+el8.6.0+13879+1439f356.x86_64.rpm libguestfs-winsupport-8.6-1.module+el8.6.0+12721+8d053ff2.x86_64.rpm libguestfs-xfs-1.44.0-5.module+el8.6.0+13879+1439f356.x86_64.rpm libiscsi-1.18.0-8.module+el8.4.0+8855+a9e237a9.x86_64.rpm libiscsi-debuginfo-1.18.0-8.module+el8.4.0+8855+a9e237a9.x86_64.rpm libiscsi-debugsource-1.18.0-8.module+el8.4.0+8855+a9e237a9.x86_64.rpm libiscsi-devel-1.18.0-8.module+el8.4.0+8855+a9e237a9.x86_64.rpm libiscsi-utils-1.18.0-8.module+el8.4.0+8855+a9e237a9.x86_64.rpm libiscsi-utils-debuginfo-1.18.0-8.module+el8.4.0+8855+a9e237a9.x86_64.rpm libnbd-1.6.0-5.module+el8.6.0+14167+61b0e671.x86_64.rpm libnbd-debuginfo-1.6.0-5.module+el8.6.0+14167+61b0e671.x86_64.rpm libnbd-debugsource-1.6.0-5.module+el8.6.0+14167+61b0e671.x86_64.rpm libnbd-devel-1.6.0-5.module+el8.6.0+14167+61b0e671.x86_64.rpm libtpms-0.9.1-0.20211126git1ff6fe1f43.module+el8.6.0+13879+1439f356.x86_64.rpm libtpms-debuginfo-0.9.1-0.20211126git1ff6fe1f43.module+el8.6.0+13879+1439f356.x86_64.rpm libtpms-debugsource-0.9.1-0.20211126git1ff6fe1f43.module+el8.6.0+13879+1439f356.x86_64.rpm libtpms-devel-0.9.1-0.20211126git1ff6fe1f43.module+el8.6.0+13879+1439f356.x86_64.rpm libvirt-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-client-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-client-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-daemon-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-daemon-config-network-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-daemon-config-nwfilter-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-daemon-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-daemon-driver-interface-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-daemon-driver-interface-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-daemon-driver-network-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-daemon-driver-network-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-daemon-driver-nodedev-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-daemon-driver-nodedev-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-daemon-driver-nwfilter-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-daemon-driver-nwfilter-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-daemon-driver-qemu-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-daemon-driver-qemu-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-daemon-driver-secret-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-daemon-driver-secret-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-daemon-driver-storage-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-daemon-driver-storage-core-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-daemon-driver-storage-core-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-daemon-driver-storage-disk-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-daemon-driver-storage-disk-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-daemon-driver-storage-gluster-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-daemon-driver-storage-gluster-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-daemon-driver-storage-iscsi-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-daemon-driver-storage-iscsi-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-daemon-driver-storage-iscsi-direct-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-daemon-driver-storage-iscsi-direct-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-daemon-driver-storage-logical-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-daemon-driver-storage-logical-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-daemon-driver-storage-mpath-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-daemon-driver-storage-mpath-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-daemon-driver-storage-rbd-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-daemon-driver-storage-rbd-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-daemon-driver-storage-scsi-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-daemon-driver-storage-scsi-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-daemon-kvm-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-dbus-1.3.0-2.module+el8.6.0+12721+8d053ff2.x86_64.rpm libvirt-dbus-debuginfo-1.3.0-2.module+el8.6.0+12721+8d053ff2.x86_64.rpm libvirt-dbus-debugsource-1.3.0-2.module+el8.6.0+12721+8d053ff2.x86_64.rpm libvirt-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-debugsource-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-devel-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-docs-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-libs-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-libs-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-lock-sanlock-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-lock-sanlock-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-nss-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-nss-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-python-debugsource-8.0.0-1.module+el8.6.0+13896+a8fa8f67.x86_64.rpm libvirt-wireshark-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm libvirt-wireshark-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.x86_64.rpm lua-guestfs-1.44.0-5.module+el8.6.0+13879+1439f356.x86_64.rpm lua-guestfs-debuginfo-1.44.0-5.module+el8.6.0+13879+1439f356.x86_64.rpm nbdfuse-1.6.0-5.module+el8.6.0+14167+61b0e671.x86_64.rpm nbdfuse-debuginfo-1.6.0-5.module+el8.6.0+14167+61b0e671.x86_64.rpm nbdkit-1.24.0-4.module+el8.6.0+14167+61b0e671.x86_64.rpm nbdkit-basic-filters-1.24.0-4.module+el8.6.0+14167+61b0e671.x86_64.rpm nbdkit-basic-filters-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.x86_64.rpm nbdkit-basic-plugins-1.24.0-4.module+el8.6.0+14167+61b0e671.x86_64.rpm nbdkit-basic-plugins-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.x86_64.rpm nbdkit-curl-plugin-1.24.0-4.module+el8.6.0+14167+61b0e671.x86_64.rpm nbdkit-curl-plugin-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.x86_64.rpm nbdkit-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.x86_64.rpm nbdkit-debugsource-1.24.0-4.module+el8.6.0+14167+61b0e671.x86_64.rpm nbdkit-devel-1.24.0-4.module+el8.6.0+14167+61b0e671.x86_64.rpm nbdkit-example-plugins-1.24.0-4.module+el8.6.0+14167+61b0e671.x86_64.rpm nbdkit-example-plugins-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.x86_64.rpm nbdkit-gzip-filter-1.24.0-4.module+el8.6.0+14167+61b0e671.x86_64.rpm nbdkit-gzip-filter-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.x86_64.rpm nbdkit-gzip-plugin-1.24.0-4.module+el8.6.0+14167+61b0e671.x86_64.rpm nbdkit-gzip-plugin-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.x86_64.rpm nbdkit-linuxdisk-plugin-1.24.0-4.module+el8.6.0+14167+61b0e671.x86_64.rpm nbdkit-linuxdisk-plugin-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.x86_64.rpm nbdkit-nbd-plugin-1.24.0-4.module+el8.6.0+14167+61b0e671.x86_64.rpm nbdkit-nbd-plugin-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.x86_64.rpm nbdkit-python-plugin-1.24.0-4.module+el8.6.0+14167+61b0e671.x86_64.rpm nbdkit-python-plugin-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.x86_64.rpm nbdkit-server-1.24.0-4.module+el8.6.0+14167+61b0e671.x86_64.rpm nbdkit-server-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.x86_64.rpm nbdkit-ssh-plugin-1.24.0-4.module+el8.6.0+14167+61b0e671.x86_64.rpm nbdkit-ssh-plugin-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.x86_64.rpm nbdkit-tar-filter-1.24.0-4.module+el8.6.0+14167+61b0e671.x86_64.rpm nbdkit-tar-filter-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.x86_64.rpm nbdkit-tar-plugin-1.24.0-4.module+el8.6.0+14167+61b0e671.x86_64.rpm nbdkit-tar-plugin-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.x86_64.rpm nbdkit-tmpdisk-plugin-1.24.0-4.module+el8.6.0+14167+61b0e671.x86_64.rpm nbdkit-tmpdisk-plugin-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.x86_64.rpm nbdkit-vddk-plugin-1.24.0-4.module+el8.6.0+14167+61b0e671.x86_64.rpm nbdkit-vddk-plugin-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.x86_64.rpm nbdkit-xz-filter-1.24.0-4.module+el8.6.0+14167+61b0e671.x86_64.rpm nbdkit-xz-filter-debuginfo-1.24.0-4.module+el8.6.0+14167+61b0e671.x86_64.rpm netcf-0.2.8-12.module+el8.4.0+8855+a9e237a9.x86_64.rpm netcf-debuginfo-0.2.8-12.module+el8.4.0+8855+a9e237a9.x86_64.rpm netcf-debugsource-0.2.8-12.module+el8.4.0+8855+a9e237a9.x86_64.rpm netcf-devel-0.2.8-12.module+el8.4.0+8855+a9e237a9.x86_64.rpm netcf-libs-0.2.8-12.module+el8.4.0+8855+a9e237a9.x86_64.rpm netcf-libs-debuginfo-0.2.8-12.module+el8.4.0+8855+a9e237a9.x86_64.rpm perl-Sys-Guestfs-1.44.0-5.module+el8.6.0+13879+1439f356.x86_64.rpm perl-Sys-Guestfs-debuginfo-1.44.0-5.module+el8.6.0+13879+1439f356.x86_64.rpm perl-Sys-Virt-8.0.0-1.module+el8.6.0+13896+a8fa8f67.x86_64.rpm perl-Sys-Virt-debuginfo-8.0.0-1.module+el8.6.0+13896+a8fa8f67.x86_64.rpm perl-Sys-Virt-debugsource-8.0.0-1.module+el8.6.0+13896+a8fa8f67.x86_64.rpm perl-hivex-1.3.18-23.module+el8.6.0+12721+8d053ff2.x86_64.rpm perl-hivex-debuginfo-1.3.18-23.module+el8.6.0+12721+8d053ff2.x86_64.rpm python3-hivex-1.3.18-23.module+el8.6.0+12721+8d053ff2.x86_64.rpm python3-hivex-debuginfo-1.3.18-23.module+el8.6.0+12721+8d053ff2.x86_64.rpm python3-libguestfs-1.44.0-5.module+el8.6.0+13879+1439f356.x86_64.rpm python3-libguestfs-debuginfo-1.44.0-5.module+el8.6.0+13879+1439f356.x86_64.rpm python3-libnbd-1.6.0-5.module+el8.6.0+14167+61b0e671.x86_64.rpm python3-libnbd-debuginfo-1.6.0-5.module+el8.6.0+14167+61b0e671.x86_64.rpm python3-libvirt-8.0.0-1.module+el8.6.0+13896+a8fa8f67.x86_64.rpm python3-libvirt-debuginfo-8.0.0-1.module+el8.6.0+13896+a8fa8f67.x86_64.rpm qemu-guest-agent-6.2.0-11.module+el8.6.0+14712+f96656d3.x86_64.rpm qemu-guest-agent-debuginfo-6.2.0-11.module+el8.6.0+14712+f96656d3.x86_64.rpm qemu-img-6.2.0-11.module+el8.6.0+14712+f96656d3.x86_64.rpm qemu-img-debuginfo-6.2.0-11.module+el8.6.0+14712+f96656d3.x86_64.rpm qemu-kvm-6.2.0-11.module+el8.6.0+14712+f96656d3.x86_64.rpm qemu-kvm-block-curl-6.2.0-11.module+el8.6.0+14712+f96656d3.x86_64.rpm qemu-kvm-block-curl-debuginfo-6.2.0-11.module+el8.6.0+14712+f96656d3.x86_64.rpm qemu-kvm-block-gluster-6.2.0-11.module+el8.6.0+14712+f96656d3.x86_64.rpm qemu-kvm-block-gluster-debuginfo-6.2.0-11.module+el8.6.0+14712+f96656d3.x86_64.rpm qemu-kvm-block-iscsi-6.2.0-11.module+el8.6.0+14712+f96656d3.x86_64.rpm qemu-kvm-block-iscsi-debuginfo-6.2.0-11.module+el8.6.0+14712+f96656d3.x86_64.rpm qemu-kvm-block-rbd-6.2.0-11.module+el8.6.0+14712+f96656d3.x86_64.rpm qemu-kvm-block-rbd-debuginfo-6.2.0-11.module+el8.6.0+14712+f96656d3.x86_64.rpm qemu-kvm-block-ssh-6.2.0-11.module+el8.6.0+14712+f96656d3.x86_64.rpm qemu-kvm-block-ssh-debuginfo-6.2.0-11.module+el8.6.0+14712+f96656d3.x86_64.rpm qemu-kvm-common-6.2.0-11.module+el8.6.0+14712+f96656d3.x86_64.rpm qemu-kvm-common-debuginfo-6.2.0-11.module+el8.6.0+14712+f96656d3.x86_64.rpm qemu-kvm-core-6.2.0-11.module+el8.6.0+14712+f96656d3.x86_64.rpm qemu-kvm-core-debuginfo-6.2.0-11.module+el8.6.0+14712+f96656d3.x86_64.rpm qemu-kvm-debuginfo-6.2.0-11.module+el8.6.0+14712+f96656d3.x86_64.rpm qemu-kvm-debugsource-6.2.0-11.module+el8.6.0+14712+f96656d3.x86_64.rpm qemu-kvm-docs-6.2.0-11.module+el8.6.0+14712+f96656d3.x86_64.rpm qemu-kvm-hw-usbredir-6.2.0-11.module+el8.6.0+14712+f96656d3.x86_64.rpm qemu-kvm-hw-usbredir-debuginfo-6.2.0-11.module+el8.6.0+14712+f96656d3.x86_64.rpm qemu-kvm-ui-opengl-6.2.0-11.module+el8.6.0+14712+f96656d3.x86_64.rpm qemu-kvm-ui-opengl-debuginfo-6.2.0-11.module+el8.6.0+14712+f96656d3.x86_64.rpm qemu-kvm-ui-spice-6.2.0-11.module+el8.6.0+14712+f96656d3.x86_64.rpm qemu-kvm-ui-spice-debuginfo-6.2.0-11.module+el8.6.0+14712+f96656d3.x86_64.rpm ruby-hivex-1.3.18-23.module+el8.6.0+12721+8d053ff2.x86_64.rpm ruby-hivex-debuginfo-1.3.18-23.module+el8.6.0+12721+8d053ff2.x86_64.rpm ruby-libguestfs-1.44.0-5.module+el8.6.0+13879+1439f356.x86_64.rpm ruby-libguestfs-debuginfo-1.44.0-5.module+el8.6.0+13879+1439f356.x86_64.rpm seabios-1.15.0-1.module+el8.6.0+13879+1439f356.x86_64.rpm sgabios-0.20170427git-3.module+el8.4.0+8855+a9e237a9.x86_64.rpm supermin-5.2.1-1.module+el8.6.0+12721+8d053ff2.x86_64.rpm supermin-debuginfo-5.2.1-1.module+el8.6.0+12721+8d053ff2.x86_64.rpm supermin-debugsource-5.2.1-1.module+el8.6.0+12721+8d053ff2.x86_64.rpm supermin-devel-5.2.1-1.module+el8.6.0+12721+8d053ff2.x86_64.rpm swtpm-0.7.0-1.20211109gitb79fd91.module+el8.6.0+13879+1439f356.x86_64.rpm swtpm-debuginfo-0.7.0-1.20211109gitb79fd91.module+el8.6.0+13879+1439f356.x86_64.rpm swtpm-debugsource-0.7.0-1.20211109gitb79fd91.module+el8.6.0+13879+1439f356.x86_64.rpm swtpm-devel-0.7.0-1.20211109gitb79fd91.module+el8.6.0+13879+1439f356.x86_64.rpm swtpm-libs-0.7.0-1.20211109gitb79fd91.module+el8.6.0+13879+1439f356.x86_64.rpm swtpm-libs-debuginfo-0.7.0-1.20211109gitb79fd91.module+el8.6.0+13879+1439f356.x86_64.rpm swtpm-tools-0.7.0-1.20211109gitb79fd91.module+el8.6.0+13879+1439f356.x86_64.rpm swtpm-tools-debuginfo-0.7.0-1.20211109gitb79fd91.module+el8.6.0+13879+1439f356.x86_64.rpm swtpm-tools-pkcs11-0.7.0-1.20211109gitb79fd91.module+el8.6.0+13879+1439f356.x86_64.rpm virt-dib-1.44.0-5.module+el8.6.0+13879+1439f356.x86_64.rpm virt-dib-debuginfo-1.44.0-5.module+el8.6.0+13879+1439f356.x86_64.rpm virt-v2v-1.42.0-18.module+el8.6.0+13879+1439f356.x86_64.rpm virt-v2v-debuginfo-1.42.0-18.module+el8.6.0+13879+1439f356.x86_64.rpm virt-v2v-debugsource-1.42.0-18.module+el8.6.0+13879+1439f356.x86_64.rpm Advanced Virtualization CodeReady Builder for RHEL 8.6.0: Source: SLOF-20210217-1.module+el8.6.0+12721+8d053ff2.src.rpm seabios-1.15.0-1.module+el8.6.0+13879+1439f356.src.rpm sgabios-0.20170427git-3.module+el8.4.0+8855+a9e237a9.src.rpm virt-v2v-1.42.0-18.module+el8.6.0+13879+1439f356.src.rpm aarch64: ocaml-hivex-1.3.18-23.module+el8.6.0+12721+8d053ff2.aarch64.rpm ocaml-hivex-debuginfo-1.3.18-23.module+el8.6.0+12721+8d053ff2.aarch64.rpm ocaml-hivex-devel-1.3.18-23.module+el8.6.0+12721+8d053ff2.aarch64.rpm ocaml-libguestfs-1.44.0-5.module+el8.6.0+13879+1439f356.aarch64.rpm ocaml-libguestfs-debuginfo-1.44.0-5.module+el8.6.0+13879+1439f356.aarch64.rpm ocaml-libguestfs-devel-1.44.0-5.module+el8.6.0+13879+1439f356.aarch64.rpm ocaml-libnbd-1.6.0-5.module+el8.6.0+14167+61b0e671.aarch64.rpm ocaml-libnbd-debuginfo-1.6.0-5.module+el8.6.0+14167+61b0e671.aarch64.rpm ocaml-libnbd-devel-1.6.0-5.module+el8.6.0+14167+61b0e671.aarch64.rpm qemu-kvm-tests-6.2.0-11.module+el8.6.0+14712+f96656d3.aarch64.rpm ppc64le: ocaml-hivex-1.3.18-23.module+el8.6.0+12721+8d053ff2.ppc64le.rpm ocaml-hivex-debuginfo-1.3.18-23.module+el8.6.0+12721+8d053ff2.ppc64le.rpm ocaml-hivex-devel-1.3.18-23.module+el8.6.0+12721+8d053ff2.ppc64le.rpm ocaml-libguestfs-1.44.0-5.module+el8.6.0+13879+1439f356.ppc64le.rpm ocaml-libguestfs-debuginfo-1.44.0-5.module+el8.6.0+13879+1439f356.ppc64le.rpm ocaml-libguestfs-devel-1.44.0-5.module+el8.6.0+13879+1439f356.ppc64le.rpm ocaml-libnbd-1.6.0-5.module+el8.6.0+14167+61b0e671.ppc64le.rpm ocaml-libnbd-debuginfo-1.6.0-5.module+el8.6.0+14167+61b0e671.ppc64le.rpm ocaml-libnbd-devel-1.6.0-5.module+el8.6.0+14167+61b0e671.ppc64le.rpm qemu-kvm-tests-6.2.0-11.module+el8.6.0+14712+f96656d3.ppc64le.rpm s390x: ocaml-hivex-1.3.18-23.module+el8.6.0+12721+8d053ff2.s390x.rpm ocaml-hivex-debuginfo-1.3.18-23.module+el8.6.0+12721+8d053ff2.s390x.rpm ocaml-hivex-devel-1.3.18-23.module+el8.6.0+12721+8d053ff2.s390x.rpm ocaml-libguestfs-1.44.0-5.module+el8.6.0+13879+1439f356.s390x.rpm ocaml-libguestfs-debuginfo-1.44.0-5.module+el8.6.0+13879+1439f356.s390x.rpm ocaml-libguestfs-devel-1.44.0-5.module+el8.6.0+13879+1439f356.s390x.rpm ocaml-libnbd-1.6.0-5.module+el8.6.0+14167+61b0e671.s390x.rpm ocaml-libnbd-debuginfo-1.6.0-5.module+el8.6.0+14167+61b0e671.s390x.rpm ocaml-libnbd-devel-1.6.0-5.module+el8.6.0+14167+61b0e671.s390x.rpm qemu-kvm-tests-6.2.0-11.module+el8.6.0+14712+f96656d3.s390x.rpm x86_64: hivex-1.3.18-23.module+el8.6.0+12721+8d053ff2.i686.rpm hivex-debuginfo-1.3.18-23.module+el8.6.0+12721+8d053ff2.i686.rpm hivex-debugsource-1.3.18-23.module+el8.6.0+12721+8d053ff2.i686.rpm hivex-devel-1.3.18-23.module+el8.6.0+12721+8d053ff2.i686.rpm libguestfs-winsupport-8.6-1.module+el8.6.0+12721+8d053ff2.i686.rpm libiscsi-1.18.0-8.module+el8.4.0+8855+a9e237a9.i686.rpm libiscsi-debuginfo-1.18.0-8.module+el8.4.0+8855+a9e237a9.i686.rpm libiscsi-debugsource-1.18.0-8.module+el8.4.0+8855+a9e237a9.i686.rpm libiscsi-devel-1.18.0-8.module+el8.4.0+8855+a9e237a9.i686.rpm libiscsi-utils-1.18.0-8.module+el8.4.0+8855+a9e237a9.i686.rpm libiscsi-utils-debuginfo-1.18.0-8.module+el8.4.0+8855+a9e237a9.i686.rpm libnbd-1.6.0-5.module+el8.6.0+14167+61b0e671.i686.rpm libnbd-debuginfo-1.6.0-5.module+el8.6.0+14167+61b0e671.i686.rpm libnbd-debugsource-1.6.0-5.module+el8.6.0+14167+61b0e671.i686.rpm libnbd-devel-1.6.0-5.module+el8.6.0+14167+61b0e671.i686.rpm libvirt-8.0.0-5.module+el8.6.0+14495+7194fa43.i686.rpm libvirt-client-8.0.0-5.module+el8.6.0+14495+7194fa43.i686.rpm libvirt-client-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.i686.rpm libvirt-daemon-8.0.0-5.module+el8.6.0+14495+7194fa43.i686.rpm libvirt-daemon-config-network-8.0.0-5.module+el8.6.0+14495+7194fa43.i686.rpm libvirt-daemon-config-nwfilter-8.0.0-5.module+el8.6.0+14495+7194fa43.i686.rpm libvirt-daemon-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.i686.rpm libvirt-daemon-driver-interface-8.0.0-5.module+el8.6.0+14495+7194fa43.i686.rpm libvirt-daemon-driver-interface-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.i686.rpm libvirt-daemon-driver-network-8.0.0-5.module+el8.6.0+14495+7194fa43.i686.rpm libvirt-daemon-driver-network-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.i686.rpm libvirt-daemon-driver-nodedev-8.0.0-5.module+el8.6.0+14495+7194fa43.i686.rpm libvirt-daemon-driver-nodedev-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.i686.rpm libvirt-daemon-driver-nwfilter-8.0.0-5.module+el8.6.0+14495+7194fa43.i686.rpm libvirt-daemon-driver-nwfilter-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.i686.rpm libvirt-daemon-driver-secret-8.0.0-5.module+el8.6.0+14495+7194fa43.i686.rpm libvirt-daemon-driver-secret-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.i686.rpm libvirt-daemon-driver-storage-8.0.0-5.module+el8.6.0+14495+7194fa43.i686.rpm libvirt-daemon-driver-storage-core-8.0.0-5.module+el8.6.0+14495+7194fa43.i686.rpm libvirt-daemon-driver-storage-core-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.i686.rpm libvirt-daemon-driver-storage-disk-8.0.0-5.module+el8.6.0+14495+7194fa43.i686.rpm libvirt-daemon-driver-storage-disk-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.i686.rpm libvirt-daemon-driver-storage-iscsi-8.0.0-5.module+el8.6.0+14495+7194fa43.i686.rpm libvirt-daemon-driver-storage-iscsi-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.i686.rpm libvirt-daemon-driver-storage-iscsi-direct-8.0.0-5.module+el8.6.0+14495+7194fa43.i686.rpm libvirt-daemon-driver-storage-iscsi-direct-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.i686.rpm libvirt-daemon-driver-storage-logical-8.0.0-5.module+el8.6.0+14495+7194fa43.i686.rpm libvirt-daemon-driver-storage-logical-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.i686.rpm libvirt-daemon-driver-storage-mpath-8.0.0-5.module+el8.6.0+14495+7194fa43.i686.rpm libvirt-daemon-driver-storage-mpath-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.i686.rpm libvirt-daemon-driver-storage-scsi-8.0.0-5.module+el8.6.0+14495+7194fa43.i686.rpm libvirt-daemon-driver-storage-scsi-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.i686.rpm libvirt-dbus-1.3.0-2.module+el8.6.0+12721+8d053ff2.i686.rpm libvirt-dbus-debuginfo-1.3.0-2.module+el8.6.0+12721+8d053ff2.i686.rpm libvirt-dbus-debugsource-1.3.0-2.module+el8.6.0+12721+8d053ff2.i686.rpm libvirt-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.i686.rpm libvirt-debugsource-8.0.0-5.module+el8.6.0+14495+7194fa43.i686.rpm libvirt-devel-8.0.0-5.module+el8.6.0+14495+7194fa43.i686.rpm libvirt-docs-8.0.0-5.module+el8.6.0+14495+7194fa43.i686.rpm libvirt-libs-8.0.0-5.module+el8.6.0+14495+7194fa43.i686.rpm libvirt-libs-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.i686.rpm libvirt-nss-8.0.0-5.module+el8.6.0+14495+7194fa43.i686.rpm libvirt-nss-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.i686.rpm libvirt-python-debugsource-8.0.0-1.module+el8.6.0+13896+a8fa8f67.i686.rpm libvirt-wireshark-8.0.0-5.module+el8.6.0+14495+7194fa43.i686.rpm libvirt-wireshark-debuginfo-8.0.0-5.module+el8.6.0+14495+7194fa43.i686.rpm nbdfuse-1.6.0-5.module+el8.6.0+14167+61b0e671.i686.rpm nbdfuse-debuginfo-1.6.0-5.module+el8.6.0+14167+61b0e671.i686.rpm netcf-0.2.8-12.module+el8.4.0+8855+a9e237a9.i686.rpm netcf-debuginfo-0.2.8-12.module+el8.4.0+8855+a9e237a9.i686.rpm netcf-debugsource-0.2.8-12.module+el8.4.0+8855+a9e237a9.i686.rpm netcf-devel-0.2.8-12.module+el8.4.0+8855+a9e237a9.i686.rpm netcf-libs-0.2.8-12.module+el8.4.0+8855+a9e237a9.i686.rpm netcf-libs-debuginfo-0.2.8-12.module+el8.4.0+8855+a9e237a9.i686.rpm ocaml-hivex-1.3.18-23.module+el8.6.0+12721+8d053ff2.i686.rpm ocaml-hivex-1.3.18-23.module+el8.6.0+12721+8d053ff2.x86_64.rpm ocaml-hivex-debuginfo-1.3.18-23.module+el8.6.0+12721+8d053ff2.i686.rpm ocaml-hivex-debuginfo-1.3.18-23.module+el8.6.0+12721+8d053ff2.x86_64.rpm ocaml-hivex-devel-1.3.18-23.module+el8.6.0+12721+8d053ff2.i686.rpm ocaml-hivex-devel-1.3.18-23.module+el8.6.0+12721+8d053ff2.x86_64.rpm ocaml-libguestfs-1.44.0-5.module+el8.6.0+13879+1439f356.x86_64.rpm ocaml-libguestfs-debuginfo-1.44.0-5.module+el8.6.0+13879+1439f356.x86_64.rpm ocaml-libguestfs-devel-1.44.0-5.module+el8.6.0+13879+1439f356.x86_64.rpm ocaml-libnbd-1.6.0-5.module+el8.6.0+14167+61b0e671.i686.rpm ocaml-libnbd-1.6.0-5.module+el8.6.0+14167+61b0e671.x86_64.rpm ocaml-libnbd-debuginfo-1.6.0-5.module+el8.6.0+14167+61b0e671.i686.rpm ocaml-libnbd-debuginfo-1.6.0-5.module+el8.6.0+14167+61b0e671.x86_64.rpm ocaml-libnbd-devel-1.6.0-5.module+el8.6.0+14167+61b0e671.i686.rpm ocaml-libnbd-devel-1.6.0-5.module+el8.6.0+14167+61b0e671.x86_64.rpm perl-Sys-Virt-8.0.0-1.module+el8.6.0+13896+a8fa8f67.i686.rpm perl-Sys-Virt-debuginfo-8.0.0-1.module+el8.6.0+13896+a8fa8f67.i686.rpm perl-Sys-Virt-debugsource-8.0.0-1.module+el8.6.0+13896+a8fa8f67.i686.rpm perl-hivex-1.3.18-23.module+el8.6.0+12721+8d053ff2.i686.rpm perl-hivex-debuginfo-1.3.18-23.module+el8.6.0+12721+8d053ff2.i686.rpm python3-hivex-1.3.18-23.module+el8.6.0+12721+8d053ff2.i686.rpm python3-hivex-debuginfo-1.3.18-23.module+el8.6.0+12721+8d053ff2.i686.rpm python3-libnbd-1.6.0-5.module+el8.6.0+14167+61b0e671.i686.rpm python3-libnbd-debuginfo-1.6.0-5.module+el8.6.0+14167+61b0e671.i686.rpm python3-libvirt-8.0.0-1.module+el8.6.0+13896+a8fa8f67.i686.rpm python3-libvirt-debuginfo-8.0.0-1.module+el8.6.0+13896+a8fa8f67.i686.rpm qemu-kvm-tests-6.2.0-11.module+el8.6.0+14712+f96656d3.x86_64.rpm ruby-hivex-1.3.18-23.module+el8.6.0+12721+8d053ff2.i686.rpm ruby-hivex-debuginfo-1.3.18-23.module+el8.6.0+12721+8d053ff2.i686.rpm sgabios-0.20170427git-3.module+el8.4.0+8855+a9e237a9.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-0485 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYnvx89zjgjWX9erEAQhOABAAmqcDzbURAKkYqUXhe9miHTqYRHKsH4CP MMsIvKXz9BEwaTSh+SuH+RetP9hWXLCZ2vqKibDB2ARf/LyC1BjQ9cZwf7KVlaqZ +KZ+B+47E5abP1c0PL+l2ZGmGwRFPgvMLrpFs/W0YtejjO2Y1gAiIi9XX+/wGn16 mrm9L5GWC6vGCH+IbiGWtjQC3SYLJPgUDu9mwYH5He0hxCW6NF6VSeg93fz88RTx U8A3HSrkXfDtPVoXGHvmIKoDVCPNEOo1ud4QKDAHfN2hacuu7NhUX9E781fDqEtp hmu81ABoUf/tpHLronFRfVaktd6u1GOjnByn4Vr+EaIgLPANKdckpygYWGUjyUdc EKCc/ruKVqxAGUzz3o6SJEVwvao7HRZ5LlOpQ/qWMRyK59HCzfAknpXYbAcIV+34 P1/61e4hikGWczxnRbqdUNCpS3VmjTNX8o/0OrwoRR+Env1bQ5nRwiY1qMQeHjRy QdCeByaIo3X22wHN/sRh0LToo5z2LktjKivdKj8gHLMFTG9Af4zQRDTc3H4rn7V8 4BTqTq9H7W8OB87APIH9oWR24N/ZlLKgsUxDDjiMM41VY2+/0ZJ42HPwknA0dPKe dq0GhFClQWiEbC/eAjjBBHSqxFlW7cGlZmkLc37exYm8fQhHyp2aqhZoHEOkRHWZ Fj9V52F9X5Y= =sZfA - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYnw/MckNZI30y1K9AQhcPRAAjTuMJvy0bsdc3CA8wqtA7UiMc2l7Cupm 3joYM1gRtFvnfUsnv+PX4wT33W+xADEBVkKb/AJd6JKnosg5B4U1gyu95sBnWYdT FZ28Er6MevmjHq+dLd61J5RqIoXwTTWHF/f8mC5+s0u8VjaY07b3gpVHUY8gzzZT mSMfW1/H1cxm1boPFfzEZl+V1BBq8pcHUe6VCieg98fSZ+5PewE3C1NC0o5t2sUu EezFkXswzcTxRH2y15RVzbh/YjOVYaPUDNrScSovJdLiS8FTVasOiyd3t5D0jaxJ QNG5LFJ4Kvk0n1i1hAwY9SmEjSCA9UryjeB/qUnsXG/cgPc18o8hHUv4nscYkKAh b+VqtdfJ8OewcMv3uXmgMa17iGdfyVZiWtbYq7zyRxcfMdaCFGZg0dFZUglOqZC6 inm/7b9brT5/tdkTMCGnBfTcmbPQ4UyJDiGte9WS6gRavqKhWhOZNI6WboHqLaY1 3X9aJonPz/diHKm99MUSGOfnMU2phWUhqJsSWzdUlMqgMzKYRae2ZgkJ1rhLA+wT j2OsDX3aUDIT1zlr5VdQuewvy+skiUG3QNM+cD5ULDnKs7j7BcH3+0LU7kmNq2JX Rh99/HguN2hNy64T2OZu6TRQcjS6qMhm/ojFoSCbyLkHtpuMfKOXEkP/KjATjxRH YDN6CJ6JnPw= =H9r4 -----END PGP SIGNATURE-----
2022. május 12.

ESB-2022.2281.2 - UPDATE [RedHat] container-tools:3.0: CVSS (Max): 8.0

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2281.2 container-tools:3.0 security update 12 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: container-tools:3.0 Publisher: Red Hat Operating System: Red Hat Resolution: Patch/Upgrade CVE Names: CVE-2022-1227 Original Bulletin: https://access.redhat.com/errata/RHSA-2022:2143 Comment: CVSS (Max): 8.0 CVE-2022-1227 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H) CVSS Source: Red Hat Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Revision History: May 12 2022: Resend following GPG key renewal May 11 2022: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: container-tools:3.0 security update Advisory ID: RHSA-2022:2143-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:2143 Issue date: 2022-05-10 CVE Names: CVE-2022-1227 ===================================================================== 1. Summary: An update for the container-tools:3.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): * psgo: Privilege escalation in 'podman top' (CVE-2022-1227) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2070368 - CVE-2022-1227 psgo: Privilege escalation in 'podman top' 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: buildah-1.19.9-3.module+el8.6.0+14874+64436299.src.rpm cockpit-podman-29-2.module+el8.6.0+14874+64436299.src.rpm conmon-2.0.26-1.module+el8.6.0+14874+64436299.src.rpm container-selinux-2.178.0-2.module+el8.6.0+14874+64436299.src.rpm containernetworking-plugins-0.9.1-1.module+el8.6.0+14874+64436299.src.rpm criu-3.15-1.module+el8.6.0+14874+64436299.src.rpm crun-0.18-3.module+el8.6.0+14874+64436299.src.rpm fuse-overlayfs-1.4.0-2.module+el8.6.0+14874+64436299.src.rpm libslirp-4.3.1-1.module+el8.6.0+14874+64436299.src.rpm oci-seccomp-bpf-hook-1.2.0-3.module+el8.6.0+14874+64436299.src.rpm podman-3.0.1-9.module+el8.6.0+14874+64436299.src.rpm runc-1.0.0-73.rc95.module+el8.6.0+14874+64436299.src.rpm skopeo-1.2.4-1.module+el8.6.0+14874+64436299.src.rpm slirp4netns-1.1.8-1.module+el8.6.0+14874+64436299.src.rpm toolbox-0.0.99.3-1.module+el8.6.0+14874+64436299.src.rpm udica-0.2.4-1.module+el8.6.0+14874+64436299.src.rpm aarch64: buildah-1.19.9-3.module+el8.6.0+14874+64436299.aarch64.rpm buildah-debuginfo-1.19.9-3.module+el8.6.0+14874+64436299.aarch64.rpm buildah-debugsource-1.19.9-3.module+el8.6.0+14874+64436299.aarch64.rpm buildah-tests-1.19.9-3.module+el8.6.0+14874+64436299.aarch64.rpm buildah-tests-debuginfo-1.19.9-3.module+el8.6.0+14874+64436299.aarch64.rpm conmon-2.0.26-1.module+el8.6.0+14874+64436299.aarch64.rpm conmon-debuginfo-2.0.26-1.module+el8.6.0+14874+64436299.aarch64.rpm conmon-debugsource-2.0.26-1.module+el8.6.0+14874+64436299.aarch64.rpm containernetworking-plugins-0.9.1-1.module+el8.6.0+14874+64436299.aarch64.rpm containernetworking-plugins-debuginfo-0.9.1-1.module+el8.6.0+14874+64436299.aarch64.rpm containernetworking-plugins-debugsource-0.9.1-1.module+el8.6.0+14874+64436299.aarch64.rpm containers-common-1.2.4-1.module+el8.6.0+14874+64436299.aarch64.rpm crit-3.15-1.module+el8.6.0+14874+64436299.aarch64.rpm criu-3.15-1.module+el8.6.0+14874+64436299.aarch64.rpm criu-debuginfo-3.15-1.module+el8.6.0+14874+64436299.aarch64.rpm criu-debugsource-3.15-1.module+el8.6.0+14874+64436299.aarch64.rpm crun-0.18-3.module+el8.6.0+14874+64436299.aarch64.rpm crun-debuginfo-0.18-3.module+el8.6.0+14874+64436299.aarch64.rpm crun-debugsource-0.18-3.module+el8.6.0+14874+64436299.aarch64.rpm fuse-overlayfs-1.4.0-2.module+el8.6.0+14874+64436299.aarch64.rpm fuse-overlayfs-debuginfo-1.4.0-2.module+el8.6.0+14874+64436299.aarch64.rpm fuse-overlayfs-debugsource-1.4.0-2.module+el8.6.0+14874+64436299.aarch64.rpm libslirp-4.3.1-1.module+el8.6.0+14874+64436299.aarch64.rpm libslirp-debuginfo-4.3.1-1.module+el8.6.0+14874+64436299.aarch64.rpm libslirp-debugsource-4.3.1-1.module+el8.6.0+14874+64436299.aarch64.rpm libslirp-devel-4.3.1-1.module+el8.6.0+14874+64436299.aarch64.rpm oci-seccomp-bpf-hook-1.2.0-3.module+el8.6.0+14874+64436299.aarch64.rpm oci-seccomp-bpf-hook-debuginfo-1.2.0-3.module+el8.6.0+14874+64436299.aarch64.rpm oci-seccomp-bpf-hook-debugsource-1.2.0-3.module+el8.6.0+14874+64436299.aarch64.rpm podman-3.0.1-9.module+el8.6.0+14874+64436299.aarch64.rpm podman-catatonit-3.0.1-9.module+el8.6.0+14874+64436299.aarch64.rpm podman-catatonit-debuginfo-3.0.1-9.module+el8.6.0+14874+64436299.aarch64.rpm podman-debuginfo-3.0.1-9.module+el8.6.0+14874+64436299.aarch64.rpm podman-debugsource-3.0.1-9.module+el8.6.0+14874+64436299.aarch64.rpm podman-plugins-3.0.1-9.module+el8.6.0+14874+64436299.aarch64.rpm podman-plugins-debuginfo-3.0.1-9.module+el8.6.0+14874+64436299.aarch64.rpm podman-remote-3.0.1-9.module+el8.6.0+14874+64436299.aarch64.rpm podman-remote-debuginfo-3.0.1-9.module+el8.6.0+14874+64436299.aarch64.rpm podman-tests-3.0.1-9.module+el8.6.0+14874+64436299.aarch64.rpm python3-criu-3.15-1.module+el8.6.0+14874+64436299.aarch64.rpm runc-1.0.0-73.rc95.module+el8.6.0+14874+64436299.aarch64.rpm runc-debuginfo-1.0.0-73.rc95.module+el8.6.0+14874+64436299.aarch64.rpm runc-debugsource-1.0.0-73.rc95.module+el8.6.0+14874+64436299.aarch64.rpm skopeo-1.2.4-1.module+el8.6.0+14874+64436299.aarch64.rpm skopeo-debuginfo-1.2.4-1.module+el8.6.0+14874+64436299.aarch64.rpm skopeo-debugsource-1.2.4-1.module+el8.6.0+14874+64436299.aarch64.rpm skopeo-tests-1.2.4-1.module+el8.6.0+14874+64436299.aarch64.rpm slirp4netns-1.1.8-1.module+el8.6.0+14874+64436299.aarch64.rpm slirp4netns-debuginfo-1.1.8-1.module+el8.6.0+14874+64436299.aarch64.rpm slirp4netns-debugsource-1.1.8-1.module+el8.6.0+14874+64436299.aarch64.rpm toolbox-0.0.99.3-1.module+el8.6.0+14874+64436299.aarch64.rpm toolbox-debuginfo-0.0.99.3-1.module+el8.6.0+14874+64436299.aarch64.rpm toolbox-debugsource-0.0.99.3-1.module+el8.6.0+14874+64436299.aarch64.rpm toolbox-tests-0.0.99.3-1.module+el8.6.0+14874+64436299.aarch64.rpm noarch: cockpit-podman-29-2.module+el8.6.0+14874+64436299.noarch.rpm container-selinux-2.178.0-2.module+el8.6.0+14874+64436299.noarch.rpm podman-docker-3.0.1-9.module+el8.6.0+14874+64436299.noarch.rpm udica-0.2.4-1.module+el8.6.0+14874+64436299.noarch.rpm ppc64le: buildah-1.19.9-3.module+el8.6.0+14874+64436299.ppc64le.rpm buildah-debuginfo-1.19.9-3.module+el8.6.0+14874+64436299.ppc64le.rpm buildah-debugsource-1.19.9-3.module+el8.6.0+14874+64436299.ppc64le.rpm buildah-tests-1.19.9-3.module+el8.6.0+14874+64436299.ppc64le.rpm buildah-tests-debuginfo-1.19.9-3.module+el8.6.0+14874+64436299.ppc64le.rpm conmon-2.0.26-1.module+el8.6.0+14874+64436299.ppc64le.rpm conmon-debuginfo-2.0.26-1.module+el8.6.0+14874+64436299.ppc64le.rpm conmon-debugsource-2.0.26-1.module+el8.6.0+14874+64436299.ppc64le.rpm containernetworking-plugins-0.9.1-1.module+el8.6.0+14874+64436299.ppc64le.rpm containernetworking-plugins-debuginfo-0.9.1-1.module+el8.6.0+14874+64436299.ppc64le.rpm containernetworking-plugins-debugsource-0.9.1-1.module+el8.6.0+14874+64436299.ppc64le.rpm containers-common-1.2.4-1.module+el8.6.0+14874+64436299.ppc64le.rpm crit-3.15-1.module+el8.6.0+14874+64436299.ppc64le.rpm criu-3.15-1.module+el8.6.0+14874+64436299.ppc64le.rpm criu-debuginfo-3.15-1.module+el8.6.0+14874+64436299.ppc64le.rpm criu-debugsource-3.15-1.module+el8.6.0+14874+64436299.ppc64le.rpm crun-0.18-3.module+el8.6.0+14874+64436299.ppc64le.rpm crun-debuginfo-0.18-3.module+el8.6.0+14874+64436299.ppc64le.rpm crun-debugsource-0.18-3.module+el8.6.0+14874+64436299.ppc64le.rpm fuse-overlayfs-1.4.0-2.module+el8.6.0+14874+64436299.ppc64le.rpm fuse-overlayfs-debuginfo-1.4.0-2.module+el8.6.0+14874+64436299.ppc64le.rpm fuse-overlayfs-debugsource-1.4.0-2.module+el8.6.0+14874+64436299.ppc64le.rpm libslirp-4.3.1-1.module+el8.6.0+14874+64436299.ppc64le.rpm libslirp-debuginfo-4.3.1-1.module+el8.6.0+14874+64436299.ppc64le.rpm libslirp-debugsource-4.3.1-1.module+el8.6.0+14874+64436299.ppc64le.rpm libslirp-devel-4.3.1-1.module+el8.6.0+14874+64436299.ppc64le.rpm oci-seccomp-bpf-hook-1.2.0-3.module+el8.6.0+14874+64436299.ppc64le.rpm oci-seccomp-bpf-hook-debuginfo-1.2.0-3.module+el8.6.0+14874+64436299.ppc64le.rpm oci-seccomp-bpf-hook-debugsource-1.2.0-3.module+el8.6.0+14874+64436299.ppc64le.rpm podman-3.0.1-9.module+el8.6.0+14874+64436299.ppc64le.rpm podman-catatonit-3.0.1-9.module+el8.6.0+14874+64436299.ppc64le.rpm podman-catatonit-debuginfo-3.0.1-9.module+el8.6.0+14874+64436299.ppc64le.rpm podman-debuginfo-3.0.1-9.module+el8.6.0+14874+64436299.ppc64le.rpm podman-debugsource-3.0.1-9.module+el8.6.0+14874+64436299.ppc64le.rpm podman-plugins-3.0.1-9.module+el8.6.0+14874+64436299.ppc64le.rpm podman-plugins-debuginfo-3.0.1-9.module+el8.6.0+14874+64436299.ppc64le.rpm podman-remote-3.0.1-9.module+el8.6.0+14874+64436299.ppc64le.rpm podman-remote-debuginfo-3.0.1-9.module+el8.6.0+14874+64436299.ppc64le.rpm podman-tests-3.0.1-9.module+el8.6.0+14874+64436299.ppc64le.rpm python3-criu-3.15-1.module+el8.6.0+14874+64436299.ppc64le.rpm runc-1.0.0-73.rc95.module+el8.6.0+14874+64436299.ppc64le.rpm runc-debuginfo-1.0.0-73.rc95.module+el8.6.0+14874+64436299.ppc64le.rpm runc-debugsource-1.0.0-73.rc95.module+el8.6.0+14874+64436299.ppc64le.rpm skopeo-1.2.4-1.module+el8.6.0+14874+64436299.ppc64le.rpm skopeo-debuginfo-1.2.4-1.module+el8.6.0+14874+64436299.ppc64le.rpm skopeo-debugsource-1.2.4-1.module+el8.6.0+14874+64436299.ppc64le.rpm skopeo-tests-1.2.4-1.module+el8.6.0+14874+64436299.ppc64le.rpm slirp4netns-1.1.8-1.module+el8.6.0+14874+64436299.ppc64le.rpm slirp4netns-debuginfo-1.1.8-1.module+el8.6.0+14874+64436299.ppc64le.rpm slirp4netns-debugsource-1.1.8-1.module+el8.6.0+14874+64436299.ppc64le.rpm toolbox-0.0.99.3-1.module+el8.6.0+14874+64436299.ppc64le.rpm toolbox-debuginfo-0.0.99.3-1.module+el8.6.0+14874+64436299.ppc64le.rpm toolbox-debugsource-0.0.99.3-1.module+el8.6.0+14874+64436299.ppc64le.rpm toolbox-tests-0.0.99.3-1.module+el8.6.0+14874+64436299.ppc64le.rpm s390x: buildah-1.19.9-3.module+el8.6.0+14874+64436299.s390x.rpm buildah-debuginfo-1.19.9-3.module+el8.6.0+14874+64436299.s390x.rpm buildah-debugsource-1.19.9-3.module+el8.6.0+14874+64436299.s390x.rpm buildah-tests-1.19.9-3.module+el8.6.0+14874+64436299.s390x.rpm buildah-tests-debuginfo-1.19.9-3.module+el8.6.0+14874+64436299.s390x.rpm conmon-2.0.26-1.module+el8.6.0+14874+64436299.s390x.rpm conmon-debuginfo-2.0.26-1.module+el8.6.0+14874+64436299.s390x.rpm conmon-debugsource-2.0.26-1.module+el8.6.0+14874+64436299.s390x.rpm containernetworking-plugins-0.9.1-1.module+el8.6.0+14874+64436299.s390x.rpm containernetworking-plugins-debuginfo-0.9.1-1.module+el8.6.0+14874+64436299.s390x.rpm containernetworking-plugins-debugsource-0.9.1-1.module+el8.6.0+14874+64436299.s390x.rpm containers-common-1.2.4-1.module+el8.6.0+14874+64436299.s390x.rpm crit-3.15-1.module+el8.6.0+14874+64436299.s390x.rpm criu-3.15-1.module+el8.6.0+14874+64436299.s390x.rpm criu-debuginfo-3.15-1.module+el8.6.0+14874+64436299.s390x.rpm criu-debugsource-3.15-1.module+el8.6.0+14874+64436299.s390x.rpm crun-0.18-3.module+el8.6.0+14874+64436299.s390x.rpm crun-debuginfo-0.18-3.module+el8.6.0+14874+64436299.s390x.rpm crun-debugsource-0.18-3.module+el8.6.0+14874+64436299.s390x.rpm fuse-overlayfs-1.4.0-2.module+el8.6.0+14874+64436299.s390x.rpm fuse-overlayfs-debuginfo-1.4.0-2.module+el8.6.0+14874+64436299.s390x.rpm fuse-overlayfs-debugsource-1.4.0-2.module+el8.6.0+14874+64436299.s390x.rpm libslirp-4.3.1-1.module+el8.6.0+14874+64436299.s390x.rpm libslirp-debuginfo-4.3.1-1.module+el8.6.0+14874+64436299.s390x.rpm libslirp-debugsource-4.3.1-1.module+el8.6.0+14874+64436299.s390x.rpm libslirp-devel-4.3.1-1.module+el8.6.0+14874+64436299.s390x.rpm oci-seccomp-bpf-hook-1.2.0-3.module+el8.6.0+14874+64436299.s390x.rpm oci-seccomp-bpf-hook-debuginfo-1.2.0-3.module+el8.6.0+14874+64436299.s390x.rpm oci-seccomp-bpf-hook-debugsource-1.2.0-3.module+el8.6.0+14874+64436299.s390x.rpm podman-3.0.1-9.module+el8.6.0+14874+64436299.s390x.rpm podman-catatonit-3.0.1-9.module+el8.6.0+14874+64436299.s390x.rpm podman-catatonit-debuginfo-3.0.1-9.module+el8.6.0+14874+64436299.s390x.rpm podman-debuginfo-3.0.1-9.module+el8.6.0+14874+64436299.s390x.rpm podman-debugsource-3.0.1-9.module+el8.6.0+14874+64436299.s390x.rpm podman-plugins-3.0.1-9.module+el8.6.0+14874+64436299.s390x.rpm podman-plugins-debuginfo-3.0.1-9.module+el8.6.0+14874+64436299.s390x.rpm podman-remote-3.0.1-9.module+el8.6.0+14874+64436299.s390x.rpm podman-remote-debuginfo-3.0.1-9.module+el8.6.0+14874+64436299.s390x.rpm podman-tests-3.0.1-9.module+el8.6.0+14874+64436299.s390x.rpm python3-criu-3.15-1.module+el8.6.0+14874+64436299.s390x.rpm runc-1.0.0-73.rc95.module+el8.6.0+14874+64436299.s390x.rpm runc-debuginfo-1.0.0-73.rc95.module+el8.6.0+14874+64436299.s390x.rpm runc-debugsource-1.0.0-73.rc95.module+el8.6.0+14874+64436299.s390x.rpm skopeo-1.2.4-1.module+el8.6.0+14874+64436299.s390x.rpm skopeo-debuginfo-1.2.4-1.module+el8.6.0+14874+64436299.s390x.rpm skopeo-debugsource-1.2.4-1.module+el8.6.0+14874+64436299.s390x.rpm skopeo-tests-1.2.4-1.module+el8.6.0+14874+64436299.s390x.rpm slirp4netns-1.1.8-1.module+el8.6.0+14874+64436299.s390x.rpm slirp4netns-debuginfo-1.1.8-1.module+el8.6.0+14874+64436299.s390x.rpm slirp4netns-debugsource-1.1.8-1.module+el8.6.0+14874+64436299.s390x.rpm toolbox-0.0.99.3-1.module+el8.6.0+14874+64436299.s390x.rpm toolbox-debuginfo-0.0.99.3-1.module+el8.6.0+14874+64436299.s390x.rpm toolbox-debugsource-0.0.99.3-1.module+el8.6.0+14874+64436299.s390x.rpm toolbox-tests-0.0.99.3-1.module+el8.6.0+14874+64436299.s390x.rpm x86_64: buildah-1.19.9-3.module+el8.6.0+14874+64436299.x86_64.rpm buildah-debuginfo-1.19.9-3.module+el8.6.0+14874+64436299.x86_64.rpm buildah-debugsource-1.19.9-3.module+el8.6.0+14874+64436299.x86_64.rpm buildah-tests-1.19.9-3.module+el8.6.0+14874+64436299.x86_64.rpm buildah-tests-debuginfo-1.19.9-3.module+el8.6.0+14874+64436299.x86_64.rpm conmon-2.0.26-1.module+el8.6.0+14874+64436299.x86_64.rpm conmon-debuginfo-2.0.26-1.module+el8.6.0+14874+64436299.x86_64.rpm conmon-debugsource-2.0.26-1.module+el8.6.0+14874+64436299.x86_64.rpm containernetworking-plugins-0.9.1-1.module+el8.6.0+14874+64436299.x86_64.rpm containernetworking-plugins-debuginfo-0.9.1-1.module+el8.6.0+14874+64436299.x86_64.rpm containernetworking-plugins-debugsource-0.9.1-1.module+el8.6.0+14874+64436299.x86_64.rpm containers-common-1.2.4-1.module+el8.6.0+14874+64436299.x86_64.rpm crit-3.15-1.module+el8.6.0+14874+64436299.x86_64.rpm criu-3.15-1.module+el8.6.0+14874+64436299.x86_64.rpm criu-debuginfo-3.15-1.module+el8.6.0+14874+64436299.x86_64.rpm criu-debugsource-3.15-1.module+el8.6.0+14874+64436299.x86_64.rpm crun-0.18-3.module+el8.6.0+14874+64436299.x86_64.rpm crun-debuginfo-0.18-3.module+el8.6.0+14874+64436299.x86_64.rpm crun-debugsource-0.18-3.module+el8.6.0+14874+64436299.x86_64.rpm fuse-overlayfs-1.4.0-2.module+el8.6.0+14874+64436299.x86_64.rpm fuse-overlayfs-debuginfo-1.4.0-2.module+el8.6.0+14874+64436299.x86_64.rpm fuse-overlayfs-debugsource-1.4.0-2.module+el8.6.0+14874+64436299.x86_64.rpm libslirp-4.3.1-1.module+el8.6.0+14874+64436299.x86_64.rpm libslirp-debuginfo-4.3.1-1.module+el8.6.0+14874+64436299.x86_64.rpm libslirp-debugsource-4.3.1-1.module+el8.6.0+14874+64436299.x86_64.rpm libslirp-devel-4.3.1-1.module+el8.6.0+14874+64436299.x86_64.rpm oci-seccomp-bpf-hook-1.2.0-3.module+el8.6.0+14874+64436299.x86_64.rpm oci-seccomp-bpf-hook-debuginfo-1.2.0-3.module+el8.6.0+14874+64436299.x86_64.rpm oci-seccomp-bpf-hook-debugsource-1.2.0-3.module+el8.6.0+14874+64436299.x86_64.rpm podman-3.0.1-9.module+el8.6.0+14874+64436299.x86_64.rpm podman-catatonit-3.0.1-9.module+el8.6.0+14874+64436299.x86_64.rpm podman-catatonit-debuginfo-3.0.1-9.module+el8.6.0+14874+64436299.x86_64.rpm podman-debuginfo-3.0.1-9.module+el8.6.0+14874+64436299.x86_64.rpm podman-debugsource-3.0.1-9.module+el8.6.0+14874+64436299.x86_64.rpm podman-plugins-3.0.1-9.module+el8.6.0+14874+64436299.x86_64.rpm podman-plugins-debuginfo-3.0.1-9.module+el8.6.0+14874+64436299.x86_64.rpm podman-remote-3.0.1-9.module+el8.6.0+14874+64436299.x86_64.rpm podman-remote-debuginfo-3.0.1-9.module+el8.6.0+14874+64436299.x86_64.rpm podman-tests-3.0.1-9.module+el8.6.0+14874+64436299.x86_64.rpm python3-criu-3.15-1.module+el8.6.0+14874+64436299.x86_64.rpm runc-1.0.0-73.rc95.module+el8.6.0+14874+64436299.x86_64.rpm runc-debuginfo-1.0.0-73.rc95.module+el8.6.0+14874+64436299.x86_64.rpm runc-debugsource-1.0.0-73.rc95.module+el8.6.0+14874+64436299.x86_64.rpm skopeo-1.2.4-1.module+el8.6.0+14874+64436299.x86_64.rpm skopeo-debuginfo-1.2.4-1.module+el8.6.0+14874+64436299.x86_64.rpm skopeo-debugsource-1.2.4-1.module+el8.6.0+14874+64436299.x86_64.rpm skopeo-tests-1.2.4-1.module+el8.6.0+14874+64436299.x86_64.rpm slirp4netns-1.1.8-1.module+el8.6.0+14874+64436299.x86_64.rpm slirp4netns-debuginfo-1.1.8-1.module+el8.6.0+14874+64436299.x86_64.rpm slirp4netns-debugsource-1.1.8-1.module+el8.6.0+14874+64436299.x86_64.rpm toolbox-0.0.99.3-1.module+el8.6.0+14874+64436299.x86_64.rpm toolbox-debuginfo-0.0.99.3-1.module+el8.6.0+14874+64436299.x86_64.rpm toolbox-debugsource-0.0.99.3-1.module+el8.6.0+14874+64436299.x86_64.rpm toolbox-tests-0.0.99.3-1.module+el8.6.0+14874+64436299.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-1227 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYnrkZdzjgjWX9erEAQiXgA//Vsd0wHSxaYDFSKEQj7phdpoEQGb8plMs DXDfDIJzumt3nasAbbsedDOlRqqs7Kg5w4Pu+gMVq81cXQX6DrnTURZ88beEdbrh qp0mI9XgVk9nnhfRF9cBCQdmSWsFh6WDwYeoq51MUOkSxT68lpsa5+mrujEn5CIk xJUR2g7uhnR9oHXP6OS/zLuYNpKYm338kBD+NZ9x98PnpVX4WtRkNwwFn/pC1s/f pTvXqhbPA06ab93962SnfIgXGpXX3DsG7y+rRhkK8+vUzp8Zhp79ZgtnbTdCYMDv dr+mM7S/OuuhzLxQ1HuWPNvzZs23h54OaK0txcWC9lVTf2xPvyz2ePYVeJ4aH9tm OKtO8qCtUPe+RwelWQX5r3MwYxfYxRn/tWuleA1MUlaVvCrJfuVDuZI4t7Bnrse0 n3kvxhA923QXEoEy1RElwAvXyBoSXCNy3jMEwl7rPbiheX51YkPMGC/45k4JWz2o MMfCHxv9bB1iR6s7MeKc0KY+ZRray/8669SmTRChWRPxKBvP9mHah6XDSeHFnWbn IbzIAAwYkn7hSBVgYaT1J3B2SPzN6kDwYFzeRoO+6cSDtGEtpu0+itKkS3vvY3uJ Ny67REB21yt6/ZeYIpJUKtjGc+OYnLWFhfLQoii7Q7ptKjl9zkHMKHBJlB3NvIFj zg48Ig0ipog= =Cbba - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYnw698kNZI30y1K9AQh4qQ/+KMYLA3z+rq21RVm/2ZXnjFetxze+TGDE U+4T/lEz452JwwgypmjNvv33Yk4cFgr54Ylj21fELpZrg9wYN1+yU4FF08WpJqWs 3rrD0SNEAVAc3t5ifhl8HS+WKtRQ2sW7BMNI+y6CgsQBgsLQGURHd11LqPh07WdO KQXRbvx1O0Wt/jm+JMBP1IaRQaiOAM6+YxgCvoYqNLMaGn/QT2g1QcxCKUd3Vbik Hwp7Zs2sW3GhuT3oWT2RFMaJW8efNEhE8A6+nm6Rsi5YzQKG5J3j1O1UBQHsspTn dLGFNH5nQyfPZYKXR8NbsfcyX8EbCRaFusvm9jKhQ+L1LR/HoVHH4pf61LhUcP3U DSo2nb0nzNgazL0TR9BWHIIB5UvqwOsav2H/rvHySXy7UNB95ki7vd4qhdkZG4FA QyR+V9O3pNJZ2uncdeI3tvEEmrJVu5A+VqH0HNpgDhREpohQhRTvVNkNslS86NRH FdNmPxrJT7jgLqOT3M4w1KVstsE2GqQUnb19oVjEa5/4CdcUOYIbYicZWIE1juYd SoRObe4Yj6/2B4mymDNXah5xF8by2d+uhpt1x+V8PSSXTFK7GHkjWYwC9rgwDHHS i+/Pk3OGFxjmdx6jM72FYnMtd6Lw1UqRxHzYYGYvaJyP2PS2TfG/W+UeoLBXXzlf 3XXGRWvx6F4= =dkpz -----END PGP SIGNATURE-----
2022. május 12.

ESB-2022.2280.2 - UPDATE [Ubuntu] Cron: CVSS (Max): 6.7

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2280.2 USN-5259-3: Cron regression 12 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cron Publisher: Ubuntu Operating System: Ubuntu Resolution: Patch/Upgrade CVE Names: CVE-2019-9706 CVE-2019-9705 CVE-2019-9704 CVE-2017-9525 Original Bulletin: https://ubuntu.com/security/notices/USN-5259-3 Comment: CVSS (Max): 6.7 CVE-2017-9525 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Revision History: May 12 2022: Resend following GPG key renewal May 11 2022: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- USN-5259-3: Cron regression 11 May 2022 USN-5259-1 and USN-5259-2 introduced a regression in Cron. Releases o Ubuntu 18.04 LTS o Ubuntu 16.04 ESM Packages o cron - process scheduling daemon Details USN-5259-1 and USN-5259-2 fixed vulnerabilities in Cron. Unfortunately that update was incomplete and could introduce a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the postinst maintainer script in Cron unsafely handled file permissions during package install or update operations. An attacker could possibly use this issue to perform a privilege escalation attack. ( CVE-2017-9525 ) Florian Weimer discovered that Cron incorrectly handled certain memory operations during crontab file creation. An attacker could possibly use this issue to cause a denial of service. ( CVE-2019-9704 ) It was discovered that Cron incorrectly handled user input during crontab file creation. An attacker could possibly use this issue to cause a denial of service. ( CVE-2019-9705 ) It was discovered that Cron contained a use-after-free vulnerability in its force_rescan_user function. An attacker could possibly use this issue to cause a denial of service. ( CVE-2019-9706 ) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 o cron - 3.0pl1-128.1ubuntu1.2 Ubuntu 16.04 o cron - 3.0pl1-128ubuntu2+esm2 Available with UA Infra or UA Desktop In general, a standard system update will make all the necessary changes. References o CVE-2017-9525 o https://ubuntu.com/security/notices/USN-5259-2 o https://launchpad.net/bugs/1971895 Related notices o USN-5259-1 : cron o USN-5259-2 : cron - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYnw6iMkNZI30y1K9AQhxYxAAnTnguePGiA7VOQrcENQTv5jMZwIXamkw vRXwoMe1i4RuM3Iz4d1HpCelOP4F3KlLsO1CgHpSBUmLtl9gHonMxpfgysx2kzt/ CcP9kvDKBsXw3Qis9T6jZLX7AS3RoH7ojF4R4Fpt0oVvvs7Z9A0YgqB/Cibj/eAd s20H/IT0DDwHPwMTMSFYiji4O1RDUvAHF3RFVKsOa8zqjxfjzwZgZ0p7R8QcNdaF RHKID+8FCtN4gEn1dSuvXPMDcuv/3Gdd01aWDvUQi/1gMeh6fvevePe+T47cnpUp XmsgnVA2gJMdLRRoCv43I6AUJednN5bsmixp73CTMJRn8ILrVK38tQJ0BBW1u56Y toEMU9ESZhHIs+i3I5KwEc1TRXirTXpA0Ej6fKADEWWb5n8atmnS0yyaKDD3Gu3s 6Ylubp8F1WDkfJH9slCQfeqELRbhP7a4JcdcUlYDaWqkoHTfZxyES5HoR+zfZqKs AdaBm/Rmh6wZoM9vRChofyrePx/w4DjcvGnDOa6Msje2x1FKlBip6L4wKDuh8uiO Kvh20sdgPsvpdyawhyt8KzQYtg7z2cyfEwJVl7Mrce1JT3ShzXG5fHiHaYylI1v3 t5jkqqx7HCuAepivdel9K3p12mkkSabRh0oRL9n0b2tsavu596qETwIjsFB1sMtG GxYNS2x4GvA= =wt5P -----END PGP SIGNATURE-----
2022. május 12.

ESB-2022.2279.2 - UPDATE [Win][UNIX/Linux] Apache Tomcat: CVSS (Max): None

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2279.2 CVE-2022-29885 Apache Tomcat EncryptInterceptor 12 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Apache Tomcat Publisher: Apache Software Foundation Operating System: Windows UNIX variants (UNIX, Linux, OSX) Resolution: Patch/Upgrade CVE Names: CVE-2022-29885 Original Bulletin: https://lists.apache.org/thread/2b4qmhbcyqvc7dyfpjyx54c03x65vhcv Comment: CVSS (Max): None available when published Revision History: May 12 2022: Resend following GPG key renewal May 11 2022: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- CVE-2022-29885 Apache Tomcat EncryptInterceptor Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 10.1.0-M1 to 10.1.0-M14 Apache Tomcat 10.0.0-M1 to 10.0.20 Apache Tomcat 9.0.13 to 9.0.62 Apache Tomcat 8.5.38 to 8.5.78 Description: The documentation for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks. Mitigation: Users running clustering over an untrusted network who require full protection should switch to an alternative solution such as running the clustering communication over a VPN. History: 2022-05-10 Original advisory Credit: This issue was reported to the Apache Tomcat Security team by 4ra1n. References: [1] https://tomcat.apache.org/security-10.html [2] https://tomcat.apache.org/security-9.html [3] https://tomcat.apache.org/security-8.html - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYnw53ckNZI30y1K9AQjeNw//TOA4A20Xa41vgA16EFaOpuuXgmidUYL7 kGXesQSAVowiDn8VqBcOqeTvV+ECM5zpskO7SZxxCZz+wWlnaDFziq/bLDh9FO7R mc15DdR/MnXzhDc6QUEhozM7pZkJORr4j6O8LB0PxOsfItc9pWOnCHeK2tHFzrgq g54BK/4fmhYrK0BgZk+7u6TtxJxn85UTWJSd+FDq1NCWePurV1K7TWnvZnGTwrtn HhUcZ6QevL/nCuKgYmWNZjFBgvpVO5gslNAhg1Qx1TMd5wQUyb+0r9ay7xIc6LR5 FsIRVGyEXmWNcaPwL0UVbCM+J7k7wjJcZ2CIfYk/1AsdynQ3y4nh163dG1FoJ7jq x6Xee2o81Ipo7bsN9MhIPISWexr8Q/FAchEsWDFbSzaVZSbvSb+gKqPCcn4Tpf1N DcV+qaJFdky+ELG0v7MbF3MgUdlZm5GCfCQ57NsGLfVsh1+M7zMxd5OWHYr+0/0k isTfHU2mwrkIheUlDhd3CNLbluyfLI5RIApFC5sA7DCsuGbjFO6o2WUD3782v20A bUYUJsD84xtliSE3bIgB7UmEAKT/12KmBxbPK2V9eVn8T9UboSx408dlw3/dbxRU KqXpKC4h0ttuU+06iDxHgGQ6FdFArWQM1b3cRwZiy81TafG+PUtST7dJa3ra2qXe R+u1PosQQMM= =0MMS -----END PGP SIGNATURE-----
2022. május 11.

ESB-2022.2282 - [Win][UNIX/Linux] Intel Optane SSD: CVSS (Max): 7.9

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.2282 Intel SSD Firmware Advisory 11 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Intel Optane SSD Publisher: Intel Operating System: Windows UNIX variants (UNIX, Linux, OSX) Resolution: Patch/Upgrade CVE Names: CVE-2021-33083 CVE-2021-33082 CVE-2021-33080 CVE-2021-33078 CVE-2021-33077 CVE-2021-33075 CVE-2021-33074 CVE-2021-33069 Original Bulletin: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00563.html Comment: CVSS (Max): 7.9 CVE-2021-33078 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H) CVSS Source: Intel Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- TITLE: Intel SSD Firmware Advisory URL: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00563.html Intel ID: INTEL-SA-00563 Advisory Category: Firmware Impact of Escalation of Privilege, Denial of Service, Information vulnerability : Disclosure Severity rating : HIGH Original release: 05/10/2022 Last revised: 05/10/2022 View all Show less Summary: Potential security vulnerabilities in some Intel Optane SSD and Intel Optane SSD Data Center (DC) products may allow escalation of privilege, denial of service or information disclosure. Intel is releasing firmware updates and prescriptive guidance to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2021-33078 Description: Race condition within a thread in firmware for some Intel(R) Optane(TM) SSD and Intel(R) SSD DC Products may allow a privileged user to potentially enable denial of service via local access. CVSS Base Score: 7.9 High CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H CVEID: CVE-2021-33077 Description: Insufficient control flow management in firmware for some Intel(R) SSD, Intel(R) Optane(TM) SSD and Intel(R) SSD DC Products may allow an unauthenticated user to potentially enable escalation of privilege via physical access. CVSS Base Score: 7.3 High CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N CVEID: CVE-2021-33080 Description: Exposure of sensitive system information due to uncleared debug information in firmware for some Intel(R) SSD DC, Intel(R) Optane(TM) SSD and Intel(R) Optane(TM) SSD DC Products may allow an unauthenticated user to potentially enable information disclosure or escalation of privilege via physical access. CVSS Base Score: 7.3 High CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N CVEID: CVE-2021-33074 Description: Protection mechanism failure in firmware for some Intel(R) SSD, Intel(R) SSD DC and Intel(R) Optane(TM) SSD Products may allow an unauthenticated user to potentially enable information disclosure via physical access. CVSS Base Score: 6.8 Medium CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N CVEID: CVE-2021-33069 Description: Improper resource shutdown or release in firmware for some Intel (R) SSD, Intel(R) SSD DC, Intel(R) Optane(TM) SSD and Intel(R) Optane(TM) SSD DC may allow a privileged user to potentially enable denial of service via local access. CVSS Base Score: 6.0 Medium CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVEID: CVE-2021-33075 Description: Race condition in firmware for some Intel(R) Optane(TM) SSD, Intel (R) Optane(TM) SSD DC and Intel(R) SSD DC Products may allow a privileged user to potentially enable denial of service via local access. CVSS Base Score: 6.0 Medium CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVEID: CVE-2021-33083 Description: Improper authentication in firmware for some Intel(R) SSD, Intel (R) Optane(TM) SSD, Intel(R) Optane(TM) SSD DC and Intel(R) SSD DC Products may allow an privileged user to potentially enable information disclosure via local access. CVSS Base Score: 6.0 Medium CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVEID: CVE-2021-33082 Description: Sensitive information in resource not removed before reuse in firmware for some Intel(R) SSD and Intel(R) Optane(TM) SSD Products may allow an unauthenticated user to potentially enable information disclosure via physical access. CVSS Base Score: 5.3 Medium CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Affected Products: Effective December 29 ^ th , 2021, the following products continue being supported by Intel Corporation: Intel Optane SSD DC D4800X Series all versions. Intel Optane SSD DC P4800X/P4801X Series before version E2010600. Intel Optane SSD P5800X Series before version L3010200. Intel Optane SSD 905P/900P Series all versions. Intel Optane Memory H10 with Solid State Storage Series all versions. Intel Optane Memory H20 with Solid State Storage Series all versions. For affected Intel SSD or Intel SSD DC NAND products, Intel recommends customers consult the security advisory published at https:// www.solidigmtechnology.com/en/support.html or contact Solidigm technology at security@solidigmtechnology.com . Recommendations: +------------------------------------------------------+--------------------------------+ |Product Family |Mitigated Version or higher | +------------------------------------------------------+--------------------------------+ |Intel Optane SSD DC D4800X Series |Consult prescriptive guidance | +------------------------------------------------------+--------------------------------+ |Intel Optane SSD DC P4800X/P4801X Series |E2010600 | +------------------------------------------------------+--------------------------------+ |Intel Optane SSD P5800X Series |L0310200 | +------------------------------------------------------+--------------------------------+ |Intel Optane Memory H20 with Solid State Storage |PGF028K | | | | | |Consult prescriptive guidance | +------------------------------------------------------+--------------------------------+ |Intel Optane Memory H10 with Solid State Storage |TGF061K | +------------------------------------------------------+--------------------------------+ |Intel Optane SSD 905P/900P Series |FW600 | +------------------------------------------------------+--------------------------------+ Prescriptive guidance for CVE-2021-33082 : A possible workaround is to use one of the following commands listed below instead of the Sanitize command with Block Erase operation: o NVMe Sanitize command, Crypto Erase (SANACT=04h) or o NVMe Format NVM command, User Data Erase or Crypto Erase (SES=01h or SES= 02h) Check the Identify Controller Data Structure below, for capability your drive supports in lieu of sanitize erase feature: o Sanitize command, Crypto Erase (offset 331:328, SANICAP bit 00h) and o NVMe Format NVM command (offset 257:256, OACS bit 01h) Updates are available for download at this location: https://www.intel.com/ content/www/us/en/support/products/35125/memory-and-storage.html# support-product-selector Acknowledgements: These issues were found internally by Intel. Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available. Revision History Revision Date Description 1.0 05/10/2022 Initial Release View all Show less - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYnuvTckNZI30y1K9AQjqiA//Yxt7JYWaXiah3H5MvCiA3oj5X0vKVP+r K/XIUXonyCwuDP0rJnfx5IwyvJFYPtGMXNwaWwFes+Xy3J1vy1cbK1uPcU3YG35Q QDjJf2uQR+P0TPfaoTs9y93I8eF3EQW+RTpvEQT1L5EoLp4B+jZFqKm23RyUZrhf 5xrzbh0EJPHte1ja/0gYXA+lAmmg7HNZzFYE6RuTCj1lzXR0lip1CMklsJ5Hn4HE CIQjPyRIqr1Q0hwmI7ppHMJhf3UGbmGLLBJLruhkEVKoz184rpx9FUH7aSiYgFfJ UaX/93JHDpO2F6ZdlXwR4jKxIX1Nd9XH0cFyRo3fmlfq1VMOOgYIYQrAy85Teu+b 1q5KXGZMeI4UD5IeNFqHeujbbYQX7Sxj0dHh8xngL0bZ7wCW2gMP+wT/lZe38/Jb 1M8jB++MN3TY/7sfDvMlhlVstPJBwtFnAWmVlM9nU1gMbmWCDJS4YU6f/S7Xh6jF vYDKmBn5Hi1oCJf56r9RPOZlBLuu52+4RCLWFftnUhCPESt5SoIchlp9zT3LDoom XCZXlKbpGi9qSZYB7uNtYEWtChjWwWclu7/DEeWQho+WOAaBc6yg+zkpYsbKS+Qy mbKd4pc4C27+HpRZcNPMle43sHyHnZVjEnSzfl9FaPHNpreq9tIksbsZo0fKr3PB xd5pdk5Or70= =qeXV -----END PGP SIGNATURE-----