Details of VAR-201908-0422

ID

VAR-201908-0422

CVE

CVE-2019-9512

TITLE

HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion

Trust: 0.8

sources: CERT/CC: VU#605641

DESCRIPTION

Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. An attacker could exploit this vulnerability to cause a denial of service. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. See the download link given in the references section below. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are located in the download section of the customer portal. The References section of this erratum contains a download link (you must log in to download the update). See the Red Hat JBoss Enterprise Application Platform 7.2.5 Release Notes for information about the most significant bug fixes and enhancements included in this release. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/): JBEAP-17075 - (7.2.z) Upgrade yasson from 1.0.2.redhat-00001 to 1.0.5 JBEAP-17220 - (7.2.x) HHH-13504 Upgrade ByteBuddy to 1.9.11 JBEAP-17365 - [GSS](7.2.z) Upgrade RESTEasy from 3.6.1.SP6 to 3.6.1.SP7 JBEAP-17476 - [GSS](7.2.z) Upgrade Generic JMS RA 2.0.2.Final JBEAP-17478 - [GSS](7.2.z) Upgrade JBoss Remoting from 5.0.14.SP1 to 5.0.16.Final JBEAP-17483 - [GSS](7.2.z) Upgrade Apache CXF from 3.2.9 to 3.2.10 JBEAP-17495 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009 JBEAP-17496 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00007 to 2.5.5.SP12-redhat-00009 JBEAP-17513 - [GSS](7.2.z) Upgrade Hibernate ORM from 5.3.11.SP1 to 5.3.13 JBEAP-17521 - (7.2.z) Upgrade picketbox from 5.0.3.Final-redhat-00004 to 5.0.3.Final-redhat-00005 JBEAP-17523 - [GSS](7.2.z) Upgrade wildfly-core from 6.0.16 to 6.0.17 JBEAP-17547 - [GSS](7.2.z) Upgrade Elytron-Tool from 1.4.3 to 1.4.4.Final JBEAP-17548 - [GSS](7.2.z) Upgrade Elytron from 1.6.4.Final-redhat-00001 to 1.6.5.Final-redhat-00001 JBEAP-17560 - [GSS](7.2.z) Upgrade HAL from 3.0.16 to 3.0.17 JBEAP-17579 - [GSS](7.2.z) Upgrade JBoss MSC from 1.4.8 to 1.4.11 JBEAP-17582 - [GSS](7.2.z) Upgrade JSF based on Mojarra 2.3.5.SP3-redhat-00002 to 2.3.5.SP3-redhat-00003 JBEAP-17605 - Tracker bug for the EAP 7.2.5 release for RHEL-8 JBEAP-17631 - [GSS](7.2.z) Upgrade Undertow from 2.0.25.SP1 to 2.0.26.SP3 JBEAP-17647 - [GSS](7.2.z) Upgrade IronJacamar from 1.4.17.Final to 1.4.18.Final JBEAP-17665 - [GSS](7.2.z) Upgrade XNIO from 3.7.3.Final-redhat-00001 to 3.7.6.Final JBEAP-17722 - [GSS](7.2.z) Upgrade wildfly-http-client from 1.0.15.Final-redhat-00001 to 1.0.17.Final JBEAP-17874 - (7.2.z) Upgrade to wildfly-openssl 1.0.8 JBEAP-17880 - (7.2.z) Upgrade XNIO from 3.7.6.Final-redhat-00001 to 3.7.6.SP1 7. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Bug Fix(es): * Failure trying to conntect to image registry using TLS when buildah is compiled with FIPS mode (BZ#1743169) 4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: rh-nodejs8-nodejs security update Advisory ID: RHSA-2019:2955-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:2955 Issue date: 2019-10-02 CVE Names: CVE-2019-9511 CVE-2019-9512 CVE-2019-9513 CVE-2019-9514 CVE-2019-9515 CVE-2019-9516 CVE-2019-9517 CVE-2019-9518 ==================================================================== 1. Summary: An update for rh-nodejs8-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs8-nodejs (8.16.1). Security Fix(es): * HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511) * HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512) * HTTP/2: flood using PRIORITY frames results in excessive resource consumption (CVE-2019-9513) * HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514) * HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515) * HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516) * HTTP/2: request for large response leads to denial of service (CVE-2019-9517) * HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth 1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption 1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth 1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth 1735749 - CVE-2019-9518 HTTP/2: flood using empty frames results in excessive resource consumption 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service 1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-nodejs8-3.0-5.el7.src.rpm rh-nodejs8-nodejs-8.16.1-2.el7.src.rpm aarch64: rh-nodejs8-3.0-5.el7.aarch64.rpm rh-nodejs8-nodejs-8.16.1-2.el7.aarch64.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.aarch64.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.aarch64.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.aarch64.rpm rh-nodejs8-runtime-3.0-5.el7.aarch64.rpm rh-nodejs8-scldevel-3.0-5.el7.aarch64.rpm noarch: rh-nodejs8-nodejs-docs-8.16.1-2.el7.noarch.rpm ppc64le: rh-nodejs8-3.0-5.el7.ppc64le.rpm rh-nodejs8-nodejs-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.ppc64le.rpm rh-nodejs8-runtime-3.0-5.el7.ppc64le.rpm rh-nodejs8-scldevel-3.0-5.el7.ppc64le.rpm s390x: rh-nodejs8-3.0-5.el7.s390x.rpm rh-nodejs8-nodejs-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.s390x.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.s390x.rpm rh-nodejs8-runtime-3.0-5.el7.s390x.rpm rh-nodejs8-scldevel-3.0-5.el7.s390x.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-nodejs8-3.0-5.el7.src.rpm rh-nodejs8-nodejs-8.16.1-2.el7.src.rpm aarch64: rh-nodejs8-3.0-5.el7.aarch64.rpm rh-nodejs8-nodejs-8.16.1-2.el7.aarch64.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.aarch64.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.aarch64.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.aarch64.rpm rh-nodejs8-runtime-3.0-5.el7.aarch64.rpm rh-nodejs8-scldevel-3.0-5.el7.aarch64.rpm noarch: rh-nodejs8-nodejs-docs-8.16.1-2.el7.noarch.rpm ppc64le: rh-nodejs8-3.0-5.el7.ppc64le.rpm rh-nodejs8-nodejs-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.ppc64le.rpm rh-nodejs8-runtime-3.0-5.el7.ppc64le.rpm rh-nodejs8-scldevel-3.0-5.el7.ppc64le.rpm s390x: rh-nodejs8-3.0-5.el7.s390x.rpm rh-nodejs8-nodejs-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.s390x.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.s390x.rpm rh-nodejs8-runtime-3.0-5.el7.s390x.rpm rh-nodejs8-scldevel-3.0-5.el7.s390x.rpm x86_64: rh-nodejs8-3.0-5.el7.x86_64.rpm rh-nodejs8-nodejs-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.x86_64.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.x86_64.rpm rh-nodejs8-runtime-3.0-5.el7.x86_64.rpm rh-nodejs8-scldevel-3.0-5.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5): Source: rh-nodejs8-3.0-5.el7.src.rpm rh-nodejs8-nodejs-8.16.1-2.el7.src.rpm noarch: rh-nodejs8-nodejs-docs-8.16.1-2.el7.noarch.rpm ppc64le: rh-nodejs8-3.0-5.el7.ppc64le.rpm rh-nodejs8-nodejs-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.ppc64le.rpm rh-nodejs8-runtime-3.0-5.el7.ppc64le.rpm rh-nodejs8-scldevel-3.0-5.el7.ppc64le.rpm s390x: rh-nodejs8-3.0-5.el7.s390x.rpm rh-nodejs8-nodejs-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.s390x.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.s390x.rpm rh-nodejs8-runtime-3.0-5.el7.s390x.rpm rh-nodejs8-scldevel-3.0-5.el7.s390x.rpm x86_64: rh-nodejs8-3.0-5.el7.x86_64.rpm rh-nodejs8-nodejs-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.x86_64.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.x86_64.rpm rh-nodejs8-runtime-3.0-5.el7.x86_64.rpm rh-nodejs8-scldevel-3.0-5.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6): Source: rh-nodejs8-3.0-5.el7.src.rpm rh-nodejs8-nodejs-8.16.1-2.el7.src.rpm noarch: rh-nodejs8-nodejs-docs-8.16.1-2.el7.noarch.rpm ppc64le: rh-nodejs8-3.0-5.el7.ppc64le.rpm rh-nodejs8-nodejs-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.ppc64le.rpm rh-nodejs8-runtime-3.0-5.el7.ppc64le.rpm rh-nodejs8-scldevel-3.0-5.el7.ppc64le.rpm s390x: rh-nodejs8-3.0-5.el7.s390x.rpm rh-nodejs8-nodejs-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.s390x.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.s390x.rpm rh-nodejs8-runtime-3.0-5.el7.s390x.rpm rh-nodejs8-scldevel-3.0-5.el7.s390x.rpm x86_64: rh-nodejs8-3.0-5.el7.x86_64.rpm rh-nodejs8-nodejs-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.x86_64.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.x86_64.rpm rh-nodejs8-runtime-3.0-5.el7.x86_64.rpm rh-nodejs8-scldevel-3.0-5.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7): Source: rh-nodejs8-3.0-5.el7.src.rpm rh-nodejs8-nodejs-8.16.1-2.el7.src.rpm noarch: rh-nodejs8-nodejs-docs-8.16.1-2.el7.noarch.rpm ppc64le: rh-nodejs8-3.0-5.el7.ppc64le.rpm rh-nodejs8-nodejs-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.ppc64le.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.ppc64le.rpm rh-nodejs8-runtime-3.0-5.el7.ppc64le.rpm rh-nodejs8-scldevel-3.0-5.el7.ppc64le.rpm s390x: rh-nodejs8-3.0-5.el7.s390x.rpm rh-nodejs8-nodejs-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.s390x.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.s390x.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.s390x.rpm rh-nodejs8-runtime-3.0-5.el7.s390x.rpm rh-nodejs8-scldevel-3.0-5.el7.s390x.rpm x86_64: rh-nodejs8-3.0-5.el7.x86_64.rpm rh-nodejs8-nodejs-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.x86_64.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.x86_64.rpm rh-nodejs8-runtime-3.0-5.el7.x86_64.rpm rh-nodejs8-scldevel-3.0-5.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-nodejs8-3.0-5.el7.src.rpm rh-nodejs8-nodejs-8.16.1-2.el7.src.rpm noarch: rh-nodejs8-nodejs-docs-8.16.1-2.el7.noarch.rpm x86_64: rh-nodejs8-3.0-5.el7.x86_64.rpm rh-nodejs8-nodejs-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-debuginfo-8.16.1-2.el7.x86_64.rpm rh-nodejs8-nodejs-devel-8.16.1-2.el7.x86_64.rpm rh-nodejs8-npm-6.4.1-8.16.1.2.el7.x86_64.rpm rh-nodejs8-runtime-3.0-5.el7.x86_64.rpm rh-nodejs8-scldevel-3.0-5.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9512 https://access.redhat.com/security/cve/CVE-2019-9513 https://access.redhat.com/security/cve/CVE-2019-9514 https://access.redhat.com/security/cve/CVE-2019-9515 https://access.redhat.com/security/cve/CVE-2019-9516 https://access.redhat.com/security/cve/CVE-2019-9517 https://access.redhat.com/security/cve/CVE-2019-9518 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXZSz+NzjgjWX9erEAQhrnQ//YWmbjNrYsOnrqBPWZDBil0Basr6JUpEe YoTqouv9A7gkpSoYLoCRE0E3tsTxHlQwJR91vlr/dPEtHbsF52YEGrumAQCK4H6b nEhOj2pH9UG+FcPUBkyHzNQXcWYLZ9vaxVCW4gUpxm0QggyigAOdIImlZkTGgcrI mWReipMFC8hBARJU/vQ0bCCj6LfOYnx4h2pu6Jzy+vkeVJDoCNAxGT5FwfaMZTUy T0y8dpzWSq/vg2Xd3JaYnoh70a8k62kEMH3VmCBNNU3aiMiXBeBMlS1i/q00IOJ+ fy/1STMJGt1tj6xfYNsZY5E+CPVm0ZvVlKfRi8DpxPWXI48a712XZ/XONYb2jDnt pmkNM62ZdjZahQwXyC+y8havivg7LcEzxV0G2yfkNIqM33Zplz0h4BOCmLuT4I84 BMylBIrODsw70uWbc1DcPsF8vhmxryGfNNQ9FCk+jH52lRi3YnWkhRBThY+rpAqZ qmfTb4m2kD0s45q85Xv87N9F2tZJjhfYQ0U2LyHkbQov0CFkNu4YcElKMclBvvvc lzostLzxOJYt/l3qgXp+RlQNnlQG/jsFrEmmhskjzFJ8a9fhtBWNFxMcQ+SDBrUK HSNNzBwQhHam6OPCqpyWYvFT/bRbHucyMI6pGZmpc+MQ5cMAjP1A0incXot30UDD wV7rh6lCkE8=S8e1 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description: Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. JIRA issues fixed (https://issues.jboss.org/): KEYCLOAK-11815 - Tracker bug for the RH-SSO 7.3.5 release for RHEL6 7. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.1.14. All container images have been rebuilt with updated versions of golang. This release also includes the following bugs: * Previously, users would see an error in the web console when navigating to the ClusterResourceQuota instances from the CRD list. The problem has been fixed, and you can now successfully list ClusterResourceQuota instances from the CRD page. (BZ#1743259) Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-rel ease-notes.html You may download the oc tool and use it to inspect release image metadata as follows: $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.1.14 The image digest is sha256:fd41c9bda9e0ff306954f1fd7af6428edff8c3989b75f9fe984968db66846231 All OpenShift Container Platform 4.1 users are advised to upgrade to these updated packages and images. Solution: For OpenShift Container Platform 4.1 see the following documentation, which will be updated shortly for release 4.1.14, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.1/updating/updating-cluster - -cli.html. 1743119 - cri-o package version in OpenShift repo should be consistent with RHCOS cluster used 1743259 - cluster resource quota resource not visualized correctly 1743418 - 59 degraded auth operators in telemeter 1743587 - Pods stuck in container creating - Failed to run CNI IPAM ADD: failed to allocate for range 0 1743748 - [4.1.z] ClusterOperator operator-lifecycle-manager missing ClusterStatusConditionType Upgradeable 1743771 - machineconfig showing wrong ownerReferences kind for kubeletconfig 5. Description: AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. For the stable distribution (buster), these problems have been fixed in version 1.11.6-1+deb10u1. We recommend that you upgrade your golang-1.11 packages. For the detailed security status of golang-1.11 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/golang-1.11 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl1ZlroACgkQEMKTtsN8 TjZChQ//Vz4y63s3LD3Vz7oJLjchohCR9kHInoJcLM09osvIwBvi5rl/MnsEPUpP 8aMsDt50fZk/YhWSWQsmMCIQT+5CtjUOVbYnThHY5Hy+TpfgwVfe4JHIui5SEqDt 7K0VH7lIgkAncQc+wFzZALwPC+FgkZWyUk/4RuVXybiO8RgB9NMIXANl8PRK47b0 GxKJDT/Q84lksxhrFV0ib34+IPbF3mKAkxwx0FR9COEDBxBxKSQshY+imjtFo2NG YHgwXyGuR9zOcyR8ObTsYaXOPQj8Kd/XZCeWN97Ii6UHWrSG4PvhjQzJfeV/NmJc +kUfM7jzvg8PcGptOLPgbMlMt+XDwNwmPQC54RNyIv36OiYquMZSss3TweL2NV3Y z/1CqG0A4qx9/KqZcgEpIOTgeyUc7LHgO8WEWkS5QcozWxaWC9/RoJZQ8spG5Ztd leeDkzxkBSFoJJ3PBVRWGwzCMB7z6ePegw+/X4zdtBjQTb9TRMI0aj3MUyXOykrC NkEj+QgAdZ8B9sIhke4gCEnvbsx5+L8lyVVZsVQ7yIgklXyMXwXqRKANtVAWVEU+ 1367B1bGAxYfRWhE+HlAX6e6aKMyqRWi6/jb55MxOq3KTAljcIxSBZVBU+6Tpcd+ C5nG/4ox6oKlJMjOLt5/lWPiN2OVm0iJkyF154M9JjXKAz35gAk=5Pta -----END PGP SIGNATURE-----

Trust: 2.79

sources: NVD: CVE-2019-9512 // CERT/CC: VU#605641 // VULHUB: VHN-160947 // PACKETSTORM: 155728 // PACKETSTORM: 155479 // PACKETSTORM: 154425 // PACKETSTORM: 154964 // PACKETSTORM: 154712 // PACKETSTORM: 157214 // PACKETSTORM: 155705 // PACKETSTORM: 155517 // PACKETSTORM: 154431 // PACKETSTORM: 156852 // PACKETSTORM: 155396 // PACKETSTORM: 154135

AFFECTED PRODUCTS

vendor:	nodejs	model:	node.js	scope:	lt	version:	12.8.1	Trust: 1.0
vendor:	apache	model:	traffic server	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lte	version:	8.8.1	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	10.16.3	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	8.0.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	12.0.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	8.16.1	Trust: 1.0
vendor:	apple	model:	swiftnio	scope:	lte	version:	1.4.0	Trust: 1.0
vendor:	apple	model:	swiftnio	scope:	gte	version:	1.0.0	Trust: 1.0
vendor:	apache	model:	traffic server	scope:	gte	version:	8.0.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	10.0.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lte	version:	10.12.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	10.13.0	Trust: 1.0
vendor:	apache	model:	traffic server	scope:	lte	version:	7.1.6	Trust: 1.0
vendor:	apache	model:	traffic server	scope:	lte	version:	6.2.3	Trust: 1.0
vendor:	apache	model:	traffic server	scope:	gte	version:	7.0.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	8.9.0	Trust: 1.0
vendor:	apache	model:	traffic server	scope:	lte	version:	8.0.3	Trust: 1.0
vendor:	akamai	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	amazon	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	apache traffic server	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	cloudflare	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	envoy	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	facebook	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	go programming language	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	litespeed	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	microsoft	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	netty	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	node js	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	synology	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	twisted	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	ubuntu	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	grpc	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	nghttp2	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	nginx	model:	-	scope:	-	version:	-	Trust: 0.8

sources: CERT/CC: VU#605641 // NVD: CVE-2019-9512

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-9512
value:	HIGH
Trust: 1.0
cret@cert.org:	CVE-2019-9512
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-201908-925
value:	HIGH
Trust: 0.6
VULHUB:	VHN-160947
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-9512
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-160947
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-9512
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
cret@cert.org:	CVE-2019-9512
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-160947 // CNNVD: CNNVD-201908-925 // NVD: CVE-2019-9512 // NVD: CVE-2019-9512

PROBLEMTYPE DATA

problemtype:

CWE-400

Trust: 1.1

sources: VULHUB: VHN-160947 // NVD: CVE-2019-9512

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-925

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201908-925

PATCH

title:

HTTP/2 Remedial measures to achieve security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96610

Trust: 0.6

sources: CNNVD: CNNVD-201908-925

EXTERNAL IDS

db:	NVD	id:	CVE-2019-9512	Trust: 2.9
db:	CERT/CC	id:	VU#605641	Trust: 2.5
db:	OPENWALL	id:	OSS-SECURITY/2019/08/20/1	Trust: 1.7
db:	MCAFEE	id:	SB10296	Trust: 1.7
db:	PACKETSTORM	id:	155396	Trust: 0.8
db:	PACKETSTORM	id:	155705	Trust: 0.8
db:	CNNVD	id:	CNNVD-201908-925	Trust: 0.7
db:	PACKETSTORM	id:	156209	Trust: 0.7
db:	PACKETSTORM	id:	158651	Trust: 0.7
db:	PACKETSTORM	id:	155728	Trust: 0.7
db:	PACKETSTORM	id:	157214	Trust: 0.7
db:	PACKETSTORM	id:	156852	Trust: 0.7
db:	PACKETSTORM	id:	154135	Trust: 0.7
db:	PACKETSTORM	id:	155484	Trust: 0.6
db:	PACKETSTORM	id:	157741	Trust: 0.6
db:	PACKETSTORM	id:	156941	Trust: 0.6
db:	PACKETSTORM	id:	158095	Trust: 0.6
db:	PACKETSTORM	id:	156628	Trust: 0.6
db:	PACKETSTORM	id:	155352	Trust: 0.6
db:	PACKETSTORM	id:	155520	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4238	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4737	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4332	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.4324	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1030	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2619	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4533	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0643	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1766	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3152	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1076	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0994	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3114	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3597.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0007	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4645	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4596	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4586	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0100	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4788	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2071	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4697	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4484	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1335	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1427	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4368	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4665	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0832	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3597.3	Trust: 0.6
db:	NSFOCUS	id:	43919	Trust: 0.6
db:	CS-HELP	id:	SB2022072128	Trust: 0.6
db:	ICS CERT	id:	ICSA-19-346-01	Trust: 0.6
db:	PACKETSTORM	id:	154425	Trust: 0.2
db:	PACKETSTORM	id:	155024	Trust: 0.1
db:	PACKETSTORM	id:	154430	Trust: 0.1
db:	PACKETSTORM	id:	154888	Trust: 0.1
db:	PACKETSTORM	id:	154444	Trust: 0.1
db:	PACKETSTORM	id:	154396	Trust: 0.1
db:	PACKETSTORM	id:	158650	Trust: 0.1
db:	PACKETSTORM	id:	154525	Trust: 0.1
db:	PACKETSTORM	id:	154222	Trust: 0.1
db:	PACKETSTORM	id:	154475	Trust: 0.1
db:	PACKETSTORM	id:	155037	Trust: 0.1
db:	PACKETSTORM	id:	154638	Trust: 0.1
db:	PACKETSTORM	id:	154058	Trust: 0.1
db:	VULHUB	id:	VHN-160947	Trust: 0.1
db:	PACKETSTORM	id:	155479	Trust: 0.1
db:	PACKETSTORM	id:	154964	Trust: 0.1
db:	PACKETSTORM	id:	154712	Trust: 0.1
db:	PACKETSTORM	id:	155517	Trust: 0.1
db:	PACKETSTORM	id:	154431	Trust: 0.1

sources: CERT/CC: VU#605641 // VULHUB: VHN-160947 // PACKETSTORM: 155728 // PACKETSTORM: 155479 // PACKETSTORM: 154425 // PACKETSTORM: 154964 // PACKETSTORM: 154712 // PACKETSTORM: 157214 // PACKETSTORM: 155705 // PACKETSTORM: 155517 // PACKETSTORM: 154431 // PACKETSTORM: 156852 // PACKETSTORM: 155396 // PACKETSTORM: 154135 // CNNVD: CNNVD-201908-925 // NVD: CVE-2019-9512

REFERENCES

url:	https://www.debian.org/security/2019/dsa-4503	Trust: 2.9
url:	https://github.com/netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md	Trust: 2.5
url:	https://www.synology.com/security/advisory/synology_sa_19_33	Trust: 2.5
url:	https://access.redhat.com/errata/rhsa-2019:4020	Trust: 2.4
url:	https://access.redhat.com/errata/rhsa-2019:4040	Trust: 2.4
url:	https://access.redhat.com/errata/rhsa-2019:4273	Trust: 2.4
url:	https://access.redhat.com/errata/rhsa-2019:4352	Trust: 2.4
url:	https://access.redhat.com/errata/rhsa-2019:3892	Trust: 2.3
url:	https://access.redhat.com/errata/rhsa-2019:4018	Trust: 2.3
url:	https://access.redhat.com/errata/rhsa-2019:4019	Trust: 2.3
url:	https://access.redhat.com/errata/rhsa-2019:4021	Trust: 2.3
url:	https://access.redhat.com/errata/rhsa-2019:4041	Trust: 2.3
url:	https://access.redhat.com/errata/rhsa-2019:4042	Trust: 2.3
url:	https://access.redhat.com/errata/rhsa-2019:4045	Trust: 2.3
url:	https://access.redhat.com/errata/rhsa-2019:4269	Trust: 2.3
url:	https://access.redhat.com/errata/rhsa-2019:2594	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:2726	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:2769	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:2955	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:3906	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9512	Trust: 1.8
url:	https://seclists.org/bugtraq/2019/aug/24	Trust: 1.7
url:	https://seclists.org/bugtraq/2019/aug/31	Trust: 1.7
url:	https://seclists.org/bugtraq/2019/aug/43	Trust: 1.7
url:	https://seclists.org/bugtraq/2019/sep/18	Trust: 1.7
url:	https://kb.cert.org/vuls/id/605641/	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20190823-0001/	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20190823-0004/	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20190823-0005/	Trust: 1.7
url:	https://support.f5.com/csp/article/k98053339	Trust: 1.7
url:	https://www.debian.org/security/2019/dsa-4508	Trust: 1.7
url:	https://www.debian.org/security/2019/dsa-4520	Trust: 1.7
url:	http://seclists.org/fulldisclosure/2019/aug/16	Trust: 1.7
url:	https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2019/08/20/1	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:2661	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:2682	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:2690	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:2766	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:2796	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:2861	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:2925	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:2939	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:2966	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:3131	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:3245	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:3265	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2020:0406	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2020:0727	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html	Trust: 1.7
url:	https://usn.ubuntu.com/4308-1/	Trust: 1.7
url:	https://blogs.akamai.com/sitr/2019/08/http2-vulnerabilities.html	Trust: 1.6
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10296	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9514	Trust: 1.2
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 1.1
url:	https://access.redhat.com/security/cve/cve-2019-9512	Trust: 1.1
url:	https://access.redhat.com/security/cve/cve-2019-9514	Trust: 1.1
url:	https://access.redhat.com/security/team/contact/	Trust: 1.1
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 1.1
url:	https://bugzilla.redhat.com/):	Trust: 1.1
url:	https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3cusers.trafficserver.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3cannounce.trafficserver.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3cdev.trafficserver.apache.org%3e	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4bbp27pzgsy6op6d26e5fw4gzkbfhnu7/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lyo6e3h34c346d2e443glxk7ok6kiyiq/	Trust: 1.0
url:	https://support.f5.com/csp/article/k98053339?utm_source=f5support&amp%3butm_medium=rss	Trust: 1.0
url:	https://vuls.cert.org/confluence/pages/viewpage.action?pageid=56393752	Trust: 0.8
url:	https://tools.ietf.org/html/rfc7540	Trust: 0.8
url:	https://tools.ietf.org/html/rfc7541	Trust: 0.8
url:	https://blog.cloudflare.com/on-the-recent-http-2-dos-attacks/	Trust: 0.8
url:	https://blog.litespeedtech.com/2019/08/15/litespeed-addresses-http-2-dos-advisories/	Trust: 0.8
url:	https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9511https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9512https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9513https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9514https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9518	Trust: 0.8
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lyo6e3h34c346d2e443glxk7ok6kiyiq/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4bbp27pzgsy6op6d26e5fw4gzkbfhnu7/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/	Trust: 0.7
url:	https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3cannounce.trafficserver.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3cdev.trafficserver.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3cusers.trafficserver.apache.org%3e	Trust: 0.7
url:	https://access.redhat.com/security/team/key/	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9515	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2019-9515	Trust: 0.6
url:	http2-cves/	Trust: 0.6
url:	https://www.cloudfoundry.org/blog/various-	Trust: 0.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9518	Trust: 0.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9517	Trust: 0.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9516	Trust: 0.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9515	Trust: 0.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9514	Trust: 0.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9513	Trust: 0.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9512	Trust: 0.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9511	Trust: 0.6
url:	https://support.f5.com/csp/article/k98053339?utm_source=f5support&utm_medium=rss	Trust: 0.6
url:	https://support.apple.com/en-au/ht210436	Trust: 0.6
url:	https://support.f5.com/csp/article/k50233772	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1126605	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1104951	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2019:3905	Trust: 0.6
url:	https://www.us-cert.gov/ics/advisories/icsa-19-346-01	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1109787	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1109781	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1108515	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1109775	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1165894	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1165906	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1135167	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1164346	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1164364	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2020/suse-su-20200059-1.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1128387	Trust: 0.6
url:	https://packetstormsecurity.com/files/157214/red-hat-security-advisory-2020-1445-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4368/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4788/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4586/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0994/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-spectrum-protect-plus-cve-2019-15606-cve-2019-15604-cve-2019-15605-cve-2019-9511-cve-2019-9516-cve-2019-9512-cve-2019-9517-cve-2019-951/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4332/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0643/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4484/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-db2-that-affect-the-ibm-performance-management-product/	Trust: 0.6
url:	http2-implementation-vulnerablility/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-websphere-liberty-susceptible-to-	Trust: 0.6
url:	https://packetstormsecurity.com/files/155728/red-hat-security-advisory-2019-4352-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2619/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3114/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-kubernetes-affect-ibm-infosphere-information-server/	Trust: 0.6
url:	https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/cve-2019-9512	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-websphere-application-server-liberty-affect-ibm-spectrum-protect-operations-center-and-client-management-service/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1335/	Trust: 0.6
url:	https://packetstormsecurity.com/files/157741/red-hat-security-advisory-2020-2067-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/156209/red-hat-security-advisory-2020-0406-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3597.3/	Trust: 0.6
url:	https://packetstormsecurity.com/files/158095/red-hat-security-advisory-2020-2565-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4737/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0832/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1137466	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/43919	Trust: 0.6
url:	https://vigilance.fr/vulnerability/http-2-multiple-vulnerabilities-30040	Trust: 0.6
url:	https://packetstormsecurity.com/files/155484/red-hat-security-advisory-2019-4019-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-netty-affect-ibm-operations-analytics-predictive-insights-cve-2019-9514-cve-2019-9512-cve-2019-9518-cve-2019-9515/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1076/	Trust: 0.6
url:	https://packetstormsecurity.com/files/156628/red-hat-security-advisory-2020-0727-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-3/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2071/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1127397	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1427/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4645/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3597.2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4665/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-netty/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-netty-affect-ibm-netcool-agile-service-manager/	Trust: 0.6
url:	https://pivotal.io/security/cve-2019-9517	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4697/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-warehouse-has-released-a-fix-in-response-to-multiple-vulnerabilities-found-in-ibm-db2/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-vulnerabilities-in-websphere-application-server-liberty-cve-2019-9515-cve-2019-9518-cve-2019-9517-cve-2019-9512-cve-2019-9514-c/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4596/	Trust: 0.6
url:	https://support.apple.com/en-us/ht210436	Trust: 0.6
url:	https://packetstormsecurity.com/files/155520/red-hat-security-advisory-2019-4045-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-db2-and-ibm-java-runtime-affect-ibm-spectrum-protect-server/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-websphere-application-server-affect-ibm-sterling-b2b-integrator/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1128279	Trust: 0.6
url:	https://packetstormsecurity.com/files/156852/red-hat-security-advisory-2020-0922-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/156941/red-hat-security-advisory-2020-0983-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1766/	Trust: 0.6
url:	https://packetstormsecurity.com/files/154135/debian-security-advisory-4503-1.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022072128	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3152/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-2/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-multiple-vulnerabilities-in-websphere-application-server-liberty/	Trust: 0.6
url:	https://packetstormsecurity.com/files/158651/red-hat-security-advisory-2020-3197-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.4324/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4533/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1150960	Trust: 0.6
url:	https://packetstormsecurity.com/files/155396/red-hat-security-advisory-2019-3906-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0100/	Trust: 0.6
url:	https://packetstormsecurity.com/files/155705/red-hat-security-advisory-2019-4273-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0007/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4238/	Trust: 0.6
url:	https://packetstormsecurity.com/files/155352/red-hat-security-advisory-2019-3892-01.html	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1165852	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1030/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1127853	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1168528	Trust: 0.6
url:	https://access.redhat.com/articles/11258	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2019-9518	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9518	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-9511	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9511	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9517	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-9517	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-9516	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9516	Trust: 0.3
url:	https://issues.jboss.org/):	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14843	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-14838	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-14843	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14838	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-0222	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20444	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10247	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-20445	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-20444	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-16869	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0222	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-7238	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-7238	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10241	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-10247	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-16869	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-10241	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20445	Trust: 0.2
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10296	Trust: 0.1
url:	https://support.f5.com/csp/article/k98053339?utm_source=f5support&amp;utm_medium=rss	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-10173	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10173	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0201	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.fuse&downloadtype=securitypatches&version=6.3	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12384	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-0201	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-12384	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.amq.broker&downloadtype=securitypatches&version=6.3.0	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_fuse/6.3/html/release_notes/index	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11247	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11247	Trust: 0.1
url:	https://docs.openshift.com/container-platform/3.9/release_notes/ocp_3_9_rel	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9513	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-9513	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.amq.broker&version=7.4.3	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:1445	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_amq/7.4/	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14837	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14837	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10357	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14812	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-10206	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1010238	Trust: 0.1
url:	https://access.redhat.com/errata/rhba-2019:2660	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10356	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14817	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-10356	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14813	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.1/updating/updating-cluster	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-rel	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14811	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10355	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14812	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-10355	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14817	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14811	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10206	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14813	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-10357	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-1010238	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_amq/7.6/	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.amq.broker&version=7.6.0&productchanged=yes	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:0922	Trust: 0.1
url:	https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14809	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/golang-1.11	Trust: 0.1

CREDITS

Red Hat

Trust: 1.1

sources: PACKETSTORM: 155728 // PACKETSTORM: 155479 // PACKETSTORM: 154425 // PACKETSTORM: 154964 // PACKETSTORM: 154712 // PACKETSTORM: 157214 // PACKETSTORM: 155705 // PACKETSTORM: 155517 // PACKETSTORM: 154431 // PACKETSTORM: 156852 // PACKETSTORM: 155396

SOURCES

db:	CERT/CC	id:	VU#605641
db:	VULHUB	id:	VHN-160947
db:	PACKETSTORM	id:	155728
db:	PACKETSTORM	id:	155479
db:	PACKETSTORM	id:	154425
db:	PACKETSTORM	id:	154964
db:	PACKETSTORM	id:	154712
db:	PACKETSTORM	id:	157214
db:	PACKETSTORM	id:	155705
db:	PACKETSTORM	id:	155517
db:	PACKETSTORM	id:	154431
db:	PACKETSTORM	id:	156852
db:	PACKETSTORM	id:	155396
db:	PACKETSTORM	id:	154135
db:	CNNVD	id:	CNNVD-201908-925
db:	NVD	id:	CVE-2019-9512

LAST UPDATE DATE

2024-11-07T21:45:42.971000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#605641	date:	2019-11-19T00:00:00
db:	VULHUB	id:	VHN-160947	date:	2019-08-23T00:00:00
db:	CNNVD	id:	CNNVD-201908-925	date:	2022-07-22T00:00:00
db:	NVD	id:	CVE-2019-9512	date:	2023-11-07T03:13:41.880

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#605641	date:	2019-08-13T00:00:00
db:	VULHUB	id:	VHN-160947	date:	2019-08-13T00:00:00
db:	PACKETSTORM	id:	155728	date:	2019-12-19T22:07:40
db:	PACKETSTORM	id:	155479	date:	2019-11-27T15:37:53
db:	PACKETSTORM	id:	154425	date:	2019-09-10T23:10:30
db:	PACKETSTORM	id:	154964	date:	2019-10-24T18:52:58
db:	PACKETSTORM	id:	154712	date:	2019-10-02T15:03:59
db:	PACKETSTORM	id:	157214	date:	2020-04-14T15:39:41
db:	PACKETSTORM	id:	155705	date:	2019-12-17T15:43:02
db:	PACKETSTORM	id:	155517	date:	2019-12-02T19:18:53
db:	PACKETSTORM	id:	154431	date:	2019-09-10T23:12:33
db:	PACKETSTORM	id:	156852	date:	2020-03-23T15:57:42
db:	PACKETSTORM	id:	155396	date:	2019-11-19T15:17:09
db:	PACKETSTORM	id:	154135	date:	2019-08-19T15:07:50
db:	CNNVD	id:	CNNVD-201908-925	date:	2019-08-13T00:00:00
db:	NVD	id:	CVE-2019-9512	date:	2019-08-13T21:15:12.287