ID

VAR-201910-1495

CVE

CVE-2018-14462

TITLE

tcpdump Vulnerable to out-of-bounds reading

DESCRIPTION

The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print(). tcpdump Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. tcpdump is a set of sniffing tools run under the command line by the Tcpdump team. Description: Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API. These updated images include numerous security fixes, bug fixes, and enhancements. Security Fix(es): * nodejs-node-forge: prototype pollution via the util.setPath function (CVE-2020-7720) * nodejs-json-bigint: Prototype pollution via `__proto__` assignment could result in DoS (CVE-2020-8237) * golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040) * golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586) * golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1806266 - Require an extension to the cephfs subvolume commands, that can return metadata regarding a subvolume 1813506 - Dockerfile not compatible with docker and buildah 1817438 - OSDs not distributed uniformly across OCS nodes on a 9-node AWS IPI setup 1817850 - [BAREMETAL] rook-ceph-operator does not reconcile when osd deployment is deleted when performed node replacement 1827157 - OSD hitting default CPU limit on AWS i3en.2xlarge instances limiting performance 1829055 - [RFE] add insecureEdgeTerminationPolicy: Redirect to noobaa mgmt route (http to https) 1833153 - add a variable for sleep time of rook operator between checks of downed OSD+Node. 1836299 - NooBaa Operator deploys with HPA that fires maxreplicas alerts by default 1842254 - [NooBaa] Compression stats do not add up when compression id disabled 1845976 - OCS 4.5 Independent mode: must-gather commands fails to collect ceph command outputs from external cluster 1849771 - [RFE] Account created by OBC should have same permissions as bucket owner 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1854500 - [tracker-rhcs bug 1838931] mgr/volumes: add command to return metadata of a subvolume snapshot 1854501 - [Tracker-rhcs bug 1848494 ]pybind/mgr/volumes: Add the ability to keep snapshots of subvolumes independent of the source subvolume 1854503 - [tracker-rhcs-bug 1848503] cephfs: Provide alternatives to increase the total cephfs subvolume snapshot counts to greater than the current 400 across a Cephfs volume 1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS 1858195 - [GSS] registry pod stuck in ContainerCreating due to pvc from cephfs storage class fail to mount 1859183 - PV expansion is failing in retry loop in pre-existing PV after upgrade to OCS 4.5 (i.e. if the PV spec does not contain expansion params) 1859229 - Rook should delete extra MON PVCs in case first reconcile takes too long and rook skips "b" and "c" (spawned from Bug 1840084#c14) 1859478 - OCS 4.6 : Upon deployment, CSI Pods in CLBO with error - flag provided but not defined: -metadatastorage 1860022 - OCS 4.6 Deployment: LBP CSV and pod should not be deployed since ob/obc CRDs are owned from OCS 4.5 onwards 1860034 - OCS 4.6 Deployment in ocs-ci : Toolbox pod in ContainerCreationError due to key admin-secret not found 1860670 - OCS 4.5 Uninstall External: Openshift-storage namespace in Terminating state as CephObjectStoreUser had finalizers remaining 1860848 - Add validation for rgw-pool-prefix in the ceph-external-cluster-details-exporter script 1861780 - [Tracker BZ1866386][IBM s390x] Mount Failed for CEPH while running couple of OCS test cases. 1865938 - CSIDrivers missing in OCS 4.6 1867024 - [ocs-operator] operator v4.6.0-519.ci is in Installing state 1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs 1868060 - [External Cluster] Noobaa-default-backingstore PV in released state upon OCS 4.5 uninstall (Secret not found) 1868703 - [rbd] After volume expansion, the new size is not reflected on the pod 1869411 - capture full crash information from ceph 1870061 - [RHEL][IBM] OCS un-install should make the devices raw 1870338 - OCS 4.6 must-gather : ocs-must-gather-xxx-helper pod in ContainerCreationError (couldn't find key admin-secret) 1870631 - OCS 4.6 Deployment : RGW pods went into 'CrashLoopBackOff' state on Z Platform 1872119 - Updates don't work on StorageClass which will keep PV expansion disabled for upgraded cluster 1872696 - [ROKS][RFE]NooBaa Configure IBM COS as default backing store 1873864 - Noobaa: On an baremetal RHCOS cluster, some backingstores are stuck in PROGRESSING state with INVALID_ENDPOINT TemporaryError 1874606 - CVE-2020-7720 nodejs-node-forge: prototype pollution via the util.setPath function 1875476 - Change noobaa logo in the noobaa UI 1877339 - Incorrect use of logr 1877371 - NooBaa UI warning message on Deploy Kubernetes Pool process - typo and shown number is incorrect 1878153 - OCS 4.6 must-gather: collect node information under cluster_scoped_resources/oc_output directory 1878714 - [FIPS enabled] BadDigest error on file upload to noobaa bucket 1878853 - [External Mode] ceph-external-cluster-details-exporter.py does not tolerate TLS enabled RGW 1879008 - ocs-osd-removal job fails because it can't find admin-secret in rook-ceph-mon secret 1879072 - Deployment with encryption at rest is failing to bring up OSD pods 1879919 - [External] Upgrade mechanism from OCS 4.5 to OCS 4.6 needs to be fixed 1880255 - Collect rbd info and subvolume info and snapshot info command output 1881028 - CVE-2020-8237 nodejs-json-bigint: Prototype pollution via `__proto__` assignment could result in DoS 1881071 - [External] Upgrade mechanism from OCS 4.5 to OCS 4.6 needs to be fixed 1882397 - MCG decompression problem with snappy on s390x arch 1883253 - CSV doesn't contain values required for UI to enable minimal deployment and cluster encryption 1883398 - Update csi sidecar containers in rook 1883767 - Using placement strategies in cluster-service.yaml causes ocs-operator to crash 1883810 - [External mode] RGW metrics is not available after OCS upgrade from 4.5 to 4.6 1883927 - Deployment with encryption at rest is failing to bring up OSD pods 1885175 - Handle disappeared underlying device for encrypted OSD 1885428 - panic seen in rook-ceph during uninstall - "close of closed channel" 1885648 - [Tracker for https://bugzilla.redhat.com/show_bug.cgi?id=1885700] FSTYPE for localvolumeset devices shows up as ext2 after uninstall 1885971 - ocs-storagecluster-cephobjectstore doesn't report true state of RGW 1886308 - Default VolumeSnapshot Classes not created in External Mode 1886348 - osd removal job failed with status "Error" 1886551 - Clone creation failed after timeout of 5 hours of Azure platrom for 3 CephFS PVCs ( PVC sizes: 1, 25 and 100 GB) 1886709 - [External] RGW storageclass disappears after upgrade from OCS 4.5 to 4.6 1886859 - OCS 4.6: Uninstall stuck indefinitely if any Ceph pods are in Pending state before uninstall 1886873 - [OCS 4.6 External/Internal Uninstall] - Storage Cluster deletion stuck indefinitely, "failed to delete object store", remaining users: [noobaa-ceph-objectstore-user] 1888583 - [External] When deployment is attempted without specifying the monitoring-endpoint while generating JSON, the CSV is stuck in installing state 1888593 - [External] Add validation for monitoring-endpoint and port in the exporter script 1888614 - [External] Unreachable monitoring-endpoint used during deployment causes ocs-operator to crash 1889441 - Traceback error message while running OCS 4.6 must-gather 1889683 - [GSS] Noobaa Problem when setting public access to a bucket 1889866 - Post node power off/on, an unused MON PVC still stays back in the cluster 1890183 - [External] ocs-operator logs are filled with "failed to reconcile metrics exporter" 1890638 - must-gather helper pod should be deleted after collecting ceph crash info 1890971 - [External] RGW metrics are not available if anything else except 9283 is provided as the monitoring-endpoint-port 1891856 - ocs-metrics-exporter pod should have tolerations for OCS taint 1892206 - [GSS] Ceph image/version mismatch 1892234 - clone #95 creation failed for CephFS PVC ( 10 GB PVC size) during multiple clones creation test 1893624 - Must Gather is not collecting the tar file from NooBaa diagnose 1893691 - OCS4.6 must_gather failes to complete in 600sec 1893714 - Bad response for upload an object with encryption 1895402 - Mon pods didn't get upgraded in 720 second timeout from OCS 4.5 upgrade to 4.6 1896298 - [RFE] Monitoring for Namespace buckets and resources 1896831 - Clone#452 for RBD PVC ( PVC size 1 GB) failed to be created for 600 secs 1898521 - [CephFS] Deleting cephfsplugin pod along with app pods will make PV remain in Released state after deleting the PVC 1902627 - must-gather should wait for debug pods to be in ready state 1904171 - RGW Service is unavailable for a short period during upgrade to OCS 4.6 5. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/libpcap-1.9.1-i586-1_slack14.2.txz: Upgraded. patches/packages/tcpdump-4.9.3-i586-1_slack14.2.txz: Upgraded. Fix buffer overflow/overread vulnerabilities and command line argument/local issues. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16808 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14468 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14469 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14470 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14466 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14461 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14462 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14465 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14881 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14464 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14463 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10103 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10105 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14880 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16451 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14882 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16227 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16229 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16301 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16230 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16452 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16300 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16228 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15166 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15167 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14879 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libpcap-1.9.1-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/tcpdump-4.9.3-i486-1_slack14.0.txz Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libpcap-1.9.1-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/tcpdump-4.9.3-x86_64-1_slack14.0.txz Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libpcap-1.9.1-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/tcpdump-4.9.3-i486-1_slack14.1.txz Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libpcap-1.9.1-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/tcpdump-4.9.3-x86_64-1_slack14.1.txz Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libpcap-1.9.1-i586-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/tcpdump-4.9.3-i586-1_slack14.2.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/libpcap-1.9.1-x86_64-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/tcpdump-4.9.3-x86_64-1_slack14.2.txz Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpcap-1.9.0-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/tcpdump-4.9.2-i586-3.txz Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libpcap-1.9.1-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/tcpdump-4.9.3-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.0 packages: 0855bcc24c0d39f6ec3c6fa7d956ebf4 libpcap-1.9.1-i486-1_slack14.0.txz 1c53d8ea7923c5947dbbf0eb2dfca2aa tcpdump-4.9.3-i486-1_slack14.0.txz Slackware x86_64 14.0 packages: 080435560c6498ba82e3131d9d7f36e4 libpcap-1.9.1-x86_64-1_slack14.0.txz 3740823881e104943cb15be6870a0e7d tcpdump-4.9.3-x86_64-1_slack14.0.txz Slackware 14.1 packages: 7f1dffd77993897a3729c1fb3ea5e395 libpcap-1.9.1-i486-1_slack14.1.txz b267563e154bbddab251e8e2c7a11f69 tcpdump-4.9.3-i486-1_slack14.1.txz Slackware x86_64 14.1 packages: 1177a6f007a4924c2116d15f8cb92900 libpcap-1.9.1-x86_64-1_slack14.1.txz de9844ab61993927903a91fc05450c8c tcpdump-4.9.3-x86_64-1_slack14.1.txz Slackware 14.2 packages: 2672c9a84590170ff8f7f2b233af9a38 libpcap-1.9.1-i586-1_slack14.2.txz 578dbf94aa192915243e2d200c557cc5 tcpdump-4.9.3-i586-1_slack14.2.txz Slackware x86_64 14.2 packages: 16f70962eebe606d3d9668202752bc51 libpcap-1.9.1-x86_64-1_slack14.2.txz 0a4b8400d30a84bc1df774b3537cb4b5 tcpdump-4.9.3-x86_64-1_slack14.2.txz Slackware -current packages: 8765839c82fc67a8075b9e1c5211776b l/libpcap-1.9.0-i586-1.txz 9de3c38d7c061534d28b5b599ab5d563 n/tcpdump-4.9.2-i586-3.txz Slackware x86_64 -current packages: cb278799afec0d6e99ce9a126b9e65f3 l/libpcap-1.9.1-x86_64-1.txz 2d14083ccadb447e5af06e0f940fefa5 n/tcpdump-4.9.3-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg libpcap-1.9.1-i586-1_slack14.2.txz tcpdump-4.9.3-i586-1_slack14.2.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. For the oldstable distribution (stretch), these problems have been fixed in version 4.9.3-1~deb9u1. For the stable distribution (buster), these problems have been fixed in version 4.9.3-1~deb10u1. For the detailed security status of tcpdump please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tcpdump Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl2uIaAACgkQEMKTtsN8 Tjb5ZA/9FxAE0uHVnbXapPaDdrf4JOElV9+iZho4b87YuSXZKch7y/xUtlHMx6Jy 9iYzUd2Cwg0OPRyZii3PjiGSxSrKW9xTYnyfPzI7WdPFWRbeVLw9PKUV9R18fE2u svIuKdeHiJd/MabagWqPffn4ZxgfxlG2Px3xtQhnFchDb7yXAsRUIdWwjIyw1fXR /lRkaehvKkwBHLYtSTnNnMrZyRYNsZBZ6WSeZ5hIFugq9wwWTYXY3vJxR2IUqhq8 veQrHg8DVt58G+GhI7EdmEKB9vJrjtNZBlz8VCiGESxSw/BZjCw2vl20gL2JmV0f 1OA4NaMH7l6Sj2DQDCqHIDN++PGhLkQWUxJHrLV2aqfZ7kn9bxXpX3djUYYjRzpS yaHsAsFOp7zwXkebbvV0dFhjLtst39xRJAEr8dAw6DUmfZqIPazdLv+PGGDpEuuq pcAe6QqrNettT37VCx81PtIQL4BJf1lvTW6VHIwj0MaQ6aFdNImzw/n1ld26ktoV feHER0IM0saIgwj/STOLV1+elNzi9dGdaFArxMRvM/s3fwo8JiYv1qnzfqGtQ6xH 5QwoBwwMZEEkqBvDCTtyFxLgg+Q/iVavwinxIRIb4Ttkr9M+PBL0WldFntlQRrlN SZDCcsvfxjM9aOwNS+tMCoX3CKB7hj94u+ti8MRJCw9I9EOzmZE= =bACv -----END PGP SIGNATURE----- . ========================================================================= Ubuntu Security Notice USN-4252-2 January 27, 2020 tcpdump vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM - Ubuntu 12.04 ESM Summary: Several security issues were fixed in tcpdump. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Multiple security issues were discovered in tcpdump. A remote attacker could use these issues to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. In general, a standard system update will make all the necessary changes. Bugs fixed (https://bugzilla.redhat.com/): 1732329 - Virtual Machine is missing documentation of its properties in yaml editor 1783192 - Guest kernel panic when start RHEL6.10 guest with q35 machine type and virtio disk in cnv 1791753 - [RFE] [SSP] Template validator should check validations in template's parent template 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1848954 - KMP missing CA extensions in cabundle of mutatingwebhookconfiguration 1848956 - KMP requires downtime for CA stabilization during certificate rotation 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1853911 - VM with dot in network name fails to start with unclear message 1854098 - NodeNetworkState on workers doesn't have "status" key due to nmstate-handler pod failure to run "nmstatectl show" 1856347 - SR-IOV : Missing network name for sriov during vm setup 1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS 1859235 - Common Templates - after upgrade there are 2 common templates per each os-workload-flavor combination 1860714 - No API information from `oc explain` 1860992 - CNV upgrade - users are not removed from privileged SecurityContextConstraints 1864577 - [v2v][RHV to CNV non migratable source VM fails to import to Ceph-rbd / File system due to overhead required for Filesystem 1866593 - CDI is not handling vm disk clone 1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs 1868817 - Container-native Virtualization 2.6.0 Images 1873771 - Improve the VMCreationFailed error message caused by VM low memory 1874812 - SR-IOV: Guest Agent expose link-local ipv6 address for sometime and then remove it 1878499 - DV import doesn't recover from scratch space PVC deletion 1879108 - Inconsistent naming of "oc virt" command in help text 1881874 - openshift-cnv namespace is getting stuck if the user tries to delete it while CNV is running 1883232 - Webscale: kubevirt/CNV datavolume importer pod inability to disable sidecar injection if namespace has sidecar injection enabled but VM Template does NOT 1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability 1885153 - [v2v][RHV to CNv VM import] Wrong Network mapping do not show a relevant error message 1885418 - [openshift-cnv] issues with memory overhead calculation when limits are used 1887398 - [openshift-cnv][CNV] nodes need to exist and be labeled first, *before* the NodeNetworkConfigurationPolicy is applied 1889295 - [v2v][VMware to CNV VM import API] diskMappings: volumeMode Block is not passed on to PVC request. 1891285 - Common templates and kubevirt-config cm - update machine-type 1891440 - [v2v][VMware to CNV VM import API]Source VM with no network interface fail with unclear error 1892227 - [SSP] cluster scoped resources are not being reconciled 1893278 - openshift-virtualization-os-images namespace not seen by user 1893646 - [HCO] Pod placement configuration - dry run is not performed for all the configuration stanza 1894428 - Message for VMI not migratable is not clear enough 1894824 - [v2v][VM import] Pick the smallest template for the imported VM, and not always Medium 1894897 - [v2v][VMIO] VMimport CR is not reported as failed when target VM is deleted during the import 1895414 - Virt-operator is accepting updates to the placement of its workload components even with running VMs 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1898072 - Add Fedora33 to Fedora common templates 1898840 - [v2v] VM import VMWare to CNV Import 63 chars vm name should not fail 1899558 - CNV 2.6 - nmstate fails to set state 1901480 - VM disk io can't worked if namespace have label kubemacpool 1902046 - Not possible to edit CDIConfig (through CDI CR / CDIConfig) 1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service 1903014 - hco-webhook pod in CreateContainerError 1903585 - [v2v] Windows 2012 VM imported from RHV goes into Windows repair mode 1904797 - [VMIO][vmware] A migrated RHEL/Windows VM starts in emergency mode/safe mode when target storage is NFS and target namespace is NOT "default" 1906199 - [CNV-2.5] CNV Tries to Install on Windows Workers 1907151 - kubevirt version is not reported correctly via virtctl 1907352 - VM/VMI link changes to `kubevirt.io~v1~VirtualMachineInstance` on CNV 2.6 1907691 - [CNV] Configuring NodeNetworkConfigurationPolicy caused "Internal error occurred" for creating datavolume 1907988 - VM loses dynamic IP address of its default interface after migration 1908363 - Applying NodeNetworkConfigurationPolicy for different NIC than default disables br-ex bridge and nodes lose connectivity 1908421 - [v2v] [VM import RHV to CNV] Windows imported VM boot failed: INACCESSIBLE BOOT DEVICE error 1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference 1909458 - [V2V][VMware to CNV VM import via api using VMIO] VM import to Ceph RBD/BLOCK fails on "qemu-img: /data/disk.img" error 1910857 - Provide a mechanism to enable the HotplugVolumes feature gate via HCO 1911118 - Windows VMI LiveMigration / shutdown fails on 'XML error: non unique alias detected: ua-') 1911396 - Set networkInterfaceMultiqueue false in rhel 6 template for e1000e interface 1911662 - el6 guests don't work properly if virtio bus is specified on various devices 1912908 - Allow using "scsi" bus for disks in template validation 1913248 - Creating vlan interface on top of a bond device via NodeNetworkConfigurationPolicy fails 1913320 - Informative message needed with virtctl image-upload, that additional step is needed from the user 1913717 - Users should have read permitions for golden images data volumes 1913756 - Migrating to Ceph-RBD + Block fails when skipping zeroes 1914177 - CNV does not preallocate blank file data volumes 1914608 - Obsolete CPU models (kubevirt-cpu-plugin-configmap) are set on worker nodes 1914947 - HPP golden images - DV shoudld not be created with WaitForFirstConsumer 1917908 - [VMIO] vmimport pod fail to create when using ceph-rbd/block 1917963 - [CNV 2.6] Unable to install CNV disconnected - requires kvm-info-nfd-plugin which is not mirrored 1919391 - CVE-2021-20206 containernetworking-cni: Arbitrary path injection via type field in CNI configuration 1920576 - HCO can report ready=true when it failed to create a CR for a component operator 1920610 - e2e-aws-4.7-cnv consistently failing on Hyperconverged Cluster Operator 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923979 - kubernetes-nmstate: nmstate-handler pod crashes when configuring bridge device using ip tool 1927373 - NoExecute taint violates pdb; VMIs are not live migrated 1931376 - VMs disconnected from nmstate-defined bridge after CNV-2.5.4->CNV-2.6.0 upgrade 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: tcpdump security, bug fix, and enhancement update Advisory ID: RHSA-2020:4760-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4760 Issue date: 2020-11-03 CVE Names: CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16451 CVE-2018-16452 CVE-2019-15166 ==================================================================== 1. Summary: An update for tcpdump is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces. The following packages have been upgraded to a later upstream version: tcpdump (4.9.3). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: tcpdump-4.9.3-1.el8.src.rpm aarch64: tcpdump-4.9.3-1.el8.aarch64.rpm tcpdump-debuginfo-4.9.3-1.el8.aarch64.rpm tcpdump-debugsource-4.9.3-1.el8.aarch64.rpm ppc64le: tcpdump-4.9.3-1.el8.ppc64le.rpm tcpdump-debuginfo-4.9.3-1.el8.ppc64le.rpm tcpdump-debugsource-4.9.3-1.el8.ppc64le.rpm s390x: tcpdump-4.9.3-1.el8.s390x.rpm tcpdump-debuginfo-4.9.3-1.el8.s390x.rpm tcpdump-debugsource-4.9.3-1.el8.s390x.rpm x86_64: tcpdump-4.9.3-1.el8.x86_64.rpm tcpdump-debuginfo-4.9.3-1.el8.x86_64.rpm tcpdump-debugsource-4.9.3-1.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-10103 https://access.redhat.com/security/cve/CVE-2018-10105 https://access.redhat.com/security/cve/CVE-2018-14461 https://access.redhat.com/security/cve/CVE-2018-14462 https://access.redhat.com/security/cve/CVE-2018-14463 https://access.redhat.com/security/cve/CVE-2018-14464 https://access.redhat.com/security/cve/CVE-2018-14465 https://access.redhat.com/security/cve/CVE-2018-14466 https://access.redhat.com/security/cve/CVE-2018-14467 https://access.redhat.com/security/cve/CVE-2018-14468 https://access.redhat.com/security/cve/CVE-2018-14469 https://access.redhat.com/security/cve/CVE-2018-14470 https://access.redhat.com/security/cve/CVE-2018-14879 https://access.redhat.com/security/cve/CVE-2018-14880 https://access.redhat.com/security/cve/CVE-2018-14881 https://access.redhat.com/security/cve/CVE-2018-14882 https://access.redhat.com/security/cve/CVE-2018-16227 https://access.redhat.com/security/cve/CVE-2018-16228 https://access.redhat.com/security/cve/CVE-2018-16229 https://access.redhat.com/security/cve/CVE-2018-16230 https://access.redhat.com/security/cve/CVE-2018-16300 https://access.redhat.com/security/cve/CVE-2018-16451 https://access.redhat.com/security/cve/CVE-2018-16452 https://access.redhat.com/security/cve/CVE-2019-15166 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX6I4ENzjgjWX9erEAQhWpBAAl8gza241WtZUglkRZgl5MEblBH2i/YD7 ixrj7P/T6FmlkhbgotT6cWAD4v/oej0aV3VlgnlY9JI9iPGKvP6ZYu8jbaW50Lr+ E1wDuI/6nAp/e6DLSYAe1qD52c06SrPdlMP40SE9ZQoTDe38Z8Uvfpm7X4CN9wgi AbGc3fUHkO5EDrYDpiT3UxF3X71yVq8/mWJRNo2T8IPxc6ufGJM524cFLV6KDx1q h0vDHxcv69wCwKXjYHBoU/X5Bq7k4KuTTbI4B5NgHouWrosUYcn5Bo9eiSfjY0C3 cGD+CSQ/cBHzOleg7X6f3vrI7p6Gc0RG/npAIx7VfUucg8GYmdS2cjv93A5oqXJQ VIOGjtdX9dV6WEY2kkfJmjHJr4ehef6n6LML9U0F3OIMHYAeM9xObQYVU/iYH1db 1kHQmLcQNR5RbNAm9VKuZdEU/V/IdM0bb1gGZEiuAbu1esSwV9h9zbke4Nf3pmC1 qCmHF6sDyBrrHv1J0sr7dsd4gIlrNhXxtej+3FHCnKiuyMIyrPaKmsjidSeNyHTQ oQVAxH4doUpiWeViH0/wEg7tcRuU6AFW64iFnMzXG2/iP4H5Oin9Gzsky+cdU+RH GfzzlTFeyNqhdxeoncnskYCKWN+rKCM+7kPVoSa2JwbZDgWFAIlFNkHsYSjBnYDD 5ua+Acdmj44=1sro -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

buffer error

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Ubuntu,Red Hat,Slackware Security Team

SOURCES

LAST UPDATE DATE

2025-01-28T22:37:59.499000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE