ID

VAR-202101-0119


CVE

CVE-2019-25013


TITLE

Red Hat Security Advisory 2021-1585-01

Trust: 0.1

sources: PACKETSTORM: 162634

DESCRIPTION

The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read. 8) - aarch64, ppc64le, s390x, x86_64 3. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. Bugs fixed (https://bugzilla.redhat.com/): 1428290 - CVE-2016-10228 glibc: iconv program can hang when invoked with the -c option 1684057 - CVE-2019-9169 glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read 1704868 - CVE-2016-10228 glibc: iconv: Fix converter hangs and front end option parsing for //TRANSLIT and //IGNORE [rhel-8] 1855790 - glibc: Update Intel CET support from upstream 1856398 - glibc: Build with -moutline-atomics on aarch64 1868106 - glibc: Transaction ID collisions cause slow DNS lookups in getaddrinfo 1871385 - glibc: Improve auditing implementation (including DT_AUDIT, and DT_DEPAUDIT) 1871387 - glibc: Improve IBM POWER9 architecture performance 1871394 - glibc: Fix AVX2 off-by-one error in strncmp (swbz#25933) 1871395 - glibc: Improve IBM Z (s390x) Performance 1871396 - glibc: Improve use of static TLS surplus for optimizations. Description: Windows Container Support for Red Hat OpenShift allows you to deploy Windows container workloads running on Windows Server containers. Bug Fix(es): * WMCO patch pub-key-hash annotation to Linux node (BZ#1945248) * LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath (BZ#1952917) * Telemetry info not completely available to identify windows nodes (BZ#1955319) * WMCO incorrectly shows node as ready after a failed configuration (BZ#1956412) * kube-proxy service terminated unexpectedly after recreated LB service (BZ#1963263) 3. Solution: For Windows Machine Config Operator upgrades, see the following documentation: https://docs.openshift.com/container-platform/4.7/windows_containers/window s-node-upgrades.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1945248 - WMCO patch pub-key-hash annotation to Linux node 1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don't create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM 1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath 1955319 - Telemetry info not completely available to identify windows nodes 1956412 - WMCO incorrectly shows node as ready after a failed configuration 1963263 - kube-proxy service terminated unexpectedly after recreated LB service 5. Bugs fixed (https://bugzilla.redhat.com/): 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve 5. JIRA issues fixed (https://issues.jboss.org/): TRACING-1725 - Elasticsearch operator reports x509 errors communicating with ElasticSearch in OpenShift Service Mesh project 6. Description: Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.2/html/release_notes/ Security fixes: * redisgraph-tls: redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309) * console-header-container: nodejs-netmask: improper input validation of octal input data (CVE-2021-28092) * console-container: nodejs-is-svg: ReDoS via malicious string (CVE-2021-28918) Bug fixes: * RHACM 2.2.4 images (BZ# 1957254) * Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 (BZ#1950832) * ACM Operator should support using the default route TLS (BZ# 1955270) * The scrolling bar for search filter does not work properly (BZ# 1956852) * Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426) * The proxy setup in install-config.yaml is not worked when IPI installing with RHACM (BZ# 1960181) * Unable to make SSH connection to a Bitbucket server (BZ# 1966513) * Observability Thanos store shard crashing - cannot unmarshall DNS message (BZ# 1967890) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory 1954506 - [DDF] Table does not contain data about 20 clusters. Now it's difficult to estimate CPU usage with larger clusters 1954535 - Reinstall Submariner - No endpoints found on one cluster 1955270 - ACM Operator should support using the default route TLS 1956852 - The scrolling bar for search filter does not work properly 1957254 - RHACM 2.2.4 images 1959426 - Limits on Length of MultiClusterObservability Resource Name 1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. 1963128 - [DDF] Please rename this to "Amazon Elastic Kubernetes Service" 1966513 - Unable to make SSH connection to a Bitbucket server 1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. 1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message 5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202107-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: glibc: Multiple vulnerabilities Date: July 06, 2021 Bugs: #764176, #767718, #772425, #792261 ID: 202107-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in glibc could result in Denial of Service. Background ========== glibc is a package that contains the GNU C library. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-libs/glibc < 2.33-r1 >= 2.33-r1 Description =========== Multiple vulnerabilities have been discovered in glibc. Please review the CVE identifiers referenced below for details. Impact ====== An attacker could cause a possible Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All glibc users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.33-r1" References ========== [ 1 ] CVE-2019-25013 https://nvd.nist.gov/vuln/detail/CVE-2019-25013 [ 2 ] CVE-2020-27618 https://nvd.nist.gov/vuln/detail/CVE-2020-27618 [ 3 ] CVE-2021-27645 https://nvd.nist.gov/vuln/detail/CVE-2021-27645 [ 4 ] CVE-2021-3326 https://nvd.nist.gov/vuln/detail/CVE-2021-3326 [ 5 ] CVE-2021-33574 https://nvd.nist.gov/vuln/detail/CVE-2021-33574 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202107-07 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Bugs fixed (https://bugzilla.redhat.com/): 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve 1945703 - "Guest OS Info" availability in VMI describe is flaky 1958816 - [2.6.z] KubeMacPool fails to start due to OOM likely caused by a high number of Pods running in the cluster 1963275 - migration controller null pointer dereference 1965099 - Live Migration double handoff to virt-handler causes connection failures 1965181 - CDI importer doesn't report AwaitingVDDK like it used to 1967086 - Cloning DataVolumes between namespaces fails while creating cdi-upload pod 1967887 - [2.6.6] nmstate is not progressing on a node and not configuring vlan filtering that causes an outage for VMs 1969756 - Windows VMs fail to start on air-gapped environments 1970372 - Virt-handler fails to verify container-disk 1973227 - segfault in virt-controller during pdb deletion 1974084 - 2.6.6 containers 1975212 - No Virtual Machine Templates Found [EDIT - all templates are marked as depracted] 1975727 - [Regression][VMIO][Warm] The third precopy does not end in warm migration 1977756 - [2.6.z] PVC keeps in pending when using hostpath-provisioner 1982760 - [v2v] no kind VirtualMachine is registered for version \"kubevirt.io/v1\" i... 1986989 - OpenShift Virtualization 2.6.z cannot be upgraded to 4.8.0 initially deployed starting with <= 4.8 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: glibc security and bug fix update Advisory ID: RHSA-2021:0348-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0348 Issue date: 2021-02-02 CVE Names: CVE-2019-25013 CVE-2020-10029 CVE-2020-29573 ==================================================================== 1. Summary: An update for glibc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Bug Fix(es): * glibc: 64bit_strstr_via_64bit_strstr_sse2_unaligned detection fails with large device and inode numbers (BZ#1883162) * glibc: Performance regression in ebizzy benchmark (BZ#1889977) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the glibc library must be restarted, or the system rebooted. 5. Package List: Red Hat Enterprise Linux Client (v. 7): Source: glibc-2.17-322.el7_9.src.rpm x86_64: glibc-2.17-322.el7_9.i686.rpm glibc-2.17-322.el7_9.x86_64.rpm glibc-common-2.17-322.el7_9.x86_64.rpm glibc-debuginfo-2.17-322.el7_9.i686.rpm glibc-debuginfo-2.17-322.el7_9.x86_64.rpm glibc-debuginfo-common-2.17-322.el7_9.i686.rpm glibc-debuginfo-common-2.17-322.el7_9.x86_64.rpm glibc-devel-2.17-322.el7_9.i686.rpm glibc-devel-2.17-322.el7_9.x86_64.rpm glibc-headers-2.17-322.el7_9.x86_64.rpm glibc-utils-2.17-322.el7_9.x86_64.rpm nscd-2.17-322.el7_9.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: glibc-debuginfo-2.17-322.el7_9.i686.rpm glibc-debuginfo-2.17-322.el7_9.x86_64.rpm glibc-debuginfo-common-2.17-322.el7_9.i686.rpm glibc-debuginfo-common-2.17-322.el7_9.x86_64.rpm glibc-static-2.17-322.el7_9.i686.rpm glibc-static-2.17-322.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: glibc-2.17-322.el7_9.src.rpm x86_64: glibc-2.17-322.el7_9.i686.rpm glibc-2.17-322.el7_9.x86_64.rpm glibc-common-2.17-322.el7_9.x86_64.rpm glibc-debuginfo-2.17-322.el7_9.i686.rpm glibc-debuginfo-2.17-322.el7_9.x86_64.rpm glibc-debuginfo-common-2.17-322.el7_9.i686.rpm glibc-debuginfo-common-2.17-322.el7_9.x86_64.rpm glibc-devel-2.17-322.el7_9.i686.rpm glibc-devel-2.17-322.el7_9.x86_64.rpm glibc-headers-2.17-322.el7_9.x86_64.rpm glibc-utils-2.17-322.el7_9.x86_64.rpm nscd-2.17-322.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: glibc-debuginfo-2.17-322.el7_9.i686.rpm glibc-debuginfo-2.17-322.el7_9.x86_64.rpm glibc-debuginfo-common-2.17-322.el7_9.i686.rpm glibc-debuginfo-common-2.17-322.el7_9.x86_64.rpm glibc-static-2.17-322.el7_9.i686.rpm glibc-static-2.17-322.el7_9.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: glibc-2.17-322.el7_9.src.rpm ppc64: glibc-2.17-322.el7_9.ppc.rpm glibc-2.17-322.el7_9.ppc64.rpm glibc-common-2.17-322.el7_9.ppc64.rpm glibc-debuginfo-2.17-322.el7_9.ppc.rpm glibc-debuginfo-2.17-322.el7_9.ppc64.rpm glibc-debuginfo-common-2.17-322.el7_9.ppc.rpm glibc-debuginfo-common-2.17-322.el7_9.ppc64.rpm glibc-devel-2.17-322.el7_9.ppc.rpm glibc-devel-2.17-322.el7_9.ppc64.rpm glibc-headers-2.17-322.el7_9.ppc64.rpm glibc-utils-2.17-322.el7_9.ppc64.rpm nscd-2.17-322.el7_9.ppc64.rpm ppc64le: glibc-2.17-322.el7_9.ppc64le.rpm glibc-common-2.17-322.el7_9.ppc64le.rpm glibc-debuginfo-2.17-322.el7_9.ppc64le.rpm glibc-debuginfo-common-2.17-322.el7_9.ppc64le.rpm glibc-devel-2.17-322.el7_9.ppc64le.rpm glibc-headers-2.17-322.el7_9.ppc64le.rpm glibc-utils-2.17-322.el7_9.ppc64le.rpm nscd-2.17-322.el7_9.ppc64le.rpm s390x: glibc-2.17-322.el7_9.s390.rpm glibc-2.17-322.el7_9.s390x.rpm glibc-common-2.17-322.el7_9.s390x.rpm glibc-debuginfo-2.17-322.el7_9.s390.rpm glibc-debuginfo-2.17-322.el7_9.s390x.rpm glibc-debuginfo-common-2.17-322.el7_9.s390.rpm glibc-debuginfo-common-2.17-322.el7_9.s390x.rpm glibc-devel-2.17-322.el7_9.s390.rpm glibc-devel-2.17-322.el7_9.s390x.rpm glibc-headers-2.17-322.el7_9.s390x.rpm glibc-utils-2.17-322.el7_9.s390x.rpm nscd-2.17-322.el7_9.s390x.rpm x86_64: glibc-2.17-322.el7_9.i686.rpm glibc-2.17-322.el7_9.x86_64.rpm glibc-common-2.17-322.el7_9.x86_64.rpm glibc-debuginfo-2.17-322.el7_9.i686.rpm glibc-debuginfo-2.17-322.el7_9.x86_64.rpm glibc-debuginfo-common-2.17-322.el7_9.i686.rpm glibc-debuginfo-common-2.17-322.el7_9.x86_64.rpm glibc-devel-2.17-322.el7_9.i686.rpm glibc-devel-2.17-322.el7_9.x86_64.rpm glibc-headers-2.17-322.el7_9.x86_64.rpm glibc-utils-2.17-322.el7_9.x86_64.rpm nscd-2.17-322.el7_9.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: glibc-debuginfo-2.17-322.el7_9.ppc.rpm glibc-debuginfo-2.17-322.el7_9.ppc64.rpm glibc-debuginfo-common-2.17-322.el7_9.ppc.rpm glibc-debuginfo-common-2.17-322.el7_9.ppc64.rpm glibc-static-2.17-322.el7_9.ppc.rpm glibc-static-2.17-322.el7_9.ppc64.rpm ppc64le: glibc-debuginfo-2.17-322.el7_9.ppc64le.rpm glibc-debuginfo-common-2.17-322.el7_9.ppc64le.rpm glibc-static-2.17-322.el7_9.ppc64le.rpm s390x: glibc-debuginfo-2.17-322.el7_9.s390.rpm glibc-debuginfo-2.17-322.el7_9.s390x.rpm glibc-debuginfo-common-2.17-322.el7_9.s390.rpm glibc-debuginfo-common-2.17-322.el7_9.s390x.rpm glibc-static-2.17-322.el7_9.s390.rpm glibc-static-2.17-322.el7_9.s390x.rpm x86_64: glibc-debuginfo-2.17-322.el7_9.i686.rpm glibc-debuginfo-2.17-322.el7_9.x86_64.rpm glibc-debuginfo-common-2.17-322.el7_9.i686.rpm glibc-debuginfo-common-2.17-322.el7_9.x86_64.rpm glibc-static-2.17-322.el7_9.i686.rpm glibc-static-2.17-322.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: glibc-2.17-322.el7_9.src.rpm x86_64: glibc-2.17-322.el7_9.i686.rpm glibc-2.17-322.el7_9.x86_64.rpm glibc-common-2.17-322.el7_9.x86_64.rpm glibc-debuginfo-2.17-322.el7_9.i686.rpm glibc-debuginfo-2.17-322.el7_9.x86_64.rpm glibc-debuginfo-common-2.17-322.el7_9.i686.rpm glibc-debuginfo-common-2.17-322.el7_9.x86_64.rpm glibc-devel-2.17-322.el7_9.i686.rpm glibc-devel-2.17-322.el7_9.x86_64.rpm glibc-headers-2.17-322.el7_9.x86_64.rpm glibc-utils-2.17-322.el7_9.x86_64.rpm nscd-2.17-322.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: glibc-debuginfo-2.17-322.el7_9.i686.rpm glibc-debuginfo-2.17-322.el7_9.x86_64.rpm glibc-debuginfo-common-2.17-322.el7_9.i686.rpm glibc-debuginfo-common-2.17-322.el7_9.x86_64.rpm glibc-static-2.17-322.el7_9.i686.rpm glibc-static-2.17-322.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-25013 https://access.redhat.com/security/cve/CVE-2020-10029 https://access.redhat.com/security/cve/CVE-2020-29573 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYBlBl9zjgjWX9erEAQgCFRAAqJ3gXSXItZZaJIsC+Vmn5UKbxwZemBAY BHN3zi4PdGi/z+NlHHKXXr36UgyGpzjVWM6OpQpNAXQKWLRYA6/zFxFxTrCtn/qS r+O9G85fUuVtfiwx5wKU8uMiSYsrFdWyvc/HwbRWMSjNHUMYl6O3Sb8SeE2XJUUx ZUs4/XZdc763H8tJbdeZ+qdWmZf1lLIJ7hpckOttk8qQkP/e1nGtMpojSRoLs3fc cpV+JI1IvTwp+ytvGNTcbPL0C5qxcKmxTzUVk2iPFj41L4K7hLvScg06vudB+ZnN q7DCvsY2ZO8M6L8ibOUXqnCOt0Yn9BZW2PwicH+Mn+G9s2hfa2Qx19CqaemCSjBF wrqXnQ1gtxpRnBxJwlKO2bvV70edx5muShTxEm933zfu+eZbR/Me/0bg8O0/a22F 3ZawSeiJATxHbAK3E/+b8EbRcxrFGimr0oX05NIk/6BICzu5QRT/wPTt5PlSTaXm cdBxsfbfX+R7+lXiVh9QSbJ9Jdx9UruliFDrdGaA8vTFOih1hXW//n2Dg3CZWdwg 2JSWp6yqMnG7/KQKDZMpYFdQCopLjaxtjIwkWiNiARtf3BLBwntbVUcKo6C/O4Rj gbNSCrZ4J2dH3J5pr5mEGzGAyuqE35NRWsqNq82LRWjx5UM5u0QyBO/Db8oWeqR3 9VNjuVm8k0g=7N1F -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description: Red Hat OpenShift Serverless 1.17.0 release of the OpenShift Serverless Operator. Security Fix(es): * golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558) * golang: net: lookup functions may return invalid host names (CVE-2021-33195) * golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197) * golang: match/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198) * golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918) * golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525) * golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196) It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless client kn 1.16.0. This has been fixed (CVE-2021-3703). Bugs fixed (https://bugzilla.redhat.com/): 1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1983651 - Release of OpenShift Serverless Serving 1.17.0 1983654 - Release of OpenShift Serverless Eventing 1.17.0 1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names 1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty 1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents 1992955 - CVE-2021-3703 serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196 5. Description: Service Telemetry Framework (STF) provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat OpenShift Container Platform (OCP) deployment for storage, retrieval, and monitoring. Solution: The Service Telemetry Framework container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References). Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally. Bugs fixed (https://bugzilla.redhat.com/): 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 5

Trust: 1.89

sources: NVD: CVE-2019-25013 // VULMON: CVE-2019-25013 // PACKETSTORM: 162634 // PACKETSTORM: 163257 // PACKETSTORM: 163267 // PACKETSTORM: 163188 // PACKETSTORM: 163496 // PACKETSTORM: 163406 // PACKETSTORM: 163789 // PACKETSTORM: 161254 // PACKETSTORM: 164192 // PACKETSTORM: 168011

AFFECTED PRODUCTS

vendor:fedoraprojectmodel:fedorascope:eqversion:32

Trust: 1.0

vendor:netappmodel:ontap select deploy administration utilityscope:eqversion: -

Trust: 1.0

vendor:broadcommodel:fabric operating systemscope:eqversion: -

Trust: 1.0

vendor:gnumodel:glibcscope:lteversion:2.32

Trust: 1.0

vendor:netappmodel:a250scope:eqversion: -

Trust: 1.0

vendor:netappmodel:service processorscope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:netappmodel:500fscope:eqversion: -

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:33

Trust: 1.0

sources: NVD: CVE-2019-25013

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-25013
value: MEDIUM

Trust: 1.0

VULMON: CVE-2019-25013
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-25013
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

nvd@nist.gov: CVE-2019-25013
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULMON: CVE-2019-25013 // NVD: CVE-2019-25013

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.0

sources: NVD: CVE-2019-25013

THREAT TYPE

remote

Trust: 0.1

sources: PACKETSTORM: 168011

TYPE

overflow

Trust: 0.2

sources: PACKETSTORM: 163188 // PACKETSTORM: 161254

PATCH

title:Debian CVElist Bug Report Logs: glibc: CVE-2019-25013url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=7073abdc63eae799f90555726b8fbe41

Trust: 0.1

title:Red Hat: Moderate: glibc security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210348 - Security Advisory

Trust: 0.1

title:Amazon Linux 2: ALAS2-2021-1599url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2021-1599

Trust: 0.1

title:Ubuntu Security Notice: USN-5768-1: GNU C Library vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5768-1

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2019-25013 log

Trust: 0.1

title:Amazon Linux AMI: ALAS-2021-1511url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2021-1511

Trust: 0.1

title:Arch Linux Advisories: [ASA-202102-18] glibc: denial of serviceurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202102-18

Trust: 0.1

title:Arch Linux Advisories: [ASA-202102-17] lib32-glibc: denial of serviceurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202102-17

Trust: 0.1

title:Red Hat: Moderate: Red Hat Advanced Cluster Management 2.1.3 security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210607 - Security Advisory

Trust: 0.1

title:Amazon Linux 2: ALAS2-2021-1605url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2021-1605

Trust: 0.1

title:Ubuntu Security Notice: USN-5310-1: GNU C Library vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5310-1

Trust: 0.1

title:Red Hat: Important: Service Telemetry Framework 1.4 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20225924 - Security Advisory

Trust: 0.1

title:IBM: Security Bulletin: Cloud Pak for Security contains security vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=08f19f0be4d5dcf7486e5abcdb671477

Trust: 0.1

title:Red Hat: Moderate: OpenShift Container Platform 4.10.3 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220056 - Security Advisory

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d

Trust: 0.1

title: - url:https://github.com/Live-Hack-CVE/CVE-2019-25013

Trust: 0.1

title:ecr-apiurl:https://github.com/YaleSpinup/ecr-api

Trust: 0.1

title:sanctionurl:https://github.com/ctc-oss/sanction

Trust: 0.1

title:release-the-code-litecoinurl:https://github.com/brandoncamenisch/release-the-code-litecoin

Trust: 0.1

title:interview_projecturl:https://github.com/domyrtille/interview_project

Trust: 0.1

title:trivy-multiscannerurl:https://github.com/onzack/trivy-multiscanner

Trust: 0.1

title:spring-boot-app-with-log4j-vulnurl:https://github.com/nedenwalker/spring-boot-app-with-log4j-vuln

Trust: 0.1

title:giant-squidurl:https://github.com/dispera/giant-squid

Trust: 0.1

title:devops-demourl:https://github.com/epequeno/devops-demo

Trust: 0.1

title:spring-boot-app-using-gradleurl:https://github.com/nedenwalker/spring-boot-app-using-gradle

Trust: 0.1

title:xyz-solutionsurl:https://github.com/sauliuspr/xyz-solutions

Trust: 0.1

title:myapp-container-jaxrsurl:https://github.com/akiraabe/myapp-container-jaxrs

Trust: 0.1

sources: VULMON: CVE-2019-25013

EXTERNAL IDS

db:NVDid:CVE-2019-25013

Trust: 2.1

db:VULMONid:CVE-2019-25013

Trust: 0.1

db:PACKETSTORMid:162634

Trust: 0.1

db:PACKETSTORMid:163257

Trust: 0.1

db:PACKETSTORMid:163267

Trust: 0.1

db:PACKETSTORMid:163188

Trust: 0.1

db:PACKETSTORMid:163496

Trust: 0.1

db:PACKETSTORMid:163406

Trust: 0.1

db:PACKETSTORMid:163789

Trust: 0.1

db:PACKETSTORMid:161254

Trust: 0.1

db:PACKETSTORMid:164192

Trust: 0.1

db:PACKETSTORMid:168011

Trust: 0.1

sources: VULMON: CVE-2019-25013 // PACKETSTORM: 162634 // PACKETSTORM: 163257 // PACKETSTORM: 163267 // PACKETSTORM: 163188 // PACKETSTORM: 163496 // PACKETSTORM: 163406 // PACKETSTORM: 163789 // PACKETSTORM: 161254 // PACKETSTORM: 164192 // PACKETSTORM: 168011 // NVD: CVE-2019-25013

REFERENCES

url:https://security.gentoo.org/glsa/202107-07

Trust: 1.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-25013

Trust: 1.0

url:https://lists.apache.org/thread.html/r32d767ac804e9b8aad4355bb85960a6a1385eab7afff549a5e98660f%40%3cjira.kafka.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r448bb851cc8e6e3f93f3c28c70032b37062625d81214744474ac49e7%40%3cdev.kafka.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r4806a391091e082bdea17266452ca656ebc176e51bb3932733b3a0a2%40%3cjira.kafka.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r499e4f96d0b5109ef083f2feccd33c51650c1b7d7068aa3bd47efca9%40%3cjira.kafka.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r5af4430421bb6f9973294691a7904bbd260937e9eef96b20556f43ff%40%3cjira.kafka.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r750eee18542bc02bd8350861c424ee60a9b9b225568fa09436a37ece%40%3cissues.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r7a2e94adfe0a2f0a1d42e4927e8c32ecac97d37db9cb68095fe9ddbc%40%3cdev.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rd2354f9ccce41e494fbadcbc5ad87218de6ec0fff8a7b54c8462226c%40%3cissues.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3cdev.mina.apache.org%3e

Trust: 1.0

url:https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4y6tx47p47kabsfol26fldnvcwxdkdez/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tvcunlq3hxgs4vpuqkwtjgraw2ktfgxs/

Trust: 1.0

url:https://security.netapp.com/advisory/ntap-20210205-0004/

Trust: 1.0

url:https://sourceware.org/bugzilla/show_bug.cgi?id=24973

Trust: 1.0

url:https://sourceware.org/git/?p=glibc.git%3ba=commit%3bh=ee7a3144c9922808181009b7b3e50e852fb4999b

Trust: 1.0

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 1.0

url:https://access.redhat.com/security/cve/cve-2019-25013

Trust: 0.9

url:https://access.redhat.com/security/team/contact/

Trust: 0.9

url:https://bugzilla.redhat.com/):

Trust: 0.9

url:https://access.redhat.com/security/cve/cve-2021-3326

Trust: 0.8

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.8

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2016-10228

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2016-10228

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2020-27618

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2019-9169

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-9169

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2020-29361

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2020-15358

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2020-8927

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2017-14502

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2020-29362

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2017-14502

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2020-29363

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2020-13434

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-27618

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2019-2708

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-8286

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-28196

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-13434

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-8285

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-2708

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-8231

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-8284

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-3326

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-15358

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-27219

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-29362

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-8284

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-20305

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-8285

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-8286

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-8927

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-3842

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-13776

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-29363

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-24977

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-3842

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-13776

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-8231

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-29361

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-28196

Trust: 0.4

url:https://access.redhat.com/articles/11258

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-27219

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-20305

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3449

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3450

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-24977

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-23336

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3114

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-26116

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-27619

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3177

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3520

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3537

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3518

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3516

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3517

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3541

Trust: 0.3

url:https://access.redhat.com/security/team/key/

Trust: 0.2

url:https://issues.jboss.org/):

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-28362

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-25039

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-12364

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-25037

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-25037

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-12363

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-28935

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-25034

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-25035

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-14866

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-25038

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-14866

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-26137

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-25040

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-25042

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-25042

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-12362

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-25038

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-25032

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-25041

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-25036

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-25032

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-25215

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-25036

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-25035

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-12362

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-12363

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-25039

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-25040

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-12364

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-25041

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-25034

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-27918

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-31525

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-31525

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-27918

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-33196

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-33196

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20271

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-27218

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:1585

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-25736

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3450

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2130

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/windows_containers/window

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25736

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3449

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-26116

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28362

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhb

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2532

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23336

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-27619

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3114

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21639

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28165

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28092

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10878

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-24330

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28163

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21309

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21640

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28918

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24330

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3543

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3501

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25648

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8648

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27170

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24331

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25692

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-2433

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10543

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3347

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24332

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10543

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10878

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2461

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2705

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33574

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-27645

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14347

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14346

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25712

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23240

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13543

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9951

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23239

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36242

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33909

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-32399

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9948

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13012

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14363

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14345

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13584

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13543

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14360

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13584

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3560

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20201

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25659

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3119

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25217

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9983

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14344

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14345

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14344

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14362

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14361

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28211

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13012

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14346

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33910

Trust: 0.1

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10029

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10029

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0348

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-29573

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-29573

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33195

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-27218

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33197

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33195

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33198

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33198

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-34558

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3556

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33197

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20271

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3421

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3703

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-37750

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-3867

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9805

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-3894

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9807

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-3899

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30761

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8743

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8743

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8823

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1000858

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-3900

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9894

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33938

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8782

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8771

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9952

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8846

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24407

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9915

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1271

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8783

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36222

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8625

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8813

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9806

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-3885

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9802

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8764

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22946

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8769

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8710

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-1000858

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10018

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9895

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8811

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8710

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8819

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-3862

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13050

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-25032

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-3868

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-3895

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-3865

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33930

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14391

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-3864

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9862

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33929

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8835

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14889

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8816

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-3897

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8808

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13627

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20454

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8625

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22947

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8766

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11793

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9803

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3521

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9850

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30666

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33928

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-30631

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8820

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9893

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23852

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14889

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1730

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8844

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20807

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-3902

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:5924

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8814

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8812

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8815

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9843

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20454

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-3901

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8720

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-25032

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30762

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13050

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13627

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20807

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9925

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0778

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15503

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8720

Trust: 0.1

sources: PACKETSTORM: 162634 // PACKETSTORM: 163257 // PACKETSTORM: 163267 // PACKETSTORM: 163188 // PACKETSTORM: 163496 // PACKETSTORM: 163406 // PACKETSTORM: 163789 // PACKETSTORM: 161254 // PACKETSTORM: 164192 // PACKETSTORM: 168011 // NVD: CVE-2019-25013

CREDITS

Red Hat

Trust: 0.9

sources: PACKETSTORM: 162634 // PACKETSTORM: 163257 // PACKETSTORM: 163267 // PACKETSTORM: 163188 // PACKETSTORM: 163496 // PACKETSTORM: 163789 // PACKETSTORM: 161254 // PACKETSTORM: 164192 // PACKETSTORM: 168011

SOURCES

db:VULMONid:CVE-2019-25013
db:PACKETSTORMid:162634
db:PACKETSTORMid:163257
db:PACKETSTORMid:163267
db:PACKETSTORMid:163188
db:PACKETSTORMid:163496
db:PACKETSTORMid:163406
db:PACKETSTORMid:163789
db:PACKETSTORMid:161254
db:PACKETSTORMid:164192
db:PACKETSTORMid:168011
db:NVDid:CVE-2019-25013

LAST UPDATE DATE

2024-11-22T22:33:00.893000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2019-25013date:2023-11-09T00:00:00
db:NVDid:CVE-2019-25013date:2023-11-09T14:44:33.733

SOURCES RELEASE DATE

db:VULMONid:CVE-2019-25013date:2021-01-04T00:00:00
db:PACKETSTORMid:162634date:2021-05-19T13:59:56
db:PACKETSTORMid:163257date:2021-06-23T15:44:15
db:PACKETSTORMid:163267date:2021-06-23T16:08:25
db:PACKETSTORMid:163188date:2021-06-17T17:53:22
db:PACKETSTORMid:163496date:2021-07-14T15:02:07
db:PACKETSTORMid:163406date:2021-07-06T15:43:31
db:PACKETSTORMid:163789date:2021-08-11T16:15:17
db:PACKETSTORMid:161254date:2021-02-02T16:12:10
db:PACKETSTORMid:164192date:2021-09-17T16:04:56
db:PACKETSTORMid:168011date:2022-08-09T14:36:05
db:NVDid:CVE-2019-25013date:2021-01-04T18:15:13.027