Malware Devil

Tuesday, October 6, 2020

ESB-2020.3452 – [Appliance] IBM Security Access Manager: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3452
Security Bulletin: Multiple Security Vulnerabilities fixed in IBM WebSphere
             Liberty as shipped in IBM Security Access Manager
                              6 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           IBM Security Access Manager
Publisher:         IBM
Operating System:  Network Appliance
Impact/Access:     Denial of Service        -- Remote/Unauthenticated
                   Access Confidential Data -- Remote/Unauthenticated
                   Reduced Security         -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-4720 CVE-2019-4305 CVE-2019-4304

Reference:         ESB-2020.2622
                   ESB-2020.2199

Original Bulletin: 
   https://www.ibm.com/support/pages/node/6343153

- --------------------------BEGIN INCLUDED TEXT--------------------

Multiple Security Vulnerabilities fixed in IBM WebSphere Liberty as shipped in
IBM Security Access Manager

Security Bulletin

Summary

IBM Security Access Manager has shipped fixes that were fixed in IBM Security
WebSphere Liberty.

Vulnerability Details

CVEID: CVE-2019-4304
DESCRIPTION: IBM WebSphere Application Server - Liberty could allow a remote
attacker to bypass security restrictions caused by improper session validation.
IBM X-Force ID: 160950.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
160950 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2019-4305
DESCRIPTION: IBM WebSphere Application Server Liberty could allow a remote
attacker to obtain sensitive information caused by the improper setting of a
cookie. IBM X-Force ID: 160951.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
160951 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2019-4720
DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is
vulnerable to a denial of service, caused by sending a specially-crafted
request. A remote attacker could exploit this vulnerability to cause the server
to consume all available memory. IBM X-Force ID: 172125.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
172125 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

+--------------------+----------+
|Affected Product(s) |Version(s)|
+--------------------+----------+
|ISAM                |9.0       |
+--------------------+----------+
|ISAM                |8.0       |
+--------------------+----------+

Remediation/Fixes

+---------------------------+-------+-------+-----------------------+
|Product Name               |VRMF   |APAR   |Remediation/First Fix  |
+---------------------------+-------+-------+-----------------------+
|IBM Security Access Manager|8.0.1  |IJ24609|8.0.1-ISS-WGA-FP0009   |
+---------------------------+-------+-------+-----------------------+
|IBM Security Access Manager|9.0.7.1|IJ24609|9.0.7.1-ISS-ISAM-IF0005|
+---------------------------+-------+-------+-----------------------+

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX3vccuNLKJtyKPYoAQhnqBAAqhBJHZ5r1CnwsImqwKQkAGRJajlif2KH
0SZXQw2FcU6a6NQJq1c2cia9jJek5S7IknqjMs0za1Lups7sdrZIaLJ9RXjlrvB+
f1z/cCqd2OtAx5rOORjq8J/z2W0ZLSB7Q3M6SJcFUYUYK5vRgSJrxvqF5JYf9CtK
2oS8bxCSb1W80LpxXCeAgGSqsNqPD+SuG/YcBTIdqbk6qX9x1SNBGgo+r6rdOTs4
EpHBZiMmfJ6YfcziUvc0Qbz1fKKnoTQBPpv/9TkjIKc6mTAklcO9YIYMATcqiJTy
Cb5iR0hIXhB8wcbSnb8n7C6sl1sdoYUQ382rB6CAUKHgzRa2z9m3AB0Ux7KDuLEk
7yTpHN0wuVo0879jXmROZQzvK5HU8i4KpbbEqTLcJKlkq26//JdQLfkXajdteZdg
EUOisshydK9rhcjDKrmV+mLOOWPNm5Vwu+0IT20lr13bMVF4ZKjMKrXrLptcNP0Y
A0KCJcJAab9S51jfpKb5V4KQ4XnCZk33hXI0tnFMmKZ+M2PG5R9cJPbiOqqDB6jf
r0QXEZrTuUZ34NvXxuS0NGl2tI0xwk0FHVdjvE3AqBXai7LA4JPDMqRwKyrCbTv7
PxbNJOE7rLXj0X1YexCFMyeL+eC9dU/ZiWjDWQaNVN0Zu6YaDuehliKvru06/RwU
IjHSGM1sOxc=
=pvto
-----END PGP SIGNATURE-----

The post ESB-2020.3452 – [Appliance] IBM Security Access Manager: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2020/10/06/esb-2020-3452-appliance-ibm-security-access-manager-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3452-appliance-ibm-security-access-manager-multiple-vulnerabilities

ESB-2020.3450 – [RedHat] mariadb: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3450
rh-mariadb102-mariadb and rh-mariadb102-galera security and bug fix update
                              6 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           mariadb
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux Server 7
                   Red Hat Enterprise Linux WS/Desktop 7
                   Red Hat Enterprise Linux Server 6
                   Red Hat Enterprise Linux WS/Desktop 6
Impact/Access:     Modify Arbitrary Files   -- Existing Account      
                   Denial of Service        -- Existing Account      
                   Access Confidential Data -- Remote/Unauthenticated
                   Unauthorised Access      -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-13249 CVE-2020-2922 CVE-2020-2814
                   CVE-2020-2812 CVE-2020-2780 CVE-2020-2760
                   CVE-2020-2752 CVE-2020-2574 CVE-2019-2974
                   CVE-2019-2938 CVE-2019-2805 CVE-2019-2758
                   CVE-2019-2740 CVE-2019-2739 CVE-2019-2737
                   CVE-2019-2628 CVE-2019-2627 CVE-2019-2614

Reference:         ASB-2020.0087
                   ESB-2020.3400
                   ESB-2020.3153
                   ESB-2019.4124

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2020:4174

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: rh-mariadb102-mariadb and rh-mariadb102-galera security and bug fix update
Advisory ID:       RHSA-2020:4174-01
Product:           Red Hat Software Collections
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:4174
Issue date:        2020-10-05
CVE Names:         CVE-2019-2614 CVE-2019-2627 CVE-2019-2628 
                   CVE-2019-2737 CVE-2019-2739 CVE-2019-2740 
                   CVE-2019-2758 CVE-2019-2805 CVE-2019-2938 
                   CVE-2019-2974 CVE-2020-2574 CVE-2020-2752 
                   CVE-2020-2760 CVE-2020-2780 CVE-2020-2812 
                   CVE-2020-2814 CVE-2020-2922 CVE-2020-13249 
=====================================================================

1. Summary:

An update for rh-mariadb102-mariadb and rh-mariadb102-galera is now
available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

MariaDB is a multi-user, multi-threaded SQL database server. For all
practical purposes, MariaDB is binary-compatible with MySQL.

The following packages have been upgraded to a later upstream version:
rh-mariadb102-mariadb (10.2.33), rh-mariadb102-galera (25.3.29).
(BZ#1880319, BZ#1880328)

Security Fix(es):

* mysql: Server: Replication unspecified vulnerability (CPU Apr 2019)
(CVE-2019-2614)

* mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr
2019) (CVE-2019-2627)

* mysql: InnoDB unspecified vulnerability (CPU Apr 2019) (CVE-2019-2628)

* mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019)
(CVE-2019-2737)

* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul
2019) (CVE-2019-2739)

* mysql: Server: XML unspecified vulnerability (CPU Jul 2019)
(CVE-2019-2740)

* mysql: InnoDB unspecified vulnerability (CPU Jul 2019) (CVE-2019-2758)

* mysql: Server: Parser unspecified vulnerability (CPU Jul 2019)
(CVE-2019-2805)

* mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-2938)

* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019)
(CVE-2019-2974)

* mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752)

* mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2760)

* mysql: Server: DML unspecified vulnerability (CPU Apr 2020)
(CVE-2020-2780)

* mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020)
(CVE-2020-2812)

* mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2814)

* mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2922)

* mariadb-connector-c: Improper validation of content in a OK packet
received from server (CVE-2020-13249)

* mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2574)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the MariaDB server daemon (mysqld) will be
restarted automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1702969 - CVE-2019-2614 mysql: Server: Replication unspecified vulnerability (CPU Apr 2019)
1702976 - CVE-2019-2627 mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019)
1702977 - CVE-2019-2628 mysql: InnoDB unspecified vulnerability (CPU Apr 2019)
1731997 - CVE-2019-2737 mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019)
1731999 - CVE-2019-2739 mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2019)
1732000 - CVE-2019-2740 mysql: Server: XML unspecified vulnerability (CPU Jul 2019)
1732008 - CVE-2019-2758 mysql: InnoDB unspecified vulnerability (CPU Jul 2019)
1732025 - CVE-2019-2805 mysql: Server: Parser unspecified vulnerability (CPU Jul 2019)
1764680 - CVE-2019-2938 mysql: InnoDB unspecified vulnerability (CPU Oct 2019)
1764691 - CVE-2019-2974 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019)
1798587 - CVE-2020-2574 mysql: C API unspecified vulnerability (CPU Jan 2020)
1830056 - CVE-2020-2780 mysql: Server: DML unspecified vulnerability (CPU Apr 2020)
1830059 - CVE-2020-2812 mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020)
1830060 - CVE-2020-2814 mysql: InnoDB unspecified vulnerability (CPU Apr 2020)
1830082 - CVE-2020-2760 mysql: InnoDB unspecified vulnerability (CPU Apr 2020)
1835849 - CVE-2020-2752 mysql: C API unspecified vulnerability (CPU Apr 2020)
1835850 - CVE-2020-2922 mysql: C API unspecified vulnerability (CPU Apr 2020)
1839827 - CVE-2020-13249 mariadb-connector-c: Improper validation of content in a OK packet received from server
1880319 - Tracker: MariaDB rebase to the latest version (10.2.33)
1880328 - Update Galera to the appropriate version (25.3.29)

6. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):

Source:
rh-mariadb102-galera-25.3.29-1.el6.src.rpm
rh-mariadb102-mariadb-10.2.33-1.el6.src.rpm

x86_64:
rh-mariadb102-galera-25.3.29-1.el6.x86_64.rpm
rh-mariadb102-galera-debuginfo-25.3.29-1.el6.x86_64.rpm
rh-mariadb102-mariadb-10.2.33-1.el6.x86_64.rpm
rh-mariadb102-mariadb-backup-10.2.33-1.el6.x86_64.rpm
rh-mariadb102-mariadb-backup-syspaths-10.2.33-1.el6.x86_64.rpm
rh-mariadb102-mariadb-bench-10.2.33-1.el6.x86_64.rpm
rh-mariadb102-mariadb-common-10.2.33-1.el6.x86_64.rpm
rh-mariadb102-mariadb-config-10.2.33-1.el6.x86_64.rpm
rh-mariadb102-mariadb-config-syspaths-10.2.33-1.el6.x86_64.rpm
rh-mariadb102-mariadb-debuginfo-10.2.33-1.el6.x86_64.rpm
rh-mariadb102-mariadb-devel-10.2.33-1.el6.x86_64.rpm
rh-mariadb102-mariadb-errmsg-10.2.33-1.el6.x86_64.rpm
rh-mariadb102-mariadb-gssapi-client-10.2.33-1.el6.x86_64.rpm
rh-mariadb102-mariadb-gssapi-server-10.2.33-1.el6.x86_64.rpm
rh-mariadb102-mariadb-oqgraph-engine-10.2.33-1.el6.x86_64.rpm
rh-mariadb102-mariadb-server-10.2.33-1.el6.x86_64.rpm
rh-mariadb102-mariadb-server-galera-10.2.33-1.el6.x86_64.rpm
rh-mariadb102-mariadb-server-galera-syspaths-10.2.33-1.el6.x86_64.rpm
rh-mariadb102-mariadb-server-syspaths-10.2.33-1.el6.x86_64.rpm
rh-mariadb102-mariadb-server-utils-10.2.33-1.el6.x86_64.rpm
rh-mariadb102-mariadb-server-utils-syspaths-10.2.33-1.el6.x86_64.rpm
rh-mariadb102-mariadb-syspaths-10.2.33-1.el6.x86_64.rpm
rh-mariadb102-mariadb-test-10.2.33-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):

Source:
rh-mariadb102-galera-25.3.29-1.el6.src.rpm
rh-mariadb102-mariadb-10.2.33-1.el6.src.rpm

x86_64:
rh-mariadb102-galera-25.3.29-1.el6.x86_64.rpm
rh-mariadb102-galera-debuginfo-25.3.29-1.el6.x86_64.rpm
rh-mariadb102-mariadb-10.2.33-1.el6.x86_64.rpm
rh-mariadb102-mariadb-backup-10.2.33-1.el6.x86_64.rpm
rh-mariadb102-mariadb-backup-syspaths-10.2.33-1.el6.x86_64.rpm
rh-mariadb102-mariadb-bench-10.2.33-1.el6.x86_64.rpm
rh-mariadb102-mariadb-common-10.2.33-1.el6.x86_64.rpm
rh-mariadb102-mariadb-config-10.2.33-1.el6.x86_64.rpm
rh-mariadb102-mariadb-config-syspaths-10.2.33-1.el6.x86_64.rpm
rh-mariadb102-mariadb-debuginfo-10.2.33-1.el6.x86_64.rpm
rh-mariadb102-mariadb-devel-10.2.33-1.el6.x86_64.rpm
rh-mariadb102-mariadb-errmsg-10.2.33-1.el6.x86_64.rpm
rh-mariadb102-mariadb-gssapi-client-10.2.33-1.el6.x86_64.rpm
rh-mariadb102-mariadb-gssapi-server-10.2.33-1.el6.x86_64.rpm
rh-mariadb102-mariadb-oqgraph-engine-10.2.33-1.el6.x86_64.rpm
rh-mariadb102-mariadb-server-10.2.33-1.el6.x86_64.rpm
rh-mariadb102-mariadb-server-galera-10.2.33-1.el6.x86_64.rpm
rh-mariadb102-mariadb-server-galera-syspaths-10.2.33-1.el6.x86_64.rpm
rh-mariadb102-mariadb-server-syspaths-10.2.33-1.el6.x86_64.rpm
rh-mariadb102-mariadb-server-utils-10.2.33-1.el6.x86_64.rpm
rh-mariadb102-mariadb-server-utils-syspaths-10.2.33-1.el6.x86_64.rpm
rh-mariadb102-mariadb-syspaths-10.2.33-1.el6.x86_64.rpm
rh-mariadb102-mariadb-test-10.2.33-1.el6.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source:
rh-mariadb102-galera-25.3.29-1.el7.src.rpm
rh-mariadb102-mariadb-10.2.33-1.el7.src.rpm

aarch64:
rh-mariadb102-galera-25.3.29-1.el7.aarch64.rpm
rh-mariadb102-galera-debuginfo-25.3.29-1.el7.aarch64.rpm
rh-mariadb102-mariadb-10.2.33-1.el7.aarch64.rpm
rh-mariadb102-mariadb-backup-10.2.33-1.el7.aarch64.rpm
rh-mariadb102-mariadb-backup-syspaths-10.2.33-1.el7.aarch64.rpm
rh-mariadb102-mariadb-bench-10.2.33-1.el7.aarch64.rpm
rh-mariadb102-mariadb-common-10.2.33-1.el7.aarch64.rpm
rh-mariadb102-mariadb-config-10.2.33-1.el7.aarch64.rpm
rh-mariadb102-mariadb-config-syspaths-10.2.33-1.el7.aarch64.rpm
rh-mariadb102-mariadb-debuginfo-10.2.33-1.el7.aarch64.rpm
rh-mariadb102-mariadb-devel-10.2.33-1.el7.aarch64.rpm
rh-mariadb102-mariadb-errmsg-10.2.33-1.el7.aarch64.rpm
rh-mariadb102-mariadb-gssapi-client-10.2.33-1.el7.aarch64.rpm
rh-mariadb102-mariadb-gssapi-server-10.2.33-1.el7.aarch64.rpm
rh-mariadb102-mariadb-oqgraph-engine-10.2.33-1.el7.aarch64.rpm
rh-mariadb102-mariadb-server-10.2.33-1.el7.aarch64.rpm
rh-mariadb102-mariadb-server-galera-10.2.33-1.el7.aarch64.rpm
rh-mariadb102-mariadb-server-galera-syspaths-10.2.33-1.el7.aarch64.rpm
rh-mariadb102-mariadb-server-syspaths-10.2.33-1.el7.aarch64.rpm
rh-mariadb102-mariadb-server-utils-10.2.33-1.el7.aarch64.rpm
rh-mariadb102-mariadb-server-utils-syspaths-10.2.33-1.el7.aarch64.rpm
rh-mariadb102-mariadb-syspaths-10.2.33-1.el7.aarch64.rpm
rh-mariadb102-mariadb-test-10.2.33-1.el7.aarch64.rpm

ppc64le:
rh-mariadb102-galera-25.3.29-1.el7.ppc64le.rpm
rh-mariadb102-galera-debuginfo-25.3.29-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-backup-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-backup-syspaths-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-bench-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-common-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-config-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-config-syspaths-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-debuginfo-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-devel-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-errmsg-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-gssapi-client-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-gssapi-server-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-oqgraph-engine-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-server-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-server-galera-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-server-galera-syspaths-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-server-syspaths-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-server-utils-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-server-utils-syspaths-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-syspaths-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-test-10.2.33-1.el7.ppc64le.rpm

s390x:
rh-mariadb102-galera-25.3.29-1.el7.s390x.rpm
rh-mariadb102-galera-debuginfo-25.3.29-1.el7.s390x.rpm
rh-mariadb102-mariadb-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-backup-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-backup-syspaths-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-bench-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-common-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-config-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-config-syspaths-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-debuginfo-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-devel-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-errmsg-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-gssapi-client-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-gssapi-server-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-oqgraph-engine-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-server-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-server-galera-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-server-galera-syspaths-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-server-syspaths-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-server-utils-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-server-utils-syspaths-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-syspaths-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-test-10.2.33-1.el7.s390x.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source:
rh-mariadb102-galera-25.3.29-1.el7.src.rpm
rh-mariadb102-mariadb-10.2.33-1.el7.src.rpm

aarch64:
rh-mariadb102-galera-25.3.29-1.el7.aarch64.rpm
rh-mariadb102-galera-debuginfo-25.3.29-1.el7.aarch64.rpm
rh-mariadb102-mariadb-10.2.33-1.el7.aarch64.rpm
rh-mariadb102-mariadb-backup-10.2.33-1.el7.aarch64.rpm
rh-mariadb102-mariadb-backup-syspaths-10.2.33-1.el7.aarch64.rpm
rh-mariadb102-mariadb-bench-10.2.33-1.el7.aarch64.rpm
rh-mariadb102-mariadb-common-10.2.33-1.el7.aarch64.rpm
rh-mariadb102-mariadb-config-10.2.33-1.el7.aarch64.rpm
rh-mariadb102-mariadb-config-syspaths-10.2.33-1.el7.aarch64.rpm
rh-mariadb102-mariadb-debuginfo-10.2.33-1.el7.aarch64.rpm
rh-mariadb102-mariadb-devel-10.2.33-1.el7.aarch64.rpm
rh-mariadb102-mariadb-errmsg-10.2.33-1.el7.aarch64.rpm
rh-mariadb102-mariadb-gssapi-client-10.2.33-1.el7.aarch64.rpm
rh-mariadb102-mariadb-gssapi-server-10.2.33-1.el7.aarch64.rpm
rh-mariadb102-mariadb-oqgraph-engine-10.2.33-1.el7.aarch64.rpm
rh-mariadb102-mariadb-server-10.2.33-1.el7.aarch64.rpm
rh-mariadb102-mariadb-server-galera-10.2.33-1.el7.aarch64.rpm
rh-mariadb102-mariadb-server-galera-syspaths-10.2.33-1.el7.aarch64.rpm
rh-mariadb102-mariadb-server-syspaths-10.2.33-1.el7.aarch64.rpm
rh-mariadb102-mariadb-server-utils-10.2.33-1.el7.aarch64.rpm
rh-mariadb102-mariadb-server-utils-syspaths-10.2.33-1.el7.aarch64.rpm
rh-mariadb102-mariadb-syspaths-10.2.33-1.el7.aarch64.rpm
rh-mariadb102-mariadb-test-10.2.33-1.el7.aarch64.rpm

ppc64le:
rh-mariadb102-galera-25.3.29-1.el7.ppc64le.rpm
rh-mariadb102-galera-debuginfo-25.3.29-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-backup-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-backup-syspaths-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-bench-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-common-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-config-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-config-syspaths-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-debuginfo-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-devel-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-errmsg-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-gssapi-client-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-gssapi-server-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-oqgraph-engine-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-server-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-server-galera-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-server-galera-syspaths-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-server-syspaths-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-server-utils-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-server-utils-syspaths-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-syspaths-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-test-10.2.33-1.el7.ppc64le.rpm

s390x:
rh-mariadb102-galera-25.3.29-1.el7.s390x.rpm
rh-mariadb102-galera-debuginfo-25.3.29-1.el7.s390x.rpm
rh-mariadb102-mariadb-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-backup-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-backup-syspaths-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-bench-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-common-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-config-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-config-syspaths-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-debuginfo-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-devel-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-errmsg-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-gssapi-client-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-gssapi-server-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-oqgraph-engine-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-server-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-server-galera-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-server-galera-syspaths-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-server-syspaths-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-server-utils-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-server-utils-syspaths-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-syspaths-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-test-10.2.33-1.el7.s390x.rpm

x86_64:
rh-mariadb102-galera-25.3.29-1.el7.x86_64.rpm
rh-mariadb102-galera-debuginfo-25.3.29-1.el7.x86_64.rpm
rh-mariadb102-mariadb-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-backup-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-backup-syspaths-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-bench-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-common-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-config-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-config-syspaths-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-debuginfo-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-devel-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-errmsg-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-gssapi-client-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-gssapi-server-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-oqgraph-engine-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-server-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-server-galera-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-server-galera-syspaths-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-server-syspaths-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-server-utils-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-server-utils-syspaths-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-syspaths-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-test-10.2.33-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):

Source:
rh-mariadb102-galera-25.3.29-1.el7.src.rpm
rh-mariadb102-mariadb-10.2.33-1.el7.src.rpm

ppc64le:
rh-mariadb102-galera-25.3.29-1.el7.ppc64le.rpm
rh-mariadb102-galera-debuginfo-25.3.29-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-backup-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-backup-syspaths-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-bench-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-common-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-config-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-config-syspaths-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-debuginfo-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-devel-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-errmsg-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-gssapi-client-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-gssapi-server-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-oqgraph-engine-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-server-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-server-galera-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-server-galera-syspaths-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-server-syspaths-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-server-utils-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-server-utils-syspaths-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-syspaths-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-test-10.2.33-1.el7.ppc64le.rpm

s390x:
rh-mariadb102-galera-25.3.29-1.el7.s390x.rpm
rh-mariadb102-galera-debuginfo-25.3.29-1.el7.s390x.rpm
rh-mariadb102-mariadb-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-backup-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-backup-syspaths-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-bench-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-common-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-config-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-config-syspaths-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-debuginfo-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-devel-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-errmsg-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-gssapi-client-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-gssapi-server-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-oqgraph-engine-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-server-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-server-galera-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-server-galera-syspaths-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-server-syspaths-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-server-utils-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-server-utils-syspaths-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-syspaths-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-test-10.2.33-1.el7.s390x.rpm

x86_64:
rh-mariadb102-galera-25.3.29-1.el7.x86_64.rpm
rh-mariadb102-galera-debuginfo-25.3.29-1.el7.x86_64.rpm
rh-mariadb102-mariadb-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-backup-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-backup-syspaths-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-bench-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-common-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-config-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-config-syspaths-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-debuginfo-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-devel-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-errmsg-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-gssapi-client-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-gssapi-server-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-oqgraph-engine-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-server-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-server-galera-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-server-galera-syspaths-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-server-syspaths-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-server-utils-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-server-utils-syspaths-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-syspaths-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-test-10.2.33-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):

Source:
rh-mariadb102-galera-25.3.29-1.el7.src.rpm
rh-mariadb102-mariadb-10.2.33-1.el7.src.rpm

ppc64le:
rh-mariadb102-galera-25.3.29-1.el7.ppc64le.rpm
rh-mariadb102-galera-debuginfo-25.3.29-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-backup-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-backup-syspaths-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-bench-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-common-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-config-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-config-syspaths-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-debuginfo-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-devel-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-errmsg-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-gssapi-client-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-gssapi-server-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-oqgraph-engine-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-server-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-server-galera-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-server-galera-syspaths-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-server-syspaths-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-server-utils-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-server-utils-syspaths-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-syspaths-10.2.33-1.el7.ppc64le.rpm
rh-mariadb102-mariadb-test-10.2.33-1.el7.ppc64le.rpm

s390x:
rh-mariadb102-galera-25.3.29-1.el7.s390x.rpm
rh-mariadb102-galera-debuginfo-25.3.29-1.el7.s390x.rpm
rh-mariadb102-mariadb-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-backup-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-backup-syspaths-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-bench-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-common-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-config-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-config-syspaths-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-debuginfo-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-devel-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-errmsg-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-gssapi-client-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-gssapi-server-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-oqgraph-engine-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-server-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-server-galera-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-server-galera-syspaths-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-server-syspaths-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-server-utils-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-server-utils-syspaths-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-syspaths-10.2.33-1.el7.s390x.rpm
rh-mariadb102-mariadb-test-10.2.33-1.el7.s390x.rpm

x86_64:
rh-mariadb102-galera-25.3.29-1.el7.x86_64.rpm
rh-mariadb102-galera-debuginfo-25.3.29-1.el7.x86_64.rpm
rh-mariadb102-mariadb-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-backup-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-backup-syspaths-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-bench-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-common-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-config-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-config-syspaths-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-debuginfo-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-devel-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-errmsg-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-gssapi-client-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-gssapi-server-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-oqgraph-engine-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-server-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-server-galera-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-server-galera-syspaths-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-server-syspaths-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-server-utils-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-server-utils-syspaths-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-syspaths-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-test-10.2.33-1.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source:
rh-mariadb102-galera-25.3.29-1.el7.src.rpm
rh-mariadb102-mariadb-10.2.33-1.el7.src.rpm

x86_64:
rh-mariadb102-galera-25.3.29-1.el7.x86_64.rpm
rh-mariadb102-galera-debuginfo-25.3.29-1.el7.x86_64.rpm
rh-mariadb102-mariadb-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-backup-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-backup-syspaths-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-bench-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-common-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-config-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-config-syspaths-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-debuginfo-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-devel-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-errmsg-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-gssapi-client-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-gssapi-server-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-oqgraph-engine-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-server-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-server-galera-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-server-galera-syspaths-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-server-syspaths-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-server-utils-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-server-utils-syspaths-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-syspaths-10.2.33-1.el7.x86_64.rpm
rh-mariadb102-mariadb-test-10.2.33-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-2614
https://access.redhat.com/security/cve/CVE-2019-2627
https://access.redhat.com/security/cve/CVE-2019-2628
https://access.redhat.com/security/cve/CVE-2019-2737
https://access.redhat.com/security/cve/CVE-2019-2739
https://access.redhat.com/security/cve/CVE-2019-2740
https://access.redhat.com/security/cve/CVE-2019-2758
https://access.redhat.com/security/cve/CVE-2019-2805
https://access.redhat.com/security/cve/CVE-2019-2938
https://access.redhat.com/security/cve/CVE-2019-2974
https://access.redhat.com/security/cve/CVE-2020-2574
https://access.redhat.com/security/cve/CVE-2020-2752
https://access.redhat.com/security/cve/CVE-2020-2760
https://access.redhat.com/security/cve/CVE-2020-2780
https://access.redhat.com/security/cve/CVE-2020-2812
https://access.redhat.com/security/cve/CVE-2020-2814
https://access.redhat.com/security/cve/CVE-2020-2922
https://access.redhat.com/security/cve/CVE-2020-13249
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBX3s4/9zjgjWX9erEAQjqZQ/9E1kWn3iuz62yQVBKWsTwqniL7vQVz/EY
cfYH03BmJ7gf1CUkA4IwQgvj1IKNF9p2OSBKix5Lp21B4RuuggA00POLmRjCqoie
hyHv3ElRB3tc4D3rQNSUuTDK8V7wRMX1QMidJabz0r5nWzlsF8xqiEiglhJtsNg2
GhMlpk+N1UUCxXpngZK7iwLp/N+XRHo8uW7wo5Rf4SaVCpI6GQEyAdDvMBBPG8dv
8FAnFdKw42NeRZu2Cp44pvzHu0K31Kuriqyk/3XcgZ9EbfN1CinLq5bPisz9Jvny
peYuYYKStCLocLkwHixeHInjvjpwrpgxU2XXaG6uKiF6uG9EHbz69I0efMeHLdVk
9mstEqFwgDQpZI0vE70QBy4j0vgD1LYn51K1m7ORc95TsnxulFWeZmsjB7ClOmek
9kzHOu5u8osJt0/tuliWsBkud9K/12ej/vz6/3Z1RyV9S3YlA68CdcL9TPo+G4LG
tsyqkKOLd6ZotFonQhPBM/su42efSAFJ1dw7/VJY1SyJgpZhzuqT2M/VbRvZqWIv
5XFAAV01svhYnPNwLXuGsYfcKcqHIhimlGez/+aV3q8qw4uafhnrmDtGklJp+v7v
amWDthTrNVmpwY1+vuKsbGCnue03b2JHuCEwvY9vRlmUKjl9MyjPouZgWze08eRp
uqS0DeUUuKc=
=ogLs
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX3vbJuNLKJtyKPYoAQgbTA/9GXYw0HFANALRLWjL9pn8daSw0RcJt8c3
rf66N8jX6issN6ssRdxo+NWggA/qyQUciaDWktQJAn0ZeD/FG6GrWucmwvrt2/RD
0aAMaebwH/YPif2NQSAlcvEqE/JnH9iPnCuF7hv5dVY3EV4823gI1ycMrs2fq5KN
9/R0IJ8caBa3Bz/8QG05/o5YI3y7U9exq3kzwJkrfFY2eOh/cPv1k8yVYGIA3BD4
q0rFHEmbOpVa4DzmBPp4dwacnts+QocdnLjNYSYi2Uty4x+zXj80N7kIosHZQwzb
uWHa7Q93H0QT6uFyKW15f9dfDBQsM9ZqHcomjskzCyF7dal3scLdD9csryCS2Rcv
q+Q1/0+zMQMyfKsWfIKpZUY55/9p7QLEgQibzSHuxNsU8VPur4T+99uyOPR9KD5H
zLfq5gC6GhJUlwZckyXVgOFCQZ2MGfL17G1O6sdBBIV5RvfTnl/FkPk6a5oY/tuu
HH3b7fmTusG8YxJSTm/rm96IuS2wrmrOsb0fyIG+2AcaHVDbCgIADwJAXCpfZ69g
2uoit5KGMgKR9Zul+HVvR2H0sDXr4owYOmuyE8OB6LbnUAlmL7zEP7/wsCnxXvAz
tL6UMsTaliLIRkRS6y/Z3305tJlyJUAsQTMJI7CUQp3FMe1BhCZKJYUFoVc3av8u
zsYhR9+uw+8=
=q0uO
-----END PGP SIGNATURE-----

The post ESB-2020.3450 – [RedHat] mariadb: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2020/10/06/esb-2020-3450-redhat-mariadb-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3450-redhat-mariadb-multiple-vulnerabilities

ESB-2020.3449 – [Linux][RedHat] rh-maven35-jackson-databind: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3449
                rh-maven35-jackson-databind security update
                              6 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           rh-maven35-jackson-databind
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux Server 7
                   Red Hat Enterprise Linux WS/Desktop 7
                   Linux variants
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Denial of Service               -- Remote/Unauthenticated
                   Access Confidential Data        -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-24750  

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2020:4173

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than Red Hat. It is recommended that administrators
         running rh-maven35-jackson-databind check for an updated version of
         the software for their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: rh-maven35-jackson-databind security update
Advisory ID:       RHSA-2020:4173-01
Product:           Red Hat Software Collections
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:4173
Issue date:        2020-10-05
CVE Names:         CVE-2020-24750 
=====================================================================

1. Summary:

An update for rh-maven35-jackson-databind is now available for Red Hat
Software Collections.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch

3. Description:

The jackson-databind package provides general data-binding functionality
for Jackson, which works on top of Jackson core streaming API.

Security Fix(es):

* jackson-databind: Serialization gadgets in
com.pastdev.httpcomponents.configuration.JndiConfiguration (CVE-2020-24750)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration

6. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source:
rh-maven35-jackson-databind-2.7.6-2.11.el7.src.rpm

noarch:
rh-maven35-jackson-databind-2.7.6-2.11.el7.noarch.rpm
rh-maven35-jackson-databind-javadoc-2.7.6-2.11.el7.noarch.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source:
rh-maven35-jackson-databind-2.7.6-2.11.el7.src.rpm

noarch:
rh-maven35-jackson-databind-2.7.6-2.11.el7.noarch.rpm
rh-maven35-jackson-databind-javadoc-2.7.6-2.11.el7.noarch.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):

Source:
rh-maven35-jackson-databind-2.7.6-2.11.el7.src.rpm

noarch:
rh-maven35-jackson-databind-2.7.6-2.11.el7.noarch.rpm
rh-maven35-jackson-databind-javadoc-2.7.6-2.11.el7.noarch.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):

Source:
rh-maven35-jackson-databind-2.7.6-2.11.el7.src.rpm

noarch:
rh-maven35-jackson-databind-2.7.6-2.11.el7.noarch.rpm
rh-maven35-jackson-databind-javadoc-2.7.6-2.11.el7.noarch.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source:
rh-maven35-jackson-databind-2.7.6-2.11.el7.src.rpm

noarch:
rh-maven35-jackson-databind-2.7.6-2.11.el7.noarch.rpm
rh-maven35-jackson-databind-javadoc-2.7.6-2.11.el7.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-24750
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBX3s4DtzjgjWX9erEAQhtzQ/+KJm3W2dfbUqCVcdtymA4f4UfDt0LFXTP
T5AuDJQk5evqIQWpnV/bgbpnIhkGLFVW6AWAQK0pnT5Zl4HK33+sNOTRHKpey0PR
j3C43AuFL68XeWVKX8iJdAo42s/a3K4QjEgofXiXfDipPxg356zb8lm4RiXlx9db
LMgXAL0uKDzv+4HYcEmOY7A+8rDB4GwLLDmj2J6ZyahNLOECJbO7CdPVEUeT/cFN
32vYBoxmLw1CahI5RcpiebibLA2SRss84iG+/NceptBTfqQzcHVipBHzryOUNsVz
PHCcgDAi0KiNR8ugj142CBcVmW6nu3WCipqxjQ86cRx3r2yu5B3yTlAMxjaBxHIC
usxO7BPuiK+6Cizw0Qd/DaI0e2YkEvGJ6OwDxEB27j3id9IB9Q1n6qucZH8vahAi
gJv/W+Ij1Ff1OaNVZIfXLFAnloVZAy6jBXvwzZNJWOkbHPRjbcz8JJWOt5v4AbsR
DKKLs+EoxE+3GPJdTL1EAgA+rrEmbtXVHyuqamf89H5LD2yGjJF8IJkk1ei9b3FJ
/hj8UXrfKYnfSM0Q/UnqQbTWXYjqhjJpkrTXTIFR2zZxnaYNOaH/lmMfBpvBEYBW
K0I0Y47LoZnt2P+kaJnHWu+uuuETIkrThNZK+JH1qFzhjYfc2AGcB9r2SMAWEARI
LOeqeMsgpVs=
=jbsa
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX3vbGeNLKJtyKPYoAQjVyQ//dYljAJNpHmywJ/1Z1hvCrDYbr8gNSHoT
3lGHaPSnw2P4a2+i0VFltbAF1ocqONYCJd4HEho301LBJ7+u6A5hO0WvcFcB9MJe
82rheG5ChibHzJXaPaN2zPreYbZa4hh9uh5+DTIEHBxV6JbXHYrou3mmSFomDq8d
bXTPnTGmL7cSjX916KticV3MgayG7mmm9ohe6lyqjA5b3SHmxlxqLBKuDqIar8v6
cmgMcpE8Pq5tVMVmpa+qjvbpZOCLZlNrk2x1F1ShNkbn17qjRCQk5uAbdx0PAUDq
oSudiX8MbIHButwj62WwemHhI1hl3J5nvcltWOXGsJ1AvV4DoJ0jKrLyBzo5y8dH
f/rmcEeauMYqbA2cAQLxTVQGyCY+T89PKJCm/H4lcCOMVluFglr+ljSnmxn69kkf
WvOvnHjEUE9g4fxumvfABrBjlmE92ddFSQHPMQV13uEEGBDAO+n81woOClgSGmg8
zLr+n4zX0VRCv0yShgCZPfPowhGZ/9JsPrnZcedD89adYhNBWBzAwEE0aFebkdba
YN1RdGiHkg0eNNE14pAmkgRsHAfYgJ2pwlcQfW6lMoRERH3GdA0Q/KjLuFjFF3hD
IuG+3kHg9fDNysPT0P3bet8B2rr+yCkxgCX9+XbmcpbLt7xHssw3y9F9Mj7yGoK7
h2xPIwMp4mA=
=SW5u
-----END PGP SIGNATURE-----

The post ESB-2020.3449 – [Linux][RedHat] rh-maven35-jackson-databind: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2020/10/06/esb-2020-3449-linuxredhat-rh-maven35-jackson-databind-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3449-linuxredhat-rh-maven35-jackson-databind-multiple-vulnerabilities

ESB-2020.3448 – [RedHat] Red Hat Virtualization: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3448
     Red Hat Virtualization security, bug fix, and enhancement update
                              6 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Red Hat Virtualization
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux Server 8
                   Red Hat Enterprise Linux WS/Desktop 8
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account
                   Denial of Service               -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-14364 CVE-2020-10713 

Reference:         ESB-2020.3407

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2020:4172

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: Red Hat Virtualization security, bug fix, and enhancement update
Advisory ID:       RHSA-2020:4172-01
Product:           Red Hat Virtualization
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:4172
Issue date:        2020-10-05
CVE Names:         CVE-2020-10713 CVE-2020-14364 
=====================================================================

1. Summary:

An update for cockpit-ovirt, imgbased, redhat-release-virtualization-host,
and redhat-virtualization-host is now available for Red Hat Virtualization
4 for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

RHEL 8-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64
Red Hat Virtualization 4 Hypervisor for RHEL 8 - noarch
Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts - noarch

3. Description:

The redhat-virtualization-host packages provide the Red Hat Virtualization
Host. These packages include redhat-release-virtualization-host,
ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are
installed using a special build of Red Hat Enterprise Linux with only the
packages required to host virtual machines. RHVH features a Cockpit user
interface for monitoring the host's resources and performing administrative
tasks. 

The ovirt-node-ng packages provide the Red Hat Virtualization Host. These
packages include redhat-release-virtualization-host, ovirt-node, and
rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a
special build of Red Hat Enterprise Linux with only the packages required
to host virtual machines. RHVH features a Cockpit user interface for
monitoring the host's resources and performing administrative tasks.

The following packages have been upgraded to a later upstream version:
cockpit-ovirt (0.14.11), imgbased (1.2.12),
redhat-release-virtualization-host (4.4.2), redhat-virtualization-host
(4.4.2). (BZ#1875362, BZ#1878045)

Security Fix(es):

* grub2: Crafted grub.cfg file can lead to arbitrary code execution during
boot process (CVE-2020-10713)

* QEMU: usb: out-of-bounds r/w access issue while processing usb packets
(CVE-2020-14364)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/2974891

5. Bugs fixed (https://bugzilla.redhat.com/):

1805589 - grub2-mkconfig produces incorrect config if host installed over iSCSI
1825243 - CVE-2020-10713 grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process
1847547 - SSH connection disabled during ISO installation
1852721 - Installation of node will not quit when mountpoint has existing domain (VMs)
1859876 - imgbase check failed after register to engine
1868312 - Rebase RHV-H 4.4.2 on Ansible 2.9.12
1869201 - CVE-2020-14364 QEMU: usb: out-of-bounds r/w access issue while processing usb packets
1873049 - Require tested ansible-2.9.13 for ovirt-hosted-engine-setup in RHV Manager 4.4.2
1875362 - Upgrade cockpit-ovirt to 0.14.11

6. Package List:

Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts:

Source:
cockpit-ovirt-0.14.11-1.el8ev.src.rpm

noarch:
cockpit-ovirt-dashboard-0.14.11-1.el8ev.noarch.rpm

Red Hat Virtualization 4 Hypervisor for RHEL 8:

Source:
redhat-virtualization-host-4.4.2-20200930.0.el8_2.src.rpm

noarch:
redhat-virtualization-host-image-update-4.4.2-20200930.0.el8_2.noarch.rpm

RHEL 8-based RHEV-H for RHEV 4 (build requirements):

Source:
imgbased-1.2.12-0.1.el8ev.src.rpm
redhat-release-virtualization-host-4.4.2-1.el8ev.src.rpm

noarch:
imgbased-1.2.12-0.1.el8ev.noarch.rpm
python3-imgbased-1.2.12-0.1.el8ev.noarch.rpm
redhat-virtualization-host-image-update-placeholder-4.4.2-1.el8ev.noarch.rpm

x86_64:
redhat-release-virtualization-host-4.4.2-1.el8ev.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-10713
https://access.redhat.com/security/cve/CVE-2020-14364
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/grub2bootloader

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBX3sbdtzjgjWX9erEAQhKZQ//Qa9rfoZykXHZskSCS3iXT7uBVWxlaJpa
uJhsB/CKcjBINJCKflXk1ogzWgYw72vtr9wCle/6lmtEhfDfLEbExh7nGOZp4F7l
G/t/e5Mw7iN5WN/dMGJI2Z3Za9o+8GnQNuOjnXrGq7DlRTuBUpUZyAl6ciE3asA1
HHWJZOWBCaXnu9GVDQjKSiUXQCMy7MDEfAGR9r3FG4vJIG8tQisPV6btJ/54M/pM
WbGijRJUBkJExz/0PHAJ7neEPnlpvLvTUD4khKSL1X+UKidyt1qFJc5JQ1Sy5ZXI
IQAJEJiKucfm2SMkMLcFFob3cwwQwqpIsSeaK+O0GLEO8NBLe0JDPMPwhjN0KbKy
nSGV5FU95PgBbcYFB7h8fMaZwiG+yxm4qMThJcAorNC0f7vuwumYs36Xd0Lk5qmT
prPxRzPxhGW+5MYOTac69bMT3fU59Yj9ul6OKA9Z0FM5pYgC41Vn/ArpDsk4cqFG
JtvAVw3nlYO+YIqQ8oSg6g3ti4U1Uklo27EFDHcbSx2RgtM664jVBWziR1+Ye8fa
gPTixKWzcCcRaY5qwwYuRRdhATSlDX8GfCXzZH/7G+hMkJAmaFqpOHUQwyo48rDc
mHqrCfGtcRCSLHaaGcLrCc7cB/O0yO4a7wzjjFW5FkhYk0Q3rFirn7Vx/k72DFrU
oFe/ZD4zVVA=
=MRJ+
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX3vbAONLKJtyKPYoAQh2qA/+PD4aVJQs3xATIClXHwBvG4urAfLNIraH
6mV3PUVR8+6KdvJ+AKVpDXZJnFFjfBzYlY4ArcrcckKWMIVwrprhhNSCBczQvNdf
1XeMjtuiodashfNIH4tv3425DRPk1P1hsdEJ5VoyTKWHRT6VF4gU/M72fsClx/ac
SA7sgYgElxdhT2u8FVoM3Psw4xjAfnZNTltFmn6qHZxNk0UGnF3uLMutDK1VXvgN
HbS2HuG3USRTVFIkFrr6LaaXOgPmoj+d1HK9UTAzbY8VAQ8innQ4hTvLuUUID6lX
O/4V2hanjHNYxUMd7znDp4//cDvDFqmEUlWCEAwhMe20ZTWyD7t3KJkQPkeOqATn
GqoA7OjZ3TaJUKCZjalwsKwVs7QPnaEe4tHirVgiN/MX/pHjS6yG0pa/E4xTLA/f
5UtPZsyafWS6Gd589AJKFwy4MU94jFtxM3t51yUAP0OE4YIsUpUmcP0Aj3QXBF48
+2kvGj8tfWSfK2A2QJR5Ky1vdnTdtSX8pF8wwSFwiEwNrPUHui9RGZmy4jJBWqJy
ciTrh3TtU1mLKEm8mU5e8tQ3Xgt59sBQWe+KFtE2tRtwgZRXnEM5Fb8P7tZ0bqYB
vzsJ/JlsYz9s6U9TDeXoRuTScfIQ47loJsWc/id4ZpL+01HlnEDWNWfW0FGrzx1y
co+vWJDEm3Y=
=qPE+
-----END PGP SIGNATURE-----

The post ESB-2020.3448 – [RedHat] Red Hat Virtualization: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2020/10/06/esb-2020-3448-redhat-red-hat-virtualization-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3448-redhat-red-hat-virtualization-multiple-vulnerabilities

ESB-2020.3447 – [RedHat] qemu-kvm-rhev: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3447
                       qemu-kvm-rhev security update
                              6 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           qemu-kvm-rhev
Publisher:         Red Hat
Operating System:  Red Hat
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account
                   Denial of Service               -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-14364 CVE-2019-20382 

Reference:         ESB-2020.3344

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2020:4167
   https://access.redhat.com/errata/RHSA-2020:4176

Comment: This bulletin contains two (2) Red Hat security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: qemu-kvm-rhev security update
Advisory ID:       RHSA-2020:4167-01
Product:           Red Hat OpenStack Platform
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:4167
Issue date:        2020-10-05
CVE Names:         CVE-2019-20382 CVE-2020-14364 
=====================================================================

1. Summary:

An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform
13 (Queens).

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 13.0 - ppc64le, x86_64
Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server - x86_64

3. Description:

KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm-rhev packages provide the
user-space component for running virtual machines that use KVM in
environments managed by Red Hat products.

Security Fix(es):

* usb: out-of-bounds r/w access issue while processing usb packets
(CVE-2020-14364)
* vnc: memory leakage upon disconnect (CVE-2019-20382)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1810390 - CVE-2019-20382 QEMU: vnc: memory leakage upon disconnect
1856805 - Update qemu-kvm-rhev for RHEL 7.9 compatibility
1869201 - CVE-2020-14364 QEMU: usb: out-of-bounds r/w access issue while processing usb packets

6. Package List:

Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server:

Source:
qemu-kvm-rhev-2.12.0-18.el7_6.12.src.rpm

x86_64:
qemu-img-rhev-2.12.0-18.el7_6.12.x86_64.rpm
qemu-kvm-common-rhev-2.12.0-18.el7_6.12.x86_64.rpm
qemu-kvm-rhev-2.12.0-18.el7_6.12.x86_64.rpm
qemu-kvm-rhev-debuginfo-2.12.0-18.el7_6.12.x86_64.rpm
qemu-kvm-tools-rhev-2.12.0-18.el7_6.12.x86_64.rpm

Red Hat OpenStack Platform 13.0:

Source:
qemu-kvm-rhev-2.12.0-48.el7_9.1.src.rpm

ppc64le:
qemu-img-rhev-2.12.0-48.el7_9.1.ppc64le.rpm
qemu-kvm-common-rhev-2.12.0-48.el7_9.1.ppc64le.rpm
qemu-kvm-rhev-2.12.0-48.el7_9.1.ppc64le.rpm
qemu-kvm-rhev-debuginfo-2.12.0-48.el7_9.1.ppc64le.rpm
qemu-kvm-tools-rhev-2.12.0-48.el7_9.1.ppc64le.rpm

x86_64:
qemu-img-rhev-2.12.0-48.el7_9.1.x86_64.rpm
qemu-kvm-common-rhev-2.12.0-48.el7_9.1.x86_64.rpm
qemu-kvm-rhev-2.12.0-48.el7_9.1.x86_64.rpm
qemu-kvm-rhev-debuginfo-2.12.0-48.el7_9.1.x86_64.rpm
qemu-kvm-tools-rhev-2.12.0-48.el7_9.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-20382
https://access.redhat.com/security/cve/CVE-2020-14364
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBX3rus9zjgjWX9erEAQj+wg/9GQ9CSOZxPVujT6NrJJcJL2qiH7kszEVl
WyKT0VyAIO2Nn4ca/KdwYSXACSPxWISYD/COcyTnSOY9yQrEgVtS+tlqr6Q1nyKU
2LCtOmjGUO18e3Y2LgHcOqKw9L2TuewmZ9kgpgc7+r65uDCNYhOKXMwf0w0R2czo
axRwKAPoEmkFCsB6ReE79wMqxMN4Yor4jAl3FootXl6PCZvA9TlvPlZre4AuoVe7
MpGcDc/kgkqYSUaeUzi0i6Ruv8KtHs+1fwgbF7NivzBfgOo2naaz+qmjYFrmWfs0
UB0x1cBGLbAAyo9WgqSaEkk+oW2OcZgDgwEwN25XfV5Gc8AutYs/9i/MnPKwnq7G
VAGs37uWh3HRdU+NmHj9KAOzMeBkZ6LlCXMEQl2VRJbmtbNLCr4KWbl9Id/Y5Gd/
5r1yF51BHlNc/xqoK3XGX3mt6XNa04gaqoGtMbx4eZu/sWJGMgFOxkQZLhCGJP52
rgKUJmzVVQGcVzj6FFDwviidX3aUfb7cMU1ZO1uKLpJ9H//w1i2hmiIR2Fy+Icr0
Rq0vuCAP0u7TSQ0w3AFqPIOEIqjbacRc5SuWO1RwV8C4nFaGIN8AXk0giqiJrhph
7a9ZSJv0ClE19Y+TU6HjC/jF3r8aAtnuOm5uTf/D7P2WkYSE8uAatuubvqTXlYR9
pN6861/hIQU=
=9vU9
- -----END PGP SIGNATURE-----

- ----------------------------------------------------------------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: qemu-kvm-rhev security update
Advisory ID:       RHSA-2020:4176-01
Product:           Red Hat OpenStack Platform
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:4176
Issue date:        2020-10-05
CVE Names:         CVE-2020-14364 
=====================================================================

1. Summary:

An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform
10 (Newton).

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 10.0 - x86_64

3. Description:

KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm-rhev packages provide the
user-space component for running virtual machines that use KVM in
environments managed by Red Hat products.

Security Fix(es):

* usb: out-of-bounds r/w access issue while processing usb packets
(CVE-2020-14364)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1869201 - CVE-2020-14364 QEMU: usb: out-of-bounds r/w access issue while processing usb packets

6. Package List:

Red Hat OpenStack Platform 10.0:

Source:
qemu-kvm-rhev-2.12.0-33.el7_7.12.src.rpm

x86_64:
qemu-img-rhev-2.12.0-33.el7_7.12.x86_64.rpm
qemu-kvm-common-rhev-2.12.0-33.el7_7.12.x86_64.rpm
qemu-kvm-rhev-2.12.0-33.el7_7.12.x86_64.rpm
qemu-kvm-rhev-debuginfo-2.12.0-33.el7_7.12.x86_64.rpm
qemu-kvm-tools-rhev-2.12.0-33.el7_7.12.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-14364
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBX3uF3tzjgjWX9erEAQizvxAAmS4bb6OAiD6o1/jDymcGuVra8q80zIuJ
26Egxf0mtoz5ztjdk9mLhJvns/1IgmPexZE1OegPsvHk1EAaZp1FEBRG41ltiikh
KoOTzrCcb+cWsnMVKmSG55s4tyi006tEk40xWQR69++kVGUCns/aCQaJR5GQQkWQ
K6lqh/05EYKw4rKZev1Diu8d5iVXpQ96EdRZrl41AFWGOr9TtFv+N0b9QeJJ4IFh
CoXDDjhJHBDOXRh4MAZnXiQUQN4KfpJhocer5uELT8/p52+sJwQGsis1QjBYJzM1
ZEADJh9VD8rIMSXgTCAh6+jsH1fEm0bFV403Yzv2aWr9m9VxZkiMd1bX7W9UV4vw
c/hrtHoqoGeidRz/nwTeGSmsVenpwlAmi/A0BS2CyVKEl/p5KKkMIlH2/sGo498e
61ua3OEzqJhMn14SShxsVKNyf2DCGfh0R8dmVqqq0J74Z4PqsyEDuyQzCfz6OjZW
GxfoSBImpwEPf6+7Oj2tp2nDjwtqgKNHLIr4TkqVZsEU75ZyhOQSTz4memfd1+gC
ny2OPPQw34qqFe+aLuyCEhpQsueMZ1SNuxIAn0X/Vjr+pdHAHxrbHLm0kXRY3u+b
pU88UYRMvu19FDnPeYy9hii8BrwbtfSwGQoZee40Ez6NzaY6q9qioFTGgpC99wtz
L/K/dHsOl4s=
=B5HA
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX3vP1eNLKJtyKPYoAQjQZRAApsus4KsQVJyqs8XDl6OOHxNxzUrNpjIu
5uPRWiW4QJCBNJ/Gvr+fubKPovbFJiSeYhi8nxMYekuKhnPELmn/nkGuTe4Gl66F
RbVletSHKOBxeDqQyiTGbd+FPQ5ndbzsA3nBohyvuL5+nIJPousAW/MRC3dSgkCO
ZpKRgorHyBh8hFaEXLtzbjejqfg9XocI9SBrEqgjglAq5aHlQyk8zMv4P8lXzdqO
/9EQgmAB7/eDQghOeJPZAk/mmP1J6iRWB9Pc/W/Nhv2wZYPqYz+Yg/25OTPVNtSu
PV6lt7Yf3CCttrP6Gx3GUhgTzYVxlhS4t3StYzYaKHOBLO/WAGRFYLJnR97alDnF
O1xipjtEIEgKLOM4UpiV2qxa3VprWjWpLfU0saSD1ghG8nCBCk24CvCkLPgrIFkG
LnATdMipr9p0J+BA6AzT+cVddLu6SDLEls5bnn75H4QIzgQuU4Elem/wDfaXBftM
yLKo/NkF2s863mHQbGF4PPbA41H16qc5p8bZyf+0QQG+N800I7jdKzF8N8eaSpBE
M+XtpCWbHRNzzmt3u8WO0wIpljkg0bEPh1fEJNrUrH7ToqOuEwOTWdl7acGR4Y2e
wO+p2h6gOwGBXdiXaqJoE1MzeF4bthtvqbN5Ag8hTYToL0Wnj1zhXh0lf9GwPuck
aeUx3tvrEYk=
=LTrR
-----END PGP SIGNATURE-----

The post ESB-2020.3447 – [RedHat] qemu-kvm-rhev: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2020/10/06/esb-2020-3447-redhat-qemu-kvm-rhev-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3447-redhat-qemu-kvm-rhev-multiple-vulnerabilities

ESB-2020.3445 – [Ubuntu] Yaws: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3445
                     USN-4569-1: Yaws vulnerabilities
                              6 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Yaws
Publisher:         Ubuntu
Operating System:  Ubuntu
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Access Confidential Data        -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-24916 CVE-2020-24379 

Reference:         ESB-2020.3322

Original Bulletin: 
   https://usn.ubuntu.com/4569-1/

- --------------------------BEGIN INCLUDED TEXT--------------------

USN-4569-1: Yaws vulnerabilities
05 October 2020

Several security issues were fixed in Yaws.
Releases

  o Ubuntu 18.04 LTS

Packages

  o yaws - High performance HTTP 1.1 webserver written in Erlang

Details

It was discovered that Yaws did not properly sanitize XML input. A remote
attacker could use this vulnerability to execute an XML External Entity
(XXE) injection attack. (CVE-2020-24379)

It was discovered that Yaws mishandled certain input when running CGI
scripts. A remote attacker could use this vulnerability to execute
arbitrary commands. (CVE-2020-24916)

Update instructions

The problem can be corrected by updating your system to the following package
versions:

Ubuntu 18.04

  o erlang-yapp - 2.0.4+dfsg-2ubuntu0.1
  o erlang-yaws - 2.0.4+dfsg-2ubuntu0.1
  o yaws - 2.0.4+dfsg-2ubuntu0.1
  o yaws-mail - 2.0.4+dfsg-2ubuntu0.1

In general, a standard system update will make all the necessary changes.

References

  o CVE-2020-24916
  o CVE-2020-24379

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX3vPVeNLKJtyKPYoAQiuZg/+IfAFJl0Gb7kfChN/tX+wzzh2HVBycFT+
y7GMtnG3hAge4cPgYOogBuok8CHWnLAESCuioJkCJHHaU1QOSF5Dyo/dI9WKcdC8
lljMaj+iWHhGgCW9idpudyBFnljL/r/7zsOrZ2minxGp8gask8OY10luPcQc59rw
5ug3a5fMWq98xNQvD8WbSvCSyn/IOfFSHza8vA51UgXVRJlWBz4Qz8z+hgZlKl5f
K139O+h/r+D4yNQb3m3/Bmgdk0XEMERdONAYBTEIJ684DFTsgXUSasuCuACQ5MZR
7faM1fUrqZUsXaGBNnlPlluHH6x37rNLfuV5ycQzpMEn9hjIZ1Nm/Yv8+3jPfqhw
olXQqP4A14qwHeNCymlRAH57951PHmB1UPNe5wGo69OrZ4rboNR4aXvRzQ35tZ56
b73H1YqDpissz0uf/2SexrfGnOoTIeE1/9f5gy1AI6P4YKX7LhA/yZXrSDBcrNc0
qNLdrU5ThiiMczngwpflLtw4mZitGgC0xXnuKTcdHluIdWbV1NO4aoOEAmwvQqKc
VEZcYdIyXOgdRIS2aX9TveqQHuaefOL+hQmYtVchGZE5ZAF3mOLQHuoySfPsYUSL
3IIWqdUi3UNGTomhYof8w2uctLsjdJuFIMw3Eau0C2HSRAL68Cho4U0tpNtU6cOZ
PWaqhWWGZc0=
=ZmYp
-----END PGP SIGNATURE-----

The post ESB-2020.3445 – [Ubuntu] Yaws: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2020/10/06/esb-2020-3445-ubuntu-yaws-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3445-ubuntu-yaws-multiple-vulnerabilities

The Power of True Peer-to-Peer Collaboration – Parham Eftekhari – BSW #190

Parham Eftekhari provides an overview of the Cybersecurity Collaborative and why the nation’s top CISOs are rediscovering the power of true peer-to-peer collaboration.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw190

The post The Power of True Peer-to-Peer Collaboration – Parham Eftekhari – BSW #190 appeared first on Malware Devil.

https://malwaredevil.com/2020/10/06/the-power-of-true-peer-to-peer-collaboration-parham-eftekhari-bsw-190/?utm_source=rss&utm_medium=rss&utm_campaign=the-power-of-true-peer-to-peer-collaboration-parham-eftekhari-bsw-190

Network Security News Summary for Tuesday October 6 2020

A brief daily summary of what is important in cybersecurity. The podcast is published every weekday and designed to get you ready for the day with a brief, usually about 5 minutes long, summary of current network security-related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .

The post Network Security News Summary for Tuesday October 6 2020 appeared first on Malware Devil.

https://malwaredevil.com/2020/10/06/network-security-news-summary-for-tuesday-october-6-2020/?utm_source=rss&utm_medium=rss&utm_campaign=network-security-news-summary-for-tuesday-october-6-2020

Monday, October 5, 2020

Why Employees Aren’t Really “Getting” Your Cybersecurity Training

The post Why Employees Aren’t Really “Getting” Your Cybersecurity Training appeared first on Digital Defense, Inc..

The post Why Employees Aren’t Really “Getting” Your Cybersecurity Training appeared first on Security Boulevard.

The post Why Employees Aren’t Really “Getting” Your Cybersecurity Training appeared first on Malware Devil.

https://malwaredevil.com/2020/10/05/why-employees-arent-really-getting-your-cybersecurity-training/?utm_source=rss&utm_medium=rss&utm_campaign=why-employees-arent-really-getting-your-cybersecurity-training

Time to prepare for increased U.S.-China tensions in cyberspace

Last week, the U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA) issued an alert to critical infrastructure owners and operators across the United States to be vigilant for potential Chinese cyberspace operations given heightened tensions between the two countries. What does the CISA alert recommend, and why is it important to follow it?

The post Time to prepare for increased U.S.-China tensions in cyberspace appeared first on AttackIQ.

The post Time to prepare for increased U.S.-China tensions in cyberspace appeared first on Security Boulevard.

The post Time to prepare for increased U.S.-China tensions in cyberspace appeared first on Malware Devil.

https://malwaredevil.com/2020/10/05/time-to-prepare-for-increased-u-s-china-tensions-in-cyberspace/?utm_source=rss&utm_medium=rss&utm_campaign=time-to-prepare-for-increased-u-s-china-tensions-in-cyberspace

John McAfee Indicted on Tax Charges

Subscribe to Newsletters

Hear Microsoft, FedEx & VMware Speak @ Interop Digital
Network Automation Summit presented by Network to Code at Interop Digital
Dark Reading Cybersecurity Summit @ Interop Digital

More Informa Tech Live Events

White Papers

The High Cost of Poor Web Performance

Automate Digital Certificate Lifecycle Management

The 2020 Outbound Email Security Report

More White Papers

Video

All Videos

Cartoon

Latest Comment: Sorry, I cannot brush my teeth tonight. The toothbrush locked me out after three tries.

Cartoon Archive

Current Issue

Special Report: Computing’s New NormalThis special report examines how IT security organizations have adapted to the “new normal” of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.

Back Issues | Must Reads

Flash Poll

All Polls

How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world — and enterprise computing — on end. Here’s a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.

Download Now!

Special Report: Understanding Your Cyber Attackers

0 comments

2020 State of Cybersecurity Operations and Incident Response

0 comments

The Changing Face of Threat Intelligence

0 comments

More Reports

Twitter Feed

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database
CVE-2020-15237
PUBLISHED: 2020-10-05

In Shrine before version 3.3.0, when using the `derivation_endpoint` plugin, it’s possible for the attacker to use a timing attack to guess the signature of the derivation URL. The problem has been fixed by comparing sent and calculated signature in constant time, using `Rack::Utils.secure_compare`….

CVE-2020-16226
PUBLISHED: 2020-10-05

Multiple Mitsubishi Electric products are vulnerable to impersonations of a legitimate device by a malicious actor, which may allow an attacker to remotely execute arbitrary commands.

CVE-2020-15235
PUBLISHED: 2020-10-05

In RACTF before commit f3dc89b, unauthenticated users are able to get the value of sensitive config keys that would normally be hidden to everyone except admins. All versions after commit f3dc89b9f6ab1544a289b3efc06699b13d63e0bd(3/10/20) are patched.

CVE-2020-24231
PUBLISHED: 2020-10-05

Symmetric DS <3.12.0 uses mx4j to provide access to JMX over HTTP. mx4j, by default, has no auth and is available on all interfaces. An attacker can interact with JMX: get system info, and invoke MBean methods. It is possible to install additional MBeans from a remote host using MLet that leads t…

CVE-2020-15236
PUBLISHED: 2020-10-05

In Wiki.js before version 2.5.151, directory traversal outside of Wiki.js context is possible when a storage module with local asset cache fetching is enabled. A malicious user can potentially read any file on the file system by crafting a special URL that allows for directory traversal. This is onl…

The post John McAfee Indicted on Tax Charges appeared first on Malware Devil.

https://malwaredevil.com/2020/10/05/john-mcafee-indicted-on-tax-charges/?utm_source=rss&utm_medium=rss&utm_campaign=john-mcafee-indicted-on-tax-charges

Malware Devil

Malware Devil

Tuesday, October 6, 2020

ESB-2020.3452 – [Appliance] IBM Security Access Manager: Multiple vulnerabilities

ESB-2020.3450 – [RedHat] mariadb: Multiple vulnerabilities

ESB-2020.3449 – [Linux][RedHat] rh-maven35-jackson-databind: Multiple vulnerabilities

ESB-2020.3448 – [RedHat] Red Hat Virtualization: Multiple vulnerabilities

ESB-2020.3447 – [RedHat] qemu-kvm-rhev: Multiple vulnerabilities

ESB-2020.3445 – [Ubuntu] Yaws: Multiple vulnerabilities

The Power of True Peer-to-Peer Collaboration – Parham Eftekhari – BSW #190

Network Security News Summary for Tuesday October 6 2020

Monday, October 5, 2020

Why Employees Aren’t Really “Getting” Your Cybersecurity Training

Time to prepare for increased U.S.-China tensions in cyberspace

John McAfee Indicted on Tax Charges

Barbary Pirates and Russian Cybercrime

Blog Archive

About Me