This page shows the package changes from 4.6.0.1 to 4.7.0.1 some for security reasons and the CVEs.
Deliverable | Name |
|---|---|
| netboot | esi-4.7 |
| OVAs | |
| upgrade | asset_manager_update-4.7.0.1.da7454b-20230126.tgz |
CVEs and the new package and RPM that resolves each
CVE | New RPM | PKG | DESCRIPTION |
|---|---|---|---|
CVE-2018-5745 | bind-export-libs-9.11.4-26.P2.el7_9.10.x86_64 | bind-export-libs | "managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745. |
CVE-2018-5745 | bind-libs-9.11.4-26.P2.el7_9.10.x86_64 | bind-libs | "managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745. |
CVE-2018-5745 | bind-libs-lite-9.11.4-26.P2.el7_9.10.x86_64 | bind-libs-lite | "managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745. |
CVE-2018-5745 | bind-license-9.11.4-26.P2.el7_9.10.noarch | bind-license | "managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745. |
CVE-2018-5745 | bind-utils-9.11.4-26.P2.el7_9.10.x86_64 | bind-utils | "managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745. |
CVE-2020-8616 | bind-export-libs-9.11.4-26.P2.el7_9.10.x86_64 | bind-export-libs | A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor. |
CVE-2020-8616 | bind-libs-9.11.4-26.P2.el7_9.10.x86_64 | bind-libs | A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor. |
CVE-2020-8616 | bind-libs-lite-9.11.4-26.P2.el7_9.10.x86_64 | bind-libs-lite | A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor. |
CVE-2020-8616 | bind-license-9.11.4-26.P2.el7_9.10.noarch | bind-license | A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor. |
CVE-2020-8616 | bind-utils-9.11.4-26.P2.el7_9.10.x86_64 | bind-utils | A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor. |
CVE-2020-8617 | bind-export-libs-9.11.4-26.P2.el7_9.10.x86_64 | bind-export-libs | Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results. |
CVE-2020-8617 | bind-libs-9.11.4-26.P2.el7_9.10.x86_64 | bind-libs | Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results. |
CVE-2020-8617 | bind-libs-lite-9.11.4-26.P2.el7_9.10.x86_64 | bind-libs-lite | Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results. |
CVE-2020-8617 | bind-license-9.11.4-26.P2.el7_9.10.noarch | bind-license | Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results. |
CVE-2020-8617 | bind-utils-9.11.4-26.P2.el7_9.10.x86_64 | bind-utils | Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results. |
CVE-2021-25215 | bind-export-libs-9.11.4-26.P2.el7_9.10.x86_64 | bind-export-libs | In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9. |
CVE-2021-25215 | bind-libs-9.11.4-26.P2.el7_9.10.x86_64 | bind-libs | In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9. |
CVE-2021-25215 | bind-libs-lite-9.11.4-26.P2.el7_9.10.x86_64 | bind-libs-lite | In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9. |
CVE-2021-25215 | bind-license-9.11.4-26.P2.el7_9.10.noarch | bind-license | In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9. |
CVE-2021-25215 | bind-utils-9.11.4-26.P2.el7_9.10.x86_64 | bind-utils | In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9. |
CVE-2020-8623 | bind-export-libs-9.11.4-26.P2.el7_9.10.x86_64 | bind-export-libs | In BIND 9.10.0 > 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with "-enable-native-pkcs11" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker |
CVE-2020-8623 | bind-libs-9.11.4-26.P2.el7_9.10.x86_64 | bind-libs | In BIND 9.10.0 > 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with "-enable-native-pkcs11" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker |
CVE-2020-8623 | bind-libs-lite-9.11.4-26.P2.el7_9.10.x86_64 | bind-libs-lite | In BIND 9.10.0 > 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with "-enable-native-pkcs11" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker |
CVE-2020-8623 | bind-license-9.11.4-26.P2.el7_9.10.noarch | bind-license | In BIND 9.10.0 > 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with "-enable-native-pkcs11" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker |
CVE-2020-8623 | bind-utils-9.11.4-26.P2.el7_9.10.x86_64 | bind-utils | In BIND 9.10.0 > 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with "-enable-native-pkcs11" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker |
CVE-2020-8622 | bind-export-libs-9.11.4-26.P2.el7_9.10.x86_64 | bind-export-libs | In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit. |
CVE-2020-8622 | bind-libs-9.11.4-26.P2.el7_9.10.x86_64 | bind-libs | In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit. |
CVE-2020-8622 | bind-libs-lite-9.11.4-26.P2.el7_9.10.x86_64 | bind-libs-lite | In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit. |
CVE-2020-8622 | bind-license-9.11.4-26.P2.el7_9.10.noarch | bind-license | In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit. |
CVE-2020-8622 | bind-utils-9.11.4-26.P2.el7_9.10.x86_64 | bind-utils | In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit. |
CVE-2020-8625 | bind-export-libs-9.11.4-26.P2.el7_9.10.x86_64 | bind-export-libs | BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch |
CVE-2020-8625 | bind-libs-9.11.4-26.P2.el7_9.10.x86_64 | bind-libs | BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch |
CVE-2020-8625 | bind-libs-lite-9.11.4-26.P2.el7_9.10.x86_64 | bind-libs-lite | BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch |
CVE-2020-8625 | bind-license-9.11.4-26.P2.el7_9.10.noarch | bind-license | BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch |
CVE-2020-8625 | bind-utils-9.11.4-26.P2.el7_9.10.x86_64 | bind-utils | BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch |
CVE-2022-38178 | bind-export-libs-9.11.4-26.P2.el7_9.10.x86_64 | bind-export-libs | By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. |
CVE-2022-38178 | bind-libs-9.11.4-26.P2.el7_9.10.x86_64 | bind-libs | By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. |
CVE-2022-38178 | bind-libs-lite-9.11.4-26.P2.el7_9.10.x86_64 | bind-libs-lite | By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. |
CVE-2022-38178 | bind-license-9.11.4-26.P2.el7_9.10.noarch | bind-license | By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. |
CVE-2022-38178 | bind-utils-9.11.4-26.P2.el7_9.10.x86_64 | bind-utils | By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. |
CVE-2019-6465 | bind-export-libs-9.11.4-26.P2.el7_9.10.x86_64 | bind-export-libs | Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465. |
CVE-2019-6465 | bind-libs-9.11.4-26.P2.el7_9.10.x86_64 | bind-libs | Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465. |
CVE-2019-6465 | bind-libs-lite-9.11.4-26.P2.el7_9.10.x86_64 | bind-libs-lite | Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465. |
CVE-2019-6465 | bind-license-9.11.4-26.P2.el7_9.10.noarch | bind-license | Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465. |
CVE-2019-6465 | bind-utils-9.11.4-26.P2.el7_9.10.x86_64 | bind-utils | Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465. |
CVE-2022-38177 | bind-export-libs-9.11.4-26.P2.el7_9.10.x86_64 | bind-export-libs | By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. |
CVE-2022-38177 | bind-libs-9.11.4-26.P2.el7_9.10.x86_64 | bind-libs | By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. |
CVE-2022-38177 | bind-libs-lite-9.11.4-26.P2.el7_9.10.x86_64 | bind-libs-lite | By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. |
CVE-2022-38177 | bind-license-9.11.4-26.P2.el7_9.10.noarch | bind-license | By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. |
CVE-2022-38177 | bind-utils-9.11.4-26.P2.el7_9.10.x86_64 | bind-utils | By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. |
CVE-2019-6477 | bind-export-libs-9.11.4-26.P2.el7_9.10.x86_64 | bind-export-libs | With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been provisioned to handle. When a TCP connection with a large number of pipelined queries is closed, the load on the server releasing these multiple resources can cause it to become unresponsive, even for queries that can be answered authoritatively or from cache. (This is most likely to be perceived as an intermittent server problem). |
CVE-2019-6477 | bind-libs-9.11.4-26.P2.el7_9.10.x86_64 | bind-libs | With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been provisioned to handle. When a TCP connection with a large number of pipelined queries is closed, the load on the server releasing these multiple resources can cause it to become unresponsive, even for queries that can be answered authoritatively or from cache. (This is most likely to be perceived as an intermittent server problem). |
CVE-2019-6477 | bind-libs-lite-9.11.4-26.P2.el7_9.10.x86_64 | bind-libs-lite | With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been provisioned to handle. When a TCP connection with a large number of pipelined queries is closed, the load on the server releasing these multiple resources can cause it to become unresponsive, even for queries that can be answered authoritatively or from cache. (This is most likely to be perceived as an intermittent server problem). |
CVE-2019-6477 | bind-license-9.11.4-26.P2.el7_9.10.noarch | bind-license | With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been provisioned to handle. When a TCP connection with a large number of pipelined queries is closed, the load on the server releasing these multiple resources can cause it to become unresponsive, even for queries that can be answered authoritatively or from cache. (This is most likely to be perceived as an intermittent server problem). |
CVE-2019-6477 | bind-utils-9.11.4-26.P2.el7_9.10.x86_64 | bind-utils | With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been provisioned to handle. When a TCP connection with a large number of pipelined queries is closed, the load on the server releasing these multiple resources can cause it to become unresponsive, even for queries that can be answered authoritatively or from cache. (This is most likely to be perceived as an intermittent server problem). |
CVE-2020-8624 | bind-export-libs-9.11.4-26.P2.el7_9.10.x86_64 | bind-export-libs | In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone. |
CVE-2020-8624 | bind-libs-9.11.4-26.P2.el7_9.10.x86_64 | bind-libs | In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone. |
CVE-2020-8624 | bind-libs-lite-9.11.4-26.P2.el7_9.10.x86_64 | bind-libs-lite | In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone. |
CVE-2020-8624 | bind-license-9.11.4-26.P2.el7_9.10.noarch | bind-license | In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone. |
CVE-2020-8624 | bind-utils-9.11.4-26.P2.el7_9.10.x86_64 | bind-utils | In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone. |
CVE-2021-25214 | bind-export-libs-9.11.4-26.P2.el7_9.10.x86_64 | bind-export-libs | In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed. |
CVE-2021-25214 | bind-libs-9.11.4-26.P2.el7_9.10.x86_64 | bind-libs | In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed. |
CVE-2021-25214 | bind-libs-lite-9.11.4-26.P2.el7_9.10.x86_64 | bind-libs-lite | In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed. |
CVE-2021-25214 | bind-license-9.11.4-26.P2.el7_9.10.noarch | bind-license | In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed. |
CVE-2021-25214 | bind-utils-9.11.4-26.P2.el7_9.10.x86_64 | bind-utils | In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed. |
CVE-2022-24407 | cyrus-sasl-2.1.26-24.el7_9.x86_64 | cyrus-sasl | In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. |
CVE-2022-24407 | cyrus-sasl-lib-2.1.26-24.el7_9.x86_64 | cyrus-sasl-lib | In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. |
CVE-2021-25217 | dhclient-4.2.5-83.el7.centos.1.x86_64 | dhclient | In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted. |
CVE-2021-25217 | dhcp-common-4.2.5-83.el7.centos.1.x86_64 | dhcp-common | In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted. |
CVE-2021-25217 | dhcp-libs-4.2.5-83.el7.centos.1.x86_64 | dhcp-libs | In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted. |
CVE-2022-1271 | gzip-1.5-11.el7_9.x86_64 | gzip | An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system. |
CVE-2022-1271 | xz-5.2.2-2.el7_9.x86_64 | xz | An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system. |
CVE-2022-1271 | xz-devel-5.2.2-2.el7_9.x86_64 | xz-devel | An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system. |
CVE-2022-1271 | xz-libs-5.2.2-2.el7_9.x86_64 | xz-libs | An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system. |
CVE-2019-11068 | libxslt-1.1.28-6.el7.x86_64 | libxslt | libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. |
CVE-2019-18197 | libxslt-1.1.28-6.el7.x86_64 | libxslt | In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed. |
CVE-2020-25709 | openldap-2.4.44-25.el7_9.x86_64 | openldap | A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability. |
CVE-2020-25709 | openldap-clients-2.4.44-25.el7_9.x86_64 | openldap-clients | A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability. |
CVE-2020-25710 | openldap-2.4.44-25.el7_9.x86_64 | openldap | A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability. |
CVE-2020-25710 | openldap-clients-2.4.44-25.el7_9.x86_64 | openldap-clients | A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability. |
CVE-2021-41617 | openssh-7.4p1-22.el7_9.x86_64 | openssh | sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. |
CVE-2021-41617 | openssh-clients-7.4p1-22.el7_9.x86_64 | openssh-clients | sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. |
CVE-2021-41617 | openssh-server-7.4p1-22.el7_9.x86_64 | openssh-server | sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. |
CVE-2021-37750 | krb5-devel-1.15.1-54.el7_9.x86_64 | krb5-devel | The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field. |
CVE-2021-37750 | krb5-libs-1.15.1-54.el7_9.x86_64 | krb5-libs | The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field. |
CVE-2021-37750 | krb5-workstation-1.15.1-54.el7_9.x86_64 | krb5-workstation | The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field. |
CVE-2021-37750 | libkadm5-1.15.1-54.el7_9.x86_64 | libkadm5 | The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field. |
CVE-2022-31676 | open-vm-tools-11.0.5-3.el7_9.4.x86_64 | open-vm-tools | VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine. |
CVE-2020-24511 | microcode_ctl-2.1-73.13.el7_9.x86_64 | microcode_ctl | Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. |
CVE-2020-24489 | microcode_ctl-2.1-73.13.el7_9.x86_64 | microcode_ctl | Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2021-0145 | microcode_ctl-2.1-73.13.el7_9.x86_64 | microcode_ctl | Improper initialization of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. |
CVE-2021-33120 | microcode_ctl-2.1-73.13.el7_9.x86_64 | microcode_ctl | Out of bounds read under complex microarchitectural condition in memory subsystem for some Intel Atom(R) Processors may allow authenticated user to potentially enable information disclosure or cause denial of service via network access. |
CVE-2020-24513 | microcode_ctl-2.1-73.13.el7_9.x86_64 | microcode_ctl | Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. |
CVE-2021-0127 | microcode_ctl-2.1-73.13.el7_9.x86_64 | microcode_ctl | Insufficient control flow management in some Intel(R) Processors may allow an authenticated user to potentially enable a denial of service via local access. |
CVE-2020-24512 | microcode_ctl-2.1-73.13.el7_9.x86_64 | microcode_ctl | Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. |
CVE-2022-2078 | openssl-1.0.2k-25.el7_9.x86_64 | openssl | A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code. |
CVE-2022-2078 | openssl-devel-1.0.2k-25.el7_9.x86_64 | openssl-devel | A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code. |
CVE-2022-2078 | openssl-libs-1.0.2k-25.el7_9.x86_64 | openssl-libs | A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code. |
cve-2021-3712 | openssl-1.0.2k-25.el7_9.x86_64 | openssl | ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y). |
cve-2021-3712 | openssl-devel-1.0.2k-25.el7_9.x86_64 | openssl-devel | ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y). |
cve-2021-3712 | openssl-libs-1.0.2k-25.el7_9.x86_64 | openssl-libs | ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y). |
CVE-2021-23841 | openssl-1.0.2k-25.el7_9.x86_64 | openssl | The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). |
CVE-2021-23841 | openssl-devel-1.0.2k-25.el7_9.x86_64 | openssl-devel | The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). |
CVE-2021-23841 | openssl-libs-1.0.2k-25.el7_9.x86_64 | openssl-libs | The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). |
CVE-2021-23840 | openssl-1.0.2k-25.el7_9.x86_64 | openssl | Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). |
CVE-2021-23840 | openssl-devel-1.0.2k-25.el7_9.x86_64 | openssl-devel | Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). |
CVE-2021-23840 | openssl-libs-1.0.2k-25.el7_9.x86_64 | openssl-libs | Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). |
CVE-2021-3712 | openssl-1.0.2k-25.el7_9.x86_64 | openssl | ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y). |
CVE-2021-3712 | openssl-devel-1.0.2k-25.el7_9.x86_64 | openssl-devel | ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y). |
CVE-2021-3712 | openssl-libs-1.0.2k-25.el7_9.x86_64 | openssl-libs | ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y). |
CVE-2018-25032 | zlib-1.2.7-20.el7_9.x86_64 | zlib | zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. |
CVE-2018-25032 | zlib-devel-1.2.7-20.el7_9.x86_64 | zlib-devel | zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. |
CVE-2021-20271 | rpm-4.11.3-48.el7_9.x86_64 | rpm | A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability. |
CVE-2021-20271 | rpm-build-libs-4.11.3-48.el7_9.x86_64 | rpm-build-libs | A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability. |
CVE-2021-20271 | rpm-devel-4.11.3-48.el7_9.x86_64 | rpm-devel | A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability. |
CVE-2021-20271 | rpm-libs-4.11.3-48.el7_9.x86_64 | rpm-libs | A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability. |
CVE-2021-20271 | rpm-python-4.11.3-48.el7_9.x86_64 | rpm-python | A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability. |
CVE-2022-24903 | rsyslog-8.24.0-57.el7_9.3.x86_64 | rsyslog | Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may still be a slight chance for experts to do that. The bug occurs when the octet count is read. While there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing modes. It is relatively uncommon, but enabled by default on receivers. Modules `imtcp`, `imptcp`, `imgssapi`, and `imhttp` are used for regular syslog message reception. It is best practice not to directly expose them to the public. When this practice is followed, the risk is considerably lower. Module `imdiag` is a diagnostics module primarily intended for testbench runs. We do not expect it to be present on any production installation. Octet-counted framing is not very common. Usually, it needs to be specifically enabled at senders. If users do not need it, they can turn it off for the most important modules. This will mitigate the vulnerability. |
CVE-2018-19519 | tcpdump-4.9.2-4.el7_7.1.x86_64 | tcpdump | In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization. |
Packages Updated for Security Reasons
Old Package | New Package |
|---|---|
acl-2.2.51-14.el7.x86_64 | acl-2.2.51-15.el7.x86_64 |
apr-1.4.8-5.el7.x86_64 | apr-1.4.8-7.el7.x86_64 |
at-3.1.13-24.el7.x86_64 | at-3.1.13-25.el7_9.x86_64 |
bash-4.2.46-34.el7.x86_64 | bash-4.2.46-35.el7_9.x86_64 |
bind-export-libs-9.11.4-9.P2.el7.x86_64 | bind-export-libs-9.11.4-26.P2.el7_9.10.x86_64 |
bind-libs-9.11.4-9.P2.el7.x86_64 | bind-libs-9.11.4-26.P2.el7_9.10.x86_64 |
bind-libs-lite-9.11.4-9.P2.el7.x86_64 | bind-libs-lite-9.11.4-26.P2.el7_9.10.x86_64 |
bind-license-9.11.4-9.P2.el7.noarch | bind-license-9.11.4-26.P2.el7_9.10.noarch |
bind-utils-9.11.4-9.P2.el7.x86_64 | bind-utils-9.11.4-26.P2.el7_9.10.x86_64 |
binutils-2.27-41.base.el7.x86_64 | binutils-2.27-44.base.el7_9.1.x86_64 |
boost-date-time-1.53.0-27.el7.x86_64 | boost-date-time-1.53.0-28.el7.x86_64 |
boost-system-1.53.0-27.el7.x86_64 | boost-system-1.53.0-28.el7.x86_64 |
boost-thread-1.53.0-27.el7.x86_64 | boost-thread-1.53.0-28.el7.x86_64 |
ca-certificates-2018.2.22-70.0.el7_5.noarch | ca-certificates-2021.2.50-72.el7_9.noarch |
centos-release-7-7.1908.0.el7.centos.x86_64 | centos-release-7-9.2009.1.el7.centos.x86_64 |
chkconfig-1.7.4-1.el7.x86_64 | chkconfig-1.7.6-1.el7.x86_64 |
coreutils-8.22-24.el7.x86_64 | coreutils-8.22-24.el7_9.2.x86_64 |
cronie-1.4.11-23.el7.x86_64 | cronie-1.4.11-24.el7_9.x86_64 |
cronie-anacron-1.4.11-23.el7.x86_64 | cronie-anacron-1.4.11-24.el7_9.x86_64 |
cryptsetup-2.0.3-5.el7.x86_64 | cryptsetup-2.0.3-6.el7.x86_64 |
cryptsetup-libs-2.0.3-5.el7.x86_64 | cryptsetup-libs-2.0.3-6.el7.x86_64 |
cyrus-sasl-2.1.26-23.el7.x86_64 | cyrus-sasl-2.1.26-24.el7_9.x86_64 |
cyrus-sasl-lib-2.1.26-23.el7.x86_64 | cyrus-sasl-lib-2.1.26-24.el7_9.x86_64 |
device-mapper-1.02.158-2.el7.x86_64 | device-mapper-1.02.170-6.el7_9.5.x86_64 |
device-mapper-event-1.02.158-2.el7.x86_64 | device-mapper-event-1.02.170-6.el7_9.5.x86_64 |
device-mapper-event-libs-1.02.158-2.el7.x86_64 | device-mapper-event-libs-1.02.170-6.el7_9.5.x86_64 |
device-mapper-libs-1.02.158-2.el7.x86_64 | device-mapper-libs-1.02.170-6.el7_9.5.x86_64 |
device-mapper-persistent-data-0.8.5-1.el7.x86_64 | device-mapper-persistent-data-0.8.5-3.el7_9.2.x86_64 |
dhclient-4.2.5-77.el7.centos.x86_64 | dhclient-4.2.5-83.el7.centos.1.x86_64 |
dhcp-common-4.2.5-77.el7.centos.x86_64 | dhcp-common-4.2.5-83.el7.centos.1.x86_64 |
dhcp-libs-4.2.5-77.el7.centos.x86_64 | dhcp-libs-4.2.5-83.el7.centos.1.x86_64 |
dmidecode-3.2-3.el7.x86_64 | dmidecode-3.2-5.el7_9.1.x86_64 |
dracut-033-564.el7.x86_64 | dracut-033-572.el7.x86_64 |
dracut-config-rescue-033-564.el7.x86_64 | dracut-config-rescue-033-572.el7.x86_64 |
dracut-fips-033-564.el7.x86_64 | dracut-fips-033-572.el7.x86_64 |
dracut-network-033-564.el7.x86_64 | dracut-network-033-572.el7.x86_64 |
elfutils-default-yama-scope-0.176-2.el7.noarch | elfutils-default-yama-scope-0.176-5.el7.noarch |
elfutils-devel-0.176-2.el7.x86_64 | elfutils-devel-0.176-5.el7.x86_64 |
elfutils-libelf-0.176-2.el7.x86_64 | elfutils-libelf-0.176-5.el7.x86_64 |
elfutils-libelf-devel-0.176-2.el7.x86_64 | elfutils-libelf-devel-0.176-5.el7.x86_64 |
elfutils-libs-0.176-2.el7.x86_64 | elfutils-libs-0.176-5.el7.x86_64 |
glibc-2.17-323.el7_9.x86_64 | glibc-2.17-326.el7_9.x86_64 |
glibc-common-2.17-323.el7_9.x86_64 | glibc-common-2.17-326.el7_9.x86_64 |
glibc-devel-2.17-323.el7_9.x86_64 | glibc-devel-2.17-326.el7_9.x86_64 |
glibc-headers-2.17-323.el7_9.x86_64 | glibc-headers-2.17-326.el7_9.x86_64 |
grub2-2.02-0.87.el7.centos.6.x86_64 | grub2-2.02-0.87.0.1.el7.centos.9.x86_64 |
grub2-common-2.02-0.87.el7.centos.6.noarch | grub2-common-2.02-0.87.0.1.el7.centos.9.noarch |
grub2-pc-2.02-0.87.el7.centos.6.x86_64 | grub2-pc-2.02-0.87.0.1.el7.centos.9.x86_64 |
grub2-pc-modules-2.02-0.87.el7.centos.6.noarch | grub2-pc-modules-2.02-0.87.0.1.el7.centos.9.noarch |
grub2-tools-2.02-0.87.el7.centos.6.x86_64 | grub2-tools-2.02-0.87.0.1.el7.centos.9.x86_64 |
grub2-tools-extra-2.02-0.87.el7.centos.6.x86_64 | grub2-tools-extra-2.02-0.87.0.1.el7.centos.9.x86_64 |
grub2-tools-minimal-2.02-0.87.el7.centos.6.x86_64 | grub2-tools-minimal-2.02-0.87.0.1.el7.centos.9.x86_64 |
gzip-1.5-10.el7.x86_64 | gzip-1.5-11.el7_9.x86_64 |
hostname-3.13-3.el7.x86_64 | hostname-3.13-3.el7_7.1.x86_64 |
hwdata-0.252-9.3.el7.x86_64 | hwdata-0.252-9.7.el7.x86_64 |
iproute-4.11.0-25.el7.x86_64 | iproute-4.11.0-30.el7.x86_64 |
iprutils-2.4.17.1-2.el7.x86_64 | iprutils-2.4.17.1-3.el7_7.x86_64 |
iptables-1.4.21-33.el7.x86_64 | iptables-1.4.21-35.el7.x86_64 |
iptables-services-1.4.21-33.el7.x86_64 | iptables-services-1.4.21-35.el7.x86_64 |
jsvc-1.0.13-1.x86_64 | jsvc-1.3.2-1.x86_64 |
kbd-1.15.5-15.el7.x86_64 | kbd-1.15.5-16.el7_9.x86_64 |
kbd-legacy-1.15.5-15.el7.noarch | kbd-legacy-1.15.5-16.el7_9.noarch |
kbd-misc-1.15.5-15.el7.noarch | kbd-misc-1.15.5-16.el7_9.noarch |
kernel-3.10.0-1160.76.1.el7.x86_64 | kernel-3.10.0-1160.71.1.el7.x86_64 |
kernel-devel-3.10.0-1160.76.1.el7.x86_64 | kernel-devel-3.10.0-1160.71.1.el7.x86_64 |
kernel-headers-3.10.0-1160.76.1.el7.x86_64 | kernel-headers-3.10.0-1160.71.1.el7.x86_64 |
kernel-tools-3.10.0-1160.76.1.el7.x86_64 | kernel-tools-3.10.0-1160.71.1.el7.x86_64 |
kernel-tools-libs-3.10.0-1160.76.1.el7.x86_64 | kernel-tools-libs-3.10.0-1160.71.1.el7.x86_64 |
kexec-tools-2.0.15-33.el7.x86_64 | kexec-tools-2.0.15-51.el7_9.3.x86_64 |
kmod-20-25.el7.x86_64 | kmod-20-28.el7.x86_64 |
kmod-libs-20-25.el7.x86_64 | kmod-libs-20-28.el7.x86_64 |
kpartx-0.4.9-127.el7.x86_64 | kpartx-0.4.9-135.el7_9.x86_64 |
krb5-devel-1.15.1-37.el7_6.x86_64 | krb5-devel-1.15.1-54.el7_9.x86_64 |
krb5-libs-1.15.1-37.el7_6.x86_64 | krb5-libs-1.15.1-54.el7_9.x86_64 |
krb5-workstation-1.15.1-37.el7_6.x86_64 | krb5-workstation-1.15.1-54.el7_9.x86_64 |
libacl-2.2.51-14.el7.x86_64 | libacl-2.2.51-15.el7.x86_64 |
libblkid-2.23.2-61.el7.x86_64 | libblkid-2.23.2-65.el7_9.1.x86_64 |
libcap-2.22-10.el7.x86_64 | libcap-2.22-11.el7.x86_64 |
libffi-3.0.13-18.el7.x86_64 | libffi-3.0.13-19.el7.x86_64 |
libgcc-4.8.5-39.el7.x86_64 | libgcc-4.8.5-44.el7.x86_64 |
libgomp-4.8.5-39.el7.x86_64 | libgomp-4.8.5-44.el7.x86_64 |
libjpeg-turbo-1.2.90-8.el7.x86_64 | libkadm5-1.15.1-54.el7_9.x86_64 |
libmount-2.23.2-61.el7.x86_64 | libmount-2.23.2-65.el7_9.1.x86_64 |
libpcap-1.5.3-11.el7.x86_64 | libpcap-1.5.3-13.el7_9.x86_64 |
libseccomp-2.3.1-3.el7.x86_64 | libseccomp-2.3.1-4.el7.x86_64 |
libselinux-2.5-14.1.el7.x86_64 | libselinux-2.5-15.el7.x86_64 |
libselinux-devel-2.5-14.1.el7.x86_64 | libselinux-devel-2.5-15.el7.x86_64 |
libselinux-python-2.5-14.1.el7.x86_64 | libselinux-python-2.5-15.el7.x86_64 |
libselinux-utils-2.5-14.1.el7.x86_64 | libselinux-utils-2.5-15.el7.x86_64 |
libsmartcols-2.23.2-61.el7.x86_64 | libsmartcols-2.23.2-65.el7_9.1.x86_64 |
libstdc++-4.8.5-39.el7.x86_64 | libstdc++-4.8.5-44.el7.x86_64 |
libteam-1.27-9.el7.x86_64 | libteam-1.29-3.el7.x86_64 |
libuuid-2.23.2-61.el7.x86_64 | libuuid-2.23.2-65.el7_9.1.x86_64 |
libwbclient-4.10.16-18.el7_9.x86_64 | libwbclient-4.10.16-19.el7_9.x86_64 |
libxslt-1.1.28-5.el7.x86_64 | libxslt-1.1.28-6.el7.x86_64 |
linux-firmware-20190429-72.gitddde598.el7.noarch | linux-firmware-20200421-80.git78c0348.el7_9.noarch |
logrotate-3.8.6-17.el7.x86_64 | logrotate-3.8.6-19.el7.x86_64 |
lshw-B.02.18-13.el7.x86_64 | lshw-B.02.18-17.el7.x86_64 |
lvm2-2.02.185-2.el7.x86_64 | lvm2-2.02.187-6.el7_9.5.x86_64 |
lvm2-libs-2.02.185-2.el7.x86_64 | lvm2-libs-2.02.187-6.el7_9.5.x86_64 |
lz4-1.7.5-3.el7.x86_64 | lz4-1.8.3-1.el7.x86_64 |
mesa-libEGL-18.3.4-5.el7.x86_64 | mesa-libEGL-18.3.4-12.el7_9.x86_64 |
mesa-libGL-18.3.4-5.el7.x86_64 | mesa-libGL-18.3.4-12.el7_9.x86_64 |
mesa-libgbm-18.3.4-5.el7.x86_64 | mesa-libgbm-18.3.4-12.el7_9.x86_64 |
mesa-libglapi-18.3.4-5.el7.x86_64 | mesa-libglapi-18.3.4-12.el7_9.x86_64 |
microcode_ctl-2.1-73.8.el7_9.x86_64 | microcode_ctl-2.1-73.13.el7_9.x86_64 |
net-snmp-5.7.2-49.el7_9.1.x86_64 | net-snmp-5.7.2-49.el7_9.2.x86_64 |
net-snmp-agent-libs-5.7.2-49.el7_9.1.x86_64 | net-snmp-agent-libs-5.7.2-49.el7_9.2.x86_64 |
net-snmp-devel-5.7.2-49.el7_9.1.x86_64 | net-snmp-devel-5.7.2-49.el7_9.2.x86_64 |
net-snmp-libs-5.7.2-49.el7_9.1.x86_64 | net-snmp-libs-5.7.2-49.el7_9.2.x86_64 |
net-snmp-perl-5.7.2-49.el7_9.1.x86_64 | net-snmp-perl-5.7.2-49.el7_9.2.x86_64 |
net-snmp-utils-5.7.2-49.el7_9.1.x86_64 | net-snmp-utils-5.7.2-49.el7_9.2.x86_64 |
nscd-2.17-323.el7_9.x86_64 | nscd-2.17-326.el7_9.x86_64 |
nss-pam-ldapd-0.8.13-16.el7_6.1.x86_64 | nss-pam-ldapd-0.8.13-25.el7.x86_64 |
numactl-libs-2.0.12-3.el7.x86_64 | numactl-libs-2.0.12-5.el7.x86_64 |
open-vm-tools-10.3.0-2.el7.x86_64 | open-vm-tools-11.0.5-3.el7_9.4.x86_64 |
openldap-2.4.44-23.el7_9.x86_64 | openldap-2.4.44-25.el7_9.x86_64 |
openldap-clients-2.4.44-23.el7_9.x86_64 | openldap-clients-2.4.44-25.el7_9.x86_64 |
openssh-7.4p1-21.el7.x86_64 | openssh-7.4p1-22.el7_9.x86_64 |
openssh-clients-7.4p1-21.el7.x86_64 | openssh-clients-7.4p1-22.el7_9.x86_64 |
openssh-server-7.4p1-21.el7.x86_64 | openssh-server-7.4p1-22.el7_9.x86_64 |
openssl-1.0.2k-21.el7_9.x86_64 | openssl-1.0.2k-25.el7_9.x86_64 |
openssl-devel-1.0.2k-21.el7_9.x86_64 | openssl-devel-1.0.2k-25.el7_9.x86_64 |
openssl-libs-1.0.2k-21.el7_9.x86_64 | openssl-libs-1.0.2k-25.el7_9.x86_64 |
pam-1.1.8-22.el7.x86_64 | pam-1.1.8-23.el7.x86_64 |
parted-3.1-31.el7.x86_64 | parted-3.1-32.el7.x86_64 |
passwd-0.79-5.el7.x86_64 | passwd-0.79-6.el7.x86_64 |
perf-3.10.0-1160.76.1.el7.x86_64 | perf-3.10.0-1160.71.1.el7.x86_64 |
perl-DBD-Pg-2.19.3-4.el7.x86_64 | perl-DBD-Pg-2.19.3-5.el7_9.x86_64 |
perl-Socket-2.010-4.el7.x86_64 | perl-Socket-2.010-5.el7.x86_64 |
perl-version-0.99.07-3.el7.x86_64 | perl-version-0.99.07-6.el7.x86_64 |
plymouth-0.8.9-0.32.20140113.el7.centos.x86_64 | plymouth-0.8.9-0.34.20140113.el7.centos.x86_64 |
plymouth-core-libs-0.8.9-0.32.20140113.el7.centos.x86_64 | plymouth-core-libs-0.8.9-0.34.20140113.el7.centos.x86_64 |
plymouth-scripts-0.8.9-0.32.20140113.el7.centos.x86_64 | plymouth-scripts-0.8.9-0.34.20140113.el7.centos.x86_64 |
postfix-2.10.1-7.el7.x86_64 | postfix-2.10.1-9.el7.x86_64 |
postgresql13-13.6-1PGDG.rhel7.x86_64 | postgresql13-13.9-1PGDG.rhel7.x86_64 |
postgresql13-contrib-13.6-1PGDG.rhel7.x86_64 | postgresql13-contrib-13.9-1PGDG.rhel7.x86_64 |
postgresql13-libs-13.6-1PGDG.rhel7.x86_64 | postgresql13-libs-13.9-1PGDG.rhel7.x86_64 |
postgresql13-llvmjit-13.6-1PGDG.rhel7.x86_64 | postgresql13-llvmjit-13.9-1PGDG.rhel7.x86_64 |
postgresql13-plpython3-13.6-1PGDG.rhel7.x86_64 | postgresql13-plpython3-13.9-1PGDG.rhel7.x86_64 |
postgresql13-server-13.6-1PGDG.rhel7.x86_64 | postgresql13-server-13.9-1PGDG.rhel7.x86_64 |
procps-ng-3.3.10-26.el7.x86_64 | procps-ng-3.3.10-28.el7.x86_64 |
psmisc-22.20-16.el7.x86_64 | psmisc-22.20-17.el7.x86_64 |
rpm-4.11.3-45.el7.x86_64 | rpm-4.11.3-48.el7_9.x86_64 |
rpm-build-libs-4.11.3-45.el7.x86_64 | rpm-build-libs-4.11.3-48.el7_9.x86_64 |
rpm-devel-4.11.3-45.el7.x86_64 | rpm-devel-4.11.3-48.el7_9.x86_64 |
rpm-libs-4.11.3-45.el7.x86_64 | rpm-libs-4.11.3-48.el7_9.x86_64 |
rpm-python-4.11.3-45.el7.x86_64 | rpm-python-4.11.3-48.el7_9.x86_64 |
rsyslog-8.24.0-52.el7_8.2.x86_64 | rsyslog-8.24.0-57.el7_9.3.x86_64 |
samba-4.10.16-18.el7_9.x86_64 | samba-4.10.16-19.el7_9.x86_64 |
samba-client-libs-4.10.16-18.el7_9.x86_64 | samba-client-libs-4.10.16-19.el7_9.x86_64 |
samba-common-4.10.16-18.el7_9.noarch | samba-common-4.10.16-19.el7_9.noarch |
samba-common-libs-4.10.16-18.el7_9.x86_64 | samba-common-libs-4.10.16-19.el7_9.x86_64 |
samba-common-tools-4.10.16-18.el7_9.x86_64 | samba-common-tools-4.10.16-19.el7_9.x86_64 |
samba-libs-4.10.16-18.el7_9.x86_64 | samba-libs-4.10.16-19.el7_9.x86_64 |
samba-winbind-4.10.16-18.el7_9.x86_64 | samba-winbind-4.10.16-19.el7_9.x86_64 |
samba-winbind-clients-4.10.16-18.el7_9.x86_64 | samba-winbind-clients-4.10.16-19.el7_9.x86_64 |
samba-winbind-modules-4.10.16-18.el7_9.x86_64 | samba-winbind-modules-4.10.16-19.el7_9.x86_64 |
sed-4.2.2-5.el7.x86_64 | sed-4.2.2-7.el7.x86_64 |
selinux-policy-3.13.1-252.el7.noarch | selinux-policy-3.13.1-268.el7_9.2.noarch |
selinux-policy-targeted-3.13.1-252.el7.noarch | selinux-policy-targeted-3.13.1-268.el7_9.2.noarch |
setroubleshoot-server-3.2.30-7.el7.x86_64 | setroubleshoot-server-3.2.30-8.el7.x86_64 |
setup-2.8.71-10.el7.noarch | setup-2.8.71-11.el7.noarch |
sg3_utils-1.37-18.el7.x86_64 | sg3_utils-1.37-19.el7.x86_64 |
sg3_utils-libs-1.37-18.el7.x86_64 | sg3_utils-libs-1.37-19.el7.x86_64 |
strace-4.12-9.el7.x86_64 | strace-4.24-6.el7.x86_64 |
sudo-1.8.23-10.el7_9.1.x86_64 | sudo-1.8.23-10.el7_9.2.x86_64 |
sysstat-10.1.5-18.el7.x86_64 | sysstat-10.1.5-19.el7.x86_64 |
systemd-219-78.el7_9.3.x86_64 | systemd-219-78.el7_9.7.x86_64 |
systemd-libs-219-78.el7_9.3.x86_64 | systemd-libs-219-78.el7_9.7.x86_64 |
systemd-python-219-78.el7_9.3.x86_64 | systemd-python-219-78.el7_9.7.x86_64 |
systemd-sysv-219-78.el7_9.3.x86_64 | systemd-sysv-219-78.el7_9.7.x86_64 |
systemtap-runtime-4.0-9.el7.x86_64 | systemtap-runtime-4.0-13.el7.x86_64 |
systemtap-sdt-devel-4.0-9.el7.x86_64 | systemtap-sdt-devel-4.0-13.el7.x86_64 |
tcpdump-4.9.2-4.el7.x86_64 | tcpdump-4.9.2-4.el7_7.1.x86_64 |
teamd-1.27-9.el7.x86_64 | teamd-1.29-3.el7.x86_64 |
tzdata-2022c-1.el7.noarch | tzdata-2022e-1.el7.noarch |
unzip-6.0-21.el7.x86_64 | unzip-6.0-24.el7_9.x86_64 |
util-linux-2.23.2-61.el7.x86_64 | util-linux-2.23.2-65.el7_9.1.x86_64 |
vim-common-7.4.629-6.el7.x86_64 | vim-common-7.4.629-8.el7_9.x86_64 |
vim-enhanced-7.4.629-6.el7.x86_64 | vim-enhanced-7.4.629-8.el7_9.x86_64 |
vim-filesystem-7.4.629-6.el7.x86_64 | vim-filesystem-7.4.629-8.el7_9.x86_64 |
vim-minimal-7.4.629-6.el7.x86_64 | vim-minimal-7.4.629-8.el7_9.x86_64 |
xfsprogs-4.5.0-20.el7.x86_64 | xfsprogs-4.5.0-22.el7.x86_64 |
xz-5.2.2-1.el7.x86_64 | xz-5.2.2-2.el7_9.x86_64 |
xz-devel-5.2.2-1.el7.x86_64 | xz-devel-5.2.2-2.el7_9.x86_64 |
xz-libs-5.2.2-1.el7.x86_64 | xz-libs-5.2.2-2.el7_9.x86_64 |
yum-3.4.3-163.el7.centos.noarch | yum-3.4.3-168.el7.centos.noarch |
yum-plugin-fastestmirror-1.1.31-52.el7.noarch | yum-plugin-fastestmirror-1.1.31-54.el7_8.noarch |
yum-plugin-tmprepo-1.1.31-52.el7.noarch | yum-plugin-tmprepo-1.1.31-54.el7_8.noarch |
zlib-1.2.7-19.el7_9.x86_64 | zlib-1.2.7-20.el7_9.x86_64 |
zlib-devel-1.2.7-19.el7_9.x86_64 | zlib-devel-1.2.7-20.el7_9.x86_64 |
Packages Updated NOT for Security Reasons
Old Package | New Package NOT for CVE |
|---|---|
esi-release-4.6.0.1-df7b113.x86_64 | esi-release-4.7.0.0-da7454b.x86_64 |
logbase-ui-4.6.0.1-df7b113.x86_64 | logbase-ui-4.7.0.0-da7454b.x86_64 |
lumeta-api-4.6.0.1-8ef7b7f.x86_64 | lumeta-api-4.7.0.0-da7454b.x86_64 |
lumeta-api-client-4.6.0.1-8ef7b7f.x86_64 | lumeta-api-client-4.7.0.0-da7454b.x86_64 |
lumeta-api-python-4.6.0.1-8ef7b7f.x86_64 | lumeta-api-python-4.7.0.0-d551a6a.x86_64 |
lumeta-console-4.6.0.1-8ef7b7f.x86_64 | lumeta-console-4.7.0.0-eec1c5e.x86_64 |
lumeta-diagnostics-4.6.0.1-8ef7b7f.x86_64 | lumeta-diagnostics-4.7.0.0-d551a6a.x86_64 |
lumeta-discovery-agent-4.6.0.1-8ef7b7f.x86_64 | lumeta-discovery-agent-4.7.0.0-d551a6a.x86_64 |
lumeta-install-4.6.0.1-edaa9e3.x86_64 | lumeta-install-4.7.0.0-d551a6a.x86_64 |
lumeta-ips-import-4.6.0.1-8ef7b7f.x86_64 | lumeta-ips-import-4.7.0.0-d551a6a.x86_64 |
lumeta-ireg-4.6.0.1-df7b113.x86_64 | lumeta-ireg-4.7.0.0-da7454b.x86_64 |
lumeta-lib-4.6.0.1-df7b113.x86_64 | lumeta-lib-4.7.0.0-da7454b.x86_64 |
lumeta-pam-4.6.0.1-8ef7b7f.x86_64 | lumeta-pam-4.7.0.0-d551a6a.x86_64 |
lumeta-tools-4.6.0.1-8ef7b7f.x86_64 | lumeta-tools-4.7.0.0-d551a6a.x86_64 |
lumeta-visio-4.6.0.1-8ef7b7f.x86_64 | lumeta-visio-4.7.0.0-d551a6a.x86_64 |
lumeta-warehouse-4.6.0.1-8ef7b7f.x86_64 | lumeta-warehouse-4.7.0.0-d551a6a.x86_64 |
lumeta-webapp-4.6.0.1-8ef7b7f.x86_64 | lumeta-webapp-4.7.0.0-d551a6a.x86_64 |
netflow-capture-1.3.6p1-8ef7b7f.x86_64 | netflow-capture-1.3.6p1-d551a6a.x86_64 |
rawio-4.6.0.1-8ef7b7f.x86_64 | rawio-4.7.0.0-d551a6a.x86_64 |
New Packages
New Packages |
|---|
temurin-17-jdk-17.0.4.1.0.1-1.x86_64 |
| libXi-1.7.9-1.el7.x86_64 |
| libXtst-1.2.3-1.el7.x86_6 |
Removed Packages
Removed Packages |
|---|
copy-jdk-configs-3.3-10.el7_5.noarch |
iwl7265-firmware-22.0.7.0-72.el7.noarch |
java-1.8.0-openjdk-headless-1.8.0.342.b07-1.el7_9.x86_64 |
javapackages-tools-3.4.1-11.el7.noarch |
libdnet-1.12-13.1.el7.x86_64 |
libkadm5-1.15.1-37.el7_6.x86_64 |
lksctp-tools-1.0.17-2.el7.x86_64 |
pcsc-lite-libs-1.8.8-8.el7.x86_64 |
python-javapackages-3.4.1-11.el7.noarch |
python-lxml-3.2.1-4.el7.x86_64 |
tzdata-java-2022c-1.el7.noarch |