Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:2570: Red Hat Security Advisory: krb5 security, bug fix, and enhancement update

An update for krb5 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2020-17049: It was found that the Kerberos Key Distribution Center (KDC) delegation feature, Service for User (S4U), did not sufficiently protect the tickets it’s providing from tempering. A malicious, authenticated service principal allowed to delegate could use this flaw to impersonate a non-forwardable user.
Red Hat Security Data
#vulnerability#linux#red_hat#ldap#auth#ibm

Synopsis

Moderate: krb5 security, bug fix, and enhancement update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for krb5 is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).

The following packages have been upgraded to a later upstream version: krb5 (1.20.1). (BZ#2016312)

Security Fix(es):

  • Kerberos: delegation constrain bypass in S4U2Proxy (CVE-2020-17049)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, running Kerberos services (krb5kdc, kadmin, and kprop) will be restarted automatically.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64

Fixes

  • BZ - 1956994 - CVE-2020-17049 krb5: Kerberos: delegation constrain bypass in S4U2Proxy [rhel-9]
  • BZ - 2016312 - Rebase krb5 to latest upstream release 1.20 [rhel-9]
  • BZ - 2025721 - CVE-2020-17049 Kerberos: delegation constrain bypass in S4U2Proxy
  • BZ - 2063838 - Mishandling of CMS_verify() errors in PKINIT plugin
  • BZ - 2068535 - Modify supported_enctypes (kdc.conf) and add aes256/128-sha2 enctypes due to FIPS
  • BZ - 2121099 - Incorrect password expiration handling [rhel-9]
  • BZ - 2151513 - upstream test t_discover_uri.py failed [rhel-9.2]
  • BZ - 2159643 - Cannot set root as file owner using install in Mock build environment
  • BZ - 2162461 - creating of user principal failed with Cryptosystem internal error when the aes256-cts is used (FIPS)
  • BZ - 2165827 - CVE-2022-37967: MS-PAC extended KDC signature [rhel-9]
  • BZ - 2166603 - KDB: double free in kdb5_create.c:add_principal()
  • BZ - 2169985 - add krb5 principal failed with specific datetime string in pwexpire option (s390x, coredump)

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index

Red Hat Enterprise Linux for x86_64 9

SRPM

krb5-1.20.1-8.el9.src.rpm

SHA-256: 3ae5b5d755f3069aaad03cf709ec2ea892b95c50d26ff9aad903fa96035a93c7

x86_64

krb5-debuginfo-1.20.1-8.el9.i686.rpm

SHA-256: 6a7174eb17f450a1863b8b15ce3e742c6996cdbe0f01133c602c310960b63868

krb5-debuginfo-1.20.1-8.el9.x86_64.rpm

SHA-256: 4c780fca77eae2467453ed9ba5d2e4207abdb6da11df7bb3bd880a4d303d2bdc

krb5-debugsource-1.20.1-8.el9.i686.rpm

SHA-256: 28e8e453a82727071cc484a0d43a9d3a0a8d52badda3b5d775cf4755baa692f0

krb5-debugsource-1.20.1-8.el9.x86_64.rpm

SHA-256: 1ad8d501ef18715b722551e1b22de5ec7031b05868435f70cb68999a4112c597

krb5-devel-1.20.1-8.el9.i686.rpm

SHA-256: 9a5ec8494401038802e65429665c7c31d8b8571a29fb696ec2f3c2f4f3f21334

krb5-devel-1.20.1-8.el9.x86_64.rpm

SHA-256: 197b909036a1350c38209f8c7d2b0f39d08e801240c7c636c96d640dc2b73287

krb5-libs-1.20.1-8.el9.i686.rpm

SHA-256: e8f0491fc4e9a4f80359ecdff0c25980b360e3dc4ebdde0e6ca4a9ee6d37e673

krb5-libs-1.20.1-8.el9.x86_64.rpm

SHA-256: 9f9f48e04a21927168765e5cccde575f06f42143d5300b7de870ab034c7a4361

krb5-libs-debuginfo-1.20.1-8.el9.i686.rpm

SHA-256: a9af1a362d51f581d8e7914c2e3590cd989f36eac7c049deed4a862d6f659011

krb5-libs-debuginfo-1.20.1-8.el9.x86_64.rpm

SHA-256: dd67056db6fa79cbfaea12c3a5b6c27cdae0dff8ffa7180a0da36a353d18ebed

krb5-pkinit-1.20.1-8.el9.i686.rpm

SHA-256: f7d547d29e1f22982518a29a9dcaab3d62e25194be38b55d61218b30004aa309

krb5-pkinit-1.20.1-8.el9.x86_64.rpm

SHA-256: 019cea93d6a03d746b62c793dfe1a2bebc065b49fae4327b00c3fd648a6d30bb

krb5-pkinit-debuginfo-1.20.1-8.el9.i686.rpm

SHA-256: 1db62a9cd81daf9adc52f260aba00091e8fc7d95ff2f0a9040da2878277a3deb

krb5-pkinit-debuginfo-1.20.1-8.el9.x86_64.rpm

SHA-256: d1144ffdbbe5cda3df16405ddfacce8840f44dbb0ea6d56aafe70260864b8cd0

krb5-server-1.20.1-8.el9.i686.rpm

SHA-256: 091cf156f8faeec9d210ebd0eb82edf0fae46fc98100553798aff76a00cad39f

krb5-server-1.20.1-8.el9.x86_64.rpm

SHA-256: 5eafee4472a94552d1a595699b148adc60dd499c4cd662f0292bf4fe38e147fb

krb5-server-debuginfo-1.20.1-8.el9.i686.rpm

SHA-256: fd051bcae9fedee5582a3f3c2d5b35d4f1d8a8cfc149c594d622832d32c34bb7

krb5-server-debuginfo-1.20.1-8.el9.x86_64.rpm

SHA-256: eabe41fe7174562d86cc58deadcf5927b5f80457c1ef7b49140e0719c321f167

krb5-server-ldap-1.20.1-8.el9.i686.rpm

SHA-256: dd551a932f7b943dc93bc07ab02f955a7110b42614b7db33c6f8d7a63fd899d4

krb5-server-ldap-1.20.1-8.el9.x86_64.rpm

SHA-256: dd297f18336a23bc912cd22be424f1ab7b9ca4d1d82f727d6d4d2927dca8c8cb

krb5-server-ldap-debuginfo-1.20.1-8.el9.i686.rpm

SHA-256: 10a888a0274b2461e7e91ce1909642130e17c3ed3ad2d75e40855e11ff7f6aba

krb5-server-ldap-debuginfo-1.20.1-8.el9.x86_64.rpm

SHA-256: c6f654419fe00b64c113be927b55599caa71c849f944d5b2147a52626d269ad1

krb5-workstation-1.20.1-8.el9.x86_64.rpm

SHA-256: c0b21c2cc16e37455b1abba8a4466412934693dc650cf6b0188294b14477da06

krb5-workstation-debuginfo-1.20.1-8.el9.x86_64.rpm

SHA-256: ce8c16da65fbfa14da1570829ada80cc973ca11451217621536d921eab7fa2e8

libkadm5-1.20.1-8.el9.i686.rpm

SHA-256: 48e0b788f0158f2888f03fcac92c61e7dca35dd136f6dd644fa610d173093541

libkadm5-1.20.1-8.el9.x86_64.rpm

SHA-256: 070a15b3c55105d360095669a3d8ea532e371cf7afa6b873007fcdf877813d1c

libkadm5-debuginfo-1.20.1-8.el9.i686.rpm

SHA-256: 28e6144016a4dc8f920a4d90e59ed03d7410342763f479c432c00d05ed6b0585

libkadm5-debuginfo-1.20.1-8.el9.x86_64.rpm

SHA-256: a317c9f4015d52d72ee2f1653306c0a239754784fc219ab09b71058f6871eb80

Red Hat Enterprise Linux for IBM z Systems 9

SRPM

krb5-1.20.1-8.el9.src.rpm

SHA-256: 3ae5b5d755f3069aaad03cf709ec2ea892b95c50d26ff9aad903fa96035a93c7

s390x

krb5-debuginfo-1.20.1-8.el9.s390x.rpm

SHA-256: ba668d128c85d8d7ea55b616f861cbc94eac61cb27683d9ef09b370ad83db61c

krb5-debugsource-1.20.1-8.el9.s390x.rpm

SHA-256: 12786ad138ad27f1634c53c7648b22a806b9f93c1e31f2d884a6722681b66b76

krb5-devel-1.20.1-8.el9.s390x.rpm

SHA-256: 9aff39ffdc1fc758c638b5b562e45aef837fe21dd9ab71b65f333903fd4ed6ca

krb5-libs-1.20.1-8.el9.s390x.rpm

SHA-256: a7aeca4a76edc3c3d83afdafd5e2934bb35508d4d3f117a8b8a4280e8f7157bf

krb5-libs-debuginfo-1.20.1-8.el9.s390x.rpm

SHA-256: fbd680903ff13f8ece7f7e0ac3f150fbee817a103c35ef09bfdef229848d267b

krb5-pkinit-1.20.1-8.el9.s390x.rpm

SHA-256: e973abd4ff968796bbb1c0e14b3a2c3919bacca1bbe20ed10715a0c64857b856

krb5-pkinit-debuginfo-1.20.1-8.el9.s390x.rpm

SHA-256: 18347959b55099b0f7f478366aff531b5cc846b6b4a537a5808ac20acb1e9b82

krb5-server-1.20.1-8.el9.s390x.rpm

SHA-256: 4962b4d721191a7ab12dbc1c9c140a58e14b1da1292adf3ef3e402adb0cc986e

krb5-server-debuginfo-1.20.1-8.el9.s390x.rpm

SHA-256: 504b1ede244907c79294dd5c1a05559aa2db54c4a451ff88a3e678e7e8b50d0e

krb5-server-ldap-1.20.1-8.el9.s390x.rpm

SHA-256: f165c2e6788d80b896fefad8e3dbf5254b95aeb952da2e6c92647e626c4f34f9

krb5-server-ldap-debuginfo-1.20.1-8.el9.s390x.rpm

SHA-256: 037a26ebfac7247d47aa25da62c0166924a2a202b8de658d3ce4b3080e3fc29d

krb5-workstation-1.20.1-8.el9.s390x.rpm

SHA-256: fe3f591675c5c0fbf86730e94d00199e859ea41473265aed1ea9fd2df206517a

krb5-workstation-debuginfo-1.20.1-8.el9.s390x.rpm

SHA-256: bc65c02e00a9f0e7a49b2e92584e2ed12d0d668c3a07a738a2db187144eb06a3

libkadm5-1.20.1-8.el9.s390x.rpm

SHA-256: fbf45b94865a2796d4e5e24cdd25f097d0df1f724f7bcf4db30f912d4d13b7ab

libkadm5-debuginfo-1.20.1-8.el9.s390x.rpm

SHA-256: 61266326c2d72f8bc38104cd9fdcf76a4ca0ff36820b98dc648fd55eef8f3db8

Red Hat Enterprise Linux for Power, little endian 9

SRPM

krb5-1.20.1-8.el9.src.rpm

SHA-256: 3ae5b5d755f3069aaad03cf709ec2ea892b95c50d26ff9aad903fa96035a93c7

ppc64le

krb5-debuginfo-1.20.1-8.el9.ppc64le.rpm

SHA-256: 8d1a80088b70b19c845c0cace8e0535d61fc345f6f7ffe803f07e92f96e466df

krb5-debugsource-1.20.1-8.el9.ppc64le.rpm

SHA-256: 2d0125db8bd8b58b6cff23022628806662f333df869fbf1215cbb84b923d58bb

krb5-devel-1.20.1-8.el9.ppc64le.rpm

SHA-256: 51b77986fcdd8fb6737c225f1bf6ba35226a380eceed236fca22d84261143f4c

krb5-libs-1.20.1-8.el9.ppc64le.rpm

SHA-256: e0e8795f7ce5646a452a1caca2c5a041deedfe29ea89035e3b0a0ff6c9373501

krb5-libs-debuginfo-1.20.1-8.el9.ppc64le.rpm

SHA-256: 8af5e6ed6dc80d1226269161c3b262f75e09f49e0e0a861bbfa8d93fb1041ee9

krb5-pkinit-1.20.1-8.el9.ppc64le.rpm

SHA-256: 1dfec8f0b54986c15f3ac69775a86531b7893c4befae7a05065e77ce5d0aca11

krb5-pkinit-debuginfo-1.20.1-8.el9.ppc64le.rpm

SHA-256: d9d8694babb01b9f2ea8703d15ee57e75a09c48d64b4ded40d1ae44b9476b24e

krb5-server-1.20.1-8.el9.ppc64le.rpm

SHA-256: 10d4133b6e1a2f1b72a758b7a2a2428ebeef78e684faa91139531a520423af98

krb5-server-debuginfo-1.20.1-8.el9.ppc64le.rpm

SHA-256: 11952df50804218a701cd1cf219eb68ecdd2641b973d88364c2c3c6f6ed152c3

krb5-server-ldap-1.20.1-8.el9.ppc64le.rpm

SHA-256: c454b3ebff1c9725f19c58fb70b32bb0b05f937f4c42f1d9f3746c95a1844904

krb5-server-ldap-debuginfo-1.20.1-8.el9.ppc64le.rpm

SHA-256: dea278af81c225f056c848eb976454278cd104c74df8a058bb695c010464abc8

krb5-workstation-1.20.1-8.el9.ppc64le.rpm

SHA-256: 29723c6918dcfb6261ef40e9e2d0a4b600c70ba257ad185ea091a61a3006ccf0

krb5-workstation-debuginfo-1.20.1-8.el9.ppc64le.rpm

SHA-256: b7791812b3cdbaa9fbbb06c6aefd229abbcc813f040b0f496eae31423c31750d

libkadm5-1.20.1-8.el9.ppc64le.rpm

SHA-256: a929ca981f302ad178cc76a29bd48471aa9898e284741f99b752f6fb2fe6f3bb

libkadm5-debuginfo-1.20.1-8.el9.ppc64le.rpm

SHA-256: 9c5fa95be046622530f24ca54d23df58e6919c232e9a288c7f559f2c73e55b42

Red Hat Enterprise Linux for ARM 64 9

SRPM

krb5-1.20.1-8.el9.src.rpm

SHA-256: 3ae5b5d755f3069aaad03cf709ec2ea892b95c50d26ff9aad903fa96035a93c7

aarch64

krb5-debuginfo-1.20.1-8.el9.aarch64.rpm

SHA-256: 411d4d4976c77b583afddc289a2e64d31f0755ded1f664de5b6693a622de8ee2

krb5-debugsource-1.20.1-8.el9.aarch64.rpm

SHA-256: af0c152ba082bcec9fde6a26463afb34c7e199f30162d9b40ecff65024e7d8c3

krb5-devel-1.20.1-8.el9.aarch64.rpm

SHA-256: 88f48ed7d914e639b864f59ed221faa9687dae6ee076472f45117c276fa5ffc1

krb5-libs-1.20.1-8.el9.aarch64.rpm

SHA-256: c3064afeb5e7a01bb38324c842a56a5f798b8ef83885604c2b5f0f3de7fbdc68

krb5-libs-debuginfo-1.20.1-8.el9.aarch64.rpm

SHA-256: 0bf8e80fd1acbdc82d3fbdd1008cddbefc1e1e19f7ea9655e206dad088e43ff8

krb5-pkinit-1.20.1-8.el9.aarch64.rpm

SHA-256: 44e306ae17f0fe81f35356a4ce1d2df957c45f5963411108cf1b812180e66f6f

krb5-pkinit-debuginfo-1.20.1-8.el9.aarch64.rpm

SHA-256: e61db4a240e09754bbfe3b432bc743aea2c98d89815ef6e765ba7169185da086

krb5-server-1.20.1-8.el9.aarch64.rpm

SHA-256: 7281fd95424fb90662ec26f1534d2ff874c4f125f8d30d054214142c1dae4adb

krb5-server-debuginfo-1.20.1-8.el9.aarch64.rpm

SHA-256: 9c0230b69a1fedea96c63d589c80d0e05b291bbdcb261333311846b050511c2d

krb5-server-ldap-1.20.1-8.el9.aarch64.rpm

SHA-256: 8b78dba4749884769ab81e2f2c4c2b5070e59cc97c5535c02b8c6dff382e8b5a

krb5-server-ldap-debuginfo-1.20.1-8.el9.aarch64.rpm

SHA-256: 9eca767917a16ae3cb8b4d3c38e59db475611950ad07c50b1d499f51f9b007eb

krb5-workstation-1.20.1-8.el9.aarch64.rpm

SHA-256: 393818f9aaf87aa1e781800d5362bafe2923b9bb895358aaf2f383999a9aac20

krb5-workstation-debuginfo-1.20.1-8.el9.aarch64.rpm

SHA-256: d8c42f688247ad4b87ffbaff5bd72b4299aab692ac408adc751dc74c051b04c1

libkadm5-1.20.1-8.el9.aarch64.rpm

SHA-256: c5be7a2121454c625278bdac5fb9a92596d628a711e3d60078b104edef8e8d10

libkadm5-debuginfo-1.20.1-8.el9.aarch64.rpm

SHA-256: 7647fcd8ec855b56d85856ec6525a8449cca44826fe7b0cc7c4be8e4d6a581d1

Related news

Red Hat Security Advisory 2024-0252-03

Red Hat Security Advisory 2024-0252-03 - An update for krb5 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include bypass and cross site request forgery vulnerabilities.

Gentoo Linux Security Advisory 202309-06

Gentoo Linux Security Advisory 202309-6 - Multiple vulnerabilities have been discovered in Samba, the worst of which could result in root remote code execution. Versions greater than or equal to 4.18.4 are affected.

Red Hat Security Advisory 2023-3742-02

Red Hat Security Advisory 2023-3742-02 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include bypass, denial of service, and remote SQL injection vulnerabilities.

RHSA-2023:3742: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.13.0 security and bug fix update

Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-16250: A flaw was found in Vault and Vault Enterprise (“Vault”). In the affected versions of Vault, with the AWS Auth Method configured and under certain circumstances, the values relied upon by Vault to validate AWS IAM ident...

Ubuntu Security Notice USN-5936-1

Ubuntu Security Notice 5936-1 - Evgeny Legerov discovered that Samba incorrectly handled buffers in certain GSSAPI routines of Heimdal. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. Tom Tervoort discovered that Samba incorrectly used weak rc4-hmac Kerberos keys. A remote attacker could possibly use this issue to elevate privileges.

Ubuntu Security Notice USN-5822-1

Ubuntu Security Notice 5822-1 - It was discovered that Samba incorrectly handled the bad password count logic. A remote attacker could possibly use this issue to bypass bad passwords lockouts. This issue was only addressed in Ubuntu 22.10. Evgeny Legerov discovered that Samba incorrectly handled buffers in certain GSSAPI routines of Heimdal. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service.

Samba Issues Security Updates to Patch Multiple High-Severity Vulnerabilities

Samba has released software updates to remediate multiple vulnerabilities that, if successfully exploited, could allow an attacker to take control of affected systems. The high-severity flaws, tracked as CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, and CVE-2022-45141, have been patched in versions 4.17.4, 4.16.8 and 4.15.13 released on December 15, 2022. Samba is an open source Windows

Microsoft Patch Tuesday November 2022: Exchange ProxyNotShell RCE, JScript9, MoTW, OpenSSL, Edge, CNG, Print Spooler

Hello everyone! This episode will be about Microsoft Patch Tuesday for November 2022, including vulnerabilities that were added between October and November Patch Tuesdays. As usual, I use my open source Vulristics project to create the report. Alternative video link (for Russia): https://vk.com/video-149273431_456239107 The most important news of this Patch Tuesday was a release of patches […]

Red Hat Enterprise Linux and Microsoft security update of November 2022

<p><span><span><span><span><span><span>On November 8th, 2022, Microsoft released a series of security updates for various Windows operating systems to fix two security issues:</span></span></span></span></span></span></p> <ul> <li aria-level="1"><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37966"&

CVE-2022-37967

Windows Kerberos Elevation of Privilege Vulnerability.

CVE-2022-37967

Windows Kerberos Elevation of Privilege Vulnerability

Microsoft Issues Patches to Fix 6 Active 0-Day Windows Vulnerabilities

By Deeba Ahmed Microsoft has urged Windows Administrators to install the updates urgently so make sure you have the latest patches installed! This is a post from HackRead.com Read the original post: Microsoft Issues Patches to Fix 6 Active 0-Day Windows Vulnerabilities

Install Latest Windows Update ASAP! Patches Issued for 6 Actively Exploited Zero-Days

Microsoft's latest round of monthly security updates has been released with fixes for 68 vulnerabilities spanning its software portfolio, including patches for six actively exploited zero-days. 12 of the issues are rated Critical, two are rated High, and 55 are rated Important in severity. This also includes the weaknesses that were closed out by OpenSSL the previous week. Also separately

Microsoft Quashes Bevy of Actively Exploited Zero-Days for November Patch Tuesday

Long-awaited security fixes for ProxyNotShell and Mark of the Web bypasses are part of a glut of actively exploited zero-day vulnerabilities and other critical flaws that admins need to prioritize in the coming hours.

Microsoft Patch Tuesday for November 2022 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update on Tuesday, disclosing 62 vulnerabilities. Of these vulnerabilities, 8 are classified as “Critical” and the rest are classified as “Important.”

Security Update Guide: Let's keep the conversation going

Hi Folks, We want to continue to highlight changes we’ve made to our Security Update Guide. We have received a lot of feedback, much of which has been very positive. We acknowledge there have been some stability problems and we are actively working through reports of older browsers not being able to run the new application.