Ubuntu Security Notice 6686-4 - It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not properly handle certain error conditions during device registration. A local attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the Cypress touchscreen driver in the Linux kernel during device removal, leading to a use-after- free vulnerability. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-6686-4  
March 20, 2024

linux-kvm vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux-kvm: Linux kernel for cloud environments

Details:

It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the  
Linux kernel did not properly handle certain error conditions during device  
registration. A local attacker could possibly use this to cause a denial of  
service (system crash). (CVE-2023-22995)

It was discovered that a race condition existed in the Cypress touchscreen  
driver in the Linux kernel during device removal, leading to a use-after-  
free vulnerability. A physically proximate attacker could use this to cause  
a denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-4134)

黄思聪 discovered that the NFC Controller Interface (NCI) implementation in  
the Linux kernel did not properly handle certain memory allocation failure  
conditions, leading to a null pointer dereference vulnerability. A local  
attacker could use this to cause a denial of service (system crash).  
(CVE-2023-46343)

It was discovered that the io_uring subsystem in the Linux kernel contained  
a race condition, leading to a null pointer dereference vulnerability. A  
local attacker could use this to cause a denial of service (system crash).  
(CVE-2023-46862)

It was discovered that a race condition existed in the Bluetooth subsystem  
of the Linux kernel, leading to a use-after-free vulnerability. A local  
attacker could use this to cause a denial of service (system crash) or  
possibly execute arbitrary code. (CVE-2023-51779)

It was discovered that a race condition existed in the Rose X.25 protocol  
implementation in the Linux kernel, leading to a use-after- free  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly execute arbitrary code. (CVE-2023-51782)

Alon Zahavi discovered that the NVMe-oF/TCP subsystem of the Linux kernel  
did not properly handle connect command payloads in certain situations,  
leading to an out-of-bounds read vulnerability. A remote attacker could use  
this to expose sensitive information (kernel memory). (CVE-2023-6121)

It was discovered that the VirtIO subsystem in the Linux kernel did not  
properly initialize memory in some situations. A local attacker could use  
this to possibly expose sensitive information (kernel memory).  
(CVE-2024-0340)

Dan Carpenter discovered that the netfilter subsystem in the Linux kernel  
did not store data in properly sized memory locations. A local user could  
use this to cause a denial of service (system crash). (CVE-2024-0607)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS:  
   linux-image-5.15.0-1052-kvm     5.15.0-1052.57  
   linux-image-kvm                 5.15.0.1052.48

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-6686-4  
   https://ubuntu.com/security/notices/USN-6686-1  
   CVE-2023-22995, CVE-2023-4134, CVE-2023-46343, CVE-2023-46862,  
   CVE-2023-51779, CVE-2023-51782, CVE-2023-6121, CVE-2024-0340,  
   CVE-2024-0607

Package Information:  
   https://launchpad.net/ubuntu/+source/linux-kvm/5.15.0-1052.57

Ubuntu Security Notice USN-6686-4

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Suricata IDPE 7.0.4

Lektor Static CMS version 3.3.10 suffers from an arbitrary file upload vulnerability that can be leveraged to achieve remote code execution.

    # Exploit Title: Lektor static content management system Version: 3.3.10 Arbitrary File upload# Date: 20/03/2024# Exploit Author: kai6u# Vendor Homepage: https://www.getlektor.com/# Software Link: https://github.com/lektor/lektor/releases/tag/v3.3.10# Version: 3.3.10# Tested on: Ubuntu 22.04# Summary:Arbitrary File upload in Lektor exist, It is possible to upload file to any directory on the server. Affected Version: < Version Release v3.3.10 (https://github.com/lektor/lektor/releases/tag/v3.3.10) Fixed Version: Latest Version Release v3.3.11 (https://github.com/lektor/lektor/releases/tag/v3.3.11)# Steps:3.StepsThe following are the steps of an attack that an attacker might perform. 1.Arbitrary File Upload and Store the payload Access the administrator console and use the Add Page function to create a filecontaining the payload to the templates directory and prepare to execute thecommand. 2.Execute Command Next, execute arbitrary commands on the administrator console by referencing thefile containing the malicious payload as templates# Description:1 ) Access to the administrator console via NW first creates a contetns.lr file containing the payload using Lektor's Add Page feature, specifying the templates directory.(Attacker also can upload to any directory.)Payload:{{ ''.__class__.__mro__[1].__subclasses__()[276]('whoami',shell=True,stdout=-1).communicate()[0].strip()}} }}2 ) Create a new page by specifying the created contents.lr as template.3 ) Use the preview function to check the sample page with the specified templates.# ImpactSince attackers can execute arbitrary commands on the target environment, they can. 1.Steal sensitive files on the server. 2.Browse like /etc/passwd file and configure it to allow SSH connections as an OS user. 3.Use the server as a stepping stone for another attack and perform malicious actions. 4.Encrypt all content in the server and demand money. 5.Shut down the server and disrupt the target.This is very dangerous because commands can be executed if the administrator's consolecan be accessed via the NW# Referenceshttps://book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injection/jinja2-sstihttps://github.com/lektor/lektor/releases/tag/v3.3.11

Lektor Static CMS 3.3.10 Arbitrary File Upload / Remote Code Execution

Ubuntu Security Notice 6702-1 - It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service. It was discovered that the ARM Mali Display Processor driver implementation in the Linux kernel did not properly handle certain error conditions. A local attacker could possibly use this to cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6702-1March 19, 2024linux, linux-bluefield, linux-gcp, linux-gkeop, linux-hwe-5.4, linux-ibm,linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTS- Ubuntu 18.04 LTS (Available with Ubuntu Pro)Summary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-bluefield: Linux kernel for NVIDIA BlueField platforms- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-iot: Linux kernel for IoT platforms- linux-kvm: Linux kernel for cloud environments- linux-oracle: Linux kernel for Oracle Cloud systems- linux-hwe-5.4: Linux hardware enablement (HWE) kernel- linux-ibm-5.4: Linux kernel for IBM cloud systems- linux-oracle-5.4: Linux kernel for Oracle Cloud systemsDetails:It was discovered that the NVIDIA Tegra XUSB pad controller driver in theLinux kernel did not properly handle return values in certain errorconditions. A local attacker could use this to cause a denial of service(system crash). (CVE-2023-23000)It was discovered that the ARM Mali Display Processor driver implementationin the Linux kernel did not properly handle certain error conditions. Alocal attacker could possibly use this to cause a denial of service (systemcrash). (CVE-2023-23004)Notselwyn discovered that the netfilter subsystem in the Linux kernel didnot properly handle verdict parameters in certain cases, leading to a use-after-free vulnerability. A local attacker could use this to cause a denialof service (system crash) or possibly execute arbitrary code.(CVE-2024-1086)It was discovered that a race condition existed in the SCSI EmulexLightPulse Fibre Channel driver in the Linux kernel when unregistering FCFand re-scanning an HBA FCF table, leading to a null pointer dereferencevulnerability. A local attacker could use this to cause a denial of service(system crash). (CVE-2024-24855)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS:   linux-image-5.4.0-1033-iot      5.4.0-1033.34   linux-image-5.4.0-1068-ibm      5.4.0-1068.73   linux-image-5.4.0-1081-bluefield  5.4.0-1081.88   linux-image-5.4.0-1088-gkeop    5.4.0-1088.92   linux-image-5.4.0-1109-kvm      5.4.0-1109.116   linux-image-5.4.0-1120-oracle   5.4.0-1120.129   linux-image-5.4.0-1125-gcp      5.4.0-1125.134   linux-image-5.4.0-174-generic   5.4.0-174.193   linux-image-5.4.0-174-generic-lpae  5.4.0-174.193   linux-image-5.4.0-174-lowlatency  5.4.0-174.193   linux-image-bluefield           5.4.0.1081.77   linux-image-gcp-lts-20.04       5.4.0.1125.127   linux-image-generic             5.4.0.174.172   linux-image-generic-lpae        5.4.0.174.172   linux-image-gkeop               5.4.0.1088.86   linux-image-gkeop-5.4           5.4.0.1088.86   linux-image-ibm-lts-20.04       5.4.0.1068.97   linux-image-kvm                 5.4.0.1109.105   linux-image-lowlatency          5.4.0.174.172   linux-image-oem                 5.4.0.174.172   linux-image-oem-osp1            5.4.0.174.172   linux-image-oracle-lts-20.04    5.4.0.1120.113   linux-image-virtual             5.4.0.174.172Ubuntu 18.04 LTS (Available with Ubuntu Pro):   linux-image-5.4.0-1068-ibm      5.4.0-1068.73~18.04.1   linux-image-5.4.0-1120-oracle   5.4.0-1120.129~18.04.1   linux-image-5.4.0-174-generic   5.4.0-174.193~18.04.1   linux-image-5.4.0-174-lowlatency  5.4.0-174.193~18.04.1   linux-image-generic-hwe-18.04   5.4.0.174.193~18.04.142   linux-image-ibm                 5.4.0.1068.78   linux-image-lowlatency-hwe-18.04  5.4.0.174.193~18.04.142   linux-image-oem                 5.4.0.174.193~18.04.142   linux-image-oem-osp1            5.4.0.174.193~18.04.142   linux-image-oracle              5.4.0.1120.129~18.04.92   linux-image-snapdragon-hwe-18.04  5.4.0.174.193~18.04.142   linux-image-virtual-hwe-18.04   5.4.0.174.193~18.04.142After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6702-1   CVE-2023-23000, CVE-2023-23004, CVE-2024-1086, CVE-2024-24855Package Information:   https://launchpad.net/ubuntu/+source/linux/5.4.0-174.193   https://launchpad.net/ubuntu/+source/linux-bluefield/5.4.0-1081.88   https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1125.134   https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1088.92   https://launchpad.net/ubuntu/+source/linux-ibm/5.4.0-1068.73   https://launchpad.net/ubuntu/+source/linux-iot/5.4.0-1033.34   https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1109.116   https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1120.129

Ubuntu Security Notice USN-6702-1

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.

GNU Transport Layer Security Library 3.8.4

Red Hat Security Advisory 2024-1437-03 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.4 Advanced Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1437.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: postgresql security updateAdvisory ID:        RHSA-2024:1437-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1437Issue date:         2024-03-20Revision:           03CVE Names:          CVE-2024-0985====================================================================Summary: An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.4 Advanced Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:PostgreSQL is an advanced object-relational database management system (DBMS).Security Fix(es):* postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL (CVE-2024-0985)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-0985References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2263384

Red Hat Security Advisory 2024-1437-03

Red Hat Security Advisory 2024-1436-03 - An update for postgresql-jdbc is now available for Red Hat Enterprise Linux 9.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1436.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: postgresql-jdbc security updateAdvisory ID:        RHSA-2024:1436-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1436Issue date:         2024-03-20Revision:           03CVE Names:          CVE-2024-1597====================================================================Summary: An update for postgresql-jdbc is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database.Security Fix(es):* PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE (CVE-2024-1597)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-1597References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2266523

Red Hat Security Advisory 2024-1436-03

Red Hat Security Advisory 2024-1435-03 - An update for postgresql-jdbc is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1435.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: postgresql-jdbc security updateAdvisory ID:        RHSA-2024:1435-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1435Issue date:         2024-03-20Revision:           03CVE Names:          CVE-2024-1597====================================================================Summary: An update for postgresql-jdbc is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database.Security Fix(es):* PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE (CVE-2024-1597)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-1597References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2266523

Red Hat Security Advisory 2024-1435-03

Red Hat Security Advisory 2024-1434-03 - Red Hat OpenShift distributed tracing 3.1.1. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1434.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: Red Hat OpenShift distributed tracing 3.1.1 operator/operand containersAdvisory ID:        RHSA-2024:1434-03Product:            Red Hat OpenShift distributed tracingAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1434Issue date:         2024-03-20Revision:           03CVE Names:          CVE-2023-39326====================================================================Summary: Red Hat OpenShift distributed tracing 3.1.1.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Release of Red Hat OpenShift distributed tracing provides these changes:Security Fix(es):* golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-39326References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2253330

Red Hat Security Advisory 2024-1434-03

Red Hat Security Advisory 2024-1433-03 - Migration Toolkit for Applications 7.0.2 release.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1433.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: Migration Toolkit for Applications security and bug fix updateAdvisory ID:        RHSA-2024:1433-03Product:            Migration Toolkit for ApplicationsAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1433Issue date:         2024-03-20Revision:           03CVE Names:          CVE-2022-1962====================================================================Summary: Migration Toolkit for Applications 7.0.2 releaseRed Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.Description:Migration Toolkit for Applications 7.0.2 ImagesSecurity Fix(es) from Bugzilla:* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2022-1962References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2107376https://issues.redhat.com/browse/MTA-1255https://issues.redhat.com/browse/MTA-1468https://issues.redhat.com/browse/MTA-1648https://issues.redhat.com/browse/MTA-1721https://issues.redhat.com/browse/MTA-1726https://issues.redhat.com/browse/MTA-1785https://issues.redhat.com/browse/MTA-1790https://issues.redhat.com/browse/MTA-1845https://issues.redhat.com/browse/MTA-1868https://issues.redhat.com/browse/MTA-1872https://issues.redhat.com/browse/MTA-1880https://issues.redhat.com/browse/MTA-1888https://issues.redhat.com/browse/MTA-1955https://issues.redhat.com/browse/MTA-1956https://issues.redhat.com/browse/MTA-1958https://issues.redhat.com/browse/MTA-1963https://issues.redhat.com/browse/MTA-1964https://issues.redhat.com/browse/MTA-1965https://issues.redhat.com/browse/MTA-1967https://issues.redhat.com/browse/MTA-1972https://issues.redhat.com/browse/MTA-1973https://issues.redhat.com/browse/MTA-2004https://issues.redhat.com/browse/MTA-2007https://issues.redhat.com/browse/MTA-2008https://issues.redhat.com/browse/MTA-2018https://issues.redhat.com/browse/MTA-2020https://issues.redhat.com/browse/MTA-2041https://issues.redhat.com/browse/MTA-2043https://issues.redhat.com/browse/MTA-2046https://issues.redhat.com/browse/MTA-2047https://issues.redhat.com/browse/MTA-2056https://issues.redhat.com/browse/MTA-2064https://issues.redhat.com/browse/MTA-2067https://issues.redhat.com/browse/MTA-2087https://issues.redhat.com/browse/MTA-2093https://issues.redhat.com/browse/MTA-2099https://issues.redhat.com/browse/MTA-2101https://issues.redhat.com/browse/MTA-2160https://issues.redhat.com/browse/MTA-2201https://issues.redhat.com/browse/MTA-2246https://issues.redhat.com/browse/MTA-2260https://issues.redhat.com/browse/MTA-2283https://issues.redhat.com/browse/MTA-2296https://issues.redhat.com/browse/MTA-2320https://issues.redhat.com/browse/MTA-2322https://issues.redhat.com/browse/MTA-2332https://issues.redhat.com/browse/MTA-2343https://issues.redhat.com/browse/MTA-2346https://issues.redhat.com/browse/MTA-2351https://issues.redhat.com/browse/MTA-2354https://issues.redhat.com/browse/MTA-2359https://issues.redhat.com/browse/MTA-467

Source

Packet Storm