Ubuntu Security Notice 6062-1 - It was discovered that FreeType incorrectly handled certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, or possibly execute arbitrary code.

=========================================================================  
Ubuntu Security Notice USN-6062-1  
May 09, 2023

freetype vulnerability  
=========================================================================  
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04  
- Ubuntu 22.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

FreeType could be made to crash or possibly execute arbitrary  
code if it opened a specially crafted font file.

Software Description:  
- freetype: FreeType 2 is a font engine library

Details:

It was discovered that FreeType incorrectly handled certain malformed  
font files. If a user were tricked into using a specially crafted font  
file, a remote attacker could cause FreeType to crash, or possibly execute  
arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.04:  
  libfreetype6                    2.12.1+dfsg-4ubuntu0.1

Ubuntu 22.10:  
  libfreetype6                    2.12.1+dfsg-3ubuntu0.1

Ubuntu 22.04 LTS:  
  libfreetype6                    2.11.1+dfsg-1ubuntu0.2

Ubuntu 20.04 LTS:  
  libfreetype6                    2.10.1-2ubuntu0.3

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6062-1  
  CVE-2023-2004

Package Information:  
  https://launchpad.net/ubuntu/+source/freetype/2.12.1+dfsg-4ubuntu0.1  
  https://launchpad.net/ubuntu/+source/freetype/2.12.1+dfsg-3ubuntu0.1  
  https://launchpad.net/ubuntu/+source/freetype/2.11.1+dfsg-1ubuntu0.2  
  https://launchpad.net/ubuntu/+source/freetype/2.10.1-2ubuntu0.3

Ubuntu Security Notice USN-6062-1

Red Hat Security Advisory 2023-2378-01 - PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Issues addressed include an information leakage vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: postgresql-jdbc security update  
Advisory ID:       RHSA-2023:2378-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:2378  
Issue date:        2023-05-09  
CVE Names:         CVE-2022-41946  
====================================================================  
1. Summary:

An update for postgresql-jdbc is now available for Red Hat Enterprise Linux  
9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - noarch

3. Description:

PostgreSQL is an advanced object-relational database management system. The  
postgresql-jdbc package includes the .jar files needed for Java programs to  
access a PostgreSQL database.

Security Fix(es):

* postgresql-jdbc: Information leak of prepared statement data due to  
insecure temporary file permissions (CVE-2022-41946)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat  
Enterprise Linux 9.2 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

If the postgresql service is running, it will be automatically restarted  
after installing this update.

5. Bugs fixed (https://bugzilla.redhat.com/):

2153399 - CVE-2022-41946 postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
postgresql-jdbc-42.2.27-1.el9.src.rpm

noarch:  
postgresql-jdbc-42.2.27-1.el9.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-41946  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZFo06dzjgjWX9erEAQj1ew//SSqyiG2F9381NuBWDUZscJSyWQyXXUOY  
XGvYf/En+Ax2B4/A2VGUkmoV5Ya//bEVGdbnz8UQK10qM5huh6BZiFAZuoL8IK/P  
3z68yJJR4aSTQEuVJ6Jo19tgM+dTZGduE4AeMbwPPGguLKioeVA0Y1H7vpDlLg6u  
sixnty4dXImrUUoN2nW4kCbKloiC0PEby/uPbQ4gsE2BNC2ToO0AfL0w66Ekq/0S  
+uECWRZZ3EWUjzoHxQmobMKF/10tUvAArZItuVv0QeMmPelpBa3+UtCOzZkUIiZa  
zl8bIlouaUSezRXKiMBPd2vi7Nwxu+GauJhtVQP6DG/m/p8uLkiD99xxLqCUnLHt  
5GWxuvDsKADA00dWOPTPMlidN2X7OX70Kn0h/5+8wyDHPhMxhSm3yL/6kjd3mbbn  
SCZrszZiQLJVohQFxngnvnWlU5HDTiizRlll0t+WSIB0Sliwneqv/jspuhwGydO/  
Y/yxqayMtN5C4CaGaVN0JKIWnpVvwBRpVpGkKxN+p3yiQ4OGnS2JGEVz+NZKuE9u  
fAS+SDJTtPdP3o1mloQbjIpzQS/uxydO7SqMD8aQpikTVEFKsBSM5adOC7jgvL4k  
g2igVthELmdQyJLytMoZCnihKhUqRGs/5Y8oZ205qYfHB0wmvRj8oUFP+pYT95qs  
6a/x/2+juhU=z8Sy  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-2378-01

Red Hat Security Advisory 2023-2259-01 - Poppler is a Portable Document Format rendering library, used by applications such as Evince. Issues addressed include an integer overflow vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: poppler security and bug fix update  
Advisory ID:       RHSA-2023:2259-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:2259  
Issue date:        2023-05-09  
CVE Names:         CVE-2022-38784  
====================================================================  
1. Summary:

An update for poppler is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux CRB (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Poppler is a Portable Document Format (PDF) rendering library, used by  
applications such as Evince.

Security Fix(es):

* poppler: integer overflow in JBIG2 decoder using malformed files  
(CVE-2022-38784)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat  
Enterprise Linux 9.2 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2124527 - CVE-2022-38784 poppler: integer overflow in JBIG2 decoder using malformed files  
2144768 - Please add various devel packages to CRB 9 to build Scribus in EPEL

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
poppler-21.01.0-14.el9.src.rpm

aarch64:  
poppler-21.01.0-14.el9.aarch64.rpm  
poppler-cpp-21.01.0-14.el9.aarch64.rpm  
poppler-cpp-debuginfo-21.01.0-14.el9.aarch64.rpm  
poppler-debuginfo-21.01.0-14.el9.aarch64.rpm  
poppler-debugsource-21.01.0-14.el9.aarch64.rpm  
poppler-glib-21.01.0-14.el9.aarch64.rpm  
poppler-glib-debuginfo-21.01.0-14.el9.aarch64.rpm  
poppler-qt5-21.01.0-14.el9.aarch64.rpm  
poppler-qt5-debuginfo-21.01.0-14.el9.aarch64.rpm  
poppler-utils-21.01.0-14.el9.aarch64.rpm  
poppler-utils-debuginfo-21.01.0-14.el9.aarch64.rpm

ppc64le:  
poppler-21.01.0-14.el9.ppc64le.rpm  
poppler-cpp-21.01.0-14.el9.ppc64le.rpm  
poppler-cpp-debuginfo-21.01.0-14.el9.ppc64le.rpm  
poppler-debuginfo-21.01.0-14.el9.ppc64le.rpm  
poppler-debugsource-21.01.0-14.el9.ppc64le.rpm  
poppler-glib-21.01.0-14.el9.ppc64le.rpm  
poppler-glib-debuginfo-21.01.0-14.el9.ppc64le.rpm  
poppler-qt5-21.01.0-14.el9.ppc64le.rpm  
poppler-qt5-debuginfo-21.01.0-14.el9.ppc64le.rpm  
poppler-utils-21.01.0-14.el9.ppc64le.rpm  
poppler-utils-debuginfo-21.01.0-14.el9.ppc64le.rpm

s390x:  
poppler-21.01.0-14.el9.s390x.rpm  
poppler-cpp-21.01.0-14.el9.s390x.rpm  
poppler-cpp-debuginfo-21.01.0-14.el9.s390x.rpm  
poppler-debuginfo-21.01.0-14.el9.s390x.rpm  
poppler-debugsource-21.01.0-14.el9.s390x.rpm  
poppler-glib-21.01.0-14.el9.s390x.rpm  
poppler-glib-debuginfo-21.01.0-14.el9.s390x.rpm  
poppler-qt5-21.01.0-14.el9.s390x.rpm  
poppler-qt5-debuginfo-21.01.0-14.el9.s390x.rpm  
poppler-utils-21.01.0-14.el9.s390x.rpm  
poppler-utils-debuginfo-21.01.0-14.el9.s390x.rpm

x86_64:  
poppler-21.01.0-14.el9.i686.rpm  
poppler-21.01.0-14.el9.x86_64.rpm  
poppler-cpp-21.01.0-14.el9.i686.rpm  
poppler-cpp-21.01.0-14.el9.x86_64.rpm  
poppler-cpp-debuginfo-21.01.0-14.el9.i686.rpm  
poppler-cpp-debuginfo-21.01.0-14.el9.x86_64.rpm  
poppler-debuginfo-21.01.0-14.el9.i686.rpm  
poppler-debuginfo-21.01.0-14.el9.x86_64.rpm  
poppler-debugsource-21.01.0-14.el9.i686.rpm  
poppler-debugsource-21.01.0-14.el9.x86_64.rpm  
poppler-glib-21.01.0-14.el9.i686.rpm  
poppler-glib-21.01.0-14.el9.x86_64.rpm  
poppler-glib-debuginfo-21.01.0-14.el9.i686.rpm  
poppler-glib-debuginfo-21.01.0-14.el9.x86_64.rpm  
poppler-qt5-21.01.0-14.el9.i686.rpm  
poppler-qt5-21.01.0-14.el9.x86_64.rpm  
poppler-qt5-debuginfo-21.01.0-14.el9.i686.rpm  
poppler-qt5-debuginfo-21.01.0-14.el9.x86_64.rpm  
poppler-utils-21.01.0-14.el9.x86_64.rpm  
poppler-utils-debuginfo-21.01.0-14.el9.i686.rpm  
poppler-utils-debuginfo-21.01.0-14.el9.x86_64.rpm

Red Hat Enterprise Linux CRB (v. 9):

aarch64:  
poppler-cpp-debuginfo-21.01.0-14.el9.aarch64.rpm  
poppler-cpp-devel-21.01.0-14.el9.aarch64.rpm  
poppler-debuginfo-21.01.0-14.el9.aarch64.rpm  
poppler-debugsource-21.01.0-14.el9.aarch64.rpm  
poppler-devel-21.01.0-14.el9.aarch64.rpm  
poppler-glib-debuginfo-21.01.0-14.el9.aarch64.rpm  
poppler-glib-devel-21.01.0-14.el9.aarch64.rpm  
poppler-qt5-debuginfo-21.01.0-14.el9.aarch64.rpm  
poppler-qt5-devel-21.01.0-14.el9.aarch64.rpm  
poppler-utils-debuginfo-21.01.0-14.el9.aarch64.rpm

ppc64le:  
poppler-cpp-debuginfo-21.01.0-14.el9.ppc64le.rpm  
poppler-cpp-devel-21.01.0-14.el9.ppc64le.rpm  
poppler-debuginfo-21.01.0-14.el9.ppc64le.rpm  
poppler-debugsource-21.01.0-14.el9.ppc64le.rpm  
poppler-devel-21.01.0-14.el9.ppc64le.rpm  
poppler-glib-debuginfo-21.01.0-14.el9.ppc64le.rpm  
poppler-glib-devel-21.01.0-14.el9.ppc64le.rpm  
poppler-qt5-debuginfo-21.01.0-14.el9.ppc64le.rpm  
poppler-qt5-devel-21.01.0-14.el9.ppc64le.rpm  
poppler-utils-debuginfo-21.01.0-14.el9.ppc64le.rpm

s390x:  
poppler-cpp-debuginfo-21.01.0-14.el9.s390x.rpm  
poppler-cpp-devel-21.01.0-14.el9.s390x.rpm  
poppler-debuginfo-21.01.0-14.el9.s390x.rpm  
poppler-debugsource-21.01.0-14.el9.s390x.rpm  
poppler-devel-21.01.0-14.el9.s390x.rpm  
poppler-glib-debuginfo-21.01.0-14.el9.s390x.rpm  
poppler-glib-devel-21.01.0-14.el9.s390x.rpm  
poppler-qt5-debuginfo-21.01.0-14.el9.s390x.rpm  
poppler-qt5-devel-21.01.0-14.el9.s390x.rpm  
poppler-utils-debuginfo-21.01.0-14.el9.s390x.rpm

x86_64:  
poppler-cpp-debuginfo-21.01.0-14.el9.i686.rpm  
poppler-cpp-debuginfo-21.01.0-14.el9.x86_64.rpm  
poppler-cpp-devel-21.01.0-14.el9.i686.rpm  
poppler-cpp-devel-21.01.0-14.el9.x86_64.rpm  
poppler-debuginfo-21.01.0-14.el9.i686.rpm  
poppler-debuginfo-21.01.0-14.el9.x86_64.rpm  
poppler-debugsource-21.01.0-14.el9.i686.rpm  
poppler-debugsource-21.01.0-14.el9.x86_64.rpm  
poppler-devel-21.01.0-14.el9.i686.rpm  
poppler-devel-21.01.0-14.el9.x86_64.rpm  
poppler-glib-debuginfo-21.01.0-14.el9.i686.rpm  
poppler-glib-debuginfo-21.01.0-14.el9.x86_64.rpm  
poppler-glib-devel-21.01.0-14.el9.i686.rpm  
poppler-glib-devel-21.01.0-14.el9.x86_64.rpm  
poppler-qt5-debuginfo-21.01.0-14.el9.i686.rpm  
poppler-qt5-debuginfo-21.01.0-14.el9.x86_64.rpm  
poppler-qt5-devel-21.01.0-14.el9.i686.rpm  
poppler-qt5-devel-21.01.0-14.el9.x86_64.rpm  
poppler-utils-debuginfo-21.01.0-14.el9.i686.rpm  
poppler-utils-debuginfo-21.01.0-14.el9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-38784  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZFo1C9zjgjWX9erEAQhAwQ//cfv5/zXlIjJrcAFRz+tzee74vEaDBPxp  
UehYiSUH/JSa2UcKqV9rICA22UaefU8uCOVusmkzTxrwK2oDpeq+Zw/OHUhM1VYJ  
l9jcMODBKUwqJov99AcJIKpCB8CU4CYmWoykc59RokgzHQdUorCDu4w4Es9GXuZo  
9pZiT3iHFTngFuk4XKnIYe91npn2WJwYELxWyOM3UE1u7M66TCaeMLHDc6sCqwB2  
wINr9CRarBc2cdQ7o+G4Y6VWAl3VGwEe582eTljEDYTxfLcE6CY588pjpzpfmt5j  
kVuUdYYVaDAoNpqr5P6dzzdpAoQFY62MkXij5Mz9xV+ey0beP231cCBjwNdkfWE4  
Uj7zMxzb6wpE9//bUIcRJkmjf+sO9Y1awffQAKX6sqmV6s/CdwgHNomxLPj+rgud  
qN8gzP/b1Pr84DZo7VcBqdeySiqod9zFX95h5slmo+9m0h+BH3XGf5Va4HPfmkXu  
6peoRfPnV0EHdkVxZ2zrIqs4dTpjF4qIhMe3fvrfoWppQas/HHEbD4M5x1YcD2MV  
iIazPIWwLJSZcJv/8NP3HS0zltGjEDfd1UTjnXwAyEvQLfCwDGn9FNtY1eKxWhmZ  
eRR4HwAnZfdg33DXinkn9ddwGTps6+y2dYYLx0mmSVWaYb1eiorGBFXJ5e4ALOA5  
gT7mgghhSao=YdPw  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-2259-01

Red Hat Security Advisory 2023-2283-01 - The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: skopeo security and bug fix update  
Advisory ID:       RHSA-2023:2283-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:2283  
Issue date:        2023-05-09  
CVE Names:         CVE-2022-30629 CVE-2022-41717  
====================================================================  
1. Summary:

An update for skopeo is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

The skopeo command lets you inspect images from container image registries,  
get images and image layers, and use signatures to create and verify files.

Security Fix(es):

* golang: net/http: excessive memory growth in a Go server accepting HTTP/2  
requests (CVE-2022-41717)

* golang: crypto/tls: session tickets lack random ticket_age_add  
(CVE-2022-30629)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat  
Enterprise Linux 9.2 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add  
2161274 - CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests  
2182318 - skopeo-1.11.2 required in RHEL9.2.0

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
skopeo-1.11.2-0.1.el9.src.rpm

aarch64:  
skopeo-1.11.2-0.1.el9.aarch64.rpm  
skopeo-debuginfo-1.11.2-0.1.el9.aarch64.rpm  
skopeo-debugsource-1.11.2-0.1.el9.aarch64.rpm  
skopeo-tests-1.11.2-0.1.el9.aarch64.rpm

ppc64le:  
skopeo-1.11.2-0.1.el9.ppc64le.rpm  
skopeo-debuginfo-1.11.2-0.1.el9.ppc64le.rpm  
skopeo-debugsource-1.11.2-0.1.el9.ppc64le.rpm  
skopeo-tests-1.11.2-0.1.el9.ppc64le.rpm

s390x:  
skopeo-1.11.2-0.1.el9.s390x.rpm  
skopeo-debuginfo-1.11.2-0.1.el9.s390x.rpm  
skopeo-debugsource-1.11.2-0.1.el9.s390x.rpm  
skopeo-tests-1.11.2-0.1.el9.s390x.rpm

x86_64:  
skopeo-1.11.2-0.1.el9.x86_64.rpm  
skopeo-debuginfo-1.11.2-0.1.el9.x86_64.rpm  
skopeo-debugsource-1.11.2-0.1.el9.x86_64.rpm  
skopeo-tests-1.11.2-0.1.el9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-30629  
https://access.redhat.com/security/cve/CVE-2022-41717  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZFo08NzjgjWX9erEAQgWOg//fccJBQ9s9bwxbqVmM7c6Z7DqWyekfzZS  
b1XjA6XcNIDQaYD6d9qvLpMEKmpQg8aeNeIpfvSQWmJPARkYU8sJIrc24yHklE5n  
pgFJ6FbRJccWpjRVKay/0Spwo7KQwB5o9cZXLR6oFDFRpxT/BvLtNqEHZ1n7ugFQ  
aE1SFS/nd7x6HvYI0ymhQmpNRURltAdFgmtauUKECN7tc8UsFxMHxpVG4JT7CyOx  
bLRoMR3LFLjEsNr+VMIjHGAMSGa1fyjp/bifR2qj+QUm2CuaR1+whXTjBMEHE9t8  
KmWt29dQ4PdyVmuuBz4uxdy1EmeChS4dxKnJ2DQJaPzmMcN0f2IfTR8p17jLSlhf  
RwIJQC5bobz5sJwlojxMLTafHQ9+XoTFFxHnebOW6omCjkiyFzQ2Vjebr5QYAJQ1  
19ca/1eXVdlYNAZSCRfpw3oGb9LJBuA7Ad/3+AgfTLGWN809T309eOVM6fVL5ICL  
mIzxzDrFr2IXQV6cRPapsMov5CD19h9gpxL63eBhOLasbmH8eotani+2Xx+kSrzt  
e3H56EdgOHE5ckCogsaZDUUw+5M12O2NjYRFYoUu112z0qif9QGYXuV0UNd93oKr  
fwuxCnI1CJmFV2KBqNZQ2CAr4pihjzl5c7NHUZGvVG/OQYw/z8QaCUa/2VBD+hI8  
TsacnXu2QB0RIy  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-2283-01

Red Hat Security Advisory 2023-2177-01 - The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: grafana-pcp security and enhancement update  
Advisory ID:       RHSA-2023:2177-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:2177  
Issue date:        2023-05-09  
CVE Names:         CVE-2022-27664  
====================================================================  
1. Summary:

An update for grafana-pcp is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

The Grafana plugin for Performance Co-Pilot includes datasources for  
scalable time series from pmseries and Redis, live PCP metrics and bpftrace  
scripts from pmdabpftrace, as well as several dashboards.

Security Fix(es):

* golang: net/http: handle server errors after sending GOAWAY  
(CVE-2022-27664)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat  
Enterprise Linux 9.2 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY  
2127038 - grafana pcp plugin is wiped from rpmostree /var during install in rhel edge

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
grafana-pcp-5.1.1-1.el9.src.rpm

aarch64:  
grafana-pcp-5.1.1-1.el9.aarch64.rpm  
grafana-pcp-debuginfo-5.1.1-1.el9.aarch64.rpm  
grafana-pcp-debugsource-5.1.1-1.el9.aarch64.rpm

ppc64le:  
grafana-pcp-5.1.1-1.el9.ppc64le.rpm  
grafana-pcp-debuginfo-5.1.1-1.el9.ppc64le.rpm  
grafana-pcp-debugsource-5.1.1-1.el9.ppc64le.rpm

s390x:  
grafana-pcp-5.1.1-1.el9.s390x.rpm  
grafana-pcp-debuginfo-5.1.1-1.el9.s390x.rpm  
grafana-pcp-debugsource-5.1.1-1.el9.s390x.rpm

x86_64:  
grafana-pcp-5.1.1-1.el9.x86_64.rpm  
grafana-pcp-debuginfo-5.1.1-1.el9.x86_64.rpm  
grafana-pcp-debugsource-5.1.1-1.el9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-27664  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZFo0mNzjgjWX9erEAQi6Kg//WADx+EpHhZ82vYF8Jb30kgWpypWH9B4t  
5c/1i8fZQDjXdTcaXZ0rrMoJD4SXvWONxXZWNTPP99/hwGw+SzSa4wCNTBXY+GA2  
BhlvrAktiDQCckq5AsMGR8RxM01VXlNI1oaos0Yoql6Da9V6jnEVO3tuupGEMdUA  
KqHyzvE2fmtKGFbxeKVgI6bq+AYrvztsEJozHnvjItaAcZ9SU10uD+YFwHYDJPVL  
iais5PpZ7xAd8I59nsiokrizQ0d1esAAU8CJFJgn3hCFiZ+8XfpzkU7VBrkFlC3X  
deQZb4uzNKAQ70yK3Zcl+TW02Ps8Wo1ArnVvMZhx1oLPt+W2B4ZSXkM/IS6wgPGY  
gT3QmGlElFHXA7cJdZ9LKTxFpWBalJgfPNjtPcmNFx9EOVerE5pUN04YbHfdBP91  
0rC3zbyFmtEtuui+yJjt8WkVUs5T6w12hdF7kM37JW+DeXl5zUrpCLV8oi+XiutH  
WAG+oGqF4214SxsQkglsUAGaOh0l1pl/vvllgsmSXCi7+IEpj+J9EPjujNfOE3jh  
iEzaVW9RyfySAsBDn6qPj5gLyqAD3hhJ8Gd6q1HQsAjlawzL++49y5b0Ia407wDv  
O7xpiA+4YRqsZN0628JGlpXOdrK8xrMaKhz19LIlYR5fSPEBxh921gelhBuYxzKs  
edtb4EJ/1js=udLv  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-2177-01

Red Hat Security Advisory 2023-2502-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a memory leak vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: dhcp security and enhancement update  
Advisory ID:       RHSA-2023:2502-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:2502  
Issue date:        2023-05-09  
CVE Names:         CVE-2022-2928 CVE-2022-2929  
====================================================================  
1. Summary:

An update for dhcp is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows  
individual devices on an IP network to get their own network configuration  
information, including an IP address, a subnet mask, and a broadcast  
address. The dhcp packages provide a relay agent and ISC DHCP service  
required to enable and administer DHCP on a network.

Security Fix(es):

* dhcp: option refcount overflow when leasequery is enabled leading to  
dhcpd abort (CVE-2022-2928)

* dhcp: DHCP memory leak (CVE-2022-2929)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat  
Enterprise Linux 9.2 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2095396 - [RFE] dhcp use systemd-sysusers  
2132001 - CVE-2022-2929 dhcp: DHCP memory leak  
2132002 - CVE-2022-2928 dhcp: option refcount overflow when leasequery is enabled leading to dhcpd abort

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 9):

Source:  
dhcp-4.4.2-18.b1.el9.src.rpm

aarch64:  
dhcp-client-4.4.2-18.b1.el9.aarch64.rpm  
dhcp-client-debuginfo-4.4.2-18.b1.el9.aarch64.rpm  
dhcp-debuginfo-4.4.2-18.b1.el9.aarch64.rpm  
dhcp-debugsource-4.4.2-18.b1.el9.aarch64.rpm  
dhcp-relay-4.4.2-18.b1.el9.aarch64.rpm  
dhcp-relay-debuginfo-4.4.2-18.b1.el9.aarch64.rpm  
dhcp-server-4.4.2-18.b1.el9.aarch64.rpm  
dhcp-server-debuginfo-4.4.2-18.b1.el9.aarch64.rpm

noarch:  
dhcp-common-4.4.2-18.b1.el9.noarch.rpm

ppc64le:  
dhcp-client-4.4.2-18.b1.el9.ppc64le.rpm  
dhcp-client-debuginfo-4.4.2-18.b1.el9.ppc64le.rpm  
dhcp-debuginfo-4.4.2-18.b1.el9.ppc64le.rpm  
dhcp-debugsource-4.4.2-18.b1.el9.ppc64le.rpm  
dhcp-relay-4.4.2-18.b1.el9.ppc64le.rpm  
dhcp-relay-debuginfo-4.4.2-18.b1.el9.ppc64le.rpm  
dhcp-server-4.4.2-18.b1.el9.ppc64le.rpm  
dhcp-server-debuginfo-4.4.2-18.b1.el9.ppc64le.rpm

s390x:  
dhcp-client-4.4.2-18.b1.el9.s390x.rpm  
dhcp-client-debuginfo-4.4.2-18.b1.el9.s390x.rpm  
dhcp-debuginfo-4.4.2-18.b1.el9.s390x.rpm  
dhcp-debugsource-4.4.2-18.b1.el9.s390x.rpm  
dhcp-relay-4.4.2-18.b1.el9.s390x.rpm  
dhcp-relay-debuginfo-4.4.2-18.b1.el9.s390x.rpm  
dhcp-server-4.4.2-18.b1.el9.s390x.rpm  
dhcp-server-debuginfo-4.4.2-18.b1.el9.s390x.rpm

x86_64:  
dhcp-client-4.4.2-18.b1.el9.x86_64.rpm  
dhcp-client-debuginfo-4.4.2-18.b1.el9.x86_64.rpm  
dhcp-debuginfo-4.4.2-18.b1.el9.x86_64.rpm  
dhcp-debugsource-4.4.2-18.b1.el9.x86_64.rpm  
dhcp-relay-4.4.2-18.b1.el9.x86_64.rpm  
dhcp-relay-debuginfo-4.4.2-18.b1.el9.x86_64.rpm  
dhcp-server-4.4.2-18.b1.el9.x86_64.rpm  
dhcp-server-debuginfo-4.4.2-18.b1.el9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2928  
https://access.redhat.com/security/cve/CVE-2022-2929  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZFo0xdzjgjWX9erEAQjo7hAAkuIXb+7jvbfgVporTFkoXaCBJlNY4LRb  
ugTIUnzZ0xBBmaU6OpNz50atMV447UpihQXZEVcQ5KTtxpyJj0cuP61cz22XTxhm  
gByefYdayJqR5Ey7e7jBYuEK40/W186f4PPA6kpsYs4+eEtD2hGSlQvnGbjH7zPe  
rcrZ3sedLG6ea3NkgWPVaQeZ8wzl2xpAXezHn954/bngjQC30ouBQod+VkYNujH9  
c89ovLgEyYei1TUdveEStGNnxhZwtAj+OxuL5fCj4VEAV75KfhCGNBC1WKv2gTs0  
V7PTH+xT9GEEV1XR7I5A0RJqi3pVCsGAYEILyP1s5UhAohHLpfvH6QBUvOcRc3z7  
eagfX/DmiMAtWhGvzh6+qamZsy2AhgPot8WYu7mRMW2VW/fC1j+8ZAAH/deloGNw  
L38UBLWFbEuWUprcSsun2UfHYjsYsugrgF3u5R4e7V4s5kfF4pUJLkMkLsxZmoQf  
y6dPdvHi8suO1rJtf2gQ29E8nQKHFnMq1fhPYhJZNVoeK7+Tv6kl0kbVmIQPcFIs  
AfXBt0vqMA70JHTSk25jRin1utajkX1PjAIIL2Co3NbKQLSACT+mJMIhBEBbr2yY  
t8rcCQJng+yqYwbwLIo33LnII06krJBlmO7Y9jMyJQixOTFmixEmX8Wf26C9cTFY  
zUtFx7TRzEY=wJde  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-2502-01

Red Hat Security Advisory 2023-2234-01 - The sysstat packages provide the sar and iostat commands. These commands enable system monitoring of disk, network, and other I/O activity.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: sysstat security and bug fix update  
Advisory ID:       RHSA-2023:2234-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:2234  
Issue date:        2023-05-09  
CVE Names:         CVE-2022-39377  
====================================================================  
1. Summary:

An update for sysstat is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

The sysstat packages provide the sar and iostat commands. These commands  
enable system monitoring of disk, network, and other I/O activity.

Security Fix(es):

* sysstat: arithmetic overflow in allocate_structures() on 32 bit systems  
(CVE-2022-39377)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat  
Enterprise Linux 9.2 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2141207 - CVE-2022-39377 sysstat: arithmetic overflow in allocate_structures() on 32 bit systems

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
sysstat-12.5.4-5.el9.src.rpm

aarch64:  
sysstat-12.5.4-5.el9.aarch64.rpm  
sysstat-debuginfo-12.5.4-5.el9.aarch64.rpm  
sysstat-debugsource-12.5.4-5.el9.aarch64.rpm

ppc64le:  
sysstat-12.5.4-5.el9.ppc64le.rpm  
sysstat-debuginfo-12.5.4-5.el9.ppc64le.rpm  
sysstat-debugsource-12.5.4-5.el9.ppc64le.rpm

s390x:  
sysstat-12.5.4-5.el9.s390x.rpm  
sysstat-debuginfo-12.5.4-5.el9.s390x.rpm  
sysstat-debugsource-12.5.4-5.el9.s390x.rpm

x86_64:  
sysstat-12.5.4-5.el9.x86_64.rpm  
sysstat-debuginfo-12.5.4-5.el9.x86_64.rpm  
sysstat-debugsource-12.5.4-5.el9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-39377  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZFo1A9zjgjWX9erEAQir4g//XX4H0LjGGWdR0AAyuy9uG8FI0CLqk56O  
gOdGdJ8x0H0t3VASRC/ebotFIwx8LFi8hDVXQ9zPkn3CfnnfdWwD/Eyt34GIETDr  
YZa+8bClxZMQxgFFQRDJJ4FbpFRltbAfakXdWVACVgbMGs7vkbVIPPUSfcCXQfyv  
YItQew/n/wYn1Cr8uxJplx5GmQzhlEfsc1kqf7EcVftvh4UFrF7Z42nxtKirmdxK  
hqSfV9YMUvWsq2JdkDcFTiZVnK2jij4bKMwrpIvZrkZwJz3w5FcU+IwDj3B+J42p  
Z/avVq3T1qUGlBCRv0bNvL+onGqbrDmJRHbbi4Z78XIpRN3CDFlD+iMLBgpTAwSw  
Na0H1DO2ta1aUa/0ZOv6b0wcFuJEnIDLW5eOQgbL4VkYEQOGX3x2iRgpQiI++z0r  
vIn49E13rTuHcRV3RSAfFwGlO2ZZCHVAYwACadl8dTSdZiiEsHfwDbK2j7kmajQH  
+rRkb0naXa+BrVKFIfjua/y/FrUvgOnNkW2RjCFMvH4VVIFedx0OjFR11payT91S  
hwt9C2/xoDJRqPlCnbMzFVBg7yAW0foIHtb7WMQ6jJRecAKDoLhUDcNSeWUgQV/f  
bEQvB4Zlk2kqd7/dNChhxDfk5om13319h19NESJ+r/CoO/2ssRXQT9kHGbJKYudi  
vfbXV8qBX8o=K3qT  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-2234-01

Red Hat Security Advisory 2023-2626-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: emacs security update  
Advisory ID:       RHSA-2023:2626-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:2626  
Issue date:        2023-05-09  
CVE Names:         CVE-2022-48337 CVE-2022-48338 CVE-2022-48339  
                   CVE-2023-2491  
====================================================================  
1. Summary:

An update for emacs is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

GNU Emacs is a powerful, customizable, self-documenting text editor. It  
provides special code editing features, a scripting language (elisp), and  
the capability to read e-mail and news.

Security Fix(es):

* emacs: Regression of CVE-2023-28617 fixes in the Red Hat Enterprise Linux  
(CVE-2023-2491)

* emacs: command execution via shell metacharacters (CVE-2022-48337)

* emacs: local command injection in ruby-mode.el (CVE-2022-48338)

* emacs: command injection vulnerability in htmlfontify.el (CVE-2022-48339)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2171987 - CVE-2022-48337 emacs: command execution via shell metacharacters  
2171988 - CVE-2022-48338 emacs: local command injection in ruby-mode.el  
2171989 - CVE-2022-48339 emacs: command injection vulnerability in htmlfontify.el  
2192873 - CVE-2023-2491 emacs: Regression of CVE-2023-28617 fixes in the Red Hat Enterprise Linux

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
emacs-27.2-8.el9_2.1.src.rpm

aarch64:  
emacs-27.2-8.el9_2.1.aarch64.rpm  
emacs-common-27.2-8.el9_2.1.aarch64.rpm  
emacs-common-debuginfo-27.2-8.el9_2.1.aarch64.rpm  
emacs-debuginfo-27.2-8.el9_2.1.aarch64.rpm  
emacs-debugsource-27.2-8.el9_2.1.aarch64.rpm  
emacs-lucid-27.2-8.el9_2.1.aarch64.rpm  
emacs-lucid-debuginfo-27.2-8.el9_2.1.aarch64.rpm  
emacs-nox-27.2-8.el9_2.1.aarch64.rpm  
emacs-nox-debuginfo-27.2-8.el9_2.1.aarch64.rpm

noarch:  
emacs-filesystem-27.2-8.el9_2.1.noarch.rpm

ppc64le:  
emacs-27.2-8.el9_2.1.ppc64le.rpm  
emacs-common-27.2-8.el9_2.1.ppc64le.rpm  
emacs-common-debuginfo-27.2-8.el9_2.1.ppc64le.rpm  
emacs-debuginfo-27.2-8.el9_2.1.ppc64le.rpm  
emacs-debugsource-27.2-8.el9_2.1.ppc64le.rpm  
emacs-lucid-27.2-8.el9_2.1.ppc64le.rpm  
emacs-lucid-debuginfo-27.2-8.el9_2.1.ppc64le.rpm  
emacs-nox-27.2-8.el9_2.1.ppc64le.rpm  
emacs-nox-debuginfo-27.2-8.el9_2.1.ppc64le.rpm

s390x:  
emacs-27.2-8.el9_2.1.s390x.rpm  
emacs-common-27.2-8.el9_2.1.s390x.rpm  
emacs-common-debuginfo-27.2-8.el9_2.1.s390x.rpm  
emacs-debuginfo-27.2-8.el9_2.1.s390x.rpm  
emacs-debugsource-27.2-8.el9_2.1.s390x.rpm  
emacs-lucid-27.2-8.el9_2.1.s390x.rpm  
emacs-lucid-debuginfo-27.2-8.el9_2.1.s390x.rpm  
emacs-nox-27.2-8.el9_2.1.s390x.rpm  
emacs-nox-debuginfo-27.2-8.el9_2.1.s390x.rpm

x86_64:  
emacs-27.2-8.el9_2.1.x86_64.rpm  
emacs-common-27.2-8.el9_2.1.x86_64.rpm  
emacs-common-debuginfo-27.2-8.el9_2.1.x86_64.rpm  
emacs-debuginfo-27.2-8.el9_2.1.x86_64.rpm  
emacs-debugsource-27.2-8.el9_2.1.x86_64.rpm  
emacs-lucid-27.2-8.el9_2.1.x86_64.rpm  
emacs-lucid-debuginfo-27.2-8.el9_2.1.x86_64.rpm  
emacs-nox-27.2-8.el9_2.1.x86_64.rpm  
emacs-nox-debuginfo-27.2-8.el9_2.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-48337  
https://access.redhat.com/security/cve/CVE-2022-48338  
https://access.redhat.com/security/cve/CVE-2022-48339  
https://access.redhat.com/security/cve/CVE-2023-2491  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZFo1BtzjgjWX9erEAQhtpxAAoYp1zA1tl18b1JFFsuK7CcZQNgmeASuh  
GoEOuOn1fS0dq5J63UuUEcVg3x2oI5hsrgsQSpEbUt+Ehm/4S9gaIm0UZQmjraE+  
8UcshzgQAku2+XKpNw63HE7iKZF8M42C9AFDkUuOAYywwMmFBF+uJKG+Brc+Ah7e  
fOtQBVu5zsDiD0GRq4p+52MJ+MxRKlIernJXlPA7TX3UV3rWBApgnXpiDsnMbEsx  
D+N9sXVnks5Gxq9K1XMqEwKTUuGCdmTZroRqrwwlPs17nXfpxadXf/6v7vLbPICs  
7tEJFHB30/KgL/vUs8Tl5iLVlH96z1FNRU1yLYkETjGuamNJGX00iMlGxIJjPrlx  
YVvgJjk0KFeNFhliJtXWgwLElsdWszIafMuCPU7OTUzpowsak3+h7oErVtoSjJpb  
EP/SouzhBqbyMI1VllcM6bcmhvU4DM8NnIL/N3lJSZwXYnubI82zlj/m82c99210  
H+WJii45v6D+h904FmWaB6Q+GsaqRYvKbZ22eMTAbye5CzIM55LrV56TVx7Ahl1Z  
zs/5MmXcmod8TiKONQtlM9BVcVf3nb1NgxKTDeRzAkwBeCrH/zVh4z0+aNeQTVJO  
1xE1bhGSDO311P6dODjOEg7HyUbsMIP2vFU7ULSqLzXtXmaICltBGhDzEGr26dq5  
qM/56o0jSioÌtx  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-2626-01

Red Hat Security Advisory 2023-2204-01 - Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: Image Builder security, bug fix, and enhancement update  
Advisory ID:       RHSA-2023:2204-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:2204  
Issue date:        2023-05-09  
CVE Names:         CVE-2022-2879 CVE-2022-2880 CVE-2022-27664  
                   CVE-2022-41715 CVE-2022-41717  
====================================================================  
1. Summary:

An update for cockpit-composer, osbuild, osbuild-composer, and weldr-client  
is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Image Builder is a service for building customized OS artifacts, such as VM  
images and OSTree commits, that uses osbuild under the hood.

Security Fix(es):

* golang: archive/tar: unbounded memory consumption when reading headers  
(CVE-2022-2879)

* golang: net/http/httputil: ReverseProxy should not forward unparseable  
query parameters (CVE-2022-2880)

* golang: net/http: handle server errors after sending GOAWAY  
(CVE-2022-27664)

* golang: regexp/syntax: limit memory used by parsing regexps  
(CVE-2022-41715)

* golang: net/http: An attacker can cause excessive memory growth in a Go  
server accepting HTTP/2 requests (CVE-2022-41717)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat  
Enterprise Linux 9.2 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2119980 - edge-installer ISO install failed at dracut-initqueue timeout  
2122843 - coreos-installer-0.15.0-2.el9 does not work with osbuild-composer-62-1.el9  
2123373 - edge images default to LVM [rhel-9.2.0]  
2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY  
2125249 - podman network backend does not switch to netavark when embedding container in image [rhel-9.2.0]  
2132250 - Update Image Builder suite of projects to their latest upstream releases [RHEL-9.2]  
2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers  
2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters  
2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps  
2136504 - osbuild-composer can't access /var/cache/osbuild-composer/rpmmd on package upgrade from 9.0  
2137364 - composer-cli blueprints show command fails when firewall customization is included in a blueprint  
2139645 - [cockpit-composer] RHEL 9.2 Tier 0 Localization  
2161274 - CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests  
2164560 - Rebase to weldr-client v35.9  
2174158 - systemd units aren't enabled/started using ignition  
2177699 - Composer is not setting the rpm stage options in the os pipeline correctly for payload repositories

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
cockpit-composer-45-1.el9_2.src.rpm  
osbuild-81-1.el9.src.rpm  
osbuild-composer-76-2.el9_2.src.rpm  
weldr-client-35.9-1.el9.src.rpm

aarch64:  
osbuild-composer-76-2.el9_2.aarch64.rpm  
osbuild-composer-core-76-2.el9_2.aarch64.rpm  
osbuild-composer-core-debuginfo-76-2.el9_2.aarch64.rpm  
osbuild-composer-debuginfo-76-2.el9_2.aarch64.rpm  
osbuild-composer-debugsource-76-2.el9_2.aarch64.rpm  
osbuild-composer-dnf-json-76-2.el9_2.aarch64.rpm  
osbuild-composer-tests-debuginfo-76-2.el9_2.aarch64.rpm  
osbuild-composer-worker-76-2.el9_2.aarch64.rpm  
osbuild-composer-worker-debuginfo-76-2.el9_2.aarch64.rpm  
weldr-client-35.9-1.el9.aarch64.rpm  
weldr-client-debuginfo-35.9-1.el9.aarch64.rpm  
weldr-client-debugsource-35.9-1.el9.aarch64.rpm  
weldr-client-tests-debuginfo-35.9-1.el9.aarch64.rpm

noarch:  
cockpit-composer-45-1.el9_2.noarch.rpm  
osbuild-81-1.el9.noarch.rpm  
osbuild-luks2-81-1.el9.noarch.rpm  
osbuild-lvm2-81-1.el9.noarch.rpm  
osbuild-ostree-81-1.el9.noarch.rpm  
osbuild-selinux-81-1.el9.noarch.rpm  
python3-osbuild-81-1.el9.noarch.rpm

ppc64le:  
osbuild-composer-76-2.el9_2.ppc64le.rpm  
osbuild-composer-core-76-2.el9_2.ppc64le.rpm  
osbuild-composer-core-debuginfo-76-2.el9_2.ppc64le.rpm  
osbuild-composer-debuginfo-76-2.el9_2.ppc64le.rpm  
osbuild-composer-debugsource-76-2.el9_2.ppc64le.rpm  
osbuild-composer-dnf-json-76-2.el9_2.ppc64le.rpm  
osbuild-composer-tests-debuginfo-76-2.el9_2.ppc64le.rpm  
osbuild-composer-worker-76-2.el9_2.ppc64le.rpm  
osbuild-composer-worker-debuginfo-76-2.el9_2.ppc64le.rpm  
weldr-client-35.9-1.el9.ppc64le.rpm  
weldr-client-debuginfo-35.9-1.el9.ppc64le.rpm  
weldr-client-debugsource-35.9-1.el9.ppc64le.rpm  
weldr-client-tests-debuginfo-35.9-1.el9.ppc64le.rpm

s390x:  
osbuild-composer-76-2.el9_2.s390x.rpm  
osbuild-composer-core-76-2.el9_2.s390x.rpm  
osbuild-composer-core-debuginfo-76-2.el9_2.s390x.rpm  
osbuild-composer-debuginfo-76-2.el9_2.s390x.rpm  
osbuild-composer-debugsource-76-2.el9_2.s390x.rpm  
osbuild-composer-dnf-json-76-2.el9_2.s390x.rpm  
osbuild-composer-tests-debuginfo-76-2.el9_2.s390x.rpm  
osbuild-composer-worker-76-2.el9_2.s390x.rpm  
osbuild-composer-worker-debuginfo-76-2.el9_2.s390x.rpm  
weldr-client-35.9-1.el9.s390x.rpm  
weldr-client-debuginfo-35.9-1.el9.s390x.rpm  
weldr-client-debugsource-35.9-1.el9.s390x.rpm  
weldr-client-tests-debuginfo-35.9-1.el9.s390x.rpm

x86_64:  
osbuild-composer-76-2.el9_2.x86_64.rpm  
osbuild-composer-core-76-2.el9_2.x86_64.rpm  
osbuild-composer-core-debuginfo-76-2.el9_2.x86_64.rpm  
osbuild-composer-debuginfo-76-2.el9_2.x86_64.rpm  
osbuild-composer-debugsource-76-2.el9_2.x86_64.rpm  
osbuild-composer-dnf-json-76-2.el9_2.x86_64.rpm  
osbuild-composer-tests-debuginfo-76-2.el9_2.x86_64.rpm  
osbuild-composer-worker-76-2.el9_2.x86_64.rpm  
osbuild-composer-worker-debuginfo-76-2.el9_2.x86_64.rpm  
weldr-client-35.9-1.el9.x86_64.rpm  
weldr-client-debuginfo-35.9-1.el9.x86_64.rpm  
weldr-client-debugsource-35.9-1.el9.x86_64.rpm  
weldr-client-tests-debuginfo-35.9-1.el9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2879  
https://access.redhat.com/security/cve/CVE-2022-2880  
https://access.redhat.com/security/cve/CVE-2022-27664  
https://access.redhat.com/security/cve/CVE-2022-41715  
https://access.redhat.com/security/cve/CVE-2022-41717  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZFo0YNzjgjWX9erEAQifuA/+PkemZDLvpIEurj3RfuiqWEHWVfNeZykF  
IaduyRNaNZA5nkErwV6D5X+bm0YUdgMB6H7Rn5HhxdckGlE6k3Oq2mZillW2wKDe  
gZ3kwRmyIlkQLnuOZgVkTUInYUzhvBdPhlVXD/kNnYACMSX9jbx1xNE0zvxN92LR  
t2APv2qGfvZNkpckaqJInWo7TAitoihRJUozy1KsCohE1NAGbS9qMlWFaH89f9rO  
3etteClVQ/z2KQXqXgqkuykxuhJut75Uvvicw+sP4YM5bn4D/S+dxTrIzlg2QO7/  
amdkYRuL6GFa0mWIm83rbBcQELdMxHDjyLLU55nq+1P6SzxdON9PZD9uMjkRIpqK  
EptDRmAjCRsejolK1Lo+vjxLZ3ZpSOznUh5LBVDkFvDoJfFmokqMEneIt1U6wB+q  
Me5IffE+bpQrdyg0IWYnoefDrgQXaiM27q5MJeUsHiOI8OGoJFFfrnUmHtCJNrzq  
XF7X3rt4sAiqR764uJoiiPEDadc4Vaor8hH9h1yQbmIe2Sk4g/56yREBk8Ozvif4  
lm/W7b7njMfUk+mmPAxKI7Ycl+nriqJ+PHIHJ8DFzRIC/H8g1hK2i2EZL8SZQxma  
r+7FeuGuayfYh42tFryan43AcwqPNs4UZen7YKTiQY6nQ3WOcR+h5bjnKtHWPc/3  
dTmHXPE5js0=kIXE  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-2204-01

Red Hat Security Advisory 2023-2148-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, bypass, denial of service, double free, memory leak, null pointer, out of bounds read, privilege escalation, traversal, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kernel-rt security and bug fix update  
Advisory ID:       RHSA-2023:2148-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:2148  
Issue date:        2023-05-09  
CVE Names:         CVE-2021-26341 CVE-2021-33655 CVE-2022-1462  
                   CVE-2022-1789 CVE-2022-1882 CVE-2022-2196  
                   CVE-2022-2663 CVE-2022-3028 CVE-2022-3435  
                   CVE-2022-3522 CVE-2022-3524 CVE-2022-3566  
                   CVE-2022-3567 CVE-2022-3619 CVE-2022-3623  
                   CVE-2022-3625 CVE-2022-3628 CVE-2022-3640  
                   CVE-2022-3707 CVE-2022-4128 CVE-2022-4129  
                   CVE-2022-20141 CVE-2022-21505 CVE-2022-28388  
                   CVE-2022-33743 CVE-2022-39188 CVE-2022-39189  
                   CVE-2022-41674 CVE-2022-42703 CVE-2022-42720  
                   CVE-2022-42721 CVE-2022-42722 CVE-2022-42896  
                   CVE-2022-43750 CVE-2022-47929 CVE-2023-0394  
                   CVE-2023-0461 CVE-2023-0590 CVE-2023-1195  
                   CVE-2023-1382  
====================================================================  
1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux NFV (v. 9) - x86_64  
Red Hat Enterprise Linux RT (v. 9) - x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables  
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* use-after-free in l2cap_connect and l2cap_le_connect_req in  
net/bluetooth/l2cap_core.c (CVE-2022-42896)

* net/ulp: use-after-free in listening ULP sockets (CVE-2023-0461)

* hw: cpu: AMD CPUs may transiently execute beyond unconditional direct  
branch (CVE-2021-26341)

* malicious data for FBIOPUT_VSCREENINFO ioctl may cause OOB write memory  
(CVE-2021-33655)

* possible race condition in drivers/tty/tty_buffers.c (CVE-2022-1462)

* KVM: NULL pointer dereference in kvm_mmu_invpcid_gva (CVE-2022-1789)

* use-after-free in free_pipe_info() could lead to privilege escalation  
(CVE-2022-1882)

* KVM: nVMX: missing IBPB when exiting from nested guest can lead to  
Spectre v2 attacks (CVE-2022-2196)

* netfilter: nf_conntrack_irc message handling issue (CVE-2022-2663)

* race condition in xfrm_probe_algs can lead to OOB read/write  
(CVE-2022-3028)

* out-of-bounds read in fib_nh_match of the file net/ipv4/fib_semantics.c  
(CVE-2022-3435)

* race condition in hugetlb_no_page() in mm/hugetlb.c (CVE-2022-3522)

* memory leak in ipv6_renew_options() (CVE-2022-3524)

* data races around icsk->icsk_af_ops in do_ipv6_setsockopt (CVE-2022-3566)

* data races around sk->sk_prot (CVE-2022-3567)

* memory leak in l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c  
(CVE-2022-3619)

* denial of service in follow_page_pte in mm/gup.c due to poisoned pte  
entry (CVE-2022-3623)

* use-after-free after failed devlink reload in devlink_param_get  
(CVE-2022-3625)

* USB-accessible buffer overflow in brcmfmac (CVE-2022-3628)

* use after free flaw in l2cap_conn_del in net/bluetooth/l2cap_core.c  
(CVE-2022-3640)

* Double-free in split_2MB_gtt_entry when function  
intel_gvt_dma_map_guest_page failed (CVE-2022-3707)

* mptcp: NULL pointer dereference in subflow traversal at disconnect time  
(CVE-2022-4128)

* l2tp: missing lock when clearing sk_user_data can lead to NULL pointer  
dereference (CVE-2022-4129)

* igmp: use-after-free in ip_check_mc_rcu when opening and closing inet  
sockets (CVE-2022-20141)

* lockdown bypass using IMA (CVE-2022-21505)

* double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c  
(CVE-2022-28388)

* network backend may cause Linux netfront to use freed SKBs (XSA-405)  
(CVE-2022-33743)

* unmap_mapping_range() race with munmap() on VM_PFNMAP mappings leads to  
stale TLB entry (CVE-2022-39188)

* TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED leading  
to guest malfunctioning (CVE-2022-39189)

* u8 overflow problem in cfg80211_update_notlisted_nontrans()  
(CVE-2022-41674)

* use-after-free related to leaf anon_vma double reuse (CVE-2022-42703)

* use-after-free in bss_ref_get in net/wireless/scan.c (CVE-2022-42720)

* BSS list corruption in cfg80211_add_nontrans_list in net/wireless/scan.c  
(CVE-2022-42721)

* Denial of service in beacon protection for P2P-device (CVE-2022-42722)

* memory corruption in usbmon driver (CVE-2022-43750)

* NULL pointer dereference in traffic control subsystem (CVE-2022-47929)

* NULL pointer dereference in rawv6_push_pending_frames (CVE-2023-0394)

* use-after-free due to race condition in qdisc_graft() (CVE-2023-0590)

* use-after-free caused by invalid pointer hostname in fs/cifs/connect.c  
(CVE-2023-1195)

* denial of service in tipc_conn_close (CVE-2023-1382)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat  
Enterprise Linux 9.2 Release Notes linked from the References section.

4. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2061703 - CVE-2021-26341 hw: cpu: AMD CPUs may transiently execute beyond unconditional direct branch  
2073091 - CVE-2022-28388 kernel: double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c  
2078466 - CVE-2022-1462 kernel: possible race condition in drivers/tty/tty_buffers.c  
2089701 - CVE-2022-1882 kernel: use-after-free in free_pipe_info() could lead to privilege escalation  
2090723 - CVE-2022-1789 kernel: KVM: NULL pointer dereference in kvm_mmu_invpcid_gva  
2106830 - CVE-2022-21505 kernel: lockdown bypass using IMA  
2107924 - CVE-2022-33743 kernel: network backend may cause Linux netfront to use freed SKBs (XSA-405)  
2108691 - CVE-2021-33655 kernel: malicious data for FBIOPUT_VSCREENINFO ioctl may cause OOB write memory  
2114937 - CVE-2022-20141 kernel: igmp: use-after-free in ip_check_mc_rcu when opening and closing inet sockets  
2122228 - CVE-2022-3028 kernel: race condition in xfrm_probe_algs can lead to OOB read/write  
2123056 - CVE-2022-2663 kernel: netfilter: nf_conntrack_irc message handling issue  
2124788 - CVE-2022-39189 kernel: TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED leading to guest malfunctioning  
2130141 - CVE-2022-39188 kernel: unmap_mapping_range() race with munmap() on VM_PFNMAP mappings leads to stale TLB entry  
2133483 - CVE-2022-42703 kernel: use-after-free related to leaf anon_vma double reuse  
2133490 - CVE-2022-3435 kernel: out-of-bounds read in fib_nh_match of the file net/ipv4/fib_semantics.c  
2134377 - CVE-2022-41674 kernel: u8 overflow problem in cfg80211_update_notlisted_nontrans()  
2134380 - CVE-2022-4128 kernel: mptcp: NULL pointer dereference in subflow traversal at disconnect time  
2134451 - CVE-2022-42720 kernel: use-after-free in bss_ref_get in net/wireless/scan.c  
2134506 - CVE-2022-42721 kernel: BSS list corruption in cfg80211_add_nontrans_list in net/wireless/scan.c  
2134517 - CVE-2022-42722 kernel: Denial of service in beacon protection for P2P-device  
2134528 - CVE-2022-4129 kernel: l2tp: missing lock when clearing sk_user_data can lead to NULL pointer dereference  
2137979 - CVE-2022-3707 kernel: Double-free in split_2MB_gtt_entry when function intel_gvt_dma_map_guest_page failed  
2139610 - CVE-2022-3640 kernel: use after free flaw in l2cap_conn_del in net/bluetooth/l2cap_core.c  
2143893 - CVE-2022-3566 kernel: data races around icsk->icsk_af_ops in do_ipv6_setsockopt  
2143943 - CVE-2022-3567 kernel: data races around sk->sk_prot  
2144720 - CVE-2022-3625 kernel: use-after-free after failed devlink reload in devlink_param_get  
2147364 - CVE-2022-42896 kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c  
2150947 - CVE-2022-3524 kernel: memory leak in ipv6_renew_options()  
2150960 - CVE-2022-3628 kernel: USB-accessible buffer overflow in brcmfmac  
2150979 - CVE-2022-3522 kernel: race condition in hugetlb_no_page() in mm/hugetlb.c  
2151270 - CVE-2022-43750 kernel: memory corruption in usbmon driver  
2154171 - CVE-2023-1195 kernel: use-after-free caused by invalid pointer hostname in fs/cifs/connect.c  
2154235 - CVE-2022-3619 kernel: memory leak in l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c  
2160023 - CVE-2022-2196 kernel: KVM: nVMX: missing IBPB when exiting from nested guest can lead to Spectre v2 attacks  
2162120 - CVE-2023-0394 kernel: NULL pointer dereference in rawv6_push_pending_frames  
2165721 - CVE-2022-3623 kernel: denial of service in follow_page_pte in mm/gup.c due to poisoned pte entry  
2165741 - CVE-2023-0590 kernel: use-after-free due to race condition in qdisc_graft()  
2168246 - CVE-2022-47929 kernel: NULL pointer dereference in traffic control subsystem  
2176192 - CVE-2023-0461 kernel: net/ulp: use-after-free in listening ULP sockets  
2177371 - CVE-2023-1382 kernel: denial of service in tipc_conn_close

6. Package List:

Red Hat Enterprise Linux NFV (v. 9):

Source:  
kernel-rt-5.14.0-284.11.1.rt14.296.el9_2.src.rpm

x86_64:  
kernel-rt-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm  
kernel-rt-core-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm  
kernel-rt-debug-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm  
kernel-rt-debug-core-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm  
kernel-rt-debug-debuginfo-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm  
kernel-rt-debug-devel-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm  
kernel-rt-debug-kvm-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm  
kernel-rt-debug-modules-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm  
kernel-rt-debug-modules-core-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm  
kernel-rt-debug-modules-extra-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm  
kernel-rt-debuginfo-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm  
kernel-rt-devel-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm  
kernel-rt-kvm-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm  
kernel-rt-modules-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm  
kernel-rt-modules-core-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm  
kernel-rt-modules-extra-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm

Red Hat Enterprise Linux RT (v. 9):

Source:  
kernel-rt-5.14.0-284.11.1.rt14.296.el9_2.src.rpm

x86_64:  
kernel-rt-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm  
kernel-rt-core-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm  
kernel-rt-debug-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm  
kernel-rt-debug-core-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm  
kernel-rt-debug-debuginfo-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm  
kernel-rt-debug-devel-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm  
kernel-rt-debug-modules-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm  
kernel-rt-debug-modules-core-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm  
kernel-rt-debug-modules-extra-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm  
kernel-rt-debuginfo-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm  
kernel-rt-devel-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm  
kernel-rt-modules-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm  
kernel-rt-modules-core-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm  
kernel-rt-modules-extra-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-26341  
https://access.redhat.com/security/cve/CVE-2021-33655  
https://access.redhat.com/security/cve/CVE-2022-1462  
https://access.redhat.com/security/cve/CVE-2022-1789  
https://access.redhat.com/security/cve/CVE-2022-1882  
https://access.redhat.com/security/cve/CVE-2022-2196  
https://access.redhat.com/security/cve/CVE-2022-2663  
https://access.redhat.com/security/cve/CVE-2022-3028  
https://access.redhat.com/security/cve/CVE-2022-3435  
https://access.redhat.com/security/cve/CVE-2022-3522  
https://access.redhat.com/security/cve/CVE-2022-3524  
https://access.redhat.com/security/cve/CVE-2022-3566  
https://access.redhat.com/security/cve/CVE-2022-3567  
https://access.redhat.com/security/cve/CVE-2022-3619  
https://access.redhat.com/security/cve/CVE-2022-3623  
https://access.redhat.com/security/cve/CVE-2022-3625  
https://access.redhat.com/security/cve/CVE-2022-3628  
https://access.redhat.com/security/cve/CVE-2022-3640  
https://access.redhat.com/security/cve/CVE-2022-3707  
https://access.redhat.com/security/cve/CVE-2022-4128  
https://access.redhat.com/security/cve/CVE-2022-4129  
https://access.redhat.com/security/cve/CVE-2022-20141  
https://access.redhat.com/security/cve/CVE-2022-21505  
https://access.redhat.com/security/cve/CVE-2022-28388  
https://access.redhat.com/security/cve/CVE-2022-33743  
https://access.redhat.com/security/cve/CVE-2022-39188  
https://access.redhat.com/security/cve/CVE-2022-39189  
https://access.redhat.com/security/cve/CVE-2022-41674  
https://access.redhat.com/security/cve/CVE-2022-42703  
https://access.redhat.com/security/cve/CVE-2022-42720  
https://access.redhat.com/security/cve/CVE-2022-42721  
https://access.redhat.com/security/cve/CVE-2022-42722  
https://access.redhat.com/security/cve/CVE-2022-42896  
https://access.redhat.com/security/cve/CVE-2022-43750  
https://access.redhat.com/security/cve/CVE-2022-47929  
https://access.redhat.com/security/cve/CVE-2023-0394  
https://access.redhat.com/security/cve/CVE-2023-0461  
https://access.redhat.com/security/cve/CVE-2023-0590  
https://access.redhat.com/security/cve/CVE-2023-1195  
https://access.redhat.com/security/cve/CVE-2023-1382  
https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZFo0NtzjgjWX9erEAQhskQ//eAqMI93djEsADoo5zb3EO3xEGrb//Im2  
ptPycHLLL6ZG+t/+1PiMk/e8LwhV2hrxz7nzc4xh8tNO4TRuF0WK/sR8Iv4y6/Fs  
95X25NgEndOlHk7uUVgEdTYvZnpNh27XJwyEHDu6HV8suxY6gfbYHqV7zlkGBi43  
zQA+sfEDXFVfvLug/RpaD0J7wXc0JyUoG4OratWV1E37zw9mNPSX1P0bFy4QoKXL  
rhG1Xc+qSWK3kjnJjpeU8nIJGhL2oJDFVuICkiC+aEp7C//DE1TA7L7u3Z+7Tou/  
BpPmjMyfXF/UQYZtJCrCRiTj/RsRIqaUSoy3/3MO8jxVMR6FIm/QTjY63JCGfj6A  
OahLv77oKDJXuHQQ7JkHycKMOc+JfX/ZNtxtgn2gYFfpjPTY/klTJP8iM9KhnTuQ  
2lF5jvYJihYhGio+cyl5Ad/XmzsHh7cTQR3XKtNa7p9/+QkAKt10LhbzxvebThFd  
cZtLUsdph4wO6T+RrZ5XdwvOSox1C40mfOnwJO41M/9GXPHoxhmwrZYBWKE1PY0J  
Jq9m+pYgKv+ioTW1FWloM22mu0PW/L5F3djzAVujShX0iRgfW2Aao3n+L8A22bYD  
Q+5LbFsWZwpeK7zXgXocJlY7j667sT9UGqBwk4xMfAiS5A0p2Zo1rkIre2lvmF2D  
JJU7NBGa9VU=YrUX  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Source

Packet Storm