Red Hat Security Advisory 2022-9082-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include buffer overflow, out of bounds write, and privilege escalation vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kpatch-patch security update  
Advisory ID:       RHSA-2022:9082-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:9082  
Issue date:        2022-12-15  
CVE Names:         CVE-2022-1158 CVE-2022-2639 CVE-2022-2959  
                   CVE-2022-43945  
====================================================================  
1. Summary:

An update for kpatch-patch is now available for Red Hat Enterprise Linux  
9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS EUS (v.9.0) - ppc64le, x86_64

3. Description:

This is a kernel live patch module which is automatically loaded by the RPM  
post-install script to modify the code of a running kernel.

Security Fix(es):

* kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region  
(CVE-2022-1158)

* kernel: openvswitch: integer underflow leads to out-of-bounds write in  
reserve_sfa_size() (CVE-2022-2639)

* kernel: watch queue race condition can lead to privilege escalation  
(CVE-2022-2959)

* kernel: nfsd buffer overflow by RPC message over TCP with garbage data  
(CVE-2022-43945)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2069793 - CVE-2022-1158 kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region  
2084479 - CVE-2022-2639 kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size()  
2103681 - CVE-2022-2959 kernel: watch queue race condition can lead to privilege escalation  
2141752 - CVE-2022-43945 kernel: nfsd buffer overflow by RPC message over TCP with garbage data

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v.9.0):

Source:  
kpatch-patch-5_14_0-70_13_1-1-5.el9_0.src.rpm  
kpatch-patch-5_14_0-70_17_1-1-4.el9_0.src.rpm  
kpatch-patch-5_14_0-70_22_1-1-4.el9_0.src.rpm  
kpatch-patch-5_14_0-70_26_1-1-3.el9_0.src.rpm  
kpatch-patch-5_14_0-70_30_1-1-1.el9_0.src.rpm

ppc64le:  
kpatch-patch-5_14_0-70_13_1-1-5.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_13_1-debuginfo-1-5.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_13_1-debugsource-1-5.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_17_1-1-4.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_17_1-debuginfo-1-4.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_17_1-debugsource-1-4.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_22_1-1-4.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_22_1-debuginfo-1-4.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_22_1-debugsource-1-4.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_26_1-1-3.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_26_1-debuginfo-1-3.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_26_1-debugsource-1-3.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_30_1-1-1.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_30_1-debuginfo-1-1.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_30_1-debugsource-1-1.el9_0.ppc64le.rpm

x86_64:  
kpatch-patch-5_14_0-70_13_1-1-5.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_13_1-debuginfo-1-5.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_13_1-debugsource-1-5.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_17_1-1-4.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_17_1-debuginfo-1-4.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_17_1-debugsource-1-4.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_22_1-1-4.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_22_1-debuginfo-1-4.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_22_1-debugsource-1-4.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_26_1-1-3.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_26_1-debuginfo-1-3.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_26_1-debugsource-1-3.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_30_1-1-1.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_30_1-debuginfo-1-1.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_30_1-debugsource-1-1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1158  
https://access.redhat.com/security/cve/CVE-2022-2639  
https://access.redhat.com/security/cve/CVE-2022-2959  
https://access.redhat.com/security/cve/CVE-2022-43945  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5ug7NzjgjWX9erEAQjqwA//QXemNcN+JiDPGuKUjrrbsdAd0LHyMg3z  
55HbU3XKWXuj4dxke5ZKfn38dvd84g7fepQpG52W2frPRjkQHhO4Uokta43EcCXc  
RZLKI9jNq3bMvsFPmTZlSFElamz6OTn2ECSgYh8NyrNl3VzHr5hy/eJET3QM1kig  
tsIjjdcP/VNlm41Zs9kdHBqPdV/Nr/aVrjeFgBx/ig3JrP0ePfloWUezVIJD/QQV  
PkWUgGdXNUK2jvlB3AH7iwhRWMGxKbRceEvJZS9yc2S9Hy1M7lj5DZQgt9CU02xU  
aWMxNTcGlVBNsCPgFz2GOXMr5VQebtMkVIMMjOlB8vH0PrlunSy4NWlkZdh/cBc/  
FAHuS8L1Fsl2K8neacBbMpWLTaKteorC0ZbL9ZW5hMmVKLfiecm1Z2L2CYtAb0GG  
u3RwsycRCX0GVzWamlbKn6MLcKgxLtzl1XMd9kHEGRWSb05O9P0ECj0SV7zwDy4o  
3/GoLeAglIzP+sxdAeeK6ocA5zAdHTZM26KI2MYe0yyLR5n/EiO4Lxcs6YCdPP7n  
XGB+vCpV/xS77tzMDafyS/9Gq7cguwn3v5DQQHCQ4Db3n5z3uhAc0QVfSKzaYnkY  
5bTK99gofD8HbC8kHMExNEbVWu6x3yLhtXiOhrQKGLX1dU2UiQyGJmmfwvTzb0+G  
HVA5TRLZ0Ak=Heu4  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-9082-01

Red Hat Security Advisory 2022-9075-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2022:9075-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:9075  
Issue date:        2022-12-15  
CVE Names:         CVE-2022-45414 CVE-2022-46872 CVE-2022-46874  
                   CVE-2022-46878 CVE-2022-46880 CVE-2022-46881  
                   CVE-2022-46882  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.4  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.6.0.

Security Fix(es):

* Mozilla: Arbitrary file read from a compromised content process  
(CVE-2022-46872)

* Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird  
102.6 (CVE-2022-46878)

* Mozilla: Use-after-free in WebGL (CVE-2022-46880)

* Mozilla: Memory corruption in WebGL (CVE-2022-46881)

* Mozilla: Quoting from an HTML email with certain tags will trigger  
network requests and load remote content, regardless of a configuration to  
block remote content (CVE-2022-45414)

* Mozilla: Drag and Dropped Filenames could have been truncated to  
malicious extensions (CVE-2022-46874)

* Mozilla: Use-after-free in WebGL (CVE-2022-46882)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2149868 - CVE-2022-45414 Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content  
2153441 - CVE-2022-46872 Mozilla: Arbitrary file read from a compromised content process  
2153449 - CVE-2022-46874 Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions  
2153454 - CVE-2022-46878 Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6  
2153463 - CVE-2022-46880 Mozilla: Use-after-free in WebGL  
2153466 - CVE-2022-46881 Mozilla: Memory corruption in WebGL  
2153467 - CVE-2022-46882 Mozilla: Use-after-free in WebGL

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.4):

Source:  
thunderbird-102.6.0-2.el8_4.src.rpm

aarch64:  
thunderbird-102.6.0-2.el8_4.aarch64.rpm  
thunderbird-debuginfo-102.6.0-2.el8_4.aarch64.rpm  
thunderbird-debugsource-102.6.0-2.el8_4.aarch64.rpm

ppc64le:  
thunderbird-102.6.0-2.el8_4.ppc64le.rpm  
thunderbird-debuginfo-102.6.0-2.el8_4.ppc64le.rpm  
thunderbird-debugsource-102.6.0-2.el8_4.ppc64le.rpm

s390x:  
thunderbird-102.6.0-2.el8_4.s390x.rpm  
thunderbird-debuginfo-102.6.0-2.el8_4.s390x.rpm  
thunderbird-debugsource-102.6.0-2.el8_4.s390x.rpm

x86_64:  
thunderbird-102.6.0-2.el8_4.x86_64.rpm  
thunderbird-debuginfo-102.6.0-2.el8_4.x86_64.rpm  
thunderbird-debugsource-102.6.0-2.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-45414  
https://access.redhat.com/security/cve/CVE-2022-46872  
https://access.redhat.com/security/cve/CVE-2022-46874  
https://access.redhat.com/security/cve/CVE-2022-46878  
https://access.redhat.com/security/cve/CVE-2022-46880  
https://access.redhat.com/security/cve/CVE-2022-46881  
https://access.redhat.com/security/cve/CVE-2022-46882  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5uhFdzjgjWX9erEAQgJoA//dXoxYRc6QpIZumqvdNX8mYhEcYpd18Xv  
hefH1VzXM5q0/uNtGCQMEQ3Jty+RJ8LCgRqSQWBh3M43Oubi2d6qL0S0cq9G1DC4  
LlMMLM359VOTqIQD615Q24GVrwYlZCmOmDlzVqt7ZWBOYmnCXTboosKkGio7AY29  
+jjZEtCYcUDlhkwHmP46eMjpQnsGyD30iRFGDXo2Bh2KhmMUzWWTz6+dMdZ2TKIY  
GBTS+Pxzn7wMDabZc9iYMPbxkU1TEwzBC9P0ZCLK5FlaQSkplfvmTu3/ToecQAkc  
EJUevbeivFsPs4tusrAw7lLRR6gE3ayFXodZ9MmzVDnbG6TI5L/AhcUv7kGJ7hn8  
j+uUHpm/mPU3W4Ux3jQKR5Bl/eEmnHTaw/UMkQP6Z3WFlUJkhIhkFoIX/Xz4BePE  
2yH/nqRxHGwobnPu0wwVmFzqz5x2AXzrFGlxGPus3VbkuI/M8ExdKIweU8Xj7EwF  
w8c72PDJMCK1atFlsXmsmNHhI8aqUhwJJQiCCfWKb+eTSKJNNjsXowSBdGdK8C8L  
Chnr4cHoN9hFc/81lo67D1sO4/R5sOYR/ZoBiHM3ibwteBYJSF5tUsnQ0BEDKvJH  
c4eb66Eowc1tdrpbzELxoChIcYvjD3PeLhU66QJQbGsNXRwJc8e/aLOa2dvm2vrz  
+MxZfcAttgU=3XRU  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-9075-01

Red Hat Security Advisory 2022-9076-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2022:9076-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:9076  
Issue date:        2022-12-15  
CVE Names:         CVE-2022-45414 CVE-2022-46872 CVE-2022-46874  
                   CVE-2022-46878 CVE-2022-46880 CVE-2022-46881  
                   CVE-2022-46882  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2  
Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications  
Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v. 8.2) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux AppStream E4S (v. 8.2) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux AppStream TUS (v. 8.2) - aarch64, ppc64le, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.6.0.

Security Fix(es):

* Mozilla: Arbitrary file read from a compromised content process  
(CVE-2022-46872)

* Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird  
102.6 (CVE-2022-46878)

* Mozilla: Use-after-free in WebGL (CVE-2022-46880)

* Mozilla: Memory corruption in WebGL (CVE-2022-46881)

* Mozilla: Quoting from an HTML email with certain tags will trigger  
network requests and load remote content, regardless of a configuration to  
block remote content (CVE-2022-45414)

* Mozilla: Drag and Dropped Filenames could have been truncated to  
malicious extensions (CVE-2022-46874)

* Mozilla: Use-after-free in WebGL (CVE-2022-46882)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2149868 - CVE-2022-45414 Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content  
2153441 - CVE-2022-46872 Mozilla: Arbitrary file read from a compromised content process  
2153449 - CVE-2022-46874 Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions  
2153454 - CVE-2022-46878 Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6  
2153463 - CVE-2022-46880 Mozilla: Use-after-free in WebGL  
2153466 - CVE-2022-46881 Mozilla: Memory corruption in WebGL  
2153467 - CVE-2022-46882 Mozilla: Use-after-free in WebGL

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v. 8.2):

Source:  
thunderbird-102.6.0-2.el8_2.src.rpm

aarch64:  
thunderbird-102.6.0-2.el8_2.aarch64.rpm  
thunderbird-debuginfo-102.6.0-2.el8_2.aarch64.rpm  
thunderbird-debugsource-102.6.0-2.el8_2.aarch64.rpm

ppc64le:  
thunderbird-102.6.0-2.el8_2.ppc64le.rpm  
thunderbird-debuginfo-102.6.0-2.el8_2.ppc64le.rpm  
thunderbird-debugsource-102.6.0-2.el8_2.ppc64le.rpm

x86_64:  
thunderbird-102.6.0-2.el8_2.x86_64.rpm  
thunderbird-debuginfo-102.6.0-2.el8_2.x86_64.rpm  
thunderbird-debugsource-102.6.0-2.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v. 8.2):

Source:  
thunderbird-102.6.0-2.el8_2.src.rpm

aarch64:  
thunderbird-102.6.0-2.el8_2.aarch64.rpm  
thunderbird-debuginfo-102.6.0-2.el8_2.aarch64.rpm  
thunderbird-debugsource-102.6.0-2.el8_2.aarch64.rpm

ppc64le:  
thunderbird-102.6.0-2.el8_2.ppc64le.rpm  
thunderbird-debuginfo-102.6.0-2.el8_2.ppc64le.rpm  
thunderbird-debugsource-102.6.0-2.el8_2.ppc64le.rpm

x86_64:  
thunderbird-102.6.0-2.el8_2.x86_64.rpm  
thunderbird-debuginfo-102.6.0-2.el8_2.x86_64.rpm  
thunderbird-debugsource-102.6.0-2.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v. 8.2):

Source:  
thunderbird-102.6.0-2.el8_2.src.rpm

aarch64:  
thunderbird-102.6.0-2.el8_2.aarch64.rpm  
thunderbird-debuginfo-102.6.0-2.el8_2.aarch64.rpm  
thunderbird-debugsource-102.6.0-2.el8_2.aarch64.rpm

ppc64le:  
thunderbird-102.6.0-2.el8_2.ppc64le.rpm  
thunderbird-debuginfo-102.6.0-2.el8_2.ppc64le.rpm  
thunderbird-debugsource-102.6.0-2.el8_2.ppc64le.rpm

x86_64:  
thunderbird-102.6.0-2.el8_2.x86_64.rpm  
thunderbird-debuginfo-102.6.0-2.el8_2.x86_64.rpm  
thunderbird-debugsource-102.6.0-2.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-45414  
https://access.redhat.com/security/cve/CVE-2022-46872  
https://access.redhat.com/security/cve/CVE-2022-46874  
https://access.redhat.com/security/cve/CVE-2022-46878  
https://access.redhat.com/security/cve/CVE-2022-46880  
https://access.redhat.com/security/cve/CVE-2022-46881  
https://access.redhat.com/security/cve/CVE-2022-46882  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5ug/tzjgjWX9erEAQh0kA/9FYWQo7DPaJ42rNiE78pcFYEc6CA8ZGBP  
LHbv060pE98N3G61Kly7offDi2QrN7x0VVauoxugg9zcF8fnSTMpahR0sMZ4aAqM  
o+CaoYKvq+IvqYi+a0n+wuJFsrcNT4DsjcW3k6+52WEIPmpN4M0conmqXn0LP/yA  
Kx36GH0KJHWTnIokS1mfbUid4rtKAd3cF4KlSlbEVJu5RSPTBngAWPNld0upJLcy  
WD0B8bhSUn7H9tpMw3isqEfSDae9+YGXHkyb9MB3ICALMLlvkQibkbF9wo/1Up0M  
895bgOjQ/CoxJaHRk5pEK+fqwufiWtdABDYM12PRfk3aSdd54jDpT9HG9nV3cZHR  
boVdaeuOJFyZAzziiDZo2q9Je8Nm5ox8kgQ8UO5UY7Dr7AFNgbvIPYi3ISZ1RbZZ  
+9IuxSnW3YUrW/8QUqmyDruhS7deMYJogirvWdWwt5tSpAA5Tr7Aj1Cix3u8nHZZ  
Tej4JtE9Ch8gq7s7ppwj2hif+1JV7liUWtEp4YtKvqA+R/5svqBBwS6EI+4Woj72  
jY9YrporG0NoOPcWKt3bf5Zhr1fimiwnubJy5a6vDT9LheouWEEU+F51pz/u/ldB  
Jets+wx2yhT0fh7V/4rufKw6G3XhTo5dZwZnDzkLBDFSx57t7g5VMZta++olFUpe  
jcpjOgm6OJw=nZth  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-9076-01

Red Hat Security Advisory 2022-9070-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2022:9070-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:9070  
Issue date:        2022-12-15  
CVE Names:         CVE-2022-46872 CVE-2022-46874 CVE-2022-46878  
                   CVE-2022-46880 CVE-2022-46881 CVE-2022-46882  
====================================================================  
1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 8.2  
Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications  
Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream E4S (v. 8.2) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream TUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.6.0 ESR.

Security Fix(es):

* Mozilla: Arbitrary file read from a compromised content process  
(CVE-2022-46872)

* Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird  
102.6 (CVE-2022-46878)

* Mozilla: Use-after-free in WebGL (CVE-2022-46880)

* Mozilla: Memory corruption in WebGL (CVE-2022-46881)

* Mozilla: Drag and Dropped Filenames could have been truncated to  
malicious extensions (CVE-2022-46874)

* Mozilla: Use-after-free in WebGL (CVE-2022-46882)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2153441 - CVE-2022-46872 Mozilla: Arbitrary file read from a compromised content process  
2153449 - CVE-2022-46874 Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions  
2153454 - CVE-2022-46878 Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6  
2153463 - CVE-2022-46880 Mozilla: Use-after-free in WebGL  
2153466 - CVE-2022-46881 Mozilla: Memory corruption in WebGL  
2153467 - CVE-2022-46882 Mozilla: Use-after-free in WebGL

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v. 8.2):

Source:  
firefox-102.6.0-1.el8_2.src.rpm

aarch64:  
firefox-102.6.0-1.el8_2.aarch64.rpm  
firefox-debuginfo-102.6.0-1.el8_2.aarch64.rpm  
firefox-debugsource-102.6.0-1.el8_2.aarch64.rpm

ppc64le:  
firefox-102.6.0-1.el8_2.ppc64le.rpm  
firefox-debuginfo-102.6.0-1.el8_2.ppc64le.rpm  
firefox-debugsource-102.6.0-1.el8_2.ppc64le.rpm

s390x:  
firefox-102.6.0-1.el8_2.s390x.rpm  
firefox-debuginfo-102.6.0-1.el8_2.s390x.rpm  
firefox-debugsource-102.6.0-1.el8_2.s390x.rpm

x86_64:  
firefox-102.6.0-1.el8_2.x86_64.rpm  
firefox-debuginfo-102.6.0-1.el8_2.x86_64.rpm  
firefox-debugsource-102.6.0-1.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v. 8.2):

Source:  
firefox-102.6.0-1.el8_2.src.rpm

aarch64:  
firefox-102.6.0-1.el8_2.aarch64.rpm  
firefox-debuginfo-102.6.0-1.el8_2.aarch64.rpm  
firefox-debugsource-102.6.0-1.el8_2.aarch64.rpm

ppc64le:  
firefox-102.6.0-1.el8_2.ppc64le.rpm  
firefox-debuginfo-102.6.0-1.el8_2.ppc64le.rpm  
firefox-debugsource-102.6.0-1.el8_2.ppc64le.rpm

s390x:  
firefox-102.6.0-1.el8_2.s390x.rpm  
firefox-debuginfo-102.6.0-1.el8_2.s390x.rpm  
firefox-debugsource-102.6.0-1.el8_2.s390x.rpm

x86_64:  
firefox-102.6.0-1.el8_2.x86_64.rpm  
firefox-debuginfo-102.6.0-1.el8_2.x86_64.rpm  
firefox-debugsource-102.6.0-1.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v. 8.2):

Source:  
firefox-102.6.0-1.el8_2.src.rpm

aarch64:  
firefox-102.6.0-1.el8_2.aarch64.rpm  
firefox-debuginfo-102.6.0-1.el8_2.aarch64.rpm  
firefox-debugsource-102.6.0-1.el8_2.aarch64.rpm

ppc64le:  
firefox-102.6.0-1.el8_2.ppc64le.rpm  
firefox-debuginfo-102.6.0-1.el8_2.ppc64le.rpm  
firefox-debugsource-102.6.0-1.el8_2.ppc64le.rpm

s390x:  
firefox-102.6.0-1.el8_2.s390x.rpm  
firefox-debuginfo-102.6.0-1.el8_2.s390x.rpm  
firefox-debugsource-102.6.0-1.el8_2.s390x.rpm

x86_64:  
firefox-102.6.0-1.el8_2.x86_64.rpm  
firefox-debuginfo-102.6.0-1.el8_2.x86_64.rpm  
firefox-debugsource-102.6.0-1.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-46872  
https://access.redhat.com/security/cve/CVE-2022-46874  
https://access.redhat.com/security/cve/CVE-2022-46878  
https://access.redhat.com/security/cve/CVE-2022-46880  
https://access.redhat.com/security/cve/CVE-2022-46881  
https://access.redhat.com/security/cve/CVE-2022-46882  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5uhCNzjgjWX9erEAQherg/+LMLB/21bl4GmwLLL8/2eIGHY9tbmaSfl  
t0159LZ6kfabpE0j+buZ155ljY6aHzCuWcJBofBCIHAATgVjeZ1rzKdSEEJ2hqGt  
zrtXbpSq3e63YM9cgeeKGasOZk8GAq6IrRshqX0sE7YqkHjlxJiqZAU6GOal+RtC  
3SjBG2nCbEfgdRBPYr6GgBDN4KqvCDUdBFxK+TSv+5v2OL80m2kMpf6E7zsjPL3D  
VX6oEJ3P6gGatZZlq4BodglHPvPSL1yqwvucHQJ0V10G6WudFNBO8K6bQCLaRowl  
4BmqL82T/537ytSeClvjJQRaYH2pTuMC2PuF6Ryrrki+C/EVJYPA9Pj/NPWmsxhC  
YVKleKQ8NQpFsOJTy8NZ+STKJ0OE5Epm01AlDuiHRcr2WqqWIbd/yyYXYM9W3uYh  
L6vUU05JB16V3Au2IVeFR5lUpX16wkYgcIuijhXJfyJoPuVSYX9PxOcEydtKdyIw  
tZcCkn4aBaXP0af2heB6XbtHNVaPdzkVqZyvwUo1lMp2cheQpinalwD6002pUMB+  
i1eq4qP90rssf0EQqJ/e+W0yUlThzD4RCpK2RI1DsxM8/F7J7YLi40iH9smN3Sm8  
TLsYNfMldiuK1OTWKE8Chr/hJL6dlUvgGMH5/X+HqnFpHWztcDSoo4yZgRF3tJt+  
nua339DDTn8=kb0x  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-9070-01

Red Hat Security Advisory 2022-9066-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2022:9066-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:9066  
Issue date:        2022-12-15  
CVE Names:         CVE-2022-46872 CVE-2022-46874 CVE-2022-46878  
                   CVE-2022-46880 CVE-2022-46881 CVE-2022-46882  
====================================================================  
1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.6.0 ESR.

Security Fix(es):

* Mozilla: Arbitrary file read from a compromised content process  
(CVE-2022-46872)

* Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird  
102.6 (CVE-2022-46878)

* Mozilla: Use-after-free in WebGL (CVE-2022-46880)

* Mozilla: Memory corruption in WebGL (CVE-2022-46881)

* Mozilla: Drag and Dropped Filenames could have been truncated to  
malicious extensions (CVE-2022-46874)

* Mozilla: Use-after-free in WebGL (CVE-2022-46882)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2153441 - CVE-2022-46872 Mozilla: Arbitrary file read from a compromised content process  
2153449 - CVE-2022-46874 Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions  
2153454 - CVE-2022-46878 Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6  
2153463 - CVE-2022-46880 Mozilla: Use-after-free in WebGL  
2153466 - CVE-2022-46881 Mozilla: Memory corruption in WebGL  
2153467 - CVE-2022-46882 Mozilla: Use-after-free in WebGL

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

Source:  
firefox-102.6.0-1.el9_0.src.rpm

aarch64:  
firefox-102.6.0-1.el9_0.aarch64.rpm  
firefox-debuginfo-102.6.0-1.el9_0.aarch64.rpm  
firefox-debugsource-102.6.0-1.el9_0.aarch64.rpm

ppc64le:  
firefox-102.6.0-1.el9_0.ppc64le.rpm  
firefox-debuginfo-102.6.0-1.el9_0.ppc64le.rpm  
firefox-debugsource-102.6.0-1.el9_0.ppc64le.rpm

s390x:  
firefox-102.6.0-1.el9_0.s390x.rpm  
firefox-debuginfo-102.6.0-1.el9_0.s390x.rpm  
firefox-debugsource-102.6.0-1.el9_0.s390x.rpm

x86_64:  
firefox-102.6.0-1.el9_0.x86_64.rpm  
firefox-debuginfo-102.6.0-1.el9_0.x86_64.rpm  
firefox-debugsource-102.6.0-1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-46872  
https://access.redhat.com/security/cve/CVE-2022-46874  
https://access.redhat.com/security/cve/CVE-2022-46878  
https://access.redhat.com/security/cve/CVE-2022-46880  
https://access.redhat.com/security/cve/CVE-2022-46881  
https://access.redhat.com/security/cve/CVE-2022-46882  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5ug99zjgjWX9erEAQgEEhAAhJIHK1wjYGsYxmu5ZFkC0bBjQilJLpxJ  
t2udAbzqkPlRaycOzb0oL9mTRtDXICYBelKNA1vIr3WBbN5lrqC5oBSgUV7HQFG2  
HsXna0DkfkDyYGoCfrHYhnAzIqhVALBp5jfLYnGwpCNbSzoCvAs1AIa9x6GD8QE7  
fqSIg9s0ymOFZUsmHofAZz/P16QHg501kVKSNJB87E42gE5zwBO3umaZiRqjcc/f  
nIU2P/F/9kPxlTog54L1+secHf+I806KDYZc1GFpdJgqEgq9zexxU7bLbFqnXQ3c  
kFCGkyd4fCygW0PS320pzzYOW52T9TOPSLZ8xp9aXyrvWJcIuADPEd7zJcgChBEb  
kDBeaVtGB913ON/5boRt3maalvHLA95SlPq7eSih3VkbH8vUFrHE0Ayx2dQnbviM  
f6oO7Al+NFtKGzzHR05L4upOFG0j+CfNUxfBrBOCaw+aN2U01ziBZl0xpB8bh/j2  
uDfrkrwSENkGPmHyUcBwO7FdLXA6n4tJzJMa875Nl6MWLpM4I/zARCbMjUNnQtGo  
0xXw5FyR/6LNgK1yL4YSspD13BlAt9SQCjFhdqwp+5SwVqW2P19hUUGrq4RSkPB/  
YkH8WJHsT12gPVYhdtNd/yYDpnLtn+B35ct7EtIXkULDh6SUaSklGz+DhJkI8SgZ  
jl/TlPdWPKE=OzET  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-9066-01

Red Hat Security Advisory 2022-9074-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2022:9074-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:9074  
Issue date:        2022-12-15  
CVE Names:         CVE-2022-45414 CVE-2022-46872 CVE-2022-46874  
                   CVE-2022-46878 CVE-2022-46880 CVE-2022-46881  
                   CVE-2022-46882  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.6.0.

Security Fix(es):

* Mozilla: Arbitrary file read from a compromised content process  
(CVE-2022-46872)

* Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird  
102.6 (CVE-2022-46878)

* Mozilla: Use-after-free in WebGL (CVE-2022-46880)

* Mozilla: Memory corruption in WebGL (CVE-2022-46881)

* Mozilla: Quoting from an HTML email with certain tags will trigger  
network requests and load remote content, regardless of a configuration to  
block remote content (CVE-2022-45414)

* Mozilla: Drag and Dropped Filenames could have been truncated to  
malicious extensions (CVE-2022-46874)

* Mozilla: Use-after-free in WebGL (CVE-2022-46882)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2149868 - CVE-2022-45414 Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content  
2153441 - CVE-2022-46872 Mozilla: Arbitrary file read from a compromised content process  
2153449 - CVE-2022-46874 Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions  
2153454 - CVE-2022-46878 Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6  
2153463 - CVE-2022-46880 Mozilla: Use-after-free in WebGL  
2153466 - CVE-2022-46881 Mozilla: Memory corruption in WebGL  
2153467 - CVE-2022-46882 Mozilla: Use-after-free in WebGL

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
thunderbird-102.6.0-2.el8_7.src.rpm

aarch64:  
thunderbird-102.6.0-2.el8_7.aarch64.rpm  
thunderbird-debuginfo-102.6.0-2.el8_7.aarch64.rpm  
thunderbird-debugsource-102.6.0-2.el8_7.aarch64.rpm

ppc64le:  
thunderbird-102.6.0-2.el8_7.ppc64le.rpm  
thunderbird-debuginfo-102.6.0-2.el8_7.ppc64le.rpm  
thunderbird-debugsource-102.6.0-2.el8_7.ppc64le.rpm

s390x:  
thunderbird-102.6.0-2.el8_7.s390x.rpm  
thunderbird-debuginfo-102.6.0-2.el8_7.s390x.rpm  
thunderbird-debugsource-102.6.0-2.el8_7.s390x.rpm

x86_64:  
thunderbird-102.6.0-2.el8_7.x86_64.rpm  
thunderbird-debuginfo-102.6.0-2.el8_7.x86_64.rpm  
thunderbird-debugsource-102.6.0-2.el8_7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-45414  
https://access.redhat.com/security/cve/CVE-2022-46872  
https://access.redhat.com/security/cve/CVE-2022-46874  
https://access.redhat.com/security/cve/CVE-2022-46878  
https://access.redhat.com/security/cve/CVE-2022-46880  
https://access.redhat.com/security/cve/CVE-2022-46881  
https://access.redhat.com/security/cve/CVE-2022-46882  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5uhJ9zjgjWX9erEAQgp7w/+K+Zmk5wU3zQDZWUEEIbtdYab8bJXDxKh  
WGfVItJ2rsis4F5EVgUxpsU5x3dv2zFHmeU+7dJJToX/NB40TXeg/ncI05kWuNIz  
GhM76INcVU7od6tl440x87JZw7uH7Ck3UstEU6sk3XZd6WqRWlRyci/dueKvZ+Up  
SBcNg34YzjlwdRPAZK8eG+S5jBP33VAL/emBriKzVp2gLEImpHDM9JNQs3OKj0s9  
mOpNvExMZuLbWNAO7P1DNhDTAQmnanTqmV7G9aNNyp1/BnRfrFl4/7Jkugp3tA2G  
9nwL3dwrl/Z8vly5rLbCJIbj0bxaKM3RwMkXcyx0jhze2QhfbFMaizMiJ3LFJVdg  
7K2i3v3yd9w5OdfJweSXXKTUrdZqlRRagS8RDuU+9rNo/ANkzTvP62gTT5AXzlpO  
0/c8pmr5Pf8hOSbrlVrJpEsz2dKxJQYTGzTfZd+d6HTm967sxc6Yks4RFBsHtMgk  
tx4QC0V3auNFgAb7IiFhS0l+KDvgJ+2EH8oTrcrb20pJVRRBUre3ItDwN7BefWDC  
udFJIMjTwssYXISpnB+ynVqXks0UP+s+krPj+iTDQ+89QeRpmz7EA++NE2FcOVyk  
1htp/S0JUNQ2IQlf7snB0KuQcCor+nKFHpwMOvFL3YzEBPdcUXEdR/jaOYGDWFTe  
LvL5uOVDdyc=aZwb  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-9074-01

Red Hat Security Advisory 2022-9071-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2022:9071-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:9071  
Issue date:        2022-12-15  
CVE Names:         CVE-2022-46872 CVE-2022-46874 CVE-2022-46878  
                   CVE-2022-46880 CVE-2022-46881 CVE-2022-46882  
====================================================================  
1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - ppc64le, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.6.0 ESR.

Security Fix(es):

* Mozilla: Arbitrary file read from a compromised content process  
(CVE-2022-46872)

* Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird  
102.6 (CVE-2022-46878)

* Mozilla: Use-after-free in WebGL (CVE-2022-46880)

* Mozilla: Memory corruption in WebGL (CVE-2022-46881)

* Mozilla: Drag and Dropped Filenames could have been truncated to  
malicious extensions (CVE-2022-46874)

* Mozilla: Use-after-free in WebGL (CVE-2022-46882)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2153441 - CVE-2022-46872 Mozilla: Arbitrary file read from a compromised content process  
2153449 - CVE-2022-46874 Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions  
2153454 - CVE-2022-46878 Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6  
2153463 - CVE-2022-46880 Mozilla: Use-after-free in WebGL  
2153466 - CVE-2022-46881 Mozilla: Memory corruption in WebGL  
2153467 - CVE-2022-46882 Mozilla: Use-after-free in WebGL

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

Source:  
firefox-102.6.0-1.el8_1.src.rpm

ppc64le:  
firefox-102.6.0-1.el8_1.ppc64le.rpm  
firefox-debuginfo-102.6.0-1.el8_1.ppc64le.rpm  
firefox-debugsource-102.6.0-1.el8_1.ppc64le.rpm

x86_64:  
firefox-102.6.0-1.el8_1.x86_64.rpm  
firefox-debuginfo-102.6.0-1.el8_1.x86_64.rpm  
firefox-debugsource-102.6.0-1.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-46872  
https://access.redhat.com/security/cve/CVE-2022-46874  
https://access.redhat.com/security/cve/CVE-2022-46878  
https://access.redhat.com/security/cve/CVE-2022-46880  
https://access.redhat.com/security/cve/CVE-2022-46881  
https://access.redhat.com/security/cve/CVE-2022-46882  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5uhHtzjgjWX9erEAQjFOA//bCHb3VrCnrVth/bYPBQIQPFtFDxMpo1j  
L+xg1IkE+PZT+Jt4XUkLQUCbgUsLMTnevoW7sGLhmnt725ajJWHt3jfsSb0orSaq  
nfiTD0dN372RpXTAeIRx6wwqjcOu5ca5jMGjmH3YynyORNKWp88OUcBkyNEC2BSm  
qJop6fIeXLqej4sGYtuy/jmmUqMUAOyrpBPYZP7nKOop14gT++uZOlg0o4fHF1jS  
shXc6hWK+gEuIWR06aaBArZrRrCFWTYbDh7gUXQrcQmV932ySCPJdrGNitG0dzQq  
Yk0QiH6qRCZdYI15IuWOGmjR1aHL6OJ4gXeYcLYF/2+YS042S/xgpzkYtN+7LokO  
eRk7UPQkBlAYfhIO9CbFpAM9m9hGjam/kMAQAjDgyyPCwUxQLQ9ge06bZS7qvnHM  
QDu1Rbzea0IhakSJX80iEzLNVr8CCcYHWhp3wnjOYsknQ0mMADaOQJF20j586biL  
3NWSXWf9Zu+uR9yTcn9an0l9zdSJrb4iRWYkkpJWYVBJ1NB06wXpckd9h9s37Jw+  
BcM4OONW+SnkOCoQwbU+5oKh59ZRTDw7lLu9NN3PO0PfCot6JprF6ASSUahpiX36  
d3LDcJ2jgiqkJ5U0qkGVczliZAL0lrTEOQCTfrLSPVP2DPel2VIODzRBo2mQgSlR  
YsDGuPuX5k0=AKSZ  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-9071-01

Red Hat Security Advisory 2022-9078-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2022:9078-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:9078  
Issue date:        2022-12-15  
CVE Names:         CVE-2022-45414 CVE-2022-46872 CVE-2022-46874  
                   CVE-2022-46878 CVE-2022-46880 CVE-2022-46881  
                   CVE-2022-46882  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.6.0.

Security Fix(es):

* Mozilla: Arbitrary file read from a compromised content process  
(CVE-2022-46872)

* Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird  
102.6 (CVE-2022-46878)

* Mozilla: Use-after-free in WebGL (CVE-2022-46880)

* Mozilla: Memory corruption in WebGL (CVE-2022-46881)

* Mozilla: Quoting from an HTML email with certain tags will trigger  
network requests and load remote content, regardless of a configuration to  
block remote content (CVE-2022-45414)

* Mozilla: Drag and Dropped Filenames could have been truncated to  
malicious extensions (CVE-2022-46874)

* Mozilla: Use-after-free in WebGL (CVE-2022-46882)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2149868 - CVE-2022-45414 Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content  
2153441 - CVE-2022-46872 Mozilla: Arbitrary file read from a compromised content process  
2153449 - CVE-2022-46874 Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions  
2153454 - CVE-2022-46878 Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6  
2153463 - CVE-2022-46880 Mozilla: Use-after-free in WebGL  
2153466 - CVE-2022-46881 Mozilla: Memory corruption in WebGL  
2153467 - CVE-2022-46882 Mozilla: Use-after-free in WebGL

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
thunderbird-102.6.0-2.el8_6.src.rpm

aarch64:  
thunderbird-102.6.0-2.el8_6.aarch64.rpm  
thunderbird-debuginfo-102.6.0-2.el8_6.aarch64.rpm  
thunderbird-debugsource-102.6.0-2.el8_6.aarch64.rpm

ppc64le:  
thunderbird-102.6.0-2.el8_6.ppc64le.rpm  
thunderbird-debuginfo-102.6.0-2.el8_6.ppc64le.rpm  
thunderbird-debugsource-102.6.0-2.el8_6.ppc64le.rpm

s390x:  
thunderbird-102.6.0-2.el8_6.s390x.rpm  
thunderbird-debuginfo-102.6.0-2.el8_6.s390x.rpm  
thunderbird-debugsource-102.6.0-2.el8_6.s390x.rpm

x86_64:  
thunderbird-102.6.0-2.el8_6.x86_64.rpm  
thunderbird-debuginfo-102.6.0-2.el8_6.x86_64.rpm  
thunderbird-debugsource-102.6.0-2.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-45414  
https://access.redhat.com/security/cve/CVE-2022-46872  
https://access.redhat.com/security/cve/CVE-2022-46874  
https://access.redhat.com/security/cve/CVE-2022-46878  
https://access.redhat.com/security/cve/CVE-2022-46880  
https://access.redhat.com/security/cve/CVE-2022-46881  
https://access.redhat.com/security/cve/CVE-2022-46882  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5uhEdzjgjWX9erEAQjtUQ/8C6IjYBKV4wwxtUHzdX1NaEl9J4VJIU9u  
mNuVkyU2+TfuF9upjK9r/S9iK5GzeUH7ueDw5CYBkeNPOPCYR7b4a0nc/GmRJrU5  
CeZg8pKZ/BlJ/JZc0tlhCz/wS6l6PLQTYW83JQ+NvF/HLrMFIxvcNHK2pqabqqPB  
kDy/iORjIXZNn5KO0tHpSYm6FItPxnAlEKCFVL2rPQXpUKHOGweFODw8E/JiriEb  
1CoIEQwLoSbEtoWeJtQIusdHIbnv/VkFjYQQdPnNcMyERyvxh20V80RJNq88cC97  
N6K+nAJ9G6IjXcDom9DhDQV4CdmZFVdDUi1kwuDnE/MsxjvS8iO7XuZQPpgMAC3D  
eFFRLdGSsPKAdz1iiUnQ7Wr4T7DXgAcPmaktoSKB8WI34sMq3sHbZ/EXbIocMFox  
orHqVlnZkcNRO7fuuSEU8vBmmZEFTU4SzxT1yGjDS3/bC3X6Sqf54kMqVUTb6AqH  
XVkFfFeXeqmp0udJE4AG3ksFY4KuOoO5TJSCj7N3CVtIWkd1MbIu88jQWy/u5NGT  
lkWrLC3WU20EBrXa9C+sgJ7gRr5PS5UJq3x1VEV8NkSwwhf11W7vWCuZJ1eV9fdq  
n6QPEkoUoI/oQE4LhJLH2lc67BQW/vZ9rljlTMo/NzFu1maCCV4ntXGYLx7Ndlew  
Pk05j8DvGaM=9JhN  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-9078-01

Red Hat Security Advisory 2022-9080-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2022:9080-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:9080  
Issue date:        2022-12-15  
CVE Names:         CVE-2022-45414 CVE-2022-46872 CVE-2022-46874  
                   CVE-2022-46878 CVE-2022-46880 CVE-2022-46881  
                   CVE-2022-46882  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.6.0.

Security Fix(es):

* Mozilla: Arbitrary file read from a compromised content process  
(CVE-2022-46872)

* Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird  
102.6 (CVE-2022-46878)

* Mozilla: Use-after-free in WebGL (CVE-2022-46880)

* Mozilla: Memory corruption in WebGL (CVE-2022-46881)

* Mozilla: Quoting from an HTML email with certain tags will trigger  
network requests and load remote content, regardless of a configuration to  
block remote content (CVE-2022-45414)

* Mozilla: Drag and Dropped Filenames could have been truncated to  
malicious extensions (CVE-2022-46874)

* Mozilla: Use-after-free in WebGL (CVE-2022-46882)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2149868 - CVE-2022-45414 Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content  
2153441 - CVE-2022-46872 Mozilla: Arbitrary file read from a compromised content process  
2153449 - CVE-2022-46874 Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions  
2153454 - CVE-2022-46878 Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6  
2153463 - CVE-2022-46880 Mozilla: Use-after-free in WebGL  
2153466 - CVE-2022-46881 Mozilla: Memory corruption in WebGL  
2153467 - CVE-2022-46882 Mozilla: Use-after-free in WebGL

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
thunderbird-102.6.0-2.el9_1.src.rpm

aarch64:  
thunderbird-102.6.0-2.el9_1.aarch64.rpm  
thunderbird-debuginfo-102.6.0-2.el9_1.aarch64.rpm  
thunderbird-debugsource-102.6.0-2.el9_1.aarch64.rpm

ppc64le:  
thunderbird-102.6.0-2.el9_1.ppc64le.rpm  
thunderbird-debuginfo-102.6.0-2.el9_1.ppc64le.rpm  
thunderbird-debugsource-102.6.0-2.el9_1.ppc64le.rpm

s390x:  
thunderbird-102.6.0-2.el9_1.s390x.rpm  
thunderbird-debuginfo-102.6.0-2.el9_1.s390x.rpm  
thunderbird-debugsource-102.6.0-2.el9_1.s390x.rpm

x86_64:  
thunderbird-102.6.0-2.el9_1.x86_64.rpm  
thunderbird-debuginfo-102.6.0-2.el9_1.x86_64.rpm  
thunderbird-debugsource-102.6.0-2.el9_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-45414  
https://access.redhat.com/security/cve/CVE-2022-46872  
https://access.redhat.com/security/cve/CVE-2022-46874  
https://access.redhat.com/security/cve/CVE-2022-46878  
https://access.redhat.com/security/cve/CVE-2022-46880  
https://access.redhat.com/security/cve/CVE-2022-46881  
https://access.redhat.com/security/cve/CVE-2022-46882  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5uhGNzjgjWX9erEAQjtTw/6AqW1PdXm6F1AU3Neni40iiX0RA83g1uY  
B2BYJdojeJnh98kn7EpgUyPvoJaQuLd8CT8pqWvgr2g9Yl1vHrvz9gJeNasQxtmz  
nCzp41y6P7Gh8re+Fc9WFVEKkuT5Wl/u+4Q2gwIuUQMEeqd3aqg+DOyz6VbIObBs  
ftwwurT87UMm7hMt3sg9H7wQqn97/JQ2TUDD/eQVGFybXvDGVq/S4yG00IifO7rE  
jG2Gj1U0MMCdExNDpIxZ07zRkJJNAW4f0ywKNnsIGbyU3LSCwdfJS4UGCGLFaZDU  
rQZ2JwXp9QUBbVof3Sh8S47lft6XDYI1PlkwaX8T9CsNRNaQEQo0pjbOn4LK6uJ0  
I+0L5n3wH8gNlQQ8sAPsTjMjsKkrAkEovvNgC4+NFm408rlE3g0hSXTnnXVCc+3E  
/JfZJVrNE9vf2rwhv1xVcJ8ebqAbsdd7SZycZqe/BpeNqgW0ouKE99GP3baw4SkL  
FV739xDFbgdE08e/ltn7zfpnRP+nUBDouIopjmkej6jYvkk2ORUE6ywWvKrKNSHU  
2Uw+yyl/+RYzJ7C8+cTsC35B5gUDIBV4PjNV+oIXjJ7KkZaBP61mKjvkQ439NZob  
LUMdb4UuMInDJ4k3MKrZfQ1gw4pSFOG+62ve/XyS8vc/DSFF63T5y7HMSLGHvM8w  
kfxPKfoWkfc=yYPd  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-9080-01

Red Hat Security Advisory 2022-9081-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2022:9081-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:9081  
Issue date:        2022-12-15  
CVE Names:         CVE-2022-45414 CVE-2022-46872 CVE-2022-46874  
                   CVE-2022-46878 CVE-2022-46880 CVE-2022-46881  
                   CVE-2022-46882  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.6.0.

Security Fix(es):

* Mozilla: Arbitrary file read from a compromised content process  
(CVE-2022-46872)

* Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird  
102.6 (CVE-2022-46878)

* Mozilla: Use-after-free in WebGL (CVE-2022-46880)

* Mozilla: Memory corruption in WebGL (CVE-2022-46881)

* Mozilla: Quoting from an HTML email with certain tags will trigger  
network requests and load remote content, regardless of a configuration to  
block remote content (CVE-2022-45414)

* Mozilla: Drag and Dropped Filenames could have been truncated to  
malicious extensions (CVE-2022-46874)

* Mozilla: Use-after-free in WebGL (CVE-2022-46882)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2149868 - CVE-2022-45414 Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content  
2153441 - CVE-2022-46872 Mozilla: Arbitrary file read from a compromised content process  
2153449 - CVE-2022-46874 Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions  
2153454 - CVE-2022-46878 Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6  
2153463 - CVE-2022-46880 Mozilla: Use-after-free in WebGL  
2153466 - CVE-2022-46881 Mozilla: Memory corruption in WebGL  
2153467 - CVE-2022-46882 Mozilla: Use-after-free in WebGL

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

Source:  
thunderbird-102.6.0-2.el9_0.src.rpm

aarch64:  
thunderbird-102.6.0-2.el9_0.aarch64.rpm  
thunderbird-debuginfo-102.6.0-2.el9_0.aarch64.rpm  
thunderbird-debugsource-102.6.0-2.el9_0.aarch64.rpm

ppc64le:  
thunderbird-102.6.0-2.el9_0.ppc64le.rpm  
thunderbird-debuginfo-102.6.0-2.el9_0.ppc64le.rpm  
thunderbird-debugsource-102.6.0-2.el9_0.ppc64le.rpm

s390x:  
thunderbird-102.6.0-2.el9_0.s390x.rpm  
thunderbird-debuginfo-102.6.0-2.el9_0.s390x.rpm  
thunderbird-debugsource-102.6.0-2.el9_0.s390x.rpm

x86_64:  
thunderbird-102.6.0-2.el9_0.x86_64.rpm  
thunderbird-debuginfo-102.6.0-2.el9_0.x86_64.rpm  
thunderbird-debugsource-102.6.0-2.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-45414  
https://access.redhat.com/security/cve/CVE-2022-46872  
https://access.redhat.com/security/cve/CVE-2022-46874  
https://access.redhat.com/security/cve/CVE-2022-46878  
https://access.redhat.com/security/cve/CVE-2022-46880  
https://access.redhat.com/security/cve/CVE-2022-46881  
https://access.redhat.com/security/cve/CVE-2022-46882  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5uhAdzjgjWX9erEAQg0uw/9HAALRonHR1rsINt2+P6+hoLsUvVr4fW8  
KrhaGp0YpQN+W/fopVU2nE3X43XAdD3+aMzjjygeRLDuofPe/truSBFU5BVujkbb  
p9u2QOcfuWxeRTFiVl2NDupiFLDC1oMpd4DRJaVJjXrRGaqmL5jZQUpThdFa78wh  
deNN0ec7Z2IU01e8ZnpPG83hAvbznsaXwqg/Qywsg7cSQc8ELHKfkHj/S8QBQpD7  
++8uNNDD/2HeuyjPA5ZniRTcxrYF4Q2xEy43EtPAVTT6ytT+/FBYS/yAYuvCmBaQ  
RHaafNRspIVaLeP39RKI3paKPuRdSX9TMPOfsPZR1kRPVDYmOf3Rz1ncWgBk7DGo  
wD6wwO7BkveAQBRKg3Cxn4ngyFqkvf201NlbdAdMPnPWcbjFZhDUC/ui3Ls9dRoi  
9/4m1wVfO6TtrOremSI1xzbeij97QCqU/yDcQZMpILANGy6QAu+0tE4OOZd6KxVz  
wltVzDJeLR+PzozF4yANlxMJOoKqLVyG65jyRclOxkhoosZ/v2JeFfqZqSI/vc/b  
RJvPJTsqo35A9qLlplNPIejT96E8GGcs/0C/I6c8ypX35rTuFUCWIFHAG6x6+f2B  
ONLKcxu+iVYyzvKYv03i/X1SrodqaC5/7P3CGDdBgc42mzrYf6irEYfGd06I4IpD  
TYhzmx2b2x0Þe/  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Source

Packet Storm