Red Hat Security Advisory 2022-7811-01 - Expat is a C library for parsing XML documents. The mingw-expat packages provide a port of the Expat library for MinGW. Issues addressed include code execution and integer overflow vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: mingw-expat security update  
Advisory ID:       RHSA-2022:7811-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7811  
Issue date:        2022-11-08  
CVE Names:         CVE-2022-23990 CVE-2022-25235 CVE-2022-25236  
                   CVE-2022-25313 CVE-2022-25314 CVE-2022-25315  
====================================================================  
1. Summary:

An update for mingw-expat is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - noarch

3. Description:

Expat is a C library for parsing XML documents. The mingw-expat packages  
provide a port of the Expat library for MinGW.

The following packages have been upgraded to a later upstream version:  
mingw-expat (2.4.8). (BZ#2057023, BZ#2057037, BZ#2057127)

Security Fix(es):

* expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code  
execution (CVE-2022-25235)

* expat: Namespace-separator characters in "xmlns[:prefix]" attribute  
values can lead to arbitrary code execution (CVE-2022-25236)

* expat: Integer overflow in storeRawNames() (CVE-2022-25315)

* expat: Stack exhaustion in doctype parsing (CVE-2022-25313)

* expat: Integer overflow in copyString() (CVE-2022-25314)

* expat: Integer overflow in the doProlog function (CVE-2022-23990)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat  
Enterprise Linux 8.7 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2048356 - CVE-2022-23990 expat: integer overflow in the doProlog function  
2056350 - CVE-2022-25313 expat: Stack exhaustion in doctype parsing  
2056354 - CVE-2022-25314 expat: Integer overflow in copyString()  
2056363 - CVE-2022-25315 expat: Integer overflow in storeRawNames()  
2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution  
2056370 - CVE-2022-25236 expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution

6. Package List:

Red Hat CodeReady Linux Builder (v. 8):

Source:  
mingw-expat-2.4.8-1.el8.src.rpm

noarch:  
mingw32-expat-2.4.8-1.el8.noarch.rpm  
mingw32-expat-debuginfo-2.4.8-1.el8.noarch.rpm  
mingw64-expat-2.4.8-1.el8.noarch.rpm  
mingw64-expat-debuginfo-2.4.8-1.el8.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-23990  
https://access.redhat.com/security/cve/CVE-2022-25235  
https://access.redhat.com/security/cve/CVE-2022-25236  
https://access.redhat.com/security/cve/CVE-2022-25313  
https://access.redhat.com/security/cve/CVE-2022-25314  
https://access.redhat.com/security/cve/CVE-2022-25315  
https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY2pSN9zjgjWX9erEAQiUug//S0FwujIXoFODWtJgEPijbfoA28JgVjcz  
lRdWl0wmXyMSlFkkBVIrOeGgxM4oLUpAwOdOPWIzb/M29xEfo4h3e8lHlwAwqklO  
lQcv663dY57lHRfbKgunlYWKTZ4+3kZbziZB/Zv58rw6bPDQ/wE96urY3/O0m1ct  
Dkk3j4zKiAnIFKWEvUHCwui7tOeUHXNAasCXifYoePimf9+lgta+pnYf86parIBg  
D3afd0S6meUnLqW6EtD0WTJPh6eztjDFEJ/9LKpXo2SL8FAYTrI9yfGQJNsHkGc4  
9NaAd3QeBKoGqcg/qBdb9FfwQqHZJGot4BtTui8/E5xnUg3F+/1PuMGxtQ4jI6X9  
ey6sWsUKCXMdlhv3TxAs/LFTR1cnkT7heEag/f58eo/W8VBow09k7cs3iktrNd+M  
4REv3cfyJ+kFAfA6N6plHb27lFP0aTMveH7FYiWpFGqPH15u3NFcPdsk8qijv4WZ  
sREJ6LgDknk80Rmla2td+l3Vo4iTCWEL7gvoY9uhzWCbuMvj1SSk5rOqVXtOEvuF  
8MpPM+xShIgGbYrFPxeMjYF16p+FxYVDcapSGrIORksAKOunAWDOHmZf+jR7iCMX  
ts3y9wxwNBObMK+Jr+ApYRohz9obamvxjlwBwXSWJ6xlsFyu5Y3e6IzSm/EJpK1i  
f25ydDFruA4=jL/2  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7811-01

Red Hat Security Advisory 2022-7822-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include an information leakage vulnerability.

Red Hat Security Advisory 2022-7822-01

Red Hat Security Advisory 2022-7720-01 - The e2fsprogs packages provide a number of utilities for creating, checking, modifying, and correcting the ext2, ext3, and ext4 file systems. Issues addressed include an out of bounds read vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: e2fsprogs security and bug fix update  
Advisory ID:       RHSA-2022:7720-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7720  
Issue date:        2022-11-08  
CVE Names:         CVE-2022-1304  
====================================================================  
1. Summary:

An update for e2fsprogs is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

The e2fsprogs packages provide a number of utilities for creating,  
checking, modifying, and correcting the ext2, ext3, and ext4 file systems.

Security Fix(es):

* e2fsprogs: out-of-bounds read/write via crafted filesystem  
(CVE-2022-1304)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat  
Enterprise Linux 8.7 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2069726 - CVE-2022-1304 e2fsprogs: out-of-bounds read/write via crafted filesystem  
2083621 - e2fsprogs: Update for RHEL8.7

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
e2fsprogs-1.45.6-5.el8.src.rpm

aarch64:  
e2fsprogs-1.45.6-5.el8.aarch64.rpm  
e2fsprogs-debuginfo-1.45.6-5.el8.aarch64.rpm  
e2fsprogs-debugsource-1.45.6-5.el8.aarch64.rpm  
e2fsprogs-devel-1.45.6-5.el8.aarch64.rpm  
e2fsprogs-libs-1.45.6-5.el8.aarch64.rpm  
e2fsprogs-libs-debuginfo-1.45.6-5.el8.aarch64.rpm  
libcom_err-1.45.6-5.el8.aarch64.rpm  
libcom_err-debuginfo-1.45.6-5.el8.aarch64.rpm  
libcom_err-devel-1.45.6-5.el8.aarch64.rpm  
libss-1.45.6-5.el8.aarch64.rpm  
libss-debuginfo-1.45.6-5.el8.aarch64.rpm

ppc64le:  
e2fsprogs-1.45.6-5.el8.ppc64le.rpm  
e2fsprogs-debuginfo-1.45.6-5.el8.ppc64le.rpm  
e2fsprogs-debugsource-1.45.6-5.el8.ppc64le.rpm  
e2fsprogs-devel-1.45.6-5.el8.ppc64le.rpm  
e2fsprogs-libs-1.45.6-5.el8.ppc64le.rpm  
e2fsprogs-libs-debuginfo-1.45.6-5.el8.ppc64le.rpm  
libcom_err-1.45.6-5.el8.ppc64le.rpm  
libcom_err-debuginfo-1.45.6-5.el8.ppc64le.rpm  
libcom_err-devel-1.45.6-5.el8.ppc64le.rpm  
libss-1.45.6-5.el8.ppc64le.rpm  
libss-debuginfo-1.45.6-5.el8.ppc64le.rpm

s390x:  
e2fsprogs-1.45.6-5.el8.s390x.rpm  
e2fsprogs-debuginfo-1.45.6-5.el8.s390x.rpm  
e2fsprogs-debugsource-1.45.6-5.el8.s390x.rpm  
e2fsprogs-devel-1.45.6-5.el8.s390x.rpm  
e2fsprogs-libs-1.45.6-5.el8.s390x.rpm  
e2fsprogs-libs-debuginfo-1.45.6-5.el8.s390x.rpm  
libcom_err-1.45.6-5.el8.s390x.rpm  
libcom_err-debuginfo-1.45.6-5.el8.s390x.rpm  
libcom_err-devel-1.45.6-5.el8.s390x.rpm  
libss-1.45.6-5.el8.s390x.rpm  
libss-debuginfo-1.45.6-5.el8.s390x.rpm

x86_64:  
e2fsprogs-1.45.6-5.el8.x86_64.rpm  
e2fsprogs-debuginfo-1.45.6-5.el8.i686.rpm  
e2fsprogs-debuginfo-1.45.6-5.el8.x86_64.rpm  
e2fsprogs-debugsource-1.45.6-5.el8.i686.rpm  
e2fsprogs-debugsource-1.45.6-5.el8.x86_64.rpm  
e2fsprogs-devel-1.45.6-5.el8.i686.rpm  
e2fsprogs-devel-1.45.6-5.el8.x86_64.rpm  
e2fsprogs-libs-1.45.6-5.el8.i686.rpm  
e2fsprogs-libs-1.45.6-5.el8.x86_64.rpm  
e2fsprogs-libs-debuginfo-1.45.6-5.el8.i686.rpm  
e2fsprogs-libs-debuginfo-1.45.6-5.el8.x86_64.rpm  
libcom_err-1.45.6-5.el8.i686.rpm  
libcom_err-1.45.6-5.el8.x86_64.rpm  
libcom_err-debuginfo-1.45.6-5.el8.i686.rpm  
libcom_err-debuginfo-1.45.6-5.el8.x86_64.rpm  
libcom_err-devel-1.45.6-5.el8.i686.rpm  
libcom_err-devel-1.45.6-5.el8.x86_64.rpm  
libss-1.45.6-5.el8.i686.rpm  
libss-1.45.6-5.el8.x86_64.rpm  
libss-debuginfo-1.45.6-5.el8.i686.rpm  
libss-debuginfo-1.45.6-5.el8.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

aarch64:  
e2fsprogs-debuginfo-1.45.6-5.el8.aarch64.rpm  
e2fsprogs-debugsource-1.45.6-5.el8.aarch64.rpm  
e2fsprogs-libs-debuginfo-1.45.6-5.el8.aarch64.rpm  
libcom_err-debuginfo-1.45.6-5.el8.aarch64.rpm  
libss-debuginfo-1.45.6-5.el8.aarch64.rpm  
libss-devel-1.45.6-5.el8.aarch64.rpm

ppc64le:  
e2fsprogs-debuginfo-1.45.6-5.el8.ppc64le.rpm  
e2fsprogs-debugsource-1.45.6-5.el8.ppc64le.rpm  
e2fsprogs-libs-debuginfo-1.45.6-5.el8.ppc64le.rpm  
libcom_err-debuginfo-1.45.6-5.el8.ppc64le.rpm  
libss-debuginfo-1.45.6-5.el8.ppc64le.rpm  
libss-devel-1.45.6-5.el8.ppc64le.rpm

s390x:  
e2fsprogs-debuginfo-1.45.6-5.el8.s390x.rpm  
e2fsprogs-debugsource-1.45.6-5.el8.s390x.rpm  
e2fsprogs-libs-debuginfo-1.45.6-5.el8.s390x.rpm  
libcom_err-debuginfo-1.45.6-5.el8.s390x.rpm  
libss-debuginfo-1.45.6-5.el8.s390x.rpm  
libss-devel-1.45.6-5.el8.s390x.rpm

x86_64:  
e2fsprogs-debuginfo-1.45.6-5.el8.i686.rpm  
e2fsprogs-debuginfo-1.45.6-5.el8.x86_64.rpm  
e2fsprogs-debugsource-1.45.6-5.el8.i686.rpm  
e2fsprogs-debugsource-1.45.6-5.el8.x86_64.rpm  
e2fsprogs-libs-debuginfo-1.45.6-5.el8.i686.rpm  
e2fsprogs-libs-debuginfo-1.45.6-5.el8.x86_64.rpm  
libcom_err-debuginfo-1.45.6-5.el8.i686.rpm  
libcom_err-debuginfo-1.45.6-5.el8.x86_64.rpm  
libss-debuginfo-1.45.6-5.el8.i686.rpm  
libss-debuginfo-1.45.6-5.el8.x86_64.rpm  
libss-devel-1.45.6-5.el8.i686.rpm  
libss-devel-1.45.6-5.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1304  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY2pR0NzjgjWX9erEAQhITRAAnFoWBpSbcI2BzXr/x3+LnUzzJyis1MyZ  
riZGIfQBlqO0c67WDLJjSZp0BVu9o+u0yv4nlrohif2s+zntt7vrOg5TkFXkVWY3  
i2ZlcGs9u0hEwBlO6QlSB8Tkk0ky61MgLqjVetcT/y2GAmnooRYUnqs5E+b8elt8  
f9nBJRmQRciRCOYegJPiOxpq9rtKQkFxU4c0M5x42B4aDqmfd2iGuBcMZDcBHKNe  
q2mTgZ7al0VqHT+rDjKddyzyF4e/r70wiDAhYs3DDKiH0ievDtEm4edgWXcxuXrO  
p6wxrSZi5eqK4jE86QJ+DC+wzTyrY5b8JWI6DC4atJk8PfhxRhHAXPTa8LPTMvVm  
N9Vcxx3wbHqrbyAYhkXtyyIWLJNhv79KEYhGLY33blxL2Vb/GcMQs5fiYdVF1PNT  
aH1NikPBlEjcpSMdKyaVN6wWJYAAJEmGqU4bh9zisJ5czIJQWQH9/clS3i7njBZT  
ZZnRy9grj0kNdVgnCTcBkXXPT7Rp/geHGNV9FPJa3Gppj6bAdMEpJQItGebBMZ6X  
mmWDV8eqwjQkTKD/BU+x9J93WIWrEIBk21hqYofiNXjnoqL6ktiGhJaViq3b1nTq  
JmxWdlTOqd7O5kAuU7mDxSxa52cTr7Jv2PcqhMNcCxyWgR/wQiE7SG7zYVyF1FBq  
V9IPXHt4rKc=htvR  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7720-01

Red Hat Security Advisory 2022-7514-01 - FriBidi is a library to handle bidirectional scripts, so that the display is done in the proper way, while the text data itself is always written in logical order. Issues addressed include a buffer overflow vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: fribidi security update  
Advisory ID:       RHSA-2022:7514-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7514  
Issue date:        2022-11-08  
CVE Names:         CVE-2022-25308 CVE-2022-25309 CVE-2022-25310  
====================================================================  
1. Summary:

An update for fribidi is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

FriBidi is a library to handle bidirectional scripts (for example Hebrew,  
Arabic), so that the display is done in the proper way, while the text data  
itself is always written in logical order.

Security Fix(es):

* fribidi: Stack based buffer overflow (CVE-2022-25308)

* fribidi: Heap-buffer-overflow in fribidi_cap_rtl_to_unicode  
(CVE-2022-25309)

* fribidi: SEGV in fribidi_remove_bidi_marks (CVE-2022-25310)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat  
Enterprise Linux 8.7 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2047890 - CVE-2022-25308 fribidi: Stack based buffer overflow  
2047896 - CVE-2022-25309 fribidi: Heap-buffer-overflow in fribidi_cap_rtl_to_unicode  
2047923 - CVE-2022-25310 fribidi: SEGV in fribidi_remove_bidi_marks

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
fribidi-1.0.4-9.el8.src.rpm

aarch64:  
fribidi-1.0.4-9.el8.aarch64.rpm  
fribidi-debuginfo-1.0.4-9.el8.aarch64.rpm  
fribidi-debugsource-1.0.4-9.el8.aarch64.rpm  
fribidi-devel-1.0.4-9.el8.aarch64.rpm

ppc64le:  
fribidi-1.0.4-9.el8.ppc64le.rpm  
fribidi-debuginfo-1.0.4-9.el8.ppc64le.rpm  
fribidi-debugsource-1.0.4-9.el8.ppc64le.rpm  
fribidi-devel-1.0.4-9.el8.ppc64le.rpm

s390x:  
fribidi-1.0.4-9.el8.s390x.rpm  
fribidi-debuginfo-1.0.4-9.el8.s390x.rpm  
fribidi-debugsource-1.0.4-9.el8.s390x.rpm  
fribidi-devel-1.0.4-9.el8.s390x.rpm

x86_64:  
fribidi-1.0.4-9.el8.i686.rpm  
fribidi-1.0.4-9.el8.x86_64.rpm  
fribidi-debuginfo-1.0.4-9.el8.i686.rpm  
fribidi-debuginfo-1.0.4-9.el8.x86_64.rpm  
fribidi-debugsource-1.0.4-9.el8.i686.rpm  
fribidi-debugsource-1.0.4-9.el8.x86_64.rpm  
fribidi-devel-1.0.4-9.el8.i686.rpm  
fribidi-devel-1.0.4-9.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-25308  
https://access.redhat.com/security/cve/CVE-2022-25309  
https://access.redhat.com/security/cve/CVE-2022-25310  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY2pSl9zjgjWX9erEAQjiCQ//c3fOFXaSK86vN6LQtZQDtRb4lY3e8LA/  
YuAXQrtQzoaXiPGgYv/NBgKdngKAAKdj+NCMZMweNor7s6O5oi6n+YhC8FI0imz+  
enbnrhsbRcOHXq9F1bD7t6mg0/91vbH+risyqJ7A5mG3LH7ZqCs2PJ7WErGCCU5A  
N/PDESAIr80F5+oW2poS++sWbUhzYht4cGSRP1haPAVKCb1r7RSk9o2HXSaYkdRQ  
EBLeuxmBW5Zb/VxWdCdWhCyz/bWjAEHkLdTjBYvSq97kZyH0OIWPhJptg5Sg3afI  
U8VQQjE80F/uMpNAZOej7TawV+JmpPrNkOTcmVw3G6BeggMGNmz8gTKZ7TbnAZxl  
XWq4VYUHHAuKZi4WQ8e9E8P8GSa1+aDSCmRk2D/UJy+TboVEmhW9hyYOvy0NZq34  
idsr81JdwHx2NxhkBpu6tNA4pONgmPUs8O117tO0+gaxw0TgkquQh760mRqyUf4i  
I+1PPEWfBFMYLGc7wyMGNZXatBTJsvUiIxgZHFf2uZivbf7s5qe6RiR0fLKc0DC3  
MFAmaeO6QinyZ0LHlPBcjySXzGQsfJfWAkrFYHCFC1luGz8dUgki9xLOu2nE21aB  
1QwsE8g4AWRPPl+afFB1/GCT5/mYuSqJx+tY+zXFNuTJWlp6a+SgR2LSYvOeZTen  
ANw5l8k4X3wsn  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7514-01

Red Hat Security Advisory 2022-7643-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include denial of service and memory leak vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: bind9.16 security update  
Advisory ID:       RHSA-2022:7643-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7643  
Issue date:        2022-11-08  
CVE Names:         CVE-2021-25220 CVE-2022-0396  
====================================================================  
1. Summary:

An update for bind9.16 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain  
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver  
library (routines for applications to use when interfacing with DNS); and  
tools for verifying that the DNS server is operating correctly.

Security Fix(es):

* bind: DNS forwarders - cache poisoning vulnerability (CVE-2021-25220)

* bind: DoS from specifically crafted TCP packets (CVE-2022-0396)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat  
Enterprise Linux 8.7 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2064512 - CVE-2021-25220 bind: DNS forwarders - cache poisoning vulnerability  
2064513 - CVE-2022-0396 bind: DoS from specifically crafted TCP packets  
2128601 - CVE-2022-38177 bind: memory leak in ECDSA DNSSEC verification code

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
bind9.16-9.16.23-0.9.el8.1.src.rpm

aarch64:  
bind9.16-9.16.23-0.9.el8.1.aarch64.rpm  
bind9.16-chroot-9.16.23-0.9.el8.1.aarch64.rpm  
bind9.16-debuginfo-9.16.23-0.9.el8.1.aarch64.rpm  
bind9.16-debugsource-9.16.23-0.9.el8.1.aarch64.rpm  
bind9.16-dnssec-utils-debuginfo-9.16.23-0.9.el8.1.aarch64.rpm  
bind9.16-libs-9.16.23-0.9.el8.1.aarch64.rpm  
bind9.16-libs-debuginfo-9.16.23-0.9.el8.1.aarch64.rpm  
bind9.16-utils-9.16.23-0.9.el8.1.aarch64.rpm  
bind9.16-utils-debuginfo-9.16.23-0.9.el8.1.aarch64.rpm

noarch:  
bind9.16-license-9.16.23-0.9.el8.1.noarch.rpm

ppc64le:  
bind9.16-9.16.23-0.9.el8.1.ppc64le.rpm  
bind9.16-chroot-9.16.23-0.9.el8.1.ppc64le.rpm  
bind9.16-debuginfo-9.16.23-0.9.el8.1.ppc64le.rpm  
bind9.16-debugsource-9.16.23-0.9.el8.1.ppc64le.rpm  
bind9.16-dnssec-utils-debuginfo-9.16.23-0.9.el8.1.ppc64le.rpm  
bind9.16-libs-9.16.23-0.9.el8.1.ppc64le.rpm  
bind9.16-libs-debuginfo-9.16.23-0.9.el8.1.ppc64le.rpm  
bind9.16-utils-9.16.23-0.9.el8.1.ppc64le.rpm  
bind9.16-utils-debuginfo-9.16.23-0.9.el8.1.ppc64le.rpm

s390x:  
bind9.16-9.16.23-0.9.el8.1.s390x.rpm  
bind9.16-chroot-9.16.23-0.9.el8.1.s390x.rpm  
bind9.16-debuginfo-9.16.23-0.9.el8.1.s390x.rpm  
bind9.16-debugsource-9.16.23-0.9.el8.1.s390x.rpm  
bind9.16-dnssec-utils-debuginfo-9.16.23-0.9.el8.1.s390x.rpm  
bind9.16-libs-9.16.23-0.9.el8.1.s390x.rpm  
bind9.16-libs-debuginfo-9.16.23-0.9.el8.1.s390x.rpm  
bind9.16-utils-9.16.23-0.9.el8.1.s390x.rpm  
bind9.16-utils-debuginfo-9.16.23-0.9.el8.1.s390x.rpm

x86_64:  
bind9.16-9.16.23-0.9.el8.1.x86_64.rpm  
bind9.16-chroot-9.16.23-0.9.el8.1.x86_64.rpm  
bind9.16-debuginfo-9.16.23-0.9.el8.1.x86_64.rpm  
bind9.16-debugsource-9.16.23-0.9.el8.1.x86_64.rpm  
bind9.16-dnssec-utils-debuginfo-9.16.23-0.9.el8.1.x86_64.rpm  
bind9.16-libs-9.16.23-0.9.el8.1.x86_64.rpm  
bind9.16-libs-debuginfo-9.16.23-0.9.el8.1.x86_64.rpm  
bind9.16-utils-9.16.23-0.9.el8.1.x86_64.rpm  
bind9.16-utils-debuginfo-9.16.23-0.9.el8.1.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

aarch64:  
bind9.16-debuginfo-9.16.23-0.9.el8.1.aarch64.rpm  
bind9.16-debugsource-9.16.23-0.9.el8.1.aarch64.rpm  
bind9.16-devel-9.16.23-0.9.el8.1.aarch64.rpm  
bind9.16-dnssec-utils-9.16.23-0.9.el8.1.aarch64.rpm  
bind9.16-dnssec-utils-debuginfo-9.16.23-0.9.el8.1.aarch64.rpm  
bind9.16-libs-debuginfo-9.16.23-0.9.el8.1.aarch64.rpm  
bind9.16-utils-debuginfo-9.16.23-0.9.el8.1.aarch64.rpm

noarch:  
bind9.16-doc-9.16.23-0.9.el8.1.noarch.rpm  
python3-bind9.16-9.16.23-0.9.el8.1.noarch.rpm

ppc64le:  
bind9.16-debuginfo-9.16.23-0.9.el8.1.ppc64le.rpm  
bind9.16-debugsource-9.16.23-0.9.el8.1.ppc64le.rpm  
bind9.16-devel-9.16.23-0.9.el8.1.ppc64le.rpm  
bind9.16-dnssec-utils-9.16.23-0.9.el8.1.ppc64le.rpm  
bind9.16-dnssec-utils-debuginfo-9.16.23-0.9.el8.1.ppc64le.rpm  
bind9.16-libs-debuginfo-9.16.23-0.9.el8.1.ppc64le.rpm  
bind9.16-utils-debuginfo-9.16.23-0.9.el8.1.ppc64le.rpm

s390x:  
bind9.16-debuginfo-9.16.23-0.9.el8.1.s390x.rpm  
bind9.16-debugsource-9.16.23-0.9.el8.1.s390x.rpm  
bind9.16-devel-9.16.23-0.9.el8.1.s390x.rpm  
bind9.16-dnssec-utils-9.16.23-0.9.el8.1.s390x.rpm  
bind9.16-dnssec-utils-debuginfo-9.16.23-0.9.el8.1.s390x.rpm  
bind9.16-libs-debuginfo-9.16.23-0.9.el8.1.s390x.rpm  
bind9.16-utils-debuginfo-9.16.23-0.9.el8.1.s390x.rpm

x86_64:  
bind9.16-debuginfo-9.16.23-0.9.el8.1.i686.rpm  
bind9.16-debuginfo-9.16.23-0.9.el8.1.x86_64.rpm  
bind9.16-debugsource-9.16.23-0.9.el8.1.i686.rpm  
bind9.16-debugsource-9.16.23-0.9.el8.1.x86_64.rpm  
bind9.16-devel-9.16.23-0.9.el8.1.i686.rpm  
bind9.16-devel-9.16.23-0.9.el8.1.x86_64.rpm  
bind9.16-dnssec-utils-9.16.23-0.9.el8.1.x86_64.rpm  
bind9.16-dnssec-utils-debuginfo-9.16.23-0.9.el8.1.i686.rpm  
bind9.16-dnssec-utils-debuginfo-9.16.23-0.9.el8.1.x86_64.rpm  
bind9.16-libs-9.16.23-0.9.el8.1.i686.rpm  
bind9.16-libs-debuginfo-9.16.23-0.9.el8.1.i686.rpm  
bind9.16-libs-debuginfo-9.16.23-0.9.el8.1.x86_64.rpm  
bind9.16-utils-debuginfo-9.16.23-0.9.el8.1.i686.rpm  
bind9.16-utils-debuginfo-9.16.23-0.9.el8.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-25220  
https://access.redhat.com/security/cve/CVE-2022-0396  
https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY2pSW9zjgjWX9erEAQhIyw//SGCFyvcxj0U6yn2bbf0O2/C9simPnh9g  
11SwSlmRGAfEAcVbaczaAUd9Z74ap5lEDdUSagxBdV9HA6OWoTPRYkcikvn4JDK2  
27Kl1/yjsEEdRGpjCd3TjTBsRO/2YsQJwCzpf9iwnD5RJKlX9hty7EIwxRQR9EnY  
SVlaPmUDcXgSfcJ+6SaUahPRkzvZ0tya30oBuqNgAl6UExAiQ+hUN3K7J8by3ZQw  
ZMovwQ3CTyN0y8YJubuTswVyLcNDtQVMk8Hu6EHvdlhc0ZUgH9tXcxGakyA5uF0Q  
7IvKDnGxnVEDBUdSTZp06iX+nhM8RawWJfa95Z1V9nKkOIAA3ALFBWdC8VT+X2RJ  
+GRLIqSVu5lGteA38+G29T8NPHEXWPEzQfuf54Wy9JPWetKHk1o2iCgbLiX4D8gu  
YMylIk0m/CdfkAjDGn2msG+gnCDMLPgyTunYK0enflWGJvaTN3BmSA84/fAci36M  
f+DROFugmjD+meGmDcNxyw72/UB3dARuUJjtlHaym4DIv8O/LuSVo4XgspBLtIJT  
Kh3qDsXzKE2WvkLseynI87E/7C0aWLacDmzf2m4QiTu+4r/tesRxv0oJfcD7c1aF  
DdLGHtWtjuQqu2Yr3xG0IhJiPYdKpB8R5L2p8Lyl2CX26ppgds0m6qUAQGmbz4gX  
1ORsy/EWei0=pWJB  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7643-01

Red Hat Security Advisory 2022-7458-01 - Flatpak-builder is a tool for building flatpaks from sources.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: flatpak-builder security and bug fix update  
Advisory ID:       RHSA-2022:7458-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7458  
Issue date:        2022-11-08  
CVE Names:         CVE-2022-21682  
====================================================================  
1. Summary:

An update for flatpak-builder is now available for Red Hat Enterprise Linux  
8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

Flatpak-builder is a tool for building flatpaks from sources.

Security Fix(es):

* flatpak: flatpak-builder --mirror-screenshots-url can access files  
outside the build directory (CVE-2022-21682)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat  
Enterprise Linux 8.7 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2041592 - CVE-2022-21682 flatpak: flatpak-builder --mirror-screenshots-url can access files outside the build directory  
2047312 - Update flatpak-builder to 1.0.14

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
flatpak-builder-1.0.14-2.el8.src.rpm

aarch64:  
flatpak-builder-1.0.14-2.el8.aarch64.rpm  
flatpak-builder-debuginfo-1.0.14-2.el8.aarch64.rpm  
flatpak-builder-debugsource-1.0.14-2.el8.aarch64.rpm

ppc64le:  
flatpak-builder-1.0.14-2.el8.ppc64le.rpm  
flatpak-builder-debuginfo-1.0.14-2.el8.ppc64le.rpm  
flatpak-builder-debugsource-1.0.14-2.el8.ppc64le.rpm

s390x:  
flatpak-builder-1.0.14-2.el8.s390x.rpm  
flatpak-builder-debuginfo-1.0.14-2.el8.s390x.rpm  
flatpak-builder-debugsource-1.0.14-2.el8.s390x.rpm

x86_64:  
flatpak-builder-1.0.14-2.el8.x86_64.rpm  
flatpak-builder-debuginfo-1.0.14-2.el8.x86_64.rpm  
flatpak-builder-debugsource-1.0.14-2.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-21682  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY2pSqNzjgjWX9erEAQjQlxAAjusjcuaudtoVemTFAaTYBrdir2ZQBUFt  
tv5kw9b8dN7PdGZB8J9HO6hDzx1EJfSZCCbp2Jy8LEiERLuGqn9djmOK004UE0Rj  
q8n9TRWAXSHFgDjjOs9t4v4swUGPG020+szRJGPw5C7T1+CicfL2vP2cxkWTA9Ym  
IYQ9IsEiDzjla8Jy3DvzHY/utOh8iFdyv+qN6k2wed3yYety0I2NlQ8e9rDj9K/c  
2+9jj84wHu+Mp02HEUoQ1ui5NkF3U8uzW3lNQVNKxD7XuOm3t5kdHqxeY8LhwIQC  
lJpWANB5jFq4EwIOPAL03Ib+oZa+4Qn24Gj7z0y3F2lEJl/kehs5/e6w13YLXKZC  
7lFuMdQInjssjKML0s8SJLSxRDn+/C2CIKOCc/zE970XW9DlHQ3bZUZZZeA3K/fR  
zJAIEQAxAIMDoNohrvezEzKx3aGGdCzcnj1GgElmnNzOdjQLlh+vt2RZGuJobO4W  
1In7fCF7QJavjFJaSlZ7N6J8uzXfqs4Erhy5P53kc0Irl4dM8aQFBm16B7co8hgw  
nqCa3tDnZm1vJY840VgfimaLpbj0WogLTanZYU2ZfKGn8D9aO1DLhtVsHXSxxPkJ  
x+BSboC1tE5lFOB0/3CTygrvErGRf1je0fqVdHneeyJkV1b/9EoefLwqogQzl+hf  
Wh6XxShteP8=vNug  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7458-01

Red Hat Security Advisory 2022-7529-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include denial of service and memory exhaustion vulnerabilities.

Red Hat Security Advisory 2022-7529-01

Red Hat Security Advisory 2022-7647-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include buffer overflow, denial of service, information leakage, and out of bounds read vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: httpd:2.4 security update  
Advisory ID:       RHSA-2022:7647-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7647  
Issue date:        2022-11-08  
CVE Names:         CVE-2022-22719 CVE-2022-22721 CVE-2022-23943  
                   CVE-2022-26377 CVE-2022-28614 CVE-2022-28615  
                   CVE-2022-29404 CVE-2022-30522 CVE-2022-30556  
                   CVE-2022-31813  
====================================================================  
1. Summary:

An update for the httpd:2.4 module is now available for Red Hat Enterprise  
Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The httpd packages provide the Apache HTTP Server, a powerful, efficient,  
and extensible web server.

Security Fix(es):

* httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943)

* httpd: mod_lua: Use of uninitialized value of in r:parsebody  
(CVE-2022-22719)

* httpd: core: Possible buffer overflow with very large or unlimited  
LimitXMLRequestBody (CVE-2022-22721)

* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)

* httpd: mod_lua: DoS in r:parsebody (CVE-2022-29404)

* httpd: mod_sed: DoS vulnerability (CVE-2022-30522)

* httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism  
(CVE-2022-31813)

* httpd: Out-of-bounds read via ap_rwrite() (CVE-2022-28614)

* httpd: Out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)

* httpd: mod_lua: Information disclosure with websockets (CVE-2022-30556)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat  
Enterprise Linux 8.7 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon will be restarted  
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds  
2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody  
2064322 - CVE-2022-22719 httpd: mod_lua: Use of uninitialized value of in r:parsebody  
2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling  
2095002 - CVE-2022-28614 httpd: Out-of-bounds read via ap_rwrite()  
2095006 - CVE-2022-28615 httpd: Out-of-bounds read in ap_strcmp_match()  
2095012 - CVE-2022-29404 httpd: mod_lua: DoS in r:parsebody  
2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability  
2095018 - CVE-2022-30556 httpd: mod_lua: Information disclosure with websockets  
2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
httpd-2.4.37-51.module+el8.7.0+16050+02173b8e.src.rpm  
mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.src.rpm  
mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.src.rpm

aarch64:  
httpd-2.4.37-51.module+el8.7.0+16050+02173b8e.aarch64.rpm  
httpd-debuginfo-2.4.37-51.module+el8.7.0+16050+02173b8e.aarch64.rpm  
httpd-debugsource-2.4.37-51.module+el8.7.0+16050+02173b8e.aarch64.rpm  
httpd-devel-2.4.37-51.module+el8.7.0+16050+02173b8e.aarch64.rpm  
httpd-tools-2.4.37-51.module+el8.7.0+16050+02173b8e.aarch64.rpm  
httpd-tools-debuginfo-2.4.37-51.module+el8.7.0+16050+02173b8e.aarch64.rpm  
mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.aarch64.rpm  
mod_http2-debuginfo-1.15.7-5.module+el8.6.0+13996+01710940.aarch64.rpm  
mod_http2-debugsource-1.15.7-5.module+el8.6.0+13996+01710940.aarch64.rpm  
mod_ldap-2.4.37-51.module+el8.7.0+16050+02173b8e.aarch64.rpm  
mod_ldap-debuginfo-2.4.37-51.module+el8.7.0+16050+02173b8e.aarch64.rpm  
mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm  
mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm  
mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm  
mod_proxy_html-2.4.37-51.module+el8.7.0+16050+02173b8e.aarch64.rpm  
mod_proxy_html-debuginfo-2.4.37-51.module+el8.7.0+16050+02173b8e.aarch64.rpm  
mod_session-2.4.37-51.module+el8.7.0+16050+02173b8e.aarch64.rpm  
mod_session-debuginfo-2.4.37-51.module+el8.7.0+16050+02173b8e.aarch64.rpm  
mod_ssl-2.4.37-51.module+el8.7.0+16050+02173b8e.aarch64.rpm  
mod_ssl-debuginfo-2.4.37-51.module+el8.7.0+16050+02173b8e.aarch64.rpm

noarch:  
httpd-filesystem-2.4.37-51.module+el8.7.0+16050+02173b8e.noarch.rpm  
httpd-manual-2.4.37-51.module+el8.7.0+16050+02173b8e.noarch.rpm

ppc64le:  
httpd-2.4.37-51.module+el8.7.0+16050+02173b8e.ppc64le.rpm  
httpd-debuginfo-2.4.37-51.module+el8.7.0+16050+02173b8e.ppc64le.rpm  
httpd-debugsource-2.4.37-51.module+el8.7.0+16050+02173b8e.ppc64le.rpm  
httpd-devel-2.4.37-51.module+el8.7.0+16050+02173b8e.ppc64le.rpm  
httpd-tools-2.4.37-51.module+el8.7.0+16050+02173b8e.ppc64le.rpm  
httpd-tools-debuginfo-2.4.37-51.module+el8.7.0+16050+02173b8e.ppc64le.rpm  
mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.ppc64le.rpm  
mod_http2-debuginfo-1.15.7-5.module+el8.6.0+13996+01710940.ppc64le.rpm  
mod_http2-debugsource-1.15.7-5.module+el8.6.0+13996+01710940.ppc64le.rpm  
mod_ldap-2.4.37-51.module+el8.7.0+16050+02173b8e.ppc64le.rpm  
mod_ldap-debuginfo-2.4.37-51.module+el8.7.0+16050+02173b8e.ppc64le.rpm  
mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm  
mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm  
mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm  
mod_proxy_html-2.4.37-51.module+el8.7.0+16050+02173b8e.ppc64le.rpm  
mod_proxy_html-debuginfo-2.4.37-51.module+el8.7.0+16050+02173b8e.ppc64le.rpm  
mod_session-2.4.37-51.module+el8.7.0+16050+02173b8e.ppc64le.rpm  
mod_session-debuginfo-2.4.37-51.module+el8.7.0+16050+02173b8e.ppc64le.rpm  
mod_ssl-2.4.37-51.module+el8.7.0+16050+02173b8e.ppc64le.rpm  
mod_ssl-debuginfo-2.4.37-51.module+el8.7.0+16050+02173b8e.ppc64le.rpm

s390x:  
httpd-2.4.37-51.module+el8.7.0+16050+02173b8e.s390x.rpm  
httpd-debuginfo-2.4.37-51.module+el8.7.0+16050+02173b8e.s390x.rpm  
httpd-debugsource-2.4.37-51.module+el8.7.0+16050+02173b8e.s390x.rpm  
httpd-devel-2.4.37-51.module+el8.7.0+16050+02173b8e.s390x.rpm  
httpd-tools-2.4.37-51.module+el8.7.0+16050+02173b8e.s390x.rpm  
httpd-tools-debuginfo-2.4.37-51.module+el8.7.0+16050+02173b8e.s390x.rpm  
mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.s390x.rpm  
mod_http2-debuginfo-1.15.7-5.module+el8.6.0+13996+01710940.s390x.rpm  
mod_http2-debugsource-1.15.7-5.module+el8.6.0+13996+01710940.s390x.rpm  
mod_ldap-2.4.37-51.module+el8.7.0+16050+02173b8e.s390x.rpm  
mod_ldap-debuginfo-2.4.37-51.module+el8.7.0+16050+02173b8e.s390x.rpm  
mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm  
mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm  
mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm  
mod_proxy_html-2.4.37-51.module+el8.7.0+16050+02173b8e.s390x.rpm  
mod_proxy_html-debuginfo-2.4.37-51.module+el8.7.0+16050+02173b8e.s390x.rpm  
mod_session-2.4.37-51.module+el8.7.0+16050+02173b8e.s390x.rpm  
mod_session-debuginfo-2.4.37-51.module+el8.7.0+16050+02173b8e.s390x.rpm  
mod_ssl-2.4.37-51.module+el8.7.0+16050+02173b8e.s390x.rpm  
mod_ssl-debuginfo-2.4.37-51.module+el8.7.0+16050+02173b8e.s390x.rpm

x86_64:  
httpd-2.4.37-51.module+el8.7.0+16050+02173b8e.x86_64.rpm  
httpd-debuginfo-2.4.37-51.module+el8.7.0+16050+02173b8e.x86_64.rpm  
httpd-debugsource-2.4.37-51.module+el8.7.0+16050+02173b8e.x86_64.rpm  
httpd-devel-2.4.37-51.module+el8.7.0+16050+02173b8e.x86_64.rpm  
httpd-tools-2.4.37-51.module+el8.7.0+16050+02173b8e.x86_64.rpm  
httpd-tools-debuginfo-2.4.37-51.module+el8.7.0+16050+02173b8e.x86_64.rpm  
mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.x86_64.rpm  
mod_http2-debuginfo-1.15.7-5.module+el8.6.0+13996+01710940.x86_64.rpm  
mod_http2-debugsource-1.15.7-5.module+el8.6.0+13996+01710940.x86_64.rpm  
mod_ldap-2.4.37-51.module+el8.7.0+16050+02173b8e.x86_64.rpm  
mod_ldap-debuginfo-2.4.37-51.module+el8.7.0+16050+02173b8e.x86_64.rpm  
mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm  
mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm  
mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm  
mod_proxy_html-2.4.37-51.module+el8.7.0+16050+02173b8e.x86_64.rpm  
mod_proxy_html-debuginfo-2.4.37-51.module+el8.7.0+16050+02173b8e.x86_64.rpm  
mod_session-2.4.37-51.module+el8.7.0+16050+02173b8e.x86_64.rpm  
mod_session-debuginfo-2.4.37-51.module+el8.7.0+16050+02173b8e.x86_64.rpm  
mod_ssl-2.4.37-51.module+el8.7.0+16050+02173b8e.x86_64.rpm  
mod_ssl-debuginfo-2.4.37-51.module+el8.7.0+16050+02173b8e.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-22719  
https://access.redhat.com/security/cve/CVE-2022-22721  
https://access.redhat.com/security/cve/CVE-2022-23943  
https://access.redhat.com/security/cve/CVE-2022-26377  
https://access.redhat.com/security/cve/CVE-2022-28614  
https://access.redhat.com/security/cve/CVE-2022-28615  
https://access.redhat.com/security/cve/CVE-2022-29404  
https://access.redhat.com/security/cve/CVE-2022-30522  
https://access.redhat.com/security/cve/CVE-2022-30556  
https://access.redhat.com/security/cve/CVE-2022-31813  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY2pSVdzjgjWX9erEAQjeQQ/9HLdj+CQQi/1gKtbOj+m9kscI7Mqeb/7S  
7N/UEFvrH/HI5SEcL8QIIvE/OweXHJHK6/njUOOTdO4fHjWJ9ZxbMCxCBMdqQhrn  
YHPB//XGIHy0Myo5+iXcOdpKiIlZTubrNTXglyriKf7UJTWKtYb71t5xwLQV9U5T  
2zbGrGpkVwU20N3Oy4mHHQs7nvuqb21waxwpr54gIVzMkfQnYc5d9rLYwsrddZEi  
dPeqH2AVHAU7TvwNPjKrZudC2X0k3p4r/sYu3Tksp7C2Qo10/x7ekcFYEqZfhYcK  
xsyEq0qqVYM1v7SC8MTCmFp9nx1zuHzAcH3r2kXwtG3dSXiHmA3/HYen8k8qFM8L  
fX/XH9lVckvpruoGi4I5bsS0plO1IuOz70MFVh+ImgtrCzvDH/tNxHA/0tKlDDao  
lvIg9KOKlH/y/J1SofUP26Pfcyhwo4gZdjOYCghsWtLIWEYgcawZn3ooPM//xA5w  
Lb5/cSDlmEv6MnG8tbJ9IGsG9W15/A9Jqoyx+TEXyXRpBjqT9/ElvA88UA8uciKJ  
ZoHYmhJgn9C5dxnmweuCvXS+CnJaK8qgQ5lJy6OjeLgP2b7AB73TqEcuIJm2izvX  
wbJYUElIU9QDHihmK8c3qjiW4Kr0Bz5H56U6in6DKLuAKXqH2NpdHFOihDOg7Uzv  
muAF//BBtP4=x6q/  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7647-01

Red Hat Security Advisory 2022-7622-01 - The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: unbound security, bug fix, and enhancement update  
Advisory ID:       RHSA-2022:7622-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7622  
Issue date:        2022-11-08  
CVE Names:         CVE-2022-30698 CVE-2022-30699  
====================================================================  
1. Summary:

An update for unbound is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

The unbound packages provide a validating, recursive, and caching DNS or  
DNSSEC resolver.

The following packages have been upgraded to a later upstream version:  
unbound (1.16.2). (BZ#2027735)

Security Fix(es):

* unbound: the novel ghost domain where malicious users to trigger  
continued resolvability of malicious domain names (CVE-2022-30698)

* unbound: novel ghost domain attack where malicious users to trigger  
continued resolvability of malicious domain names (CVE-2022-30699)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat  
Enterprise Linux 8.7 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1959468 - unbound-keygen needs to be stoped  
2018806 - unbound-keygen requires openssl [rhel8]  
2023549 - unbound support for RFC 8767  
2027735 - [RFE] Rebase unbound to latest stable release  
2038251 - AVC denials recorded for fsetid while running unbound with local socket, though it (unbound-control) still works!  
2081958 - chroot functionality isn't available in unbound-1.7.3 in RHEL8  
2116725 - CVE-2022-30698 unbound:  the novel ghost domain where malicious users to trigger continued resolvability of malicious domain names  
2116729 - CVE-2022-30699 unbound: novel ghost domain attack where malicious users to trigger continued resolvability of malicious domain names

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
unbound-1.16.2-2.el8.src.rpm

aarch64:  
python3-unbound-1.16.2-2.el8.aarch64.rpm  
python3-unbound-debuginfo-1.16.2-2.el8.aarch64.rpm  
unbound-1.16.2-2.el8.aarch64.rpm  
unbound-debuginfo-1.16.2-2.el8.aarch64.rpm  
unbound-debugsource-1.16.2-2.el8.aarch64.rpm  
unbound-devel-1.16.2-2.el8.aarch64.rpm  
unbound-libs-1.16.2-2.el8.aarch64.rpm  
unbound-libs-debuginfo-1.16.2-2.el8.aarch64.rpm

ppc64le:  
python3-unbound-1.16.2-2.el8.ppc64le.rpm  
python3-unbound-debuginfo-1.16.2-2.el8.ppc64le.rpm  
unbound-1.16.2-2.el8.ppc64le.rpm  
unbound-debuginfo-1.16.2-2.el8.ppc64le.rpm  
unbound-debugsource-1.16.2-2.el8.ppc64le.rpm  
unbound-devel-1.16.2-2.el8.ppc64le.rpm  
unbound-libs-1.16.2-2.el8.ppc64le.rpm  
unbound-libs-debuginfo-1.16.2-2.el8.ppc64le.rpm

s390x:  
python3-unbound-1.16.2-2.el8.s390x.rpm  
python3-unbound-debuginfo-1.16.2-2.el8.s390x.rpm  
unbound-1.16.2-2.el8.s390x.rpm  
unbound-debuginfo-1.16.2-2.el8.s390x.rpm  
unbound-debugsource-1.16.2-2.el8.s390x.rpm  
unbound-devel-1.16.2-2.el8.s390x.rpm  
unbound-libs-1.16.2-2.el8.s390x.rpm  
unbound-libs-debuginfo-1.16.2-2.el8.s390x.rpm

x86_64:  
python3-unbound-1.16.2-2.el8.x86_64.rpm  
python3-unbound-debuginfo-1.16.2-2.el8.i686.rpm  
python3-unbound-debuginfo-1.16.2-2.el8.x86_64.rpm  
unbound-1.16.2-2.el8.x86_64.rpm  
unbound-debuginfo-1.16.2-2.el8.i686.rpm  
unbound-debuginfo-1.16.2-2.el8.x86_64.rpm  
unbound-debugsource-1.16.2-2.el8.i686.rpm  
unbound-debugsource-1.16.2-2.el8.x86_64.rpm  
unbound-devel-1.16.2-2.el8.i686.rpm  
unbound-devel-1.16.2-2.el8.x86_64.rpm  
unbound-libs-1.16.2-2.el8.i686.rpm  
unbound-libs-1.16.2-2.el8.x86_64.rpm  
unbound-libs-debuginfo-1.16.2-2.el8.i686.rpm  
unbound-libs-debuginfo-1.16.2-2.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-30698  
https://access.redhat.com/security/cve/CVE-2022-30699  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY2pSaNzjgjWX9erEAQi/Kg//YDJsezVsDdYsWXoPhm77vguQm1WZk6ly  
jihpm448rb3CVGF+BFNgzblnsppGiqwKniIqqrBdLGlNrdIdfwBNaQuUJWkczy9m  
7SgE2ar8nhBjTDdOfHjXpsydqvNQGOlzFrmi7uprMK2o1K+ykbBB0I0vCThlUGLo  
SyKFN4FiQV46e5E+QuRdvnqGIbsj0xFTRVJJLQAsAJSKM1WNGK1wDJAobzwyHoYs  
1WvoI9XxkB49a7VxhjjbBZF60BuFOydppCmQg/Z++EC7L9uH4rO4vpizxwYvUtjO  
iu7w0sDkNIO0rwaZ5g4SkqYqhsh5sO0sygowkkgq/IXjrInZMJ8HrxtFOHBNMwI/  
nJkJ7yRpqhrnvcYeOj0e8NEMfozLqEyxC9G1yIjIkpyMwtDjk2B+hj5Hdpwnrwct  
Num7OVDhpGX0bcyQ2+IdRzrXPMvnQLIOPuTbSCx0liZY6a46JQb76GPCysj2S3GW  
if9IaGmnnT6j4+wgLkdb1GSjUHn5EcyDb/pNmlos0Ph2F1fS/jEqcvNZcQbf4NSU  
cJsvj6G+Bb4tM+pUHakIgCwHYldkxp0NeUcZL4b8qLIcz78PLFm8wKdtAk7wnOsX  
tvP8CHZHQnKqnxIr8/aiyHs7jhdsw5gXX4wAtk4J/5li4sACXWhhEoB286rbixa5  
md+30gjiIog=xuvM  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7622-01

Red Hat Security Advisory 2022-7639-01 - OpenBLAS is an optimized BLAS library based on GotoBLAS2 1.13 BSD version. Issues addressed include an out of bounds read vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: openblas security update  
Advisory ID:       RHSA-2022:7639-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7639  
Issue date:        2022-11-08  
CVE Names:         CVE-2021-4048  
====================================================================  
1. Summary:

An update for openblas is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

OpenBLAS is an optimized BLAS library based on GotoBLAS2 1.13 BSD version.

Security Fix(es):

* lapack: Out-of-bounds read in *larrv (CVE-2021-4048)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat  
Enterprise Linux 8.7 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2024358 - CVE-2021-4048 lapack: Out-of-bounds read in *larrv

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
openblas-0.3.15-4.el8.src.rpm

aarch64:  
openblas-0.3.15-4.el8.aarch64.rpm  
openblas-Rblas-debuginfo-0.3.15-4.el8.aarch64.rpm  
openblas-debuginfo-0.3.15-4.el8.aarch64.rpm  
openblas-debugsource-0.3.15-4.el8.aarch64.rpm  
openblas-openmp-debuginfo-0.3.15-4.el8.aarch64.rpm  
openblas-openmp64-debuginfo-0.3.15-4.el8.aarch64.rpm  
openblas-openmp64_-debuginfo-0.3.15-4.el8.aarch64.rpm  
openblas-serial64-debuginfo-0.3.15-4.el8.aarch64.rpm  
openblas-serial64_-debuginfo-0.3.15-4.el8.aarch64.rpm  
openblas-threads-0.3.15-4.el8.aarch64.rpm  
openblas-threads-debuginfo-0.3.15-4.el8.aarch64.rpm  
openblas-threads64-debuginfo-0.3.15-4.el8.aarch64.rpm  
openblas-threads64_-debuginfo-0.3.15-4.el8.aarch64.rpm

ppc64le:  
openblas-0.3.15-4.el8.ppc64le.rpm  
openblas-Rblas-debuginfo-0.3.15-4.el8.ppc64le.rpm  
openblas-debuginfo-0.3.15-4.el8.ppc64le.rpm  
openblas-debugsource-0.3.15-4.el8.ppc64le.rpm  
openblas-openmp-debuginfo-0.3.15-4.el8.ppc64le.rpm  
openblas-openmp64-debuginfo-0.3.15-4.el8.ppc64le.rpm  
openblas-openmp64_-debuginfo-0.3.15-4.el8.ppc64le.rpm  
openblas-serial64-debuginfo-0.3.15-4.el8.ppc64le.rpm  
openblas-serial64_-debuginfo-0.3.15-4.el8.ppc64le.rpm  
openblas-threads-0.3.15-4.el8.ppc64le.rpm  
openblas-threads-debuginfo-0.3.15-4.el8.ppc64le.rpm  
openblas-threads64-debuginfo-0.3.15-4.el8.ppc64le.rpm  
openblas-threads64_-debuginfo-0.3.15-4.el8.ppc64le.rpm

s390x:  
openblas-0.3.15-4.el8.s390x.rpm  
openblas-Rblas-debuginfo-0.3.15-4.el8.s390x.rpm  
openblas-debuginfo-0.3.15-4.el8.s390x.rpm  
openblas-debugsource-0.3.15-4.el8.s390x.rpm  
openblas-openmp-debuginfo-0.3.15-4.el8.s390x.rpm  
openblas-openmp64-debuginfo-0.3.15-4.el8.s390x.rpm  
openblas-openmp64_-debuginfo-0.3.15-4.el8.s390x.rpm  
openblas-serial64-debuginfo-0.3.15-4.el8.s390x.rpm  
openblas-serial64_-debuginfo-0.3.15-4.el8.s390x.rpm  
openblas-threads-0.3.15-4.el8.s390x.rpm  
openblas-threads-debuginfo-0.3.15-4.el8.s390x.rpm  
openblas-threads64-debuginfo-0.3.15-4.el8.s390x.rpm  
openblas-threads64_-debuginfo-0.3.15-4.el8.s390x.rpm

x86_64:  
openblas-0.3.15-4.el8.i686.rpm  
openblas-0.3.15-4.el8.x86_64.rpm  
openblas-Rblas-debuginfo-0.3.15-4.el8.i686.rpm  
openblas-Rblas-debuginfo-0.3.15-4.el8.x86_64.rpm  
openblas-debuginfo-0.3.15-4.el8.i686.rpm  
openblas-debuginfo-0.3.15-4.el8.x86_64.rpm  
openblas-debugsource-0.3.15-4.el8.i686.rpm  
openblas-debugsource-0.3.15-4.el8.x86_64.rpm  
openblas-openmp-debuginfo-0.3.15-4.el8.i686.rpm  
openblas-openmp-debuginfo-0.3.15-4.el8.x86_64.rpm  
openblas-openmp64-debuginfo-0.3.15-4.el8.x86_64.rpm  
openblas-openmp64_-debuginfo-0.3.15-4.el8.x86_64.rpm  
openblas-serial64-debuginfo-0.3.15-4.el8.x86_64.rpm  
openblas-serial64_-debuginfo-0.3.15-4.el8.x86_64.rpm  
openblas-threads-0.3.15-4.el8.i686.rpm  
openblas-threads-0.3.15-4.el8.x86_64.rpm  
openblas-threads-debuginfo-0.3.15-4.el8.i686.rpm  
openblas-threads-debuginfo-0.3.15-4.el8.x86_64.rpm  
openblas-threads64-debuginfo-0.3.15-4.el8.x86_64.rpm  
openblas-threads64_-debuginfo-0.3.15-4.el8.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

aarch64:  
openblas-Rblas-0.3.15-4.el8.aarch64.rpm  
openblas-Rblas-debuginfo-0.3.15-4.el8.aarch64.rpm  
openblas-debuginfo-0.3.15-4.el8.aarch64.rpm  
openblas-debugsource-0.3.15-4.el8.aarch64.rpm  
openblas-devel-0.3.15-4.el8.aarch64.rpm  
openblas-openmp-0.3.15-4.el8.aarch64.rpm  
openblas-openmp-debuginfo-0.3.15-4.el8.aarch64.rpm  
openblas-openmp64-0.3.15-4.el8.aarch64.rpm  
openblas-openmp64-debuginfo-0.3.15-4.el8.aarch64.rpm  
openblas-openmp64_-0.3.15-4.el8.aarch64.rpm  
openblas-openmp64_-debuginfo-0.3.15-4.el8.aarch64.rpm  
openblas-serial64-0.3.15-4.el8.aarch64.rpm  
openblas-serial64-debuginfo-0.3.15-4.el8.aarch64.rpm  
openblas-serial64_-0.3.15-4.el8.aarch64.rpm  
openblas-serial64_-debuginfo-0.3.15-4.el8.aarch64.rpm  
openblas-static-0.3.15-4.el8.aarch64.rpm  
openblas-threads-debuginfo-0.3.15-4.el8.aarch64.rpm  
openblas-threads64-0.3.15-4.el8.aarch64.rpm  
openblas-threads64-debuginfo-0.3.15-4.el8.aarch64.rpm  
openblas-threads64_-0.3.15-4.el8.aarch64.rpm  
openblas-threads64_-debuginfo-0.3.15-4.el8.aarch64.rpm

ppc64le:  
openblas-Rblas-0.3.15-4.el8.ppc64le.rpm  
openblas-Rblas-debuginfo-0.3.15-4.el8.ppc64le.rpm  
openblas-debuginfo-0.3.15-4.el8.ppc64le.rpm  
openblas-debugsource-0.3.15-4.el8.ppc64le.rpm  
openblas-devel-0.3.15-4.el8.ppc64le.rpm  
openblas-openmp-0.3.15-4.el8.ppc64le.rpm  
openblas-openmp-debuginfo-0.3.15-4.el8.ppc64le.rpm  
openblas-openmp64-0.3.15-4.el8.ppc64le.rpm  
openblas-openmp64-debuginfo-0.3.15-4.el8.ppc64le.rpm  
openblas-openmp64_-0.3.15-4.el8.ppc64le.rpm  
openblas-openmp64_-debuginfo-0.3.15-4.el8.ppc64le.rpm  
openblas-serial64-0.3.15-4.el8.ppc64le.rpm  
openblas-serial64-debuginfo-0.3.15-4.el8.ppc64le.rpm  
openblas-serial64_-0.3.15-4.el8.ppc64le.rpm  
openblas-serial64_-debuginfo-0.3.15-4.el8.ppc64le.rpm  
openblas-static-0.3.15-4.el8.ppc64le.rpm  
openblas-threads-debuginfo-0.3.15-4.el8.ppc64le.rpm  
openblas-threads64-0.3.15-4.el8.ppc64le.rpm  
openblas-threads64-debuginfo-0.3.15-4.el8.ppc64le.rpm  
openblas-threads64_-0.3.15-4.el8.ppc64le.rpm  
openblas-threads64_-debuginfo-0.3.15-4.el8.ppc64le.rpm

s390x:  
openblas-Rblas-0.3.15-4.el8.s390x.rpm  
openblas-Rblas-debuginfo-0.3.15-4.el8.s390x.rpm  
openblas-debuginfo-0.3.15-4.el8.s390x.rpm  
openblas-debugsource-0.3.15-4.el8.s390x.rpm  
openblas-devel-0.3.15-4.el8.s390x.rpm  
openblas-openmp-0.3.15-4.el8.s390x.rpm  
openblas-openmp-debuginfo-0.3.15-4.el8.s390x.rpm  
openblas-openmp64-0.3.15-4.el8.s390x.rpm  
openblas-openmp64-debuginfo-0.3.15-4.el8.s390x.rpm  
openblas-openmp64_-0.3.15-4.el8.s390x.rpm  
openblas-openmp64_-debuginfo-0.3.15-4.el8.s390x.rpm  
openblas-serial64-0.3.15-4.el8.s390x.rpm  
openblas-serial64-debuginfo-0.3.15-4.el8.s390x.rpm  
openblas-serial64_-0.3.15-4.el8.s390x.rpm  
openblas-serial64_-debuginfo-0.3.15-4.el8.s390x.rpm  
openblas-static-0.3.15-4.el8.s390x.rpm  
openblas-threads-debuginfo-0.3.15-4.el8.s390x.rpm  
openblas-threads64-0.3.15-4.el8.s390x.rpm  
openblas-threads64-debuginfo-0.3.15-4.el8.s390x.rpm  
openblas-threads64_-0.3.15-4.el8.s390x.rpm  
openblas-threads64_-debuginfo-0.3.15-4.el8.s390x.rpm

x86_64:  
openblas-Rblas-0.3.15-4.el8.x86_64.rpm  
openblas-Rblas-debuginfo-0.3.15-4.el8.i686.rpm  
openblas-Rblas-debuginfo-0.3.15-4.el8.x86_64.rpm  
openblas-debuginfo-0.3.15-4.el8.i686.rpm  
openblas-debuginfo-0.3.15-4.el8.x86_64.rpm  
openblas-debugsource-0.3.15-4.el8.i686.rpm  
openblas-debugsource-0.3.15-4.el8.x86_64.rpm  
openblas-devel-0.3.15-4.el8.i686.rpm  
openblas-devel-0.3.15-4.el8.x86_64.rpm  
openblas-openmp-0.3.15-4.el8.i686.rpm  
openblas-openmp-0.3.15-4.el8.x86_64.rpm  
openblas-openmp-debuginfo-0.3.15-4.el8.i686.rpm  
openblas-openmp-debuginfo-0.3.15-4.el8.x86_64.rpm  
openblas-openmp64-0.3.15-4.el8.x86_64.rpm  
openblas-openmp64-debuginfo-0.3.15-4.el8.x86_64.rpm  
openblas-openmp64_-0.3.15-4.el8.x86_64.rpm  
openblas-openmp64_-debuginfo-0.3.15-4.el8.x86_64.rpm  
openblas-serial64-0.3.15-4.el8.x86_64.rpm  
openblas-serial64-debuginfo-0.3.15-4.el8.x86_64.rpm  
openblas-serial64_-0.3.15-4.el8.x86_64.rpm  
openblas-serial64_-debuginfo-0.3.15-4.el8.x86_64.rpm  
openblas-static-0.3.15-4.el8.i686.rpm  
openblas-static-0.3.15-4.el8.x86_64.rpm  
openblas-threads-debuginfo-0.3.15-4.el8.i686.rpm  
openblas-threads-debuginfo-0.3.15-4.el8.x86_64.rpm  
openblas-threads64-0.3.15-4.el8.x86_64.rpm  
openblas-threads64-debuginfo-0.3.15-4.el8.x86_64.rpm  
openblas-threads64_-0.3.15-4.el8.x86_64.rpm  
openblas-threads64_-debuginfo-0.3.15-4.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-4048  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY2pSKtzjgjWX9erEAQgiMhAAl4JqXY+OnFt0obGf6iXR2CYomEML5OfF  
WjzkLX++0G5wk19eJZcM3Vn4zdW3RO9g0QIL3k8J7xfdykXHA0S9L7SVbnzNAt4k  
YUo3V9plKxz5qNejv5uttVauSr9J6e+j36upEplKzdcydp4tjly9Re1QTztWuDUb  
pPlFmt+1SEgNvS0mxwlTK4s6ZmOO6e/mv3h0E724uI4DBJhdIT6HjdYg8StYa+g/  
d2d3xzt+ejOHiE3hTkoxg4dRu0WMGU8DTd4ZK0cC3WkM1Uc4IOIU1FHF2gzSeH7y  
Kgczo8OIoO6RBSi855meB834510Kx9R99h2l7nhWW/JgMrPu3pU/BIOyMXPgElv4  
x5GanoLYUi06t4NBRvRSgPzjvFDXep7jk6uXddwiVvynBFwzO9PDLZ6wdlniCpMU  
CTmTupjxEmV+wHjA+9jKnyaJapjuFIBoBTqQUK6UeZe9QJ/GbX7HeFgVaaxYjRWe  
FvskdBD+yfukz8bx5ixDuYMXvvcuNxJ9WXj6QGjobEL3/NIzO6QaQIOo9Vy3/1C1  
+Q/p4TRVwuaBembRiGnYeR06kcuka+I6ezrqQNj2JH++k1+3s5gHUHyChaxZ7+bs  
Q3UQqbea3aMelxNg0a276+p7NY0bk7ukDsOT6vE+s91Vhm8NMz5jwQuofIoj6T9S  
Csv5Xhsyfy4=xEEC  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Source

Packet Storm