Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

Wireshark Analyzer 4.0.0

Ubuntu Security Notice 5656-1 - Joseph Yasi discovered that JACK incorrectly handled the closing of a socket in certain conditions. An attacker could potentially use this issue to cause a crash.

    ==========================================================================Ubuntu Security Notice USN-5656-1October 04, 2022jackd2 vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 16.04 ESMSummary:JACK could cause a crash in certain conditions.Software Description:- jackd2: JACK Audio Connection Kit (server and example clients)Details:Joseph Yasi discovered that JACK incorrectly handled the closing of a socket in certain conditions. An attacker could potentially use this issue to cause a crash.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 16.04 ESM:   jackd2 1.9.10+20150825git1ed50c92~dfsg-1ubuntu1+esm1   jackd2-firewire 1.9.10+20150825git1ed50c92~dfsg-1ubuntu1+esm1   libjack-jackd2-0 1.9.10+20150825git1ed50c92~dfsg-1ubuntu1+esm1In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-5656-1   CVE-2019-13351

Ubuntu Security Notice USN-5656-1

Red Hat Security Advisory 2022-6782-01 - Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.5.3 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.5.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP request smuggling, code execution, cross site scripting, and denial of service vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: Red Hat Single Sign-On 7.5.3 security update on RHEL 7  
Advisory ID:       RHSA-2022:6782-01  
Product:           Red Hat Single Sign-On  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6782  
Issue date:        2022-10-04  
CVE Names:         CVE-2020-36518 CVE-2021-42392 CVE-2021-43797  
                   CVE-2022-0084 CVE-2022-0225 CVE-2022-0866  
                   CVE-2022-2256 CVE-2022-2668  
====================================================================  
1. Summary:

New Red Hat Single Sign-On 7.5.3 packages are now available for Red Hat  
Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Single Sign-On 7.5 for RHEL 7 Server - noarch

3. Description:

Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak  
project, that provides authentication and standards-based single sign-on  
capabilities for web and mobile applications.

This release of Red Hat Single Sign-On 7.5.3 on RHEL 7 serves as a  
replacement for Red Hat Single Sign-On 7.5.2, and includes bug fixes and  
enhancements, which are documented in the Release Notes document linked to  
in the References.

Security Fix(es):

* jackson-databind: denial of service via a large depth of nested objects  
(CVE-2020-36518)

* wildfly: Wildfly management of EJB Session context returns wrong caller  
principal with Elytron Security enabled (CVE-2022-0866)

* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of  
stderr (CVE-2022-0084)

* netty: control chars in header names may lead to HTTP request smuggling  
(CVE-2021-43797)

* keycloak-saml-core: keycloak: Uploading of SAML javascript protocol  
mapper scripts through the admin (CVE-2022-2668)

* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)

* h2: Remote Code Execution in Console (CVE-2021-42392)

* keycloak-core: keycloak: improper input validation permits script  
injection (CVE-2022-2256)

For more details about the security issue(s), including the impact, a CVSS  
score, and other related information, refer to the CVE page(s) listed in  
the References section.

4. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling  
2039403 - CVE-2021-42392 h2: Remote Code Execution in Console  
2040268 - CVE-2022-0225 keycloak: Stored XSS in groups dropdown  
2060929 - CVE-2022-0866 wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled  
2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr  
2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects  
2101942 - CVE-2022-2256 keycloak: improper input validation permits script injection  
2115392 - CVE-2022-2668 keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console

6. Package List:

Red Hat Single Sign-On 7.5 for RHEL 7 Server:

Source:  
rh-sso7-keycloak-15.0.8-1.redhat_00001.1.el7sso.src.rpm

noarch:  
rh-sso7-keycloak-15.0.8-1.redhat_00001.1.el7sso.noarch.rpm  
rh-sso7-keycloak-server-15.0.8-1.redhat_00001.1.el7sso.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-36518  
https://access.redhat.com/security/cve/CVE-2021-42392  
https://access.redhat.com/security/cve/CVE-2021-43797  
https://access.redhat.com/security/cve/CVE-2022-0084  
https://access.redhat.com/security/cve/CVE-2022-0225  
https://access.redhat.com/security/cve/CVE-2022-0866  
https://access.redhat.com/security/cve/CVE-2022-2256  
https://access.redhat.com/security/cve/CVE-2022-2668  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYzyeCtzjgjWX9erEAQhwyg/9FpyBFSpx+zM8piVRxP2baxGmBh5TPyj7  
hEU1K2Q5FClp0dHWoAYr8TmuN9rO1PlG/kci1265KGlgOT3RY8rZbkHjtWN/gc9b  
eWLbQovKWamRGDM7DssB7pF6MuFA6pnt3bylu9/aSCiushrlc5NtWx9bHiwXMBon  
O1nfoxG0IvQNmHfJWVXzHNX1cqMYQ6HW3s10BMYg4U38yYiMHU1b1uHsxVj7fwTr  
vYBl97ylYabwHzJjgpRNY9kCKJMuQpeeobwDv/foJi7R1yuWIstiVE55wuDM9VCU  
mfIk5HUZRTInnAoghKL2Y8dym+jUqcEm6nR1znTl9TsvcacC9BLcwlSOW3JKCfSy  
u/9JvpgnxZs5YsGAJcjAbRq18wzfsumiuCxU8Oq+2K0ngbG9QYU078JPPv8KKEUo  
ljlDZJYFE73ejtzEpk+ywLfazoScCKwBPCOdJe1Nl+namYDj+gxdm7V+CrTXoruS  
IH3ju5Dkz1aoZZCasAZGtNgAM8fGN/gixz58XwEGVTvfqvzQHjqqeq7lnXnBibOr  
CW9auAYFLauwx4aZ0zVV5dHD9G/QgOR0u9H0mWZioqueB2vpc7MDg7EUiKN0YpYD  
2laXT3DiX4cpnQT+fslO7zvPYMazCUSFwuWNCHZ2PuEcETg67Y43xsczfTnq/fOc  
rrKkvaC1X6Y=EP5O  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6782-01

Red Hat Security Advisory 2022-6777-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: squid:4 security update  
Advisory ID:       RHSA-2022:6777-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6777  
Issue date:        2022-10-04  
CVE Names:         CVE-2022-41318  
====================================================================  
1. Summary:

An update for the squid:4 module is now available for Red Hat Enterprise  
Linux 8.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64

3. Description:

Squid is a high-performance proxy caching server for web clients,  
supporting FTP, Gopher, and HTTP data objects.

Security Fix(es):

* squid: buffer-over-read in SSPI and SMB authentication (CVE-2022-41318)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the squid service will be restarted  
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

2129771 - CVE-2022-41318 squid: buffer-over-read in SSPI and SMB authentication

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v. 8.2):

Source:  
libecap-1.0.1-2.module+el8.1.0+4044+36416a77.src.rpm  
squid-4.4-8.module+el8.2.0+16757+26d6b59c.5.src.rpm

aarch64:  
libecap-1.0.1-2.module+el8.1.0+4044+36416a77.aarch64.rpm  
libecap-debuginfo-1.0.1-2.module+el8.1.0+4044+36416a77.aarch64.rpm  
libecap-debugsource-1.0.1-2.module+el8.1.0+4044+36416a77.aarch64.rpm  
libecap-devel-1.0.1-2.module+el8.1.0+4044+36416a77.aarch64.rpm  
squid-4.4-8.module+el8.2.0+16757+26d6b59c.5.aarch64.rpm  
squid-debuginfo-4.4-8.module+el8.2.0+16757+26d6b59c.5.aarch64.rpm  
squid-debugsource-4.4-8.module+el8.2.0+16757+26d6b59c.5.aarch64.rpm

ppc64le:  
libecap-1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le.rpm  
libecap-debuginfo-1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le.rpm  
libecap-debugsource-1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le.rpm  
libecap-devel-1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le.rpm  
squid-4.4-8.module+el8.2.0+16757+26d6b59c.5.ppc64le.rpm  
squid-debuginfo-4.4-8.module+el8.2.0+16757+26d6b59c.5.ppc64le.rpm  
squid-debugsource-4.4-8.module+el8.2.0+16757+26d6b59c.5.ppc64le.rpm

s390x:  
libecap-1.0.1-2.module+el8.1.0+4044+36416a77.s390x.rpm  
libecap-debuginfo-1.0.1-2.module+el8.1.0+4044+36416a77.s390x.rpm  
libecap-debugsource-1.0.1-2.module+el8.1.0+4044+36416a77.s390x.rpm  
libecap-devel-1.0.1-2.module+el8.1.0+4044+36416a77.s390x.rpm  
squid-4.4-8.module+el8.2.0+16757+26d6b59c.5.s390x.rpm  
squid-debuginfo-4.4-8.module+el8.2.0+16757+26d6b59c.5.s390x.rpm  
squid-debugsource-4.4-8.module+el8.2.0+16757+26d6b59c.5.s390x.rpm

x86_64:  
libecap-1.0.1-2.module+el8.1.0+4044+36416a77.x86_64.rpm  
libecap-debuginfo-1.0.1-2.module+el8.1.0+4044+36416a77.x86_64.rpm  
libecap-debugsource-1.0.1-2.module+el8.1.0+4044+36416a77.x86_64.rpm  
libecap-devel-1.0.1-2.module+el8.1.0+4044+36416a77.x86_64.rpm  
squid-4.4-8.module+el8.2.0+16757+26d6b59c.5.x86_64.rpm  
squid-debuginfo-4.4-8.module+el8.2.0+16757+26d6b59c.5.x86_64.rpm  
squid-debugsource-4.4-8.module+el8.2.0+16757+26d6b59c.5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-41318  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYzyeP9zjgjWX9erEAQh8DQ/+L+yHRs/EMoII+wguWBCZC67CtRmlY1BW  
AHHezBvTKrDoz/88BkiE7rF/l6pXhAYoIWbslRCJFEqF6lQ4c3UtKs4lp/C195sl  
1L6I7tDnbFW849rgLaeN+H9gmuHMDMVxtXvdeLBvI9zDFag/6jLqKme9/FjITqXC  
9YUm1sh5YdCHDQkW6HhA5QwYpFpnPW3obGgg2RELn7VFxuOR3pKEKWAqnm7qEcML  
a5xk3vWxUPh9+9fw1epFlYYYxInOGxaSZDUWmEChrbW1qt2rOiphXKzvWC7CuwQr  
HFuwQb9lRCqereDcoaWMYZBcH6pB/UbIkHfVc6otCNiYgEK3SriiJlrhPqpurYRT  
f1JwBpTHrXCjX1xJm5WV+Ci29Zg6uoYyFFg/Q73KG7HYpKQNkYqZp8a5LPzLetLw  
/BbPMQmicDjRYzQQ2h5xkUZwa1LJzdFqqtXER55ZnUoJyABkBwgbTPq2Ec6RCkph  
TsbADZxqolEQdzxbRm57ReBV4YPwy3xJDlfocgM86Q9GSuEo74AvXskdXWCtHCY3  
oPXeGtLkAyoCugtf8D2I6a13AtoY80QNz7nQa1dbi8hFLktFNeQ8ckyQQ617DvcL  
DOPT7QrSeZ+SgEcu5EIKycU9LA+jBZWn7/8sTL8DBlwoGCd+9QgUsoRIjOrKeU/z  
hVHpcHx4TsY=LR1Y  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6777-01

Red Hat Security Advisory 2022-6780-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a memory leak vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: bind security update  
Advisory ID:       RHSA-2022:6780-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6780  
Issue date:        2022-10-04  
CVE Names:         CVE-2022-38177 CVE-2022-38178  
====================================================================  
1. Summary:

An update for bind is now available for Red Hat Enterprise Linux 8.2  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64

3. Description:

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain  
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver  
library (routines for applications to use when interfacing with DNS); and  
tools for verifying that the DNS server is operating correctly.

Security Fix(es):

* bind: memory leak in ECDSA DNSSEC verification code (CVE-2022-38177)

* bind: memory leaks in EdDSA DNSSEC verification code (CVE-2022-38178)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, the BIND daemon (named) will be restarted  
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

2128601 - CVE-2022-38177 bind: memory leak in ECDSA DNSSEC verification code  
2128602 - CVE-2022-38178 bind: memory leaks in EdDSA DNSSEC verification code

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v. 8.2):

aarch64:  
bind-9.11.13-6.el8_2.4.aarch64.rpm  
bind-chroot-9.11.13-6.el8_2.4.aarch64.rpm  
bind-debuginfo-9.11.13-6.el8_2.4.aarch64.rpm  
bind-debugsource-9.11.13-6.el8_2.4.aarch64.rpm  
bind-devel-9.11.13-6.el8_2.4.aarch64.rpm  
bind-export-libs-debuginfo-9.11.13-6.el8_2.4.aarch64.rpm  
bind-libs-9.11.13-6.el8_2.4.aarch64.rpm  
bind-libs-debuginfo-9.11.13-6.el8_2.4.aarch64.rpm  
bind-libs-lite-9.11.13-6.el8_2.4.aarch64.rpm  
bind-libs-lite-debuginfo-9.11.13-6.el8_2.4.aarch64.rpm  
bind-lite-devel-9.11.13-6.el8_2.4.aarch64.rpm  
bind-pkcs11-9.11.13-6.el8_2.4.aarch64.rpm  
bind-pkcs11-debuginfo-9.11.13-6.el8_2.4.aarch64.rpm  
bind-pkcs11-devel-9.11.13-6.el8_2.4.aarch64.rpm  
bind-pkcs11-libs-9.11.13-6.el8_2.4.aarch64.rpm  
bind-pkcs11-libs-debuginfo-9.11.13-6.el8_2.4.aarch64.rpm  
bind-pkcs11-utils-9.11.13-6.el8_2.4.aarch64.rpm  
bind-pkcs11-utils-debuginfo-9.11.13-6.el8_2.4.aarch64.rpm  
bind-sdb-9.11.13-6.el8_2.4.aarch64.rpm  
bind-sdb-chroot-9.11.13-6.el8_2.4.aarch64.rpm  
bind-sdb-debuginfo-9.11.13-6.el8_2.4.aarch64.rpm  
bind-utils-9.11.13-6.el8_2.4.aarch64.rpm  
bind-utils-debuginfo-9.11.13-6.el8_2.4.aarch64.rpm

noarch:  
bind-license-9.11.13-6.el8_2.4.noarch.rpm  
python3-bind-9.11.13-6.el8_2.4.noarch.rpm

ppc64le:  
bind-9.11.13-6.el8_2.4.ppc64le.rpm  
bind-chroot-9.11.13-6.el8_2.4.ppc64le.rpm  
bind-debuginfo-9.11.13-6.el8_2.4.ppc64le.rpm  
bind-debugsource-9.11.13-6.el8_2.4.ppc64le.rpm  
bind-devel-9.11.13-6.el8_2.4.ppc64le.rpm  
bind-export-libs-debuginfo-9.11.13-6.el8_2.4.ppc64le.rpm  
bind-libs-9.11.13-6.el8_2.4.ppc64le.rpm  
bind-libs-debuginfo-9.11.13-6.el8_2.4.ppc64le.rpm  
bind-libs-lite-9.11.13-6.el8_2.4.ppc64le.rpm  
bind-libs-lite-debuginfo-9.11.13-6.el8_2.4.ppc64le.rpm  
bind-lite-devel-9.11.13-6.el8_2.4.ppc64le.rpm  
bind-pkcs11-9.11.13-6.el8_2.4.ppc64le.rpm  
bind-pkcs11-debuginfo-9.11.13-6.el8_2.4.ppc64le.rpm  
bind-pkcs11-devel-9.11.13-6.el8_2.4.ppc64le.rpm  
bind-pkcs11-libs-9.11.13-6.el8_2.4.ppc64le.rpm  
bind-pkcs11-libs-debuginfo-9.11.13-6.el8_2.4.ppc64le.rpm  
bind-pkcs11-utils-9.11.13-6.el8_2.4.ppc64le.rpm  
bind-pkcs11-utils-debuginfo-9.11.13-6.el8_2.4.ppc64le.rpm  
bind-sdb-9.11.13-6.el8_2.4.ppc64le.rpm  
bind-sdb-chroot-9.11.13-6.el8_2.4.ppc64le.rpm  
bind-sdb-debuginfo-9.11.13-6.el8_2.4.ppc64le.rpm  
bind-utils-9.11.13-6.el8_2.4.ppc64le.rpm  
bind-utils-debuginfo-9.11.13-6.el8_2.4.ppc64le.rpm

s390x:  
bind-9.11.13-6.el8_2.4.s390x.rpm  
bind-chroot-9.11.13-6.el8_2.4.s390x.rpm  
bind-debuginfo-9.11.13-6.el8_2.4.s390x.rpm  
bind-debugsource-9.11.13-6.el8_2.4.s390x.rpm  
bind-devel-9.11.13-6.el8_2.4.s390x.rpm  
bind-export-libs-debuginfo-9.11.13-6.el8_2.4.s390x.rpm  
bind-libs-9.11.13-6.el8_2.4.s390x.rpm  
bind-libs-debuginfo-9.11.13-6.el8_2.4.s390x.rpm  
bind-libs-lite-9.11.13-6.el8_2.4.s390x.rpm  
bind-libs-lite-debuginfo-9.11.13-6.el8_2.4.s390x.rpm  
bind-lite-devel-9.11.13-6.el8_2.4.s390x.rpm  
bind-pkcs11-9.11.13-6.el8_2.4.s390x.rpm  
bind-pkcs11-debuginfo-9.11.13-6.el8_2.4.s390x.rpm  
bind-pkcs11-devel-9.11.13-6.el8_2.4.s390x.rpm  
bind-pkcs11-libs-9.11.13-6.el8_2.4.s390x.rpm  
bind-pkcs11-libs-debuginfo-9.11.13-6.el8_2.4.s390x.rpm  
bind-pkcs11-utils-9.11.13-6.el8_2.4.s390x.rpm  
bind-pkcs11-utils-debuginfo-9.11.13-6.el8_2.4.s390x.rpm  
bind-sdb-9.11.13-6.el8_2.4.s390x.rpm  
bind-sdb-chroot-9.11.13-6.el8_2.4.s390x.rpm  
bind-sdb-debuginfo-9.11.13-6.el8_2.4.s390x.rpm  
bind-utils-9.11.13-6.el8_2.4.s390x.rpm  
bind-utils-debuginfo-9.11.13-6.el8_2.4.s390x.rpm

x86_64:  
bind-9.11.13-6.el8_2.4.x86_64.rpm  
bind-chroot-9.11.13-6.el8_2.4.x86_64.rpm  
bind-debuginfo-9.11.13-6.el8_2.4.i686.rpm  
bind-debuginfo-9.11.13-6.el8_2.4.x86_64.rpm  
bind-debugsource-9.11.13-6.el8_2.4.i686.rpm  
bind-debugsource-9.11.13-6.el8_2.4.x86_64.rpm  
bind-devel-9.11.13-6.el8_2.4.i686.rpm  
bind-devel-9.11.13-6.el8_2.4.x86_64.rpm  
bind-export-libs-debuginfo-9.11.13-6.el8_2.4.i686.rpm  
bind-export-libs-debuginfo-9.11.13-6.el8_2.4.x86_64.rpm  
bind-libs-9.11.13-6.el8_2.4.i686.rpm  
bind-libs-9.11.13-6.el8_2.4.x86_64.rpm  
bind-libs-debuginfo-9.11.13-6.el8_2.4.i686.rpm  
bind-libs-debuginfo-9.11.13-6.el8_2.4.x86_64.rpm  
bind-libs-lite-9.11.13-6.el8_2.4.i686.rpm  
bind-libs-lite-9.11.13-6.el8_2.4.x86_64.rpm  
bind-libs-lite-debuginfo-9.11.13-6.el8_2.4.i686.rpm  
bind-libs-lite-debuginfo-9.11.13-6.el8_2.4.x86_64.rpm  
bind-lite-devel-9.11.13-6.el8_2.4.i686.rpm  
bind-lite-devel-9.11.13-6.el8_2.4.x86_64.rpm  
bind-pkcs11-9.11.13-6.el8_2.4.x86_64.rpm  
bind-pkcs11-debuginfo-9.11.13-6.el8_2.4.i686.rpm  
bind-pkcs11-debuginfo-9.11.13-6.el8_2.4.x86_64.rpm  
bind-pkcs11-devel-9.11.13-6.el8_2.4.i686.rpm  
bind-pkcs11-devel-9.11.13-6.el8_2.4.x86_64.rpm  
bind-pkcs11-libs-9.11.13-6.el8_2.4.i686.rpm  
bind-pkcs11-libs-9.11.13-6.el8_2.4.x86_64.rpm  
bind-pkcs11-libs-debuginfo-9.11.13-6.el8_2.4.i686.rpm  
bind-pkcs11-libs-debuginfo-9.11.13-6.el8_2.4.x86_64.rpm  
bind-pkcs11-utils-9.11.13-6.el8_2.4.x86_64.rpm  
bind-pkcs11-utils-debuginfo-9.11.13-6.el8_2.4.i686.rpm  
bind-pkcs11-utils-debuginfo-9.11.13-6.el8_2.4.x86_64.rpm  
bind-sdb-9.11.13-6.el8_2.4.x86_64.rpm  
bind-sdb-chroot-9.11.13-6.el8_2.4.x86_64.rpm  
bind-sdb-debuginfo-9.11.13-6.el8_2.4.i686.rpm  
bind-sdb-debuginfo-9.11.13-6.el8_2.4.x86_64.rpm  
bind-utils-9.11.13-6.el8_2.4.x86_64.rpm  
bind-utils-debuginfo-9.11.13-6.el8_2.4.i686.rpm  
bind-utils-debuginfo-9.11.13-6.el8_2.4.x86_64.rpm

Red Hat Enterprise Linux BaseOS EUS (v. 8.2):

Source:  
bind-9.11.13-6.el8_2.4.src.rpm

aarch64:  
bind-debuginfo-9.11.13-6.el8_2.4.aarch64.rpm  
bind-debugsource-9.11.13-6.el8_2.4.aarch64.rpm  
bind-export-devel-9.11.13-6.el8_2.4.aarch64.rpm  
bind-export-libs-9.11.13-6.el8_2.4.aarch64.rpm  
bind-export-libs-debuginfo-9.11.13-6.el8_2.4.aarch64.rpm  
bind-libs-debuginfo-9.11.13-6.el8_2.4.aarch64.rpm  
bind-libs-lite-debuginfo-9.11.13-6.el8_2.4.aarch64.rpm  
bind-pkcs11-debuginfo-9.11.13-6.el8_2.4.aarch64.rpm  
bind-pkcs11-libs-debuginfo-9.11.13-6.el8_2.4.aarch64.rpm  
bind-pkcs11-utils-debuginfo-9.11.13-6.el8_2.4.aarch64.rpm  
bind-sdb-debuginfo-9.11.13-6.el8_2.4.aarch64.rpm  
bind-utils-debuginfo-9.11.13-6.el8_2.4.aarch64.rpm

ppc64le:  
bind-debuginfo-9.11.13-6.el8_2.4.ppc64le.rpm  
bind-debugsource-9.11.13-6.el8_2.4.ppc64le.rpm  
bind-export-devel-9.11.13-6.el8_2.4.ppc64le.rpm  
bind-export-libs-9.11.13-6.el8_2.4.ppc64le.rpm  
bind-export-libs-debuginfo-9.11.13-6.el8_2.4.ppc64le.rpm  
bind-libs-debuginfo-9.11.13-6.el8_2.4.ppc64le.rpm  
bind-libs-lite-debuginfo-9.11.13-6.el8_2.4.ppc64le.rpm  
bind-pkcs11-debuginfo-9.11.13-6.el8_2.4.ppc64le.rpm  
bind-pkcs11-libs-debuginfo-9.11.13-6.el8_2.4.ppc64le.rpm  
bind-pkcs11-utils-debuginfo-9.11.13-6.el8_2.4.ppc64le.rpm  
bind-sdb-debuginfo-9.11.13-6.el8_2.4.ppc64le.rpm  
bind-utils-debuginfo-9.11.13-6.el8_2.4.ppc64le.rpm

s390x:  
bind-debuginfo-9.11.13-6.el8_2.4.s390x.rpm  
bind-debugsource-9.11.13-6.el8_2.4.s390x.rpm  
bind-export-devel-9.11.13-6.el8_2.4.s390x.rpm  
bind-export-libs-9.11.13-6.el8_2.4.s390x.rpm  
bind-export-libs-debuginfo-9.11.13-6.el8_2.4.s390x.rpm  
bind-libs-debuginfo-9.11.13-6.el8_2.4.s390x.rpm  
bind-libs-lite-debuginfo-9.11.13-6.el8_2.4.s390x.rpm  
bind-pkcs11-debuginfo-9.11.13-6.el8_2.4.s390x.rpm  
bind-pkcs11-libs-debuginfo-9.11.13-6.el8_2.4.s390x.rpm  
bind-pkcs11-utils-debuginfo-9.11.13-6.el8_2.4.s390x.rpm  
bind-sdb-debuginfo-9.11.13-6.el8_2.4.s390x.rpm  
bind-utils-debuginfo-9.11.13-6.el8_2.4.s390x.rpm

x86_64:  
bind-debuginfo-9.11.13-6.el8_2.4.i686.rpm  
bind-debuginfo-9.11.13-6.el8_2.4.x86_64.rpm  
bind-debugsource-9.11.13-6.el8_2.4.i686.rpm  
bind-debugsource-9.11.13-6.el8_2.4.x86_64.rpm  
bind-export-devel-9.11.13-6.el8_2.4.i686.rpm  
bind-export-devel-9.11.13-6.el8_2.4.x86_64.rpm  
bind-export-libs-9.11.13-6.el8_2.4.i686.rpm  
bind-export-libs-9.11.13-6.el8_2.4.x86_64.rpm  
bind-export-libs-debuginfo-9.11.13-6.el8_2.4.i686.rpm  
bind-export-libs-debuginfo-9.11.13-6.el8_2.4.x86_64.rpm  
bind-libs-debuginfo-9.11.13-6.el8_2.4.i686.rpm  
bind-libs-debuginfo-9.11.13-6.el8_2.4.x86_64.rpm  
bind-libs-lite-debuginfo-9.11.13-6.el8_2.4.i686.rpm  
bind-libs-lite-debuginfo-9.11.13-6.el8_2.4.x86_64.rpm  
bind-pkcs11-debuginfo-9.11.13-6.el8_2.4.i686.rpm  
bind-pkcs11-debuginfo-9.11.13-6.el8_2.4.x86_64.rpm  
bind-pkcs11-libs-debuginfo-9.11.13-6.el8_2.4.i686.rpm  
bind-pkcs11-libs-debuginfo-9.11.13-6.el8_2.4.x86_64.rpm  
bind-pkcs11-utils-debuginfo-9.11.13-6.el8_2.4.i686.rpm  
bind-pkcs11-utils-debuginfo-9.11.13-6.el8_2.4.x86_64.rpm  
bind-sdb-debuginfo-9.11.13-6.el8_2.4.i686.rpm  
bind-sdb-debuginfo-9.11.13-6.el8_2.4.x86_64.rpm  
bind-utils-debuginfo-9.11.13-6.el8_2.4.i686.rpm  
bind-utils-debuginfo-9.11.13-6.el8_2.4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-38177  
https://access.redhat.com/security/cve/CVE-2022-38178  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYzyeNNzjgjWX9erEAQjxBA/8Dkk8VYWMT6InZLXGZoDLdaaPUnaIkEXA  
j3rggSP64GSEN6jPPnEWLDhJo0zXMq9suXgYM/gZJLT7AKGGAGsEfywxxAqqRsA/  
L6Rz/9SE326oBh8OubUL4h29YBV6UE7dg4pb5kPNEiPz9spo8VpA/R6fVeaBBXAk  
zt/4tMvEcviamGP5isZ+o62INjeUtNm42jwGKZVKuPjyBd84CYbcrYAIEBBsapDw  
YgCQgficXBjIvwmMxHIT8fXGdo18UGHY0hiyD2tjBQoheQorH6hruOY92NbLw60D  
QZXRPXlEzi7AG0atm8jHJBb+QIENcLkihe+kx3/uzrjn8DocNZiGdm/97nfQ6Pgq  
/1nuIFwZb6HmI1gjWQwzT5tHs0kW83C0A4yKrTqHxZLi/9Zlb/Ka4Vpw4vgV8FPF  
VQbdeWAp5VkfbThZ9UyIG3f7lqt22N9pSsAZK8Az0YiJXc7jcdLjl5uCNNEOcBUh  
z68MFbXIRLHvfblbm1SRjahgjIOc74kdJGGzDNPqcCrydY3i5Y/xmpNyV4qSHq4t  
5owh+qAGc016rA9mLvOcr4D+yoKcLFpwA6XyarYj6Ki+2v0QhU87rL7P1OB7iOb6  
g2ZKoP2yR6HuGwBph8ptkkeKCD4WGtYkwcTakFVXYV5OkGUqG+YXS29gZN1cFTBO  
/04sD/VbOSU=hqHq  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6780-01

Red Hat Security Advisory 2022-6779-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a memory leak vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: bind security update  
Advisory ID:       RHSA-2022:6779-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6779  
Issue date:        2022-10-04  
CVE Names:         CVE-2022-38177 CVE-2022-38178  
====================================================================  
1. Summary:

An update for bind is now available for Red Hat Enterprise Linux 8.4  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64

3. Description:

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain  
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver  
library (routines for applications to use when interfacing with DNS); and  
tools for verifying that the DNS server is operating correctly.

Security Fix(es):

* bind: memory leak in ECDSA DNSSEC verification code (CVE-2022-38177)

* bind: memory leaks in EdDSA DNSSEC verification code (CVE-2022-38178)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, the BIND daemon (named) will be restarted  
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

2128601 - CVE-2022-38177 bind: memory leak in ECDSA DNSSEC verification code  
2128602 - CVE-2022-38178 bind: memory leaks in EdDSA DNSSEC verification code

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.4):

aarch64:  
bind-9.11.26-4.el8_4.1.aarch64.rpm  
bind-chroot-9.11.26-4.el8_4.1.aarch64.rpm  
bind-debuginfo-9.11.26-4.el8_4.1.aarch64.rpm  
bind-debugsource-9.11.26-4.el8_4.1.aarch64.rpm  
bind-devel-9.11.26-4.el8_4.1.aarch64.rpm  
bind-export-libs-debuginfo-9.11.26-4.el8_4.1.aarch64.rpm  
bind-libs-9.11.26-4.el8_4.1.aarch64.rpm  
bind-libs-debuginfo-9.11.26-4.el8_4.1.aarch64.rpm  
bind-libs-lite-9.11.26-4.el8_4.1.aarch64.rpm  
bind-libs-lite-debuginfo-9.11.26-4.el8_4.1.aarch64.rpm  
bind-lite-devel-9.11.26-4.el8_4.1.aarch64.rpm  
bind-pkcs11-9.11.26-4.el8_4.1.aarch64.rpm  
bind-pkcs11-debuginfo-9.11.26-4.el8_4.1.aarch64.rpm  
bind-pkcs11-devel-9.11.26-4.el8_4.1.aarch64.rpm  
bind-pkcs11-libs-9.11.26-4.el8_4.1.aarch64.rpm  
bind-pkcs11-libs-debuginfo-9.11.26-4.el8_4.1.aarch64.rpm  
bind-pkcs11-utils-9.11.26-4.el8_4.1.aarch64.rpm  
bind-pkcs11-utils-debuginfo-9.11.26-4.el8_4.1.aarch64.rpm  
bind-sdb-9.11.26-4.el8_4.1.aarch64.rpm  
bind-sdb-chroot-9.11.26-4.el8_4.1.aarch64.rpm  
bind-sdb-debuginfo-9.11.26-4.el8_4.1.aarch64.rpm  
bind-utils-9.11.26-4.el8_4.1.aarch64.rpm  
bind-utils-debuginfo-9.11.26-4.el8_4.1.aarch64.rpm

noarch:  
bind-license-9.11.26-4.el8_4.1.noarch.rpm  
python3-bind-9.11.26-4.el8_4.1.noarch.rpm

ppc64le:  
bind-9.11.26-4.el8_4.1.ppc64le.rpm  
bind-chroot-9.11.26-4.el8_4.1.ppc64le.rpm  
bind-debuginfo-9.11.26-4.el8_4.1.ppc64le.rpm  
bind-debugsource-9.11.26-4.el8_4.1.ppc64le.rpm  
bind-devel-9.11.26-4.el8_4.1.ppc64le.rpm  
bind-export-libs-debuginfo-9.11.26-4.el8_4.1.ppc64le.rpm  
bind-libs-9.11.26-4.el8_4.1.ppc64le.rpm  
bind-libs-debuginfo-9.11.26-4.el8_4.1.ppc64le.rpm  
bind-libs-lite-9.11.26-4.el8_4.1.ppc64le.rpm  
bind-libs-lite-debuginfo-9.11.26-4.el8_4.1.ppc64le.rpm  
bind-lite-devel-9.11.26-4.el8_4.1.ppc64le.rpm  
bind-pkcs11-9.11.26-4.el8_4.1.ppc64le.rpm  
bind-pkcs11-debuginfo-9.11.26-4.el8_4.1.ppc64le.rpm  
bind-pkcs11-devel-9.11.26-4.el8_4.1.ppc64le.rpm  
bind-pkcs11-libs-9.11.26-4.el8_4.1.ppc64le.rpm  
bind-pkcs11-libs-debuginfo-9.11.26-4.el8_4.1.ppc64le.rpm  
bind-pkcs11-utils-9.11.26-4.el8_4.1.ppc64le.rpm  
bind-pkcs11-utils-debuginfo-9.11.26-4.el8_4.1.ppc64le.rpm  
bind-sdb-9.11.26-4.el8_4.1.ppc64le.rpm  
bind-sdb-chroot-9.11.26-4.el8_4.1.ppc64le.rpm  
bind-sdb-debuginfo-9.11.26-4.el8_4.1.ppc64le.rpm  
bind-utils-9.11.26-4.el8_4.1.ppc64le.rpm  
bind-utils-debuginfo-9.11.26-4.el8_4.1.ppc64le.rpm

s390x:  
bind-9.11.26-4.el8_4.1.s390x.rpm  
bind-chroot-9.11.26-4.el8_4.1.s390x.rpm  
bind-debuginfo-9.11.26-4.el8_4.1.s390x.rpm  
bind-debugsource-9.11.26-4.el8_4.1.s390x.rpm  
bind-devel-9.11.26-4.el8_4.1.s390x.rpm  
bind-export-libs-debuginfo-9.11.26-4.el8_4.1.s390x.rpm  
bind-libs-9.11.26-4.el8_4.1.s390x.rpm  
bind-libs-debuginfo-9.11.26-4.el8_4.1.s390x.rpm  
bind-libs-lite-9.11.26-4.el8_4.1.s390x.rpm  
bind-libs-lite-debuginfo-9.11.26-4.el8_4.1.s390x.rpm  
bind-lite-devel-9.11.26-4.el8_4.1.s390x.rpm  
bind-pkcs11-9.11.26-4.el8_4.1.s390x.rpm  
bind-pkcs11-debuginfo-9.11.26-4.el8_4.1.s390x.rpm  
bind-pkcs11-devel-9.11.26-4.el8_4.1.s390x.rpm  
bind-pkcs11-libs-9.11.26-4.el8_4.1.s390x.rpm  
bind-pkcs11-libs-debuginfo-9.11.26-4.el8_4.1.s390x.rpm  
bind-pkcs11-utils-9.11.26-4.el8_4.1.s390x.rpm  
bind-pkcs11-utils-debuginfo-9.11.26-4.el8_4.1.s390x.rpm  
bind-sdb-9.11.26-4.el8_4.1.s390x.rpm  
bind-sdb-chroot-9.11.26-4.el8_4.1.s390x.rpm  
bind-sdb-debuginfo-9.11.26-4.el8_4.1.s390x.rpm  
bind-utils-9.11.26-4.el8_4.1.s390x.rpm  
bind-utils-debuginfo-9.11.26-4.el8_4.1.s390x.rpm

x86_64:  
bind-9.11.26-4.el8_4.1.x86_64.rpm  
bind-chroot-9.11.26-4.el8_4.1.x86_64.rpm  
bind-debuginfo-9.11.26-4.el8_4.1.i686.rpm  
bind-debuginfo-9.11.26-4.el8_4.1.x86_64.rpm  
bind-debugsource-9.11.26-4.el8_4.1.i686.rpm  
bind-debugsource-9.11.26-4.el8_4.1.x86_64.rpm  
bind-devel-9.11.26-4.el8_4.1.i686.rpm  
bind-devel-9.11.26-4.el8_4.1.x86_64.rpm  
bind-export-libs-debuginfo-9.11.26-4.el8_4.1.i686.rpm  
bind-export-libs-debuginfo-9.11.26-4.el8_4.1.x86_64.rpm  
bind-libs-9.11.26-4.el8_4.1.i686.rpm  
bind-libs-9.11.26-4.el8_4.1.x86_64.rpm  
bind-libs-debuginfo-9.11.26-4.el8_4.1.i686.rpm  
bind-libs-debuginfo-9.11.26-4.el8_4.1.x86_64.rpm  
bind-libs-lite-9.11.26-4.el8_4.1.i686.rpm  
bind-libs-lite-9.11.26-4.el8_4.1.x86_64.rpm  
bind-libs-lite-debuginfo-9.11.26-4.el8_4.1.i686.rpm  
bind-libs-lite-debuginfo-9.11.26-4.el8_4.1.x86_64.rpm  
bind-lite-devel-9.11.26-4.el8_4.1.i686.rpm  
bind-lite-devel-9.11.26-4.el8_4.1.x86_64.rpm  
bind-pkcs11-9.11.26-4.el8_4.1.x86_64.rpm  
bind-pkcs11-debuginfo-9.11.26-4.el8_4.1.i686.rpm  
bind-pkcs11-debuginfo-9.11.26-4.el8_4.1.x86_64.rpm  
bind-pkcs11-devel-9.11.26-4.el8_4.1.i686.rpm  
bind-pkcs11-devel-9.11.26-4.el8_4.1.x86_64.rpm  
bind-pkcs11-libs-9.11.26-4.el8_4.1.i686.rpm  
bind-pkcs11-libs-9.11.26-4.el8_4.1.x86_64.rpm  
bind-pkcs11-libs-debuginfo-9.11.26-4.el8_4.1.i686.rpm  
bind-pkcs11-libs-debuginfo-9.11.26-4.el8_4.1.x86_64.rpm  
bind-pkcs11-utils-9.11.26-4.el8_4.1.x86_64.rpm  
bind-pkcs11-utils-debuginfo-9.11.26-4.el8_4.1.i686.rpm  
bind-pkcs11-utils-debuginfo-9.11.26-4.el8_4.1.x86_64.rpm  
bind-sdb-9.11.26-4.el8_4.1.x86_64.rpm  
bind-sdb-chroot-9.11.26-4.el8_4.1.x86_64.rpm  
bind-sdb-debuginfo-9.11.26-4.el8_4.1.i686.rpm  
bind-sdb-debuginfo-9.11.26-4.el8_4.1.x86_64.rpm  
bind-utils-9.11.26-4.el8_4.1.x86_64.rpm  
bind-utils-debuginfo-9.11.26-4.el8_4.1.i686.rpm  
bind-utils-debuginfo-9.11.26-4.el8_4.1.x86_64.rpm

Red Hat Enterprise Linux BaseOS EUS (v.8.4):

Source:  
bind-9.11.26-4.el8_4.1.src.rpm

aarch64:  
bind-debuginfo-9.11.26-4.el8_4.1.aarch64.rpm  
bind-debugsource-9.11.26-4.el8_4.1.aarch64.rpm  
bind-export-devel-9.11.26-4.el8_4.1.aarch64.rpm  
bind-export-libs-9.11.26-4.el8_4.1.aarch64.rpm  
bind-export-libs-debuginfo-9.11.26-4.el8_4.1.aarch64.rpm  
bind-libs-debuginfo-9.11.26-4.el8_4.1.aarch64.rpm  
bind-libs-lite-debuginfo-9.11.26-4.el8_4.1.aarch64.rpm  
bind-pkcs11-debuginfo-9.11.26-4.el8_4.1.aarch64.rpm  
bind-pkcs11-libs-debuginfo-9.11.26-4.el8_4.1.aarch64.rpm  
bind-pkcs11-utils-debuginfo-9.11.26-4.el8_4.1.aarch64.rpm  
bind-sdb-debuginfo-9.11.26-4.el8_4.1.aarch64.rpm  
bind-utils-debuginfo-9.11.26-4.el8_4.1.aarch64.rpm

ppc64le:  
bind-debuginfo-9.11.26-4.el8_4.1.ppc64le.rpm  
bind-debugsource-9.11.26-4.el8_4.1.ppc64le.rpm  
bind-export-devel-9.11.26-4.el8_4.1.ppc64le.rpm  
bind-export-libs-9.11.26-4.el8_4.1.ppc64le.rpm  
bind-export-libs-debuginfo-9.11.26-4.el8_4.1.ppc64le.rpm  
bind-libs-debuginfo-9.11.26-4.el8_4.1.ppc64le.rpm  
bind-libs-lite-debuginfo-9.11.26-4.el8_4.1.ppc64le.rpm  
bind-pkcs11-debuginfo-9.11.26-4.el8_4.1.ppc64le.rpm  
bind-pkcs11-libs-debuginfo-9.11.26-4.el8_4.1.ppc64le.rpm  
bind-pkcs11-utils-debuginfo-9.11.26-4.el8_4.1.ppc64le.rpm  
bind-sdb-debuginfo-9.11.26-4.el8_4.1.ppc64le.rpm  
bind-utils-debuginfo-9.11.26-4.el8_4.1.ppc64le.rpm

s390x:  
bind-debuginfo-9.11.26-4.el8_4.1.s390x.rpm  
bind-debugsource-9.11.26-4.el8_4.1.s390x.rpm  
bind-export-devel-9.11.26-4.el8_4.1.s390x.rpm  
bind-export-libs-9.11.26-4.el8_4.1.s390x.rpm  
bind-export-libs-debuginfo-9.11.26-4.el8_4.1.s390x.rpm  
bind-libs-debuginfo-9.11.26-4.el8_4.1.s390x.rpm  
bind-libs-lite-debuginfo-9.11.26-4.el8_4.1.s390x.rpm  
bind-pkcs11-debuginfo-9.11.26-4.el8_4.1.s390x.rpm  
bind-pkcs11-libs-debuginfo-9.11.26-4.el8_4.1.s390x.rpm  
bind-pkcs11-utils-debuginfo-9.11.26-4.el8_4.1.s390x.rpm  
bind-sdb-debuginfo-9.11.26-4.el8_4.1.s390x.rpm  
bind-utils-debuginfo-9.11.26-4.el8_4.1.s390x.rpm

x86_64:  
bind-debuginfo-9.11.26-4.el8_4.1.i686.rpm  
bind-debuginfo-9.11.26-4.el8_4.1.x86_64.rpm  
bind-debugsource-9.11.26-4.el8_4.1.i686.rpm  
bind-debugsource-9.11.26-4.el8_4.1.x86_64.rpm  
bind-export-devel-9.11.26-4.el8_4.1.i686.rpm  
bind-export-devel-9.11.26-4.el8_4.1.x86_64.rpm  
bind-export-libs-9.11.26-4.el8_4.1.i686.rpm  
bind-export-libs-9.11.26-4.el8_4.1.x86_64.rpm  
bind-export-libs-debuginfo-9.11.26-4.el8_4.1.i686.rpm  
bind-export-libs-debuginfo-9.11.26-4.el8_4.1.x86_64.rpm  
bind-libs-debuginfo-9.11.26-4.el8_4.1.i686.rpm  
bind-libs-debuginfo-9.11.26-4.el8_4.1.x86_64.rpm  
bind-libs-lite-debuginfo-9.11.26-4.el8_4.1.i686.rpm  
bind-libs-lite-debuginfo-9.11.26-4.el8_4.1.x86_64.rpm  
bind-pkcs11-debuginfo-9.11.26-4.el8_4.1.i686.rpm  
bind-pkcs11-debuginfo-9.11.26-4.el8_4.1.x86_64.rpm  
bind-pkcs11-libs-debuginfo-9.11.26-4.el8_4.1.i686.rpm  
bind-pkcs11-libs-debuginfo-9.11.26-4.el8_4.1.x86_64.rpm  
bind-pkcs11-utils-debuginfo-9.11.26-4.el8_4.1.i686.rpm  
bind-pkcs11-utils-debuginfo-9.11.26-4.el8_4.1.x86_64.rpm  
bind-sdb-debuginfo-9.11.26-4.el8_4.1.i686.rpm  
bind-sdb-debuginfo-9.11.26-4.el8_4.1.x86_64.rpm  
bind-utils-debuginfo-9.11.26-4.el8_4.1.i686.rpm  
bind-utils-debuginfo-9.11.26-4.el8_4.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-38177  
https://access.redhat.com/security/cve/CVE-2022-38178  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYzyeH9zjgjWX9erEAQjL5A/9GBA2wdN80FLpXgqrQpmMrvf2GH/77Qh8  
nkVDHPCWosU0Js8nktabP/NGrSCjIF0NDfPgQjhY1DUS6aCru4Ig4/3A25REWQaE  
KvfnCK/ovIiQwqzNFXkFTd49RA+Ke1no5vWa3PXzSDaIpgKYJhpW5FYpccP6SJHe  
OSgw/xmVyWWlr3qujYBj9EVcbDW7FCf1ISZd/ZdR1a9yZJxwiBviiPiuP+F5BzTJ  
sckq+AR6qb6sWytAqDdhXuHyrjahLDHVOIinYbuc5V66uj8pEwGzzGjupkYbscLp  
dPebJLW7XN07pn4hmdfB3fOQGAE0+LVe1oAz0Mw9bE0HuU5/TkgOB9PkkOPTjnZt  
NOdMbFDX0dRqy8Niz+TsD0JxivsNS81YbTw69PTIf3Ed2L226W0fCh0Y7DCov4xF  
e9R7Wlqdp8WL/4ejjx455/NZ0NJRRhhLd8fhV6SL986QiF/hDMi8PZ3GsI7S81Bq  
iTOrlWGJOrUaT4i0lm2UA3+2KjNxRrxStDNzHlZuWdiVNZpeyYIFepsmyspuXsHx  
srnH/uQnL/9QUW69ytuaikxVoJfw+owESUrY206QODs5U6hC6edkxnJeeSvHgNVU  
uK6QQ46GDZF6LftrIUNJJ6RoPAuJeRAtC/3FQFSuPEFOxXO60+75E+ERylXfiLW5  
EXuy9fQphUEAJ  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6779-01

Red Hat Security Advisory 2022-6778-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a memory leak vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: bind security update  
Advisory ID:       RHSA-2022:6778-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6778  
Issue date:        2022-10-04  
CVE Names:         CVE-2022-38177 CVE-2022-38178  
====================================================================  
1. Summary:

An update for bind is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain  
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver  
library (routines for applications to use when interfacing with DNS); and  
tools for verifying that the DNS server is operating correctly.

Security Fix(es):

* bind: memory leak in ECDSA DNSSEC verification code (CVE-2022-38177)

* bind: memory leaks in EdDSA DNSSEC verification code (CVE-2022-38178)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, the BIND daemon (named) will be restarted  
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

2128601 - CVE-2022-38177 bind: memory leak in ECDSA DNSSEC verification code  
2128602 - CVE-2022-38178 bind: memory leaks in EdDSA DNSSEC verification code

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

aarch64:  
bind-9.11.36-3.el8_6.1.aarch64.rpm  
bind-chroot-9.11.36-3.el8_6.1.aarch64.rpm  
bind-debuginfo-9.11.36-3.el8_6.1.aarch64.rpm  
bind-debugsource-9.11.36-3.el8_6.1.aarch64.rpm  
bind-devel-9.11.36-3.el8_6.1.aarch64.rpm  
bind-export-libs-debuginfo-9.11.36-3.el8_6.1.aarch64.rpm  
bind-libs-9.11.36-3.el8_6.1.aarch64.rpm  
bind-libs-debuginfo-9.11.36-3.el8_6.1.aarch64.rpm  
bind-libs-lite-9.11.36-3.el8_6.1.aarch64.rpm  
bind-libs-lite-debuginfo-9.11.36-3.el8_6.1.aarch64.rpm  
bind-lite-devel-9.11.36-3.el8_6.1.aarch64.rpm  
bind-pkcs11-9.11.36-3.el8_6.1.aarch64.rpm  
bind-pkcs11-debuginfo-9.11.36-3.el8_6.1.aarch64.rpm  
bind-pkcs11-devel-9.11.36-3.el8_6.1.aarch64.rpm  
bind-pkcs11-libs-9.11.36-3.el8_6.1.aarch64.rpm  
bind-pkcs11-libs-debuginfo-9.11.36-3.el8_6.1.aarch64.rpm  
bind-pkcs11-utils-9.11.36-3.el8_6.1.aarch64.rpm  
bind-pkcs11-utils-debuginfo-9.11.36-3.el8_6.1.aarch64.rpm  
bind-sdb-9.11.36-3.el8_6.1.aarch64.rpm  
bind-sdb-chroot-9.11.36-3.el8_6.1.aarch64.rpm  
bind-sdb-debuginfo-9.11.36-3.el8_6.1.aarch64.rpm  
bind-utils-9.11.36-3.el8_6.1.aarch64.rpm  
bind-utils-debuginfo-9.11.36-3.el8_6.1.aarch64.rpm

noarch:  
bind-license-9.11.36-3.el8_6.1.noarch.rpm  
python3-bind-9.11.36-3.el8_6.1.noarch.rpm

ppc64le:  
bind-9.11.36-3.el8_6.1.ppc64le.rpm  
bind-chroot-9.11.36-3.el8_6.1.ppc64le.rpm  
bind-debuginfo-9.11.36-3.el8_6.1.ppc64le.rpm  
bind-debugsource-9.11.36-3.el8_6.1.ppc64le.rpm  
bind-devel-9.11.36-3.el8_6.1.ppc64le.rpm  
bind-export-libs-debuginfo-9.11.36-3.el8_6.1.ppc64le.rpm  
bind-libs-9.11.36-3.el8_6.1.ppc64le.rpm  
bind-libs-debuginfo-9.11.36-3.el8_6.1.ppc64le.rpm  
bind-libs-lite-9.11.36-3.el8_6.1.ppc64le.rpm  
bind-libs-lite-debuginfo-9.11.36-3.el8_6.1.ppc64le.rpm  
bind-lite-devel-9.11.36-3.el8_6.1.ppc64le.rpm  
bind-pkcs11-9.11.36-3.el8_6.1.ppc64le.rpm  
bind-pkcs11-debuginfo-9.11.36-3.el8_6.1.ppc64le.rpm  
bind-pkcs11-devel-9.11.36-3.el8_6.1.ppc64le.rpm  
bind-pkcs11-libs-9.11.36-3.el8_6.1.ppc64le.rpm  
bind-pkcs11-libs-debuginfo-9.11.36-3.el8_6.1.ppc64le.rpm  
bind-pkcs11-utils-9.11.36-3.el8_6.1.ppc64le.rpm  
bind-pkcs11-utils-debuginfo-9.11.36-3.el8_6.1.ppc64le.rpm  
bind-sdb-9.11.36-3.el8_6.1.ppc64le.rpm  
bind-sdb-chroot-9.11.36-3.el8_6.1.ppc64le.rpm  
bind-sdb-debuginfo-9.11.36-3.el8_6.1.ppc64le.rpm  
bind-utils-9.11.36-3.el8_6.1.ppc64le.rpm  
bind-utils-debuginfo-9.11.36-3.el8_6.1.ppc64le.rpm

s390x:  
bind-9.11.36-3.el8_6.1.s390x.rpm  
bind-chroot-9.11.36-3.el8_6.1.s390x.rpm  
bind-debuginfo-9.11.36-3.el8_6.1.s390x.rpm  
bind-debugsource-9.11.36-3.el8_6.1.s390x.rpm  
bind-devel-9.11.36-3.el8_6.1.s390x.rpm  
bind-export-libs-debuginfo-9.11.36-3.el8_6.1.s390x.rpm  
bind-libs-9.11.36-3.el8_6.1.s390x.rpm  
bind-libs-debuginfo-9.11.36-3.el8_6.1.s390x.rpm  
bind-libs-lite-9.11.36-3.el8_6.1.s390x.rpm  
bind-libs-lite-debuginfo-9.11.36-3.el8_6.1.s390x.rpm  
bind-lite-devel-9.11.36-3.el8_6.1.s390x.rpm  
bind-pkcs11-9.11.36-3.el8_6.1.s390x.rpm  
bind-pkcs11-debuginfo-9.11.36-3.el8_6.1.s390x.rpm  
bind-pkcs11-devel-9.11.36-3.el8_6.1.s390x.rpm  
bind-pkcs11-libs-9.11.36-3.el8_6.1.s390x.rpm  
bind-pkcs11-libs-debuginfo-9.11.36-3.el8_6.1.s390x.rpm  
bind-pkcs11-utils-9.11.36-3.el8_6.1.s390x.rpm  
bind-pkcs11-utils-debuginfo-9.11.36-3.el8_6.1.s390x.rpm  
bind-sdb-9.11.36-3.el8_6.1.s390x.rpm  
bind-sdb-chroot-9.11.36-3.el8_6.1.s390x.rpm  
bind-sdb-debuginfo-9.11.36-3.el8_6.1.s390x.rpm  
bind-utils-9.11.36-3.el8_6.1.s390x.rpm  
bind-utils-debuginfo-9.11.36-3.el8_6.1.s390x.rpm

x86_64:  
bind-9.11.36-3.el8_6.1.x86_64.rpm  
bind-chroot-9.11.36-3.el8_6.1.x86_64.rpm  
bind-debuginfo-9.11.36-3.el8_6.1.i686.rpm  
bind-debuginfo-9.11.36-3.el8_6.1.x86_64.rpm  
bind-debugsource-9.11.36-3.el8_6.1.i686.rpm  
bind-debugsource-9.11.36-3.el8_6.1.x86_64.rpm  
bind-devel-9.11.36-3.el8_6.1.i686.rpm  
bind-devel-9.11.36-3.el8_6.1.x86_64.rpm  
bind-export-libs-debuginfo-9.11.36-3.el8_6.1.i686.rpm  
bind-export-libs-debuginfo-9.11.36-3.el8_6.1.x86_64.rpm  
bind-libs-9.11.36-3.el8_6.1.i686.rpm  
bind-libs-9.11.36-3.el8_6.1.x86_64.rpm  
bind-libs-debuginfo-9.11.36-3.el8_6.1.i686.rpm  
bind-libs-debuginfo-9.11.36-3.el8_6.1.x86_64.rpm  
bind-libs-lite-9.11.36-3.el8_6.1.i686.rpm  
bind-libs-lite-9.11.36-3.el8_6.1.x86_64.rpm  
bind-libs-lite-debuginfo-9.11.36-3.el8_6.1.i686.rpm  
bind-libs-lite-debuginfo-9.11.36-3.el8_6.1.x86_64.rpm  
bind-lite-devel-9.11.36-3.el8_6.1.i686.rpm  
bind-lite-devel-9.11.36-3.el8_6.1.x86_64.rpm  
bind-pkcs11-9.11.36-3.el8_6.1.x86_64.rpm  
bind-pkcs11-debuginfo-9.11.36-3.el8_6.1.i686.rpm  
bind-pkcs11-debuginfo-9.11.36-3.el8_6.1.x86_64.rpm  
bind-pkcs11-devel-9.11.36-3.el8_6.1.i686.rpm  
bind-pkcs11-devel-9.11.36-3.el8_6.1.x86_64.rpm  
bind-pkcs11-libs-9.11.36-3.el8_6.1.i686.rpm  
bind-pkcs11-libs-9.11.36-3.el8_6.1.x86_64.rpm  
bind-pkcs11-libs-debuginfo-9.11.36-3.el8_6.1.i686.rpm  
bind-pkcs11-libs-debuginfo-9.11.36-3.el8_6.1.x86_64.rpm  
bind-pkcs11-utils-9.11.36-3.el8_6.1.x86_64.rpm  
bind-pkcs11-utils-debuginfo-9.11.36-3.el8_6.1.i686.rpm  
bind-pkcs11-utils-debuginfo-9.11.36-3.el8_6.1.x86_64.rpm  
bind-sdb-9.11.36-3.el8_6.1.x86_64.rpm  
bind-sdb-chroot-9.11.36-3.el8_6.1.x86_64.rpm  
bind-sdb-debuginfo-9.11.36-3.el8_6.1.i686.rpm  
bind-sdb-debuginfo-9.11.36-3.el8_6.1.x86_64.rpm  
bind-utils-9.11.36-3.el8_6.1.x86_64.rpm  
bind-utils-debuginfo-9.11.36-3.el8_6.1.i686.rpm  
bind-utils-debuginfo-9.11.36-3.el8_6.1.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
bind-9.11.36-3.el8_6.1.src.rpm

aarch64:  
bind-debuginfo-9.11.36-3.el8_6.1.aarch64.rpm  
bind-debugsource-9.11.36-3.el8_6.1.aarch64.rpm  
bind-export-devel-9.11.36-3.el8_6.1.aarch64.rpm  
bind-export-libs-9.11.36-3.el8_6.1.aarch64.rpm  
bind-export-libs-debuginfo-9.11.36-3.el8_6.1.aarch64.rpm  
bind-libs-debuginfo-9.11.36-3.el8_6.1.aarch64.rpm  
bind-libs-lite-debuginfo-9.11.36-3.el8_6.1.aarch64.rpm  
bind-pkcs11-debuginfo-9.11.36-3.el8_6.1.aarch64.rpm  
bind-pkcs11-libs-debuginfo-9.11.36-3.el8_6.1.aarch64.rpm  
bind-pkcs11-utils-debuginfo-9.11.36-3.el8_6.1.aarch64.rpm  
bind-sdb-debuginfo-9.11.36-3.el8_6.1.aarch64.rpm  
bind-utils-debuginfo-9.11.36-3.el8_6.1.aarch64.rpm

ppc64le:  
bind-debuginfo-9.11.36-3.el8_6.1.ppc64le.rpm  
bind-debugsource-9.11.36-3.el8_6.1.ppc64le.rpm  
bind-export-devel-9.11.36-3.el8_6.1.ppc64le.rpm  
bind-export-libs-9.11.36-3.el8_6.1.ppc64le.rpm  
bind-export-libs-debuginfo-9.11.36-3.el8_6.1.ppc64le.rpm  
bind-libs-debuginfo-9.11.36-3.el8_6.1.ppc64le.rpm  
bind-libs-lite-debuginfo-9.11.36-3.el8_6.1.ppc64le.rpm  
bind-pkcs11-debuginfo-9.11.36-3.el8_6.1.ppc64le.rpm  
bind-pkcs11-libs-debuginfo-9.11.36-3.el8_6.1.ppc64le.rpm  
bind-pkcs11-utils-debuginfo-9.11.36-3.el8_6.1.ppc64le.rpm  
bind-sdb-debuginfo-9.11.36-3.el8_6.1.ppc64le.rpm  
bind-utils-debuginfo-9.11.36-3.el8_6.1.ppc64le.rpm

s390x:  
bind-debuginfo-9.11.36-3.el8_6.1.s390x.rpm  
bind-debugsource-9.11.36-3.el8_6.1.s390x.rpm  
bind-export-devel-9.11.36-3.el8_6.1.s390x.rpm  
bind-export-libs-9.11.36-3.el8_6.1.s390x.rpm  
bind-export-libs-debuginfo-9.11.36-3.el8_6.1.s390x.rpm  
bind-libs-debuginfo-9.11.36-3.el8_6.1.s390x.rpm  
bind-libs-lite-debuginfo-9.11.36-3.el8_6.1.s390x.rpm  
bind-pkcs11-debuginfo-9.11.36-3.el8_6.1.s390x.rpm  
bind-pkcs11-libs-debuginfo-9.11.36-3.el8_6.1.s390x.rpm  
bind-pkcs11-utils-debuginfo-9.11.36-3.el8_6.1.s390x.rpm  
bind-sdb-debuginfo-9.11.36-3.el8_6.1.s390x.rpm  
bind-utils-debuginfo-9.11.36-3.el8_6.1.s390x.rpm

x86_64:  
bind-debuginfo-9.11.36-3.el8_6.1.i686.rpm  
bind-debuginfo-9.11.36-3.el8_6.1.x86_64.rpm  
bind-debugsource-9.11.36-3.el8_6.1.i686.rpm  
bind-debugsource-9.11.36-3.el8_6.1.x86_64.rpm  
bind-export-devel-9.11.36-3.el8_6.1.i686.rpm  
bind-export-devel-9.11.36-3.el8_6.1.x86_64.rpm  
bind-export-libs-9.11.36-3.el8_6.1.i686.rpm  
bind-export-libs-9.11.36-3.el8_6.1.x86_64.rpm  
bind-export-libs-debuginfo-9.11.36-3.el8_6.1.i686.rpm  
bind-export-libs-debuginfo-9.11.36-3.el8_6.1.x86_64.rpm  
bind-libs-debuginfo-9.11.36-3.el8_6.1.i686.rpm  
bind-libs-debuginfo-9.11.36-3.el8_6.1.x86_64.rpm  
bind-libs-lite-debuginfo-9.11.36-3.el8_6.1.i686.rpm  
bind-libs-lite-debuginfo-9.11.36-3.el8_6.1.x86_64.rpm  
bind-pkcs11-debuginfo-9.11.36-3.el8_6.1.i686.rpm  
bind-pkcs11-debuginfo-9.11.36-3.el8_6.1.x86_64.rpm  
bind-pkcs11-libs-debuginfo-9.11.36-3.el8_6.1.i686.rpm  
bind-pkcs11-libs-debuginfo-9.11.36-3.el8_6.1.x86_64.rpm  
bind-pkcs11-utils-debuginfo-9.11.36-3.el8_6.1.i686.rpm  
bind-pkcs11-utils-debuginfo-9.11.36-3.el8_6.1.x86_64.rpm  
bind-sdb-debuginfo-9.11.36-3.el8_6.1.i686.rpm  
bind-sdb-debuginfo-9.11.36-3.el8_6.1.x86_64.rpm  
bind-utils-debuginfo-9.11.36-3.el8_6.1.i686.rpm  
bind-utils-debuginfo-9.11.36-3.el8_6.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-38177  
https://access.redhat.com/security/cve/CVE-2022-38178  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYzyeKdzjgjWX9erEAQjuRQ//aK2tM4B1C1S2lHRGfatTLhTSe3zR9jYR  
mHYwZ+02OsMMCs51MuhJ+m92qAahyEymmonFa8W/d6lxLltYBkN8j96AMwCUIZcM  
6jMLGJ4LnEIu9ahjPtZ3wbbqvIezN03WYA7x5W8Lng0fFw0SyAuL/j2wJqL3ZypQ  
71YWKDc25HAnic65hmzdYDhPZ6DWOVifv537+V5A1Gk42ppyc0CHcuZG2PYs/Y/m  
+RXFTx7MLO4KBye4ngeZv6jPPPp+CD0i5HT9BMKRGkpYtARPUrlsAfVbF/u6lfs+  
38gffd+AVfWd97/uHqaj6YkVNCM+iX2xfsgUQp8+WLd6+CVQyRknxJfkUj2bWPWU  
+YfNSbF0RCpcI4jKvYTmwqDul9xbfUYflY1YigeVIYygFaVybW4GeVpc4kyxuVAq  
utrLJGBI1ZfYsAIi4AX4zacas9n1/dvQMUtxkbBRrY4UIj3YBJgkfqjBt6DNUp2l  
IgKYXaKiNlbxHpP7yZnm01oq5RJ5A/tUS5cBoCtcUYeDDb3dLzhKkNmaQx1cydMD  
c5rDrS8SW3ZSfstYbT9QiXMv/laUxRrttp0D39RFH5YsTl7zTWuLOGxrH08hpgrQ  
pmGI0lpJZFWO2ecKcjrhzgP25pGKi6uAoAuhg+PRUKlfPpS1ntEvG9KKanFO1y6U  
Ym8XiPxJ5Zo=yTny  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6778-01

Red Hat Security Advisory 2022-6776-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: squid:4 security update  
Advisory ID:       RHSA-2022:6776-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6776  
Issue date:        2022-10-04  
CVE Names:         CVE-2022-41318  
====================================================================  
1. Summary:

An update for the squid:4 module is now available for Red Hat Enterprise  
Linux 8.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64

3. Description:

Squid is a high-performance proxy caching server for web clients,  
supporting FTP, Gopher, and HTTP data objects.

Security Fix(es):

* squid: buffer-over-read in SSPI and SMB authentication (CVE-2022-41318)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the squid service will be restarted  
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

2129771 - CVE-2022-41318 squid: buffer-over-read in SSPI and SMB authentication

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.4):

Source:  
libecap-1.0.1-2.module+el8.1.0+4044+36416a77.src.rpm  
squid-4.11-4.module+el8.4.0+16750+7556a224.4.src.rpm

aarch64:  
libecap-1.0.1-2.module+el8.1.0+4044+36416a77.aarch64.rpm  
libecap-debuginfo-1.0.1-2.module+el8.1.0+4044+36416a77.aarch64.rpm  
libecap-debugsource-1.0.1-2.module+el8.1.0+4044+36416a77.aarch64.rpm  
libecap-devel-1.0.1-2.module+el8.1.0+4044+36416a77.aarch64.rpm  
squid-4.11-4.module+el8.4.0+16750+7556a224.4.aarch64.rpm  
squid-debuginfo-4.11-4.module+el8.4.0+16750+7556a224.4.aarch64.rpm  
squid-debugsource-4.11-4.module+el8.4.0+16750+7556a224.4.aarch64.rpm

ppc64le:  
libecap-1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le.rpm  
libecap-debuginfo-1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le.rpm  
libecap-debugsource-1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le.rpm  
libecap-devel-1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le.rpm  
squid-4.11-4.module+el8.4.0+16750+7556a224.4.ppc64le.rpm  
squid-debuginfo-4.11-4.module+el8.4.0+16750+7556a224.4.ppc64le.rpm  
squid-debugsource-4.11-4.module+el8.4.0+16750+7556a224.4.ppc64le.rpm

s390x:  
libecap-1.0.1-2.module+el8.1.0+4044+36416a77.s390x.rpm  
libecap-debuginfo-1.0.1-2.module+el8.1.0+4044+36416a77.s390x.rpm  
libecap-debugsource-1.0.1-2.module+el8.1.0+4044+36416a77.s390x.rpm  
libecap-devel-1.0.1-2.module+el8.1.0+4044+36416a77.s390x.rpm  
squid-4.11-4.module+el8.4.0+16750+7556a224.4.s390x.rpm  
squid-debuginfo-4.11-4.module+el8.4.0+16750+7556a224.4.s390x.rpm  
squid-debugsource-4.11-4.module+el8.4.0+16750+7556a224.4.s390x.rpm

x86_64:  
libecap-1.0.1-2.module+el8.1.0+4044+36416a77.x86_64.rpm  
libecap-debuginfo-1.0.1-2.module+el8.1.0+4044+36416a77.x86_64.rpm  
libecap-debugsource-1.0.1-2.module+el8.1.0+4044+36416a77.x86_64.rpm  
libecap-devel-1.0.1-2.module+el8.1.0+4044+36416a77.x86_64.rpm  
squid-4.11-4.module+el8.4.0+16750+7556a224.4.x86_64.rpm  
squid-debuginfo-4.11-4.module+el8.4.0+16750+7556a224.4.x86_64.rpm  
squid-debugsource-4.11-4.module+el8.4.0+16750+7556a224.4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-41318  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYzyeh9zjgjWX9erEAQgQpg//ZsYsRi7dKNSRkEnSy8Jk/rZPobzfDMSY  
ptx0Onz/DgfRlMY8Z8SIaUQF2K9UytGz2P3JuaR6++9Tm2EFHGbo0W06yhZ7Gvud  
dvVj8gx01y39XWDr23q+I5FJiwpS5F7AtNbXKFlUykw+YgAoYC5V6yG7ud56uFjv  
FeOHxo/u/JHJ7Jv9TVvA2UtquNYkfAip2t2cFJ5RinwuKIS/f0hDf78xmTOFyvt9  
bq5c50oLWDNTHZsmbliJfELqBvzpHltMaWgxCEhQEv+JjS3GaeTBsWDE5CNWEVwk  
6U6Ob07qMOqsfqkgap52v64YYw9vbk3R4Kzvn3sDdc77ySdjKxQXiQDNTK7XUWns  
SnUjU6omhjVenW+Bh+r61M3aycLQzv6C4gTke1ThzzgIurJk6EPJlV/9SVt9Yy+n  
gUbUXn5qGEVFiTsPdmaG+kh28wdPy1lB01PjlLuPgIUGohV1u19EDIGCSkHeK7Jp  
quXgwd0voQMa3bSHoureJG5C5WqoieXM99ortifdwp7tuFSdK0Gv4Edo8RDp0Ypf  
BO8wr7jE+4dFcdk7mRSATI38VC0iXWHffSEocOBCfleVJ7SsfaUo3Ot0SSWsoQZa  
SYn8XCZF/eimz6MlTku7Nf27kpZGxG7MBParWKtYr+YiGfXnQiJsN4ed35iw6P8f  
BFw4Lq5EP7o=LfUx  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6776-01

Red Hat Security Advisory 2022-6774-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: squid:4 security update  
Advisory ID:       RHSA-2022:6774-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6774  
Issue date:        2022-10-04  
CVE Names:         CVE-2022-41318  
====================================================================  
1. Summary:

An update for the squid:4 module is now available for Red Hat Enterprise  
Linux 8.1 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - aarch64, ppc64le, s390x, x86_64

3. Description:

Squid is a high-performance proxy caching server for web clients,  
supporting FTP, Gopher, and HTTP data objects.

Security Fix(es):

* squid: buffer-over-read in SSPI and SMB authentication (CVE-2022-41318)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the squid service will be restarted  
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

2129771 - CVE-2022-41318 squid: buffer-over-read in SSPI and SMB authentication

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

Source:  
libecap-1.0.1-2.module+el8.1.0+4044+36416a77.src.rpm  
squid-4.4-8.module+el8.1.0+16758+65e5269e.5.src.rpm

aarch64:  
libecap-1.0.1-2.module+el8.1.0+4044+36416a77.aarch64.rpm  
libecap-debuginfo-1.0.1-2.module+el8.1.0+4044+36416a77.aarch64.rpm  
libecap-debugsource-1.0.1-2.module+el8.1.0+4044+36416a77.aarch64.rpm  
libecap-devel-1.0.1-2.module+el8.1.0+4044+36416a77.aarch64.rpm  
squid-4.4-8.module+el8.1.0+16758+65e5269e.5.aarch64.rpm  
squid-debuginfo-4.4-8.module+el8.1.0+16758+65e5269e.5.aarch64.rpm  
squid-debugsource-4.4-8.module+el8.1.0+16758+65e5269e.5.aarch64.rpm

ppc64le:  
libecap-1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le.rpm  
libecap-debuginfo-1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le.rpm  
libecap-debugsource-1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le.rpm  
libecap-devel-1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le.rpm  
squid-4.4-8.module+el8.1.0+16758+65e5269e.5.ppc64le.rpm  
squid-debuginfo-4.4-8.module+el8.1.0+16758+65e5269e.5.ppc64le.rpm  
squid-debugsource-4.4-8.module+el8.1.0+16758+65e5269e.5.ppc64le.rpm

s390x:  
libecap-1.0.1-2.module+el8.1.0+4044+36416a77.s390x.rpm  
libecap-debuginfo-1.0.1-2.module+el8.1.0+4044+36416a77.s390x.rpm  
libecap-debugsource-1.0.1-2.module+el8.1.0+4044+36416a77.s390x.rpm  
libecap-devel-1.0.1-2.module+el8.1.0+4044+36416a77.s390x.rpm  
squid-4.4-8.module+el8.1.0+16758+65e5269e.5.s390x.rpm  
squid-debuginfo-4.4-8.module+el8.1.0+16758+65e5269e.5.s390x.rpm  
squid-debugsource-4.4-8.module+el8.1.0+16758+65e5269e.5.s390x.rpm

x86_64:  
libecap-1.0.1-2.module+el8.1.0+4044+36416a77.x86_64.rpm  
libecap-debuginfo-1.0.1-2.module+el8.1.0+4044+36416a77.x86_64.rpm  
libecap-debugsource-1.0.1-2.module+el8.1.0+4044+36416a77.x86_64.rpm  
libecap-devel-1.0.1-2.module+el8.1.0+4044+36416a77.x86_64.rpm  
squid-4.4-8.module+el8.1.0+16758+65e5269e.5.x86_64.rpm  
squid-debuginfo-4.4-8.module+el8.1.0+16758+65e5269e.5.x86_64.rpm  
squid-debugsource-4.4-8.module+el8.1.0+16758+65e5269e.5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-41318  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYzyem9zjgjWX9erEAQjo8g//d9koU3Cd1HK8nUjxMoUVFaGftXeWHVCs  
LUE3vcQLHqJ5RguDs+Lf7mCJJqqFgyBRX37BE2eAzt85ZCT9vmDtJlGdB1hMpFSa  
gvwXk/sUu7+X1FtTpSZ4owtytooEtbE/K65wAyTF23ldF2L+3CWXShUysHJTPx+0  
S3hDSR/MzjonA0XP5MztCeDIECbptbPv1YA2sOqDvrHXFKypTnzpjfm2VhvOYTOn  
QNgPQgf3U6SfHdlcXYt2U1iokJHnrSjipM1tz4ml0joyeifmrWpUnIoAVhpOKV+H  
wJZdeHSph8yEd8txUrFrGWA9lYvhtPqurwUWpFLEUoATsGG9T02Nxm/AaJ+2PFm3  
UBXP3s7BKv/9X26jkEyuBpXCx+yY94qYZHPBsjWXPLKc3ur3MRE39kfBl7gDainU  
cQr/A5725MmnTlrBBZ/Ea00AQ7yQXt8OS+33nR0hEg7R7oYG3krpCpswmz+ZIZ9V  
zD0wL3u1Vrp2jp+LYoWxE6V6VvVhRM1AQM1N3AxMvXgcF41ZucyJCQjCZkO+BFwH  
JnOijEj7qpExgBt3be6Iw4Y1tnkfMIlh3kMTjJUDMJwiDKzJ8y8eglbNeadImadX  
unfvRrUXmAk4sF4V9M8onVwxgMte6wPay3nuAPyuOm05LFO8MLd68PYB099dxX4b  
zmZ6TLnujjY=NYcH  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6774-01

Red Hat Security Advisory 2022-6775-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: squid:4 security update  
Advisory ID:       RHSA-2022:6775-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6775  
Issue date:        2022-10-04  
CVE Names:         CVE-2022-41318  
====================================================================  
1. Summary:

An update for the squid:4 module is now available for Red Hat Enterprise  
Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

Squid is a high-performance proxy caching server for web clients,  
supporting FTP, Gopher, and HTTP data objects.

Security Fix(es):

* squid: buffer-over-read in SSPI and SMB authentication (CVE-2022-41318)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the squid service will be restarted  
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

2129771 - CVE-2022-41318 squid: buffer-over-read in SSPI and SMB authentication

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
libecap-1.0.1-2.module+el8.1.0+4044+36416a77.src.rpm  
squid-4.15-3.module+el8.6.0+16749+7b6feaf0.2.src.rpm

aarch64:  
libecap-1.0.1-2.module+el8.1.0+4044+36416a77.aarch64.rpm  
libecap-debuginfo-1.0.1-2.module+el8.1.0+4044+36416a77.aarch64.rpm  
libecap-debugsource-1.0.1-2.module+el8.1.0+4044+36416a77.aarch64.rpm  
libecap-devel-1.0.1-2.module+el8.1.0+4044+36416a77.aarch64.rpm  
squid-4.15-3.module+el8.6.0+16749+7b6feaf0.2.aarch64.rpm  
squid-debuginfo-4.15-3.module+el8.6.0+16749+7b6feaf0.2.aarch64.rpm  
squid-debugsource-4.15-3.module+el8.6.0+16749+7b6feaf0.2.aarch64.rpm

ppc64le:  
libecap-1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le.rpm  
libecap-debuginfo-1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le.rpm  
libecap-debugsource-1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le.rpm  
libecap-devel-1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le.rpm  
squid-4.15-3.module+el8.6.0+16749+7b6feaf0.2.ppc64le.rpm  
squid-debuginfo-4.15-3.module+el8.6.0+16749+7b6feaf0.2.ppc64le.rpm  
squid-debugsource-4.15-3.module+el8.6.0+16749+7b6feaf0.2.ppc64le.rpm

s390x:  
libecap-1.0.1-2.module+el8.1.0+4044+36416a77.s390x.rpm  
libecap-debuginfo-1.0.1-2.module+el8.1.0+4044+36416a77.s390x.rpm  
libecap-debugsource-1.0.1-2.module+el8.1.0+4044+36416a77.s390x.rpm  
libecap-devel-1.0.1-2.module+el8.1.0+4044+36416a77.s390x.rpm  
squid-4.15-3.module+el8.6.0+16749+7b6feaf0.2.s390x.rpm  
squid-debuginfo-4.15-3.module+el8.6.0+16749+7b6feaf0.2.s390x.rpm  
squid-debugsource-4.15-3.module+el8.6.0+16749+7b6feaf0.2.s390x.rpm

x86_64:  
libecap-1.0.1-2.module+el8.1.0+4044+36416a77.x86_64.rpm  
libecap-debuginfo-1.0.1-2.module+el8.1.0+4044+36416a77.x86_64.rpm  
libecap-debugsource-1.0.1-2.module+el8.1.0+4044+36416a77.x86_64.rpm  
libecap-devel-1.0.1-2.module+el8.1.0+4044+36416a77.x86_64.rpm  
squid-4.15-3.module+el8.6.0+16749+7b6feaf0.2.x86_64.rpm  
squid-debuginfo-4.15-3.module+el8.6.0+16749+7b6feaf0.2.x86_64.rpm  
squid-debugsource-4.15-3.module+el8.6.0+16749+7b6feaf0.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-41318  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYzyekdzjgjWX9erEAQgvpxAAjGPkGSXRh5wOdx4naETCvP3lz1UNLXJB  
lZyGm1lyb9DV5ygJCeeqxuignhirMgQ2NXrirywYxAU0a90POI5sJaxZkTd0Jka7  
QYIg8R+Hr2t3JfxdqmN3+Qt7bhBGVQdVtrqdxS9q46WBshkZAglfqpRwLm8W4yDf  
GHCnQXXf3haOnBEiYh+ST//fkemAeiYneuZHJFijfWHPImKechF7ceyXgJQdB/N6  
WMN0QNJnhpfmMM6FhLhhrQzn2NDvzSyP1E5fFHYgqKtp7mVWozjkEbStMpmRthQL  
/AYycLpyM3E2YNeFQ4a4epK7QGqGlWFN65DpIB8l6g3jvsuHRZYVLICf5FdQa967  
W/PrpMhrrnlr+GU7sJyvvQxPfl+OTgr7HfOU4fVJNOu863Xa8x9IKI6KY6jPxHEP  
BtIOYqeL5f0+TbebogcRoF0sEijbF0+zealrReDvWRaQaWXo0/2p9Nv2u3Y93x7K  
psXc9iVBe64p5C+eMUXeTwQXH4TXCqF2Y9sAWzkaI6HWSQ/7ayyx2Pf646Xxdbe7  
wZTV1hI9scURvrhS72aEVBv4x0NSkxjlhOJgLtLa/9NMSvrwMwmq2qyS5s8Wbe9r  
dVaITz37/UnlUitxQ8Q7Wc3lB655NW5+rxQkkL7OAp8XjkZ6hOqbJdqLm/TDjoZl  
uRnaSWNu3U0=EgJ7  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Source

Packet Storm