Missing permission checks in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML.

CVE-2023-32992: Jenkins Security Advisory 2023-05-16

Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 and earlier unconditionally disables SSL/TLS certificate validation for connections to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections.

CVE-2023-32994: Jenkins Security Advisory 2023-05-16

A missing permission check in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers with Overall/Read permission to reset profiler statistics.

CVE-2023-33004: Jenkins Security Advisory 2023-05-16

Jenkins LoadComplete support Plugin 1.0 and earlier does not escape the LoadComplete test name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

CVE-2023-33007: Jenkins Security Advisory 2023-05-16

A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails.

CVE-2023-32996: Jenkins Security Advisory 2023-05-16

A vulnerability, which was classified as problematic, has been found in SourceCodester Guest Management System 1.0. Affected by this issue is some unknown functionality of the file dateTest.php of the component GET Parameter Handler. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229160.

Permalink

Cannot retrieve contributors at this time

**Guest Management System v1.0 has reflected cross-site scripting**

BUG\_Author: DRXYJ

Website source code address: https://www.sourcecodester.com/php/14664/guest-management-system-php-full-source-code.html

Vulnerability File: /guestmanagement/dateTest.php

GET parameter "name" exists reflected cross-site scripting vulnerability

Payload: /guestmanagement/dateTest.php?name="><script>alert(document.cookie)</script>&name1=Submit

The js code is successfully executed and the cookie value is returned, which proves that there is a reflected cross-site scripting vulnerability.

CVE-2023-2740: CVE/XSS.md at main · xryj920/CVE

Red Hat Security Advisory 2023-2863-01 - Ctags is a C programming language indexing and cross-reference tool.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: ctags security update  
Advisory ID:       RHSA-2023:2863-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:2863  
Issue date:        2023-05-16  
CVE Names:         CVE-2022-4515  
====================================================================  
1. Summary:

An update for ctags is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

Ctags is a C programming language indexing and cross-reference tool.

Security Fix(es):

* ctags: arbitrary command execution via a tag file with a crafted filename  
(CVE-2022-4515)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat  
Enterprise Linux 8.8 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2153519 - CVE-2022-4515 ctags: arbitrary command execution via a tag file with a crafted filename

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
ctags-5.8-23.el8.src.rpm

aarch64:  
ctags-5.8-23.el8.aarch64.rpm  
ctags-debuginfo-5.8-23.el8.aarch64.rpm  
ctags-debugsource-5.8-23.el8.aarch64.rpm

ppc64le:  
ctags-5.8-23.el8.ppc64le.rpm  
ctags-debuginfo-5.8-23.el8.ppc64le.rpm  
ctags-debugsource-5.8-23.el8.ppc64le.rpm

s390x:  
ctags-5.8-23.el8.s390x.rpm  
ctags-debuginfo-5.8-23.el8.s390x.rpm  
ctags-debugsource-5.8-23.el8.s390x.rpm

x86_64:  
ctags-5.8-23.el8.x86_64.rpm  
ctags-debuginfo-5.8-23.el8.x86_64.rpm  
ctags-debugsource-5.8-23.el8.x86_64.rpm

Red Hat Enterprise Linux CRB (v. 8):

aarch64:  
ctags-debuginfo-5.8-23.el8.aarch64.rpm  
ctags-debugsource-5.8-23.el8.aarch64.rpm  
ctags-etags-5.8-23.el8.aarch64.rpm

ppc64le:  
ctags-debuginfo-5.8-23.el8.ppc64le.rpm  
ctags-debugsource-5.8-23.el8.ppc64le.rpm  
ctags-etags-5.8-23.el8.ppc64le.rpm

s390x:  
ctags-debuginfo-5.8-23.el8.s390x.rpm  
ctags-debugsource-5.8-23.el8.s390x.rpm  
ctags-etags-5.8-23.el8.s390x.rpm

x86_64:  
ctags-debuginfo-5.8-23.el8.x86_64.rpm  
ctags-debugsource-5.8-23.el8.x86_64.rpm  
ctags-etags-5.8-23.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-4515  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGNwy9zjgjWX9erEAQghORAAhPcMdjAEpttsds8ljMdilMDa5xJqrylP  
iHC79nsZSbc3F3OfPmS8gAXVjlhCKReGjPzbvovn6ORaQJvl8I0KQOg26CBctXaC  
GcTn25EGPTU9pdMzZ6xgJEnSQxOPbSX4yvBaji+lVWTC82OKgPFRHtaz26ETLzZh  
ADCzVpQN3SpfczLMhT/gEZ4WvWWbKm8MY/luUVIIUNXz2lj1CHQowGQSawgWEf7C  
pp284YwGjxwjSkEvKZ8zLYnzWgjHz9Ji52sa1onMcpgIG7MM7V6mVhb7g5UL5Mk9  
nPIPrh45RqYhVndChF69+F2fSPyB4anWBvcrKxNHGprW5reQSmqXKI/PxV0Dv6lR  
c5vU/UOwRxcHWxzGOcHOCqPD0R7l/Tt3VvKhkXkB2CAzjoSmfB2ELom8PjSj9riv  
NCvxXBgMqPXBmvYwVFrFsYvGaAHkWVYB7K6fU9TyPl/USjBHl7aesq54Ao++KpML  
MObFechEMnP1KEg3WT9oIf7RCpvDZrNzZ4/c2dCfsSLlACxNSVaMskMvOpJN5LCQ  
Gm+WijvaAvG2fZV9gPr0WY4bAl5TdYfIAB0keSETxZIsCa5uwu+oS7KJw1TaNAmG  
qy9J/0SpmxiJYtafATiCbzJLHEKCx0TEtvnuhgXP/yqmh3kals4Q341zvMya+FSx  
shMaekwTT6QŒS/  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-2863-01

Red Hat Security Advisory 2023-3067-01 - AutoTrace is a program for converting bitmaps to vector graphics. Issues addressed include a buffer overflow vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: autotrace security update  
Advisory ID:       RHSA-2023:3067-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3067  
Issue date:        2023-05-16  
CVE Names:         CVE-2022-32323  
====================================================================  
1. Summary:

An update for autotrace is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

AutoTrace is a program for converting bitmaps to vector graphics.

Security Fix(es):

* autotrace: heap-buffer overflow via the ReadImage() at input-bmp.c  
(CVE-2022-32323)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat  
Enterprise Linux 8.8 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2107471 - CVE-2022-32323 autotrace: heap-buffer overflow via the ReadImage() at input-bmp.c

6. Package List:

Red Hat Enterprise Linux CRB (v. 8):

Source:  
autotrace-0.31.1-55.el8.src.rpm

aarch64:  
autotrace-0.31.1-55.el8.aarch64.rpm  
autotrace-debuginfo-0.31.1-55.el8.aarch64.rpm  
autotrace-debugsource-0.31.1-55.el8.aarch64.rpm

ppc64le:  
autotrace-0.31.1-55.el8.ppc64le.rpm  
autotrace-debuginfo-0.31.1-55.el8.ppc64le.rpm  
autotrace-debugsource-0.31.1-55.el8.ppc64le.rpm

s390x:  
autotrace-0.31.1-55.el8.s390x.rpm  
autotrace-debuginfo-0.31.1-55.el8.s390x.rpm  
autotrace-debugsource-0.31.1-55.el8.s390x.rpm

x86_64:  
autotrace-0.31.1-55.el8.i686.rpm  
autotrace-0.31.1-55.el8.x86_64.rpm  
autotrace-debuginfo-0.31.1-55.el8.i686.rpm  
autotrace-debuginfo-0.31.1-55.el8.x86_64.rpm  
autotrace-debugsource-0.31.1-55.el8.i686.rpm  
autotrace-debugsource-0.31.1-55.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-32323  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGNuq9zjgjWX9erEAQgKAxAAo2uU4hr+KYz0nCSwRK9wKuwzfRXMhyG5  
z4zEx3L0vcEfuOZwleWyg6RgiSJPUgFFQWjx/YxLKrD7j5QSqhyhjrQQ0/xxF9d4  
mIIIANQUS8WkugGGPRFZjCndUHS+gTRO97yDh/gnD5s6wfylqesWV33m/cNCDvlt  
+hIpLb8LP9rbmRkskigvLHHjj+P4nNqptO3a7vzHn817CDijKO2vX3zVtVI+j1Ay  
/uQMMp9o2Z3MkP6WSsM9Og92TFDrr2EuyAuXlXI2RwwM5eEb5NbYozp9k6++zYtN  
hSeduBw8TmaFTRCN5m13mgESycSl2NpzaxnkoHHYk6KsKNXXnkP5gwlmCPkyzBMB  
CeNzn8TldXJzei7n+B/JHyoD54Ia6EfyAHvsx/NnP4Y6OyM63muvxODDGRfnZQjV  
mc75A1vAWUVYwghXlbH/zB/HkEA78eW6cgkszwPL//J/U7cvLYk5xKhb8XZHPzoC  
bcE4yZJNdBQs52Zlq2z0KkjA7BVs3fa+H70W41cO3n8nJjsKkA2o73fuRkUFnIAA  
DlnfMs2IesDINAdcl2UxegAcuI5sG0YU3vsljd/JaGySgfj9ObDKVPTasIJVA6R/  
yYjRk1XrtiEF2mjAsFKkP4Yk4Bi8HAWisuPZGeZX7RyF2CL8KL8nsps5eiS8YPm8  
Cr6Kz7qZCO8=Q1x0  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3067-01

Red Hat Security Advisory 2023-3097-01 - The gssntlmssp is a GSSAPI NTLM mechanism that allows to perform NTLM authentication in GSSAPI programs. Issues addressed include memory leak and out of bounds read vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: gssntlmssp security update  
Advisory ID:       RHSA-2023:3097-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3097  
Issue date:        2023-05-16  
CVE Names:         CVE-2023-25563 CVE-2023-25564 CVE-2023-25565  
                   CVE-2023-25566 CVE-2023-25567  
====================================================================  
1. Summary:

An update for gssntlmssp is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

The gssntlmssp is a GSSAPI NTLM mechanism that allows to perform NTLM  
authentication in GSSAPI programs.

Security Fix(es):

* gssntlmssp: multiple out-of-bounds read when decoding NTLM fields  
(CVE-2023-25563)

* gssntlmssp: memory corruption when decoding UTF16 strings  
(CVE-2023-25564)

* gssntlmssp: incorrect free when decoding target information  
(CVE-2023-25565)

* gssntlmssp: memory leak when parsing usernames (CVE-2023-25566)

* gssntlmssp: out-of-bounds read when decoding target information  
(CVE-2023-25567)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2172019 - CVE-2023-25563 gssntlmssp: multiple out-of-bounds read when decoding NTLM fields  
2172020 - CVE-2023-25564 gssntlmssp: memory corruption when decoding UTF16 strings  
2172021 - CVE-2023-25565 gssntlmssp: incorrect free when decoding target information  
2172022 - CVE-2023-25566 gssntlmssp: memory leak when parsing usernames  
2172023 - CVE-2023-25567 gssntlmssp: out-of-bounds read when decoding target information

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
gssntlmssp-1.2.0-1.el8_8.src.rpm

aarch64:  
gssntlmssp-1.2.0-1.el8_8.aarch64.rpm  
gssntlmssp-debuginfo-1.2.0-1.el8_8.aarch64.rpm  
gssntlmssp-debugsource-1.2.0-1.el8_8.aarch64.rpm

ppc64le:  
gssntlmssp-1.2.0-1.el8_8.ppc64le.rpm  
gssntlmssp-debuginfo-1.2.0-1.el8_8.ppc64le.rpm  
gssntlmssp-debugsource-1.2.0-1.el8_8.ppc64le.rpm

s390x:  
gssntlmssp-1.2.0-1.el8_8.s390x.rpm  
gssntlmssp-debuginfo-1.2.0-1.el8_8.s390x.rpm  
gssntlmssp-debugsource-1.2.0-1.el8_8.s390x.rpm

x86_64:  
gssntlmssp-1.2.0-1.el8_8.x86_64.rpm  
gssntlmssp-debuginfo-1.2.0-1.el8_8.x86_64.rpm  
gssntlmssp-debugsource-1.2.0-1.el8_8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-25563  
https://access.redhat.com/security/cve/CVE-2023-25564  
https://access.redhat.com/security/cve/CVE-2023-25565  
https://access.redhat.com/security/cve/CVE-2023-25566  
https://access.redhat.com/security/cve/CVE-2023-25567  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGNwpNzjgjWX9erEAQjhaA//fxlq/Nag7VoFfE1Y5XCdKkIvvZzUZyBu  
AuzLCsBmfy9IFUIDHcS/EXiLDD56l045V7jstindFbCJGyyh/HGCgV2pXTG4VZYc  
hAGGI2jqAvIKMfuSPfS4iP3u6iWBE8HIalfFzlfgKKn/mLU+EUNhsc+Vld4D9/qx  
XuyckvMP/OqhIdN7q5hzYRYWBpnmv9Q4oOQKHPcncanlYiVRw8nf8hGZdeOonFnP  
187jWDG1djdJ9a4QUcc94aNJ3v2ySb1xIAdtHc1MZLLjtXg5XMmoTujN0Ihs10E2  
MgU0eveLoaD69vHeIpgaA7bXydSEYAIiXwkCQkcU06za1y7pmTMIPgscaLdu9HGs  
kW0YvLRlEh1liOUb/GSutqKf7Z/xW8n1P/eOtjghJRpVK+g5p1LpFiVm0Fa8+Kvq  
hJb9LchDsq8b6ATzBtF7AICq2VRHuSvQK/DEM3D6lf2N6tcnP5aKHqtoMKyaJXi1  
k/O/KWXTTHFpRUM5gp1R5GeL1V6uapgt6hlLK2/bHB9lC079njD5Sp5jdBvuIqNf  
+LdeBm7nVZVam7t91ycqU3kOF8Doy6x3Pt3T9tV7qkggcq+nogTUmoH0T/QaFpI/  
JQPTDVY0rmCeuJgUYS3EYYg8wLG9bDTybD+L32XRp6XMXZcTAVrasyRXvpQmHuaG  
KCYRZky/tysïT0  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3097-01

Red Hat Security Advisory 2023-2883-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Issues addressed include integer overflow and out of bounds write vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: libtiff security update  
Advisory ID:       RHSA-2023:2883-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:2883  
Issue date:        2023-05-16  
CVE Names:         CVE-2022-3627 CVE-2022-3970  
====================================================================  
1. Summary:

An update for libtiff is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

The libtiff packages contain a library of functions for manipulating Tagged  
Image File Format (TIFF) files.

Security Fix(es):

* libtiff: out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c  
(CVE-2022-3627)

* libtiff: integer overflow in function TIFFReadRGBATileExt of the file  
(CVE-2022-3970)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat  
Enterprise Linux 8.8 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running applications linked against libtiff must be restarted for this  
update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2142742 - CVE-2022-3627 libtiff: out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c  
2148918 - CVE-2022-3970 libtiff: integer overflow in function TIFFReadRGBATileExt of the file

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
libtiff-4.0.9-27.el8.src.rpm

aarch64:  
libtiff-4.0.9-27.el8.aarch64.rpm  
libtiff-debuginfo-4.0.9-27.el8.aarch64.rpm  
libtiff-debugsource-4.0.9-27.el8.aarch64.rpm  
libtiff-devel-4.0.9-27.el8.aarch64.rpm  
libtiff-tools-debuginfo-4.0.9-27.el8.aarch64.rpm

ppc64le:  
libtiff-4.0.9-27.el8.ppc64le.rpm  
libtiff-debuginfo-4.0.9-27.el8.ppc64le.rpm  
libtiff-debugsource-4.0.9-27.el8.ppc64le.rpm  
libtiff-devel-4.0.9-27.el8.ppc64le.rpm  
libtiff-tools-debuginfo-4.0.9-27.el8.ppc64le.rpm

s390x:  
libtiff-4.0.9-27.el8.s390x.rpm  
libtiff-debuginfo-4.0.9-27.el8.s390x.rpm  
libtiff-debugsource-4.0.9-27.el8.s390x.rpm  
libtiff-devel-4.0.9-27.el8.s390x.rpm  
libtiff-tools-debuginfo-4.0.9-27.el8.s390x.rpm

x86_64:  
libtiff-4.0.9-27.el8.i686.rpm  
libtiff-4.0.9-27.el8.x86_64.rpm  
libtiff-debuginfo-4.0.9-27.el8.i686.rpm  
libtiff-debuginfo-4.0.9-27.el8.x86_64.rpm  
libtiff-debugsource-4.0.9-27.el8.i686.rpm  
libtiff-debugsource-4.0.9-27.el8.x86_64.rpm  
libtiff-devel-4.0.9-27.el8.i686.rpm  
libtiff-devel-4.0.9-27.el8.x86_64.rpm  
libtiff-tools-debuginfo-4.0.9-27.el8.i686.rpm  
libtiff-tools-debuginfo-4.0.9-27.el8.x86_64.rpm

Red Hat Enterprise Linux CRB (v. 8):

aarch64:  
libtiff-debuginfo-4.0.9-27.el8.aarch64.rpm  
libtiff-debugsource-4.0.9-27.el8.aarch64.rpm  
libtiff-tools-4.0.9-27.el8.aarch64.rpm  
libtiff-tools-debuginfo-4.0.9-27.el8.aarch64.rpm

ppc64le:  
libtiff-debuginfo-4.0.9-27.el8.ppc64le.rpm  
libtiff-debugsource-4.0.9-27.el8.ppc64le.rpm  
libtiff-tools-4.0.9-27.el8.ppc64le.rpm  
libtiff-tools-debuginfo-4.0.9-27.el8.ppc64le.rpm

s390x:  
libtiff-debuginfo-4.0.9-27.el8.s390x.rpm  
libtiff-debugsource-4.0.9-27.el8.s390x.rpm  
libtiff-tools-4.0.9-27.el8.s390x.rpm  
libtiff-tools-debuginfo-4.0.9-27.el8.s390x.rpm

x86_64:  
libtiff-debuginfo-4.0.9-27.el8.x86_64.rpm  
libtiff-debugsource-4.0.9-27.el8.x86_64.rpm  
libtiff-tools-4.0.9-27.el8.x86_64.rpm  
libtiff-tools-debuginfo-4.0.9-27.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-3627  
https://access.redhat.com/security/cve/CVE-2022-3970  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGNu99zjgjWX9erEAQhNng//R5CzIaokN/aq5w+uo6EkRwiv6Cl7ylJo  
JSm8SclvCYwB7FsjbFeHvaWyC6hRrTnzGSnf75+uhb7XGp/WCC7vkGAGs1ES8I/o  
fLOF+47sPoelWzDpESOQT0Q2mc9KbNCiYx6kaSqnXebuU+gKMBUY9hPnznBQEosR  
6J6gEyCZzKFzgHLbZRbSrcbqIx9wpSwvEyw9rklrTkmVkWGOYm/lRRl0GKNZplHI  
363abJLz4hGqMKKk7pr2ay88p7FLsisblwbhkCHlUMv8Qhq8ymcJbWseDiU56EQg  
jewNHYTO22o1NF9Jf9JX88I6zqN8fA55mqqFXznzofCoZ5wgAAwbbXpBKAaAgzOo  
CN8xMaXbP5phKw5P1nLyk7O+cfN59sS+kP+C0znggBnkd84IckURYwFZxuqiG/ml  
NpRPCb75+HpVpC+/R2i/HHynIxOh82ns++zvTOg0s50d80f1PEc4wPXg0Q7gsa5c  
R4LpcoStagZjo7f7vLpzXOcbRSHn73lKh4/KmF78fHzFy0g6Y+C2xadntir9yCrx  
ZICjIGwW9Z8hQIzGfGuk3OLl3mWzjDiF9ohPysDioAWgbA0R/nTv/4gC9ONhPzzo  
IgmVFmrO4QfHVTyMFEsqMFnnkRQn15i8ryx+Xdh9b5mwpoak5gCiqstQitG887Xq  
/lxN1Dzba6s=wFiy  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#js