A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails.

CVE-2023-32996: Jenkins Security Advisory 2023-05-16

Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 and earlier unconditionally disables SSL/TLS certificate validation for connections to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections.

CVE-2023-32994: Jenkins Security Advisory 2023-05-16

Red Hat Security Advisory 2023-2863-01 - Ctags is a C programming language indexing and cross-reference tool.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: ctags security update  
Advisory ID:       RHSA-2023:2863-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:2863  
Issue date:        2023-05-16  
CVE Names:         CVE-2022-4515  
====================================================================  
1. Summary:

An update for ctags is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

Ctags is a C programming language indexing and cross-reference tool.

Security Fix(es):

* ctags: arbitrary command execution via a tag file with a crafted filename  
(CVE-2022-4515)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat  
Enterprise Linux 8.8 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2153519 - CVE-2022-4515 ctags: arbitrary command execution via a tag file with a crafted filename

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
ctags-5.8-23.el8.src.rpm

aarch64:  
ctags-5.8-23.el8.aarch64.rpm  
ctags-debuginfo-5.8-23.el8.aarch64.rpm  
ctags-debugsource-5.8-23.el8.aarch64.rpm

ppc64le:  
ctags-5.8-23.el8.ppc64le.rpm  
ctags-debuginfo-5.8-23.el8.ppc64le.rpm  
ctags-debugsource-5.8-23.el8.ppc64le.rpm

s390x:  
ctags-5.8-23.el8.s390x.rpm  
ctags-debuginfo-5.8-23.el8.s390x.rpm  
ctags-debugsource-5.8-23.el8.s390x.rpm

x86_64:  
ctags-5.8-23.el8.x86_64.rpm  
ctags-debuginfo-5.8-23.el8.x86_64.rpm  
ctags-debugsource-5.8-23.el8.x86_64.rpm

Red Hat Enterprise Linux CRB (v. 8):

aarch64:  
ctags-debuginfo-5.8-23.el8.aarch64.rpm  
ctags-debugsource-5.8-23.el8.aarch64.rpm  
ctags-etags-5.8-23.el8.aarch64.rpm

ppc64le:  
ctags-debuginfo-5.8-23.el8.ppc64le.rpm  
ctags-debugsource-5.8-23.el8.ppc64le.rpm  
ctags-etags-5.8-23.el8.ppc64le.rpm

s390x:  
ctags-debuginfo-5.8-23.el8.s390x.rpm  
ctags-debugsource-5.8-23.el8.s390x.rpm  
ctags-etags-5.8-23.el8.s390x.rpm

x86_64:  
ctags-debuginfo-5.8-23.el8.x86_64.rpm  
ctags-debugsource-5.8-23.el8.x86_64.rpm  
ctags-etags-5.8-23.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-4515  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGNwy9zjgjWX9erEAQghORAAhPcMdjAEpttsds8ljMdilMDa5xJqrylP  
iHC79nsZSbc3F3OfPmS8gAXVjlhCKReGjPzbvovn6ORaQJvl8I0KQOg26CBctXaC  
GcTn25EGPTU9pdMzZ6xgJEnSQxOPbSX4yvBaji+lVWTC82OKgPFRHtaz26ETLzZh  
ADCzVpQN3SpfczLMhT/gEZ4WvWWbKm8MY/luUVIIUNXz2lj1CHQowGQSawgWEf7C  
pp284YwGjxwjSkEvKZ8zLYnzWgjHz9Ji52sa1onMcpgIG7MM7V6mVhb7g5UL5Mk9  
nPIPrh45RqYhVndChF69+F2fSPyB4anWBvcrKxNHGprW5reQSmqXKI/PxV0Dv6lR  
c5vU/UOwRxcHWxzGOcHOCqPD0R7l/Tt3VvKhkXkB2CAzjoSmfB2ELom8PjSj9riv  
NCvxXBgMqPXBmvYwVFrFsYvGaAHkWVYB7K6fU9TyPl/USjBHl7aesq54Ao++KpML  
MObFechEMnP1KEg3WT9oIf7RCpvDZrNzZ4/c2dCfsSLlACxNSVaMskMvOpJN5LCQ  
Gm+WijvaAvG2fZV9gPr0WY4bAl5TdYfIAB0keSETxZIsCa5uwu+oS7KJw1TaNAmG  
qy9J/0SpmxiJYtafATiCbzJLHEKCx0TEtvnuhgXP/yqmh3kals4Q341zvMya+FSx  
shMaekwTT6QŒS/  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-2863-01

Red Hat Security Advisory 2023-3067-01 - AutoTrace is a program for converting bitmaps to vector graphics. Issues addressed include a buffer overflow vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: autotrace security update  
Advisory ID:       RHSA-2023:3067-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3067  
Issue date:        2023-05-16  
CVE Names:         CVE-2022-32323  
====================================================================  
1. Summary:

An update for autotrace is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

AutoTrace is a program for converting bitmaps to vector graphics.

Security Fix(es):

* autotrace: heap-buffer overflow via the ReadImage() at input-bmp.c  
(CVE-2022-32323)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat  
Enterprise Linux 8.8 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2107471 - CVE-2022-32323 autotrace: heap-buffer overflow via the ReadImage() at input-bmp.c

6. Package List:

Red Hat Enterprise Linux CRB (v. 8):

Source:  
autotrace-0.31.1-55.el8.src.rpm

aarch64:  
autotrace-0.31.1-55.el8.aarch64.rpm  
autotrace-debuginfo-0.31.1-55.el8.aarch64.rpm  
autotrace-debugsource-0.31.1-55.el8.aarch64.rpm

ppc64le:  
autotrace-0.31.1-55.el8.ppc64le.rpm  
autotrace-debuginfo-0.31.1-55.el8.ppc64le.rpm  
autotrace-debugsource-0.31.1-55.el8.ppc64le.rpm

s390x:  
autotrace-0.31.1-55.el8.s390x.rpm  
autotrace-debuginfo-0.31.1-55.el8.s390x.rpm  
autotrace-debugsource-0.31.1-55.el8.s390x.rpm

x86_64:  
autotrace-0.31.1-55.el8.i686.rpm  
autotrace-0.31.1-55.el8.x86_64.rpm  
autotrace-debuginfo-0.31.1-55.el8.i686.rpm  
autotrace-debuginfo-0.31.1-55.el8.x86_64.rpm  
autotrace-debugsource-0.31.1-55.el8.i686.rpm  
autotrace-debugsource-0.31.1-55.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-32323  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGNuq9zjgjWX9erEAQgKAxAAo2uU4hr+KYz0nCSwRK9wKuwzfRXMhyG5  
z4zEx3L0vcEfuOZwleWyg6RgiSJPUgFFQWjx/YxLKrD7j5QSqhyhjrQQ0/xxF9d4  
mIIIANQUS8WkugGGPRFZjCndUHS+gTRO97yDh/gnD5s6wfylqesWV33m/cNCDvlt  
+hIpLb8LP9rbmRkskigvLHHjj+P4nNqptO3a7vzHn817CDijKO2vX3zVtVI+j1Ay  
/uQMMp9o2Z3MkP6WSsM9Og92TFDrr2EuyAuXlXI2RwwM5eEb5NbYozp9k6++zYtN  
hSeduBw8TmaFTRCN5m13mgESycSl2NpzaxnkoHHYk6KsKNXXnkP5gwlmCPkyzBMB  
CeNzn8TldXJzei7n+B/JHyoD54Ia6EfyAHvsx/NnP4Y6OyM63muvxODDGRfnZQjV  
mc75A1vAWUVYwghXlbH/zB/HkEA78eW6cgkszwPL//J/U7cvLYk5xKhb8XZHPzoC  
bcE4yZJNdBQs52Zlq2z0KkjA7BVs3fa+H70W41cO3n8nJjsKkA2o73fuRkUFnIAA  
DlnfMs2IesDINAdcl2UxegAcuI5sG0YU3vsljd/JaGySgfj9ObDKVPTasIJVA6R/  
yYjRk1XrtiEF2mjAsFKkP4Yk4Bi8HAWisuPZGeZX7RyF2CL8KL8nsps5eiS8YPm8  
Cr6Kz7qZCO8=Q1x0  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3067-01

Red Hat Security Advisory 2023-3097-01 - The gssntlmssp is a GSSAPI NTLM mechanism that allows to perform NTLM authentication in GSSAPI programs. Issues addressed include memory leak and out of bounds read vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: gssntlmssp security update  
Advisory ID:       RHSA-2023:3097-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3097  
Issue date:        2023-05-16  
CVE Names:         CVE-2023-25563 CVE-2023-25564 CVE-2023-25565  
                   CVE-2023-25566 CVE-2023-25567  
====================================================================  
1. Summary:

An update for gssntlmssp is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

The gssntlmssp is a GSSAPI NTLM mechanism that allows to perform NTLM  
authentication in GSSAPI programs.

Security Fix(es):

* gssntlmssp: multiple out-of-bounds read when decoding NTLM fields  
(CVE-2023-25563)

* gssntlmssp: memory corruption when decoding UTF16 strings  
(CVE-2023-25564)

* gssntlmssp: incorrect free when decoding target information  
(CVE-2023-25565)

* gssntlmssp: memory leak when parsing usernames (CVE-2023-25566)

* gssntlmssp: out-of-bounds read when decoding target information  
(CVE-2023-25567)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2172019 - CVE-2023-25563 gssntlmssp: multiple out-of-bounds read when decoding NTLM fields  
2172020 - CVE-2023-25564 gssntlmssp: memory corruption when decoding UTF16 strings  
2172021 - CVE-2023-25565 gssntlmssp: incorrect free when decoding target information  
2172022 - CVE-2023-25566 gssntlmssp: memory leak when parsing usernames  
2172023 - CVE-2023-25567 gssntlmssp: out-of-bounds read when decoding target information

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
gssntlmssp-1.2.0-1.el8_8.src.rpm

aarch64:  
gssntlmssp-1.2.0-1.el8_8.aarch64.rpm  
gssntlmssp-debuginfo-1.2.0-1.el8_8.aarch64.rpm  
gssntlmssp-debugsource-1.2.0-1.el8_8.aarch64.rpm

ppc64le:  
gssntlmssp-1.2.0-1.el8_8.ppc64le.rpm  
gssntlmssp-debuginfo-1.2.0-1.el8_8.ppc64le.rpm  
gssntlmssp-debugsource-1.2.0-1.el8_8.ppc64le.rpm

s390x:  
gssntlmssp-1.2.0-1.el8_8.s390x.rpm  
gssntlmssp-debuginfo-1.2.0-1.el8_8.s390x.rpm  
gssntlmssp-debugsource-1.2.0-1.el8_8.s390x.rpm

x86_64:  
gssntlmssp-1.2.0-1.el8_8.x86_64.rpm  
gssntlmssp-debuginfo-1.2.0-1.el8_8.x86_64.rpm  
gssntlmssp-debugsource-1.2.0-1.el8_8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-25563  
https://access.redhat.com/security/cve/CVE-2023-25564  
https://access.redhat.com/security/cve/CVE-2023-25565  
https://access.redhat.com/security/cve/CVE-2023-25566  
https://access.redhat.com/security/cve/CVE-2023-25567  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGNwpNzjgjWX9erEAQjhaA//fxlq/Nag7VoFfE1Y5XCdKkIvvZzUZyBu  
AuzLCsBmfy9IFUIDHcS/EXiLDD56l045V7jstindFbCJGyyh/HGCgV2pXTG4VZYc  
hAGGI2jqAvIKMfuSPfS4iP3u6iWBE8HIalfFzlfgKKn/mLU+EUNhsc+Vld4D9/qx  
XuyckvMP/OqhIdN7q5hzYRYWBpnmv9Q4oOQKHPcncanlYiVRw8nf8hGZdeOonFnP  
187jWDG1djdJ9a4QUcc94aNJ3v2ySb1xIAdtHc1MZLLjtXg5XMmoTujN0Ihs10E2  
MgU0eveLoaD69vHeIpgaA7bXydSEYAIiXwkCQkcU06za1y7pmTMIPgscaLdu9HGs  
kW0YvLRlEh1liOUb/GSutqKf7Z/xW8n1P/eOtjghJRpVK+g5p1LpFiVm0Fa8+Kvq  
hJb9LchDsq8b6ATzBtF7AICq2VRHuSvQK/DEM3D6lf2N6tcnP5aKHqtoMKyaJXi1  
k/O/KWXTTHFpRUM5gp1R5GeL1V6uapgt6hlLK2/bHB9lC079njD5Sp5jdBvuIqNf  
+LdeBm7nVZVam7t91ycqU3kOF8Doy6x3Pt3T9tV7qkggcq+nogTUmoH0T/QaFpI/  
JQPTDVY0rmCeuJgUYS3EYYg8wLG9bDTybD+L32XRp6XMXZcTAVrasyRXvpQmHuaG  
KCYRZky/tysïT0  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3097-01

Red Hat Security Advisory 2023-2883-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Issues addressed include integer overflow and out of bounds write vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: libtiff security update  
Advisory ID:       RHSA-2023:2883-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:2883  
Issue date:        2023-05-16  
CVE Names:         CVE-2022-3627 CVE-2022-3970  
====================================================================  
1. Summary:

An update for libtiff is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

The libtiff packages contain a library of functions for manipulating Tagged  
Image File Format (TIFF) files.

Security Fix(es):

* libtiff: out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c  
(CVE-2022-3627)

* libtiff: integer overflow in function TIFFReadRGBATileExt of the file  
(CVE-2022-3970)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat  
Enterprise Linux 8.8 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running applications linked against libtiff must be restarted for this  
update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2142742 - CVE-2022-3627 libtiff: out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c  
2148918 - CVE-2022-3970 libtiff: integer overflow in function TIFFReadRGBATileExt of the file

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
libtiff-4.0.9-27.el8.src.rpm

aarch64:  
libtiff-4.0.9-27.el8.aarch64.rpm  
libtiff-debuginfo-4.0.9-27.el8.aarch64.rpm  
libtiff-debugsource-4.0.9-27.el8.aarch64.rpm  
libtiff-devel-4.0.9-27.el8.aarch64.rpm  
libtiff-tools-debuginfo-4.0.9-27.el8.aarch64.rpm

ppc64le:  
libtiff-4.0.9-27.el8.ppc64le.rpm  
libtiff-debuginfo-4.0.9-27.el8.ppc64le.rpm  
libtiff-debugsource-4.0.9-27.el8.ppc64le.rpm  
libtiff-devel-4.0.9-27.el8.ppc64le.rpm  
libtiff-tools-debuginfo-4.0.9-27.el8.ppc64le.rpm

s390x:  
libtiff-4.0.9-27.el8.s390x.rpm  
libtiff-debuginfo-4.0.9-27.el8.s390x.rpm  
libtiff-debugsource-4.0.9-27.el8.s390x.rpm  
libtiff-devel-4.0.9-27.el8.s390x.rpm  
libtiff-tools-debuginfo-4.0.9-27.el8.s390x.rpm

x86_64:  
libtiff-4.0.9-27.el8.i686.rpm  
libtiff-4.0.9-27.el8.x86_64.rpm  
libtiff-debuginfo-4.0.9-27.el8.i686.rpm  
libtiff-debuginfo-4.0.9-27.el8.x86_64.rpm  
libtiff-debugsource-4.0.9-27.el8.i686.rpm  
libtiff-debugsource-4.0.9-27.el8.x86_64.rpm  
libtiff-devel-4.0.9-27.el8.i686.rpm  
libtiff-devel-4.0.9-27.el8.x86_64.rpm  
libtiff-tools-debuginfo-4.0.9-27.el8.i686.rpm  
libtiff-tools-debuginfo-4.0.9-27.el8.x86_64.rpm

Red Hat Enterprise Linux CRB (v. 8):

aarch64:  
libtiff-debuginfo-4.0.9-27.el8.aarch64.rpm  
libtiff-debugsource-4.0.9-27.el8.aarch64.rpm  
libtiff-tools-4.0.9-27.el8.aarch64.rpm  
libtiff-tools-debuginfo-4.0.9-27.el8.aarch64.rpm

ppc64le:  
libtiff-debuginfo-4.0.9-27.el8.ppc64le.rpm  
libtiff-debugsource-4.0.9-27.el8.ppc64le.rpm  
libtiff-tools-4.0.9-27.el8.ppc64le.rpm  
libtiff-tools-debuginfo-4.0.9-27.el8.ppc64le.rpm

s390x:  
libtiff-debuginfo-4.0.9-27.el8.s390x.rpm  
libtiff-debugsource-4.0.9-27.el8.s390x.rpm  
libtiff-tools-4.0.9-27.el8.s390x.rpm  
libtiff-tools-debuginfo-4.0.9-27.el8.s390x.rpm

x86_64:  
libtiff-debuginfo-4.0.9-27.el8.x86_64.rpm  
libtiff-debugsource-4.0.9-27.el8.x86_64.rpm  
libtiff-tools-4.0.9-27.el8.x86_64.rpm  
libtiff-tools-debuginfo-4.0.9-27.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-3627  
https://access.redhat.com/security/cve/CVE-2022-3970  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGNu99zjgjWX9erEAQhNng//R5CzIaokN/aq5w+uo6EkRwiv6Cl7ylJo  
JSm8SclvCYwB7FsjbFeHvaWyC6hRrTnzGSnf75+uhb7XGp/WCC7vkGAGs1ES8I/o  
fLOF+47sPoelWzDpESOQT0Q2mc9KbNCiYx6kaSqnXebuU+gKMBUY9hPnznBQEosR  
6J6gEyCZzKFzgHLbZRbSrcbqIx9wpSwvEyw9rklrTkmVkWGOYm/lRRl0GKNZplHI  
363abJLz4hGqMKKk7pr2ay88p7FLsisblwbhkCHlUMv8Qhq8ymcJbWseDiU56EQg  
jewNHYTO22o1NF9Jf9JX88I6zqN8fA55mqqFXznzofCoZ5wgAAwbbXpBKAaAgzOo  
CN8xMaXbP5phKw5P1nLyk7O+cfN59sS+kP+C0znggBnkd84IckURYwFZxuqiG/ml  
NpRPCb75+HpVpC+/R2i/HHynIxOh82ns++zvTOg0s50d80f1PEc4wPXg0Q7gsa5c  
R4LpcoStagZjo7f7vLpzXOcbRSHn73lKh4/KmF78fHzFy0g6Y+C2xadntir9yCrx  
ZICjIGwW9Z8hQIzGfGuk3OLl3mWzjDiF9ohPysDioAWgbA0R/nTv/4gC9ONhPzzo  
IgmVFmrO4QfHVTyMFEsqMFnnkRQn15i8ryx+Xdh9b5mwpoak5gCiqstQitG887Xq  
/lxN1Dzba6s=wFiy  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-2883-01

Red Hat Security Advisory 2023-2870-01 - FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. Issues addressed include an information leakage vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: freeradius:3.0 security update  
Advisory ID:       RHSA-2023:2870-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:2870  
Issue date:        2023-05-16  
CVE Names:         CVE-2022-41859 CVE-2022-41860 CVE-2022-41861  
====================================================================  
1. Summary:

An update for the freeradius:3.0 module is now available for Red Hat  
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

FreeRADIUS is a high-performance and highly configurable free Remote  
Authentication Dial In User Service (RADIUS) server, designed to allow  
centralized authentication and authorization for a network.

Security Fix(es):

* freeradius: Information leakage in EAP-PWD (CVE-2022-41859)

* freeradius: Crash on unknown option in EAP-SIM (CVE-2022-41860)

* freeradius: Crash on invalid abinary data (CVE-2022-41861)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat  
Enterprise Linux 8.8 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2078483 - CVE-2022-41859 freeradius: Information leakage in EAP-PWD  
2078485 - CVE-2022-41860 freeradius: Crash on unknown option in EAP-SIM  
2078487 - CVE-2022-41861 freeradius: Crash on invalid abinary data

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
freeradius-3.0.20-14.module+el8.8.0+17558+3f8a93b9.src.rpm

aarch64:  
freeradius-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm  
freeradius-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm  
freeradius-debugsource-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm  
freeradius-devel-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm  
freeradius-doc-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm  
freeradius-krb5-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm  
freeradius-krb5-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm  
freeradius-ldap-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm  
freeradius-ldap-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm  
freeradius-mysql-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm  
freeradius-mysql-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm  
freeradius-perl-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm  
freeradius-perl-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm  
freeradius-postgresql-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm  
freeradius-postgresql-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm  
freeradius-rest-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm  
freeradius-rest-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm  
freeradius-sqlite-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm  
freeradius-sqlite-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm  
freeradius-unixODBC-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm  
freeradius-unixODBC-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm  
freeradius-utils-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm  
freeradius-utils-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm  
python3-freeradius-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm  
python3-freeradius-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm

ppc64le:  
freeradius-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm  
freeradius-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm  
freeradius-debugsource-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm  
freeradius-devel-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm  
freeradius-doc-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm  
freeradius-krb5-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm  
freeradius-krb5-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm  
freeradius-ldap-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm  
freeradius-ldap-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm  
freeradius-mysql-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm  
freeradius-mysql-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm  
freeradius-perl-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm  
freeradius-perl-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm  
freeradius-postgresql-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm  
freeradius-postgresql-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm  
freeradius-rest-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm  
freeradius-rest-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm  
freeradius-sqlite-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm  
freeradius-sqlite-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm  
freeradius-unixODBC-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm  
freeradius-unixODBC-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm  
freeradius-utils-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm  
freeradius-utils-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm  
python3-freeradius-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm  
python3-freeradius-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm

s390x:  
freeradius-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm  
freeradius-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm  
freeradius-debugsource-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm  
freeradius-devel-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm  
freeradius-doc-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm  
freeradius-krb5-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm  
freeradius-krb5-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm  
freeradius-ldap-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm  
freeradius-ldap-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm  
freeradius-mysql-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm  
freeradius-mysql-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm  
freeradius-perl-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm  
freeradius-perl-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm  
freeradius-postgresql-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm  
freeradius-postgresql-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm  
freeradius-rest-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm  
freeradius-rest-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm  
freeradius-sqlite-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm  
freeradius-sqlite-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm  
freeradius-unixODBC-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm  
freeradius-unixODBC-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm  
freeradius-utils-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm  
freeradius-utils-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm  
python3-freeradius-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm  
python3-freeradius-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm

x86_64:  
freeradius-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm  
freeradius-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm  
freeradius-debugsource-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm  
freeradius-devel-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm  
freeradius-doc-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm  
freeradius-krb5-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm  
freeradius-krb5-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm  
freeradius-ldap-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm  
freeradius-ldap-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm  
freeradius-mysql-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm  
freeradius-mysql-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm  
freeradius-perl-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm  
freeradius-perl-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm  
freeradius-postgresql-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm  
freeradius-postgresql-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm  
freeradius-rest-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm  
freeradius-rest-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm  
freeradius-sqlite-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm  
freeradius-sqlite-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm  
freeradius-unixODBC-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm  
freeradius-unixODBC-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm  
freeradius-utils-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm  
freeradius-utils-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm  
python3-freeradius-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm  
python3-freeradius-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-41859  
https://access.redhat.com/security/cve/CVE-2022-41860  
https://access.redhat.com/security/cve/CVE-2022-41861  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGNw09zjgjWX9erEAQgtzRAAjlyD8uI8FfESOtIeR1n/NpQY9LXdp2J8  
gu8Zb2WITaVFMHMuXcWHn+PdDywpsmJyTtv8kVd3/c51KiAWnIW2efb1kmsOpY+h  
3igUWG00vfnixCvV1ghk5IHvY3e0QUtzinC5HVtcZqhBIP/ek5ZxXR328q69/gmf  
hWgT3HHWh0QMRBTwYhj09wWdVXz87zb3Pc/ZkoWEMWMNDdY00iV2OZW09HRzP+zq  
Qn8YBMHGX+yuX3SnOrjCYg1RXsn+Lev0iYz6gAHhuMTwmknCRAKhhvtmaeaOu43G  
jlMiS6mZWRbyzcAbKHjbw+PJXGF1M5WfMRjSSUsbQzcfiNKA3HDiHF/bXnZDFhPu  
Mo6nhgX1ofAUYUnbGMZnrE3uLm1Bw8tGS30lXjn+LxWO03c+94mS3xV1KslukCgA  
p0k1e+sPAEbOcNEuo+SE+HUnt+1zebfaSkdZPalJKunUeD29vjbUHQ7yE0eC/VXd  
YtppGvnZSFAcy0noOElvDHl0p2RcrJYZQeVjZMbWb6VqBMLfYGmzpLJGzU+IcHeC  
i153a+ArRi+4FmkBMne/wRg1SzfjlOSUZR2cbFCOkh70ugSU98VPJ0H5CHjiNxb3  
QSI16Q8647Ckn5pC5ctoFF/vY2o0ivJVS/K75f4/qv5JiLnk0KAGeG2RgAVuYeNk  
KOFlmlXluBY=1hXc  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-2870-01

Red Hat Security Advisory 2023-2834-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include buffer overflow, bypass, code execution, information leakage, out of bounds write, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: webkit2gtk3 security and bug fix update  
Advisory ID:       RHSA-2023:2834-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:2834  
Issue date:        2023-05-16  
CVE Names:         CVE-2022-32886 CVE-2022-32888 CVE-2022-32923  
                   CVE-2022-42799 CVE-2022-42823 CVE-2022-42824  
                   CVE-2022-42826 CVE-2022-42852 CVE-2022-42863  
                   CVE-2022-42867 CVE-2022-46691 CVE-2022-46692  
                   CVE-2022-46698 CVE-2022-46699 CVE-2022-46700  
                   CVE-2023-23517 CVE-2023-23518 CVE-2023-25358  
                   CVE-2023-25360 CVE-2023-25361 CVE-2023-25362  
                   CVE-2023-25363  
====================================================================  
1. Summary:

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

WebKitGTK is the port of the portable web rendering engine WebKit to the  
GTK platform.

Security Fix(es):

* webkitgtk: use-after-free issue leading to arbitrary code execution  
(CVE-2022-42826)

* webkitgtk: memory corruption issue leading to arbitrary code execution  
(CVE-2023-23517)

* webkitgtk: memory corruption issue leading to arbitrary code execution  
(CVE-2023-23518)

* webkitgtk: buffer overflow issue was addressed with improved memory  
handling (CVE-2022-32886)

* webkitgtk: out-of-bounds write issue was addressed with improved bounds  
checking (CVE-2022-32888)

* webkitgtk: correctness issue in the JIT was addressed with improved  
checks (CVE-2022-32923)

* webkitgtk: issue was addressed with improved UI handling (CVE-2022-42799)

* webkitgtk: type confusion issue leading to arbitrary code execution  
(CVE-2022-42823)

* webkitgtk: sensitive information disclosure issue (CVE-2022-42824)

* webkitgtk: memory disclosure issue was addressed with improved memory  
handling (CVE-2022-42852)

* webkitgtk: memory corruption issue leading to arbitrary code execution  
(CVE-2022-42863)

* webkitgtk: use-after-free issue leading to arbitrary code execution  
(CVE-2022-42867)

* webkitgtk: memory corruption issue leading to arbitrary code execution  
(CVE-2022-46691)

* webkitgtk: Same Origin Policy bypass issue (CVE-2022-46692)

* webkitgtk: logic issue leading to user information disclosure  
(CVE-2022-46698)

* webkitgtk: memory corruption issue leading to arbitrary code execution  
(CVE-2022-46699)

* webkitgtk: memory corruption issue leading to arbitrary code execution  
(CVE-2022-46700)

* webkitgtk: heap-use-after-free in WebCore::RenderLayer::addChild()  
(CVE-2023-25358)

* webkitgtk: heap-use-after-free in WebCore::RenderLayer::renderer()  
(CVE-2023-25360)

* webkitgtk: heap-use-after-free in WebCore::RenderLayer::setNextSibling()  
(CVE-2023-25361)

* webkitgtk: heap-use-after-free in  
WebCore::RenderLayer::repaintBlockSelectionGaps() (CVE-2023-25362)

* webkitgtk: heap-use-after-free in  
WebCore::RenderLayer::updateDescendantDependentFlags() (CVE-2023-25363)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat  
Enterprise Linux 8.8 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2127468 - Upgrade WebKitGTK for RHEL 8.8  
2128643 - CVE-2022-32886 webkitgtk: buffer overflow issue was addressed with improved memory handling  
2140501 - CVE-2022-32888 webkitgtk: out-of-bounds write issue was addressed with improved bounds checking  
2140502 - CVE-2022-32923 webkitgtk: correctness issue in the JIT was addressed with improved checks  
2140503 - CVE-2022-42799 webkitgtk: issue was addressed with improved UI handling  
2140504 - CVE-2022-42824 webkitgtk: sensitive information disclosure issue  
2140505 - CVE-2022-42823 webkitgtk: type confusion issue leading to arbitrary code execution  
2150970 - Can't create Google account  
2156986 - CVE-2022-42852 webkitgtk: memory disclosure issue was addressed with improved memory handling  
2156987 - CVE-2022-42863 webkitgtk: memory corruption issue leading to arbitrary code execution  
2156989 - CVE-2022-42867 webkitgtk: use-after-free issue leading to arbitrary code execution  
2156990 - CVE-2022-46691 webkitgtk: memory corruption issue leading to arbitrary code execution  
2156991 - CVE-2022-46692 webkitgtk: Same Origin Policy bypass issue  
2156992 - CVE-2022-46698 webkitgtk: logic issue leading to user information disclosure  
2156993 - CVE-2022-46699 webkitgtk: memory corruption issue leading to arbitrary code execution  
2156994 - CVE-2022-46700 webkitgtk: memory corruption issue leading to arbitrary code execution  
2167715 - CVE-2023-23518 webkitgtk: memory corruption issue leading to arbitrary code execution  
2167716 - CVE-2022-42826 webkitgtk: use-after-free issue leading to arbitrary code execution  
2167717 - CVE-2023-23517 webkitgtk: memory corruption issue leading to arbitrary code execution  
2175099 - CVE-2023-25358 webkitgtk: heap-use-after-free in WebCore::RenderLayer::addChild()  
2175101 - CVE-2023-25360 webkitgtk: heap-use-after-free in WebCore::RenderLayer::renderer()  
2175103 - CVE-2023-25361 webkitgtk: heap-use-after-free in WebCore::RenderLayer::setNextSibling()  
2175105 - CVE-2023-25362 webkitgtk: heap-use-after-free in WebCore::RenderLayer::repaintBlockSelectionGaps()  
2175107 - CVE-2023-25363 webkitgtk: heap-use-after-free in WebCore::RenderLayer::updateDescendantDependentFlags()

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
webkit2gtk3-2.38.5-1.el8.src.rpm

aarch64:  
webkit2gtk3-2.38.5-1.el8.aarch64.rpm  
webkit2gtk3-debuginfo-2.38.5-1.el8.aarch64.rpm  
webkit2gtk3-debugsource-2.38.5-1.el8.aarch64.rpm  
webkit2gtk3-devel-2.38.5-1.el8.aarch64.rpm  
webkit2gtk3-devel-debuginfo-2.38.5-1.el8.aarch64.rpm  
webkit2gtk3-jsc-2.38.5-1.el8.aarch64.rpm  
webkit2gtk3-jsc-debuginfo-2.38.5-1.el8.aarch64.rpm  
webkit2gtk3-jsc-devel-2.38.5-1.el8.aarch64.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el8.aarch64.rpm

ppc64le:  
webkit2gtk3-2.38.5-1.el8.ppc64le.rpm  
webkit2gtk3-debuginfo-2.38.5-1.el8.ppc64le.rpm  
webkit2gtk3-debugsource-2.38.5-1.el8.ppc64le.rpm  
webkit2gtk3-devel-2.38.5-1.el8.ppc64le.rpm  
webkit2gtk3-devel-debuginfo-2.38.5-1.el8.ppc64le.rpm  
webkit2gtk3-jsc-2.38.5-1.el8.ppc64le.rpm  
webkit2gtk3-jsc-debuginfo-2.38.5-1.el8.ppc64le.rpm  
webkit2gtk3-jsc-devel-2.38.5-1.el8.ppc64le.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el8.ppc64le.rpm

s390x:  
webkit2gtk3-2.38.5-1.el8.s390x.rpm  
webkit2gtk3-debuginfo-2.38.5-1.el8.s390x.rpm  
webkit2gtk3-debugsource-2.38.5-1.el8.s390x.rpm  
webkit2gtk3-devel-2.38.5-1.el8.s390x.rpm  
webkit2gtk3-devel-debuginfo-2.38.5-1.el8.s390x.rpm  
webkit2gtk3-jsc-2.38.5-1.el8.s390x.rpm  
webkit2gtk3-jsc-debuginfo-2.38.5-1.el8.s390x.rpm  
webkit2gtk3-jsc-devel-2.38.5-1.el8.s390x.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el8.s390x.rpm

x86_64:  
webkit2gtk3-2.38.5-1.el8.i686.rpm  
webkit2gtk3-2.38.5-1.el8.x86_64.rpm  
webkit2gtk3-debuginfo-2.38.5-1.el8.i686.rpm  
webkit2gtk3-debuginfo-2.38.5-1.el8.x86_64.rpm  
webkit2gtk3-debugsource-2.38.5-1.el8.i686.rpm  
webkit2gtk3-debugsource-2.38.5-1.el8.x86_64.rpm  
webkit2gtk3-devel-2.38.5-1.el8.i686.rpm  
webkit2gtk3-devel-2.38.5-1.el8.x86_64.rpm  
webkit2gtk3-devel-debuginfo-2.38.5-1.el8.i686.rpm  
webkit2gtk3-devel-debuginfo-2.38.5-1.el8.x86_64.rpm  
webkit2gtk3-jsc-2.38.5-1.el8.i686.rpm  
webkit2gtk3-jsc-2.38.5-1.el8.x86_64.rpm  
webkit2gtk3-jsc-debuginfo-2.38.5-1.el8.i686.rpm  
webkit2gtk3-jsc-debuginfo-2.38.5-1.el8.x86_64.rpm  
webkit2gtk3-jsc-devel-2.38.5-1.el8.i686.rpm  
webkit2gtk3-jsc-devel-2.38.5-1.el8.x86_64.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el8.i686.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-32886  
https://access.redhat.com/security/cve/CVE-2022-32888  
https://access.redhat.com/security/cve/CVE-2022-32923  
https://access.redhat.com/security/cve/CVE-2022-42799  
https://access.redhat.com/security/cve/CVE-2022-42823  
https://access.redhat.com/security/cve/CVE-2022-42824  
https://access.redhat.com/security/cve/CVE-2022-42826  
https://access.redhat.com/security/cve/CVE-2022-42852  
https://access.redhat.com/security/cve/CVE-2022-42863  
https://access.redhat.com/security/cve/CVE-2022-42867  
https://access.redhat.com/security/cve/CVE-2022-46691  
https://access.redhat.com/security/cve/CVE-2022-46692  
https://access.redhat.com/security/cve/CVE-2022-46698  
https://access.redhat.com/security/cve/CVE-2022-46699  
https://access.redhat.com/security/cve/CVE-2022-46700  
https://access.redhat.com/security/cve/CVE-2023-23517  
https://access.redhat.com/security/cve/CVE-2023-23518  
https://access.redhat.com/security/cve/CVE-2023-25358  
https://access.redhat.com/security/cve/CVE-2023-25360  
https://access.redhat.com/security/cve/CVE-2023-25361  
https://access.redhat.com/security/cve/CVE-2023-25362  
https://access.redhat.com/security/cve/CVE-2023-25363  
https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGNwwdzjgjWX9erEAQi3tBAAjImojT9z/AQ07EueAkwPWY9qnR++Q8+p  
CVRVlNDkP/wfqxA1GthBBKCrholfiWqbk4HWgyoZCN/WaSD0T1I2asc/Y4bbBoc8  
U1+0blOxRvZrSKQin22U/XW2wS8xYqBQLRuokwB0VSYhG5H2Q+zVqMp1AncKmTFb  
hS9WLdX4e4JDp+WLgvSmr3uDSnAjp67oXdjxtPhE1Buf/MU8GpHfvmQPAFe50HAm  
kf50Zf8dQK2XgRgefNBKgNM/xXPOQI+dozNwyNV+XZxOlIQX5N+wyuRVsIWOrOPu  
KJkSSugX+FuVAYdNBY0sRxT5kmPao4jUqPPZ8gsHlySCOpRj18IAnuQwEfHoxZKf  
xbTlGkhHjqfsCm7M4s/iDuJPd1tiXAJCbxZpPqP5ky6n0qTAq3O65fwFHgp/uGZp  
8nmvkD3nuZhEk2GcCkAxUkIqpaYvLqHUX+sH7ujQ0tZNONOYTEVNsMQmCZqNkSVv  
CdAnDx4iwR2KtLKamRo5EIVA72lksLTNVz7dFZy497CMcapX5yR7E1c2ht11vQS0  
U0tYmvklWwTxqV9QGHnXblEWki631sOfO+Ku87INm5E75RGpzT8lc9LxHgwn4rV5  
KQ7/AGQWND349MlDqM6WP/B3JHzxSH/S3uMIlUvcNjqYwqSjv8sjU96SiZaEAtRp  
TrPuMTnh/ro=FlQx  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-2834-01

Red Hat Security Advisory 2023-2867-01 - PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Issues addressed include an information leakage vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: postgresql-jdbc security update  
Advisory ID:       RHSA-2023:2867-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:2867  
Issue date:        2023-05-16  
CVE Names:         CVE-2022-41946  
====================================================================  
1. Summary:

An update for postgresql-jdbc is now available for Red Hat Enterprise Linux  
8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - noarch

3. Description:

PostgreSQL is an advanced object-relational database management system. The  
postgresql-jdbc package includes the .jar files needed for Java programs to  
access a PostgreSQL database.

Security Fix(es):

* postgresql-jdbc: Information leak of prepared statement data due to  
insecure temporary file permissions (CVE-2022-41946)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat  
Enterprise Linux 8.8 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

If the postgresql service is running, it will be automatically restarted  
after installing this update.

5. Bugs fixed (https://bugzilla.redhat.com/):

2153399 - CVE-2022-41946 postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
postgresql-jdbc-42.2.14-2.el8.src.rpm

noarch:  
postgresql-jdbc-42.2.14-2.el8.noarch.rpm  
postgresql-jdbc-javadoc-42.2.14-2.el8.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-41946  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGNwZdzjgjWX9erEAQhNSQ//YpPuZFt7iaxfqGkipUlmOP14UPB+gBTl  
ee6H9lypCT/7/67n/P5TdEPj52l1oFPuBBx7dJLqNidn6TvUKh5RFtED94eNOtS5  
r3ICcN1rI4EOS6UUD6z0qy4GdGpX4FzpvQ+7Po7vMjSWfPqJh/JtFZ+83Bf4L/eR  
sgs5mEqNCC6Hfu4IJWEtlDsxBB4uaSFS/tppbCvAvPPqtcUFxxNElukNhNyiUdy8  
CYyNb3jHNmL8x62NfdW2AMWGiD2adK/5CzNxHSUhjSWTJLCe8a19M+maptVUGvhv  
kb/VlO4xIE3LTihCVgC/Ja5pab/bsBkZRiFDohp3Rb9uggET1m2AK+T5s2HVjOxE  
QlK1B6W9JDlTN9NtR4QKPYh+FPBFjilgFQWVuwWhbfrJHQIN4x9nKh0Dd8XSvx2u  
Kc38hcRYDMGfw8nLvdQ/yHjZ8GJUQkK+RjXJrury6IEZaT4y1pRpFSLMmDRXXrnh  
hv8jEUH1VlqV2qXF8FlmDtJKbIXzAatm78ipAqdM7T8tTo4nDXukjggMij13ECRA  
XAnFDRzTWDozUMMY7daQVKgKgFLV96Lwnq/mniy/8X14Umk83AHpNM+E/EQrr+59  
nux7O9WC5Kax2fQ8CVr8tj0/curJRVBArPnnHQ0qN7HNWyZqpUYPii21ayGI7KA4  
wom10Fuhj7Q=Jop5  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-2867-01

Red Hat Security Advisory 2023-2851-01 - FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Issues addressed include buffer overflow and out of bounds read vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: freerdp security update  
Advisory ID:       RHSA-2023:2851-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:2851  
Issue date:        2023-05-16  
CVE Names:         CVE-2022-39282 CVE-2022-39283 CVE-2022-39316  
                   CVE-2022-39317 CVE-2022-39318 CVE-2022-39319  
                   CVE-2022-39320 CVE-2022-39347 CVE-2022-41877  
====================================================================  
1. Summary:

An update for freerdp is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP),  
released under the Apache license. The xfreerdp client can connect to RDP  
servers such as Microsoft Windows machines, xrdp, and VirtualBox.

Security Fix(es):

* freerdp: clients using `/parallel` command line switch might read  
uninitialized data (CVE-2022-39282)

* freerdp: clients using the `/video` command line switch might read  
uninitialized data (CVE-2022-39283)

* freerdp: out of bounds read in zgfx decoder (CVE-2022-39316)

* freerdp: undefined behaviour in zgfx decoder (CVE-2022-39317)

* freerdp: division by zero in urbdrc channel (CVE-2022-39318)

* freerdp: missing length validation in urbdrc channel (CVE-2022-39319)

* freerdp: heap buffer overflow in urbdrc channel (CVE-2022-39320)

* freerdp: missing path sanitation with `drive` channel (CVE-2022-39347)

* freerdp: missing input length validation in `drive` channel  
(CVE-2022-41877)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat  
Enterprise Linux 8.8 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2134713 - CVE-2022-39282 freerdp: clients using `/parallel` command line switch might read uninitialized data  
2134717 - CVE-2022-39283 freerdp: clients using the `/video` command line switch might read uninitialized data  
2143642 - CVE-2022-39316 freerdp: out of bounds read in zgfx decoder  
2143643 - CVE-2022-39317 freerdp: undefined behaviour in zgfx decoder  
2143644 - CVE-2022-39318 freerdp: division by zero in urbdrc channel  
2143645 - CVE-2022-39319 freerdp: missing length validation in urbdrc channel  
2143646 - CVE-2022-39320 freerdp: heap buffer overflow in urbdrc channel  
2143647 - CVE-2022-39347 freerdp: missing path sanitation with `drive` channel  
2143648 - CVE-2022-41877 freerdp: missing input length validation in `drive` channel

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
freerdp-2.2.0-10.el8.src.rpm

aarch64:  
freerdp-2.2.0-10.el8.aarch64.rpm  
freerdp-debuginfo-2.2.0-10.el8.aarch64.rpm  
freerdp-debugsource-2.2.0-10.el8.aarch64.rpm  
freerdp-libs-2.2.0-10.el8.aarch64.rpm  
freerdp-libs-debuginfo-2.2.0-10.el8.aarch64.rpm  
libwinpr-2.2.0-10.el8.aarch64.rpm  
libwinpr-debuginfo-2.2.0-10.el8.aarch64.rpm  
libwinpr-devel-2.2.0-10.el8.aarch64.rpm

ppc64le:  
freerdp-2.2.0-10.el8.ppc64le.rpm  
freerdp-debuginfo-2.2.0-10.el8.ppc64le.rpm  
freerdp-debugsource-2.2.0-10.el8.ppc64le.rpm  
freerdp-libs-2.2.0-10.el8.ppc64le.rpm  
freerdp-libs-debuginfo-2.2.0-10.el8.ppc64le.rpm  
libwinpr-2.2.0-10.el8.ppc64le.rpm  
libwinpr-debuginfo-2.2.0-10.el8.ppc64le.rpm  
libwinpr-devel-2.2.0-10.el8.ppc64le.rpm

s390x:  
freerdp-2.2.0-10.el8.s390x.rpm  
freerdp-debuginfo-2.2.0-10.el8.s390x.rpm  
freerdp-debugsource-2.2.0-10.el8.s390x.rpm  
freerdp-libs-2.2.0-10.el8.s390x.rpm  
freerdp-libs-debuginfo-2.2.0-10.el8.s390x.rpm  
libwinpr-2.2.0-10.el8.s390x.rpm  
libwinpr-debuginfo-2.2.0-10.el8.s390x.rpm  
libwinpr-devel-2.2.0-10.el8.s390x.rpm

x86_64:  
freerdp-2.2.0-10.el8.x86_64.rpm  
freerdp-debuginfo-2.2.0-10.el8.i686.rpm  
freerdp-debuginfo-2.2.0-10.el8.x86_64.rpm  
freerdp-debugsource-2.2.0-10.el8.i686.rpm  
freerdp-debugsource-2.2.0-10.el8.x86_64.rpm  
freerdp-libs-2.2.0-10.el8.i686.rpm  
freerdp-libs-2.2.0-10.el8.x86_64.rpm  
freerdp-libs-debuginfo-2.2.0-10.el8.i686.rpm  
freerdp-libs-debuginfo-2.2.0-10.el8.x86_64.rpm  
libwinpr-2.2.0-10.el8.i686.rpm  
libwinpr-2.2.0-10.el8.x86_64.rpm  
libwinpr-debuginfo-2.2.0-10.el8.i686.rpm  
libwinpr-debuginfo-2.2.0-10.el8.x86_64.rpm  
libwinpr-devel-2.2.0-10.el8.i686.rpm  
libwinpr-devel-2.2.0-10.el8.x86_64.rpm

Red Hat Enterprise Linux CRB (v. 8):

aarch64:  
freerdp-debuginfo-2.2.0-10.el8.aarch64.rpm  
freerdp-debugsource-2.2.0-10.el8.aarch64.rpm  
freerdp-devel-2.2.0-10.el8.aarch64.rpm  
freerdp-libs-debuginfo-2.2.0-10.el8.aarch64.rpm  
libwinpr-debuginfo-2.2.0-10.el8.aarch64.rpm

ppc64le:  
freerdp-debuginfo-2.2.0-10.el8.ppc64le.rpm  
freerdp-debugsource-2.2.0-10.el8.ppc64le.rpm  
freerdp-devel-2.2.0-10.el8.ppc64le.rpm  
freerdp-libs-debuginfo-2.2.0-10.el8.ppc64le.rpm  
libwinpr-debuginfo-2.2.0-10.el8.ppc64le.rpm

s390x:  
freerdp-debuginfo-2.2.0-10.el8.s390x.rpm  
freerdp-debugsource-2.2.0-10.el8.s390x.rpm  
freerdp-devel-2.2.0-10.el8.s390x.rpm  
freerdp-libs-debuginfo-2.2.0-10.el8.s390x.rpm  
libwinpr-debuginfo-2.2.0-10.el8.s390x.rpm

x86_64:  
freerdp-debuginfo-2.2.0-10.el8.i686.rpm  
freerdp-debuginfo-2.2.0-10.el8.x86_64.rpm  
freerdp-debugsource-2.2.0-10.el8.i686.rpm  
freerdp-debugsource-2.2.0-10.el8.x86_64.rpm  
freerdp-devel-2.2.0-10.el8.i686.rpm  
freerdp-devel-2.2.0-10.el8.x86_64.rpm  
freerdp-libs-debuginfo-2.2.0-10.el8.i686.rpm  
freerdp-libs-debuginfo-2.2.0-10.el8.x86_64.rpm  
libwinpr-debuginfo-2.2.0-10.el8.i686.rpm  
libwinpr-debuginfo-2.2.0-10.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-39282  
https://access.redhat.com/security/cve/CVE-2022-39283  
https://access.redhat.com/security/cve/CVE-2022-39316  
https://access.redhat.com/security/cve/CVE-2022-39317  
https://access.redhat.com/security/cve/CVE-2022-39318  
https://access.redhat.com/security/cve/CVE-2022-39319  
https://access.redhat.com/security/cve/CVE-2022-39320  
https://access.redhat.com/security/cve/CVE-2022-39347  
https://access.redhat.com/security/cve/CVE-2022-41877  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGNwFtzjgjWX9erEAQiavQ/+O4yHxylDY+RhBfMyL02mMrl5HnhDYqcI  
Sf6c+WVKqoMwuGAGfOLddYyxRsgUjlVJO6v1xzySPIXm77ukUYnDcrZGNSfdnlNq  
238JNZWHhEUqY96vabfs0fFXS5l1gSmvQ5iKp+S5MSL20OohFXQWkfnfDDIU97lw  
vSrPfgqalWDow9JEg/NVG2dERskDv2ZcHqcsYCyWMu3SAUZ2/V44xtjSjGqxBrqG  
Z06SLlUrJCIX1L39doI04AuK/znxf5jJoDEAfMgJXh6FSFiR81EFKKG0DYcYPYIl  
PUIjiIpyGzXEpJrk0looJIX9GaN94YbXQRmi9peFnIVctf4sjsufEXGfKi+YgLna  
1o5ncLYaL2q16AJ6H2f25aivS543X9ZwIVN5bGiDvWaqNyADl8PDnJMagBK8atR8  
tM7MCCtF6cvj203OsjAtisHGZNxE5o6ZkQIWx49FJjTfIMFX5j9zPBH384nnq8pg  
mJxqvaw3Z2wG6rGiinWhpMeemMJ7lAhdDek0A5RrIRbcsjvWWmCe5YLXHwG2jE3T  
c10DdlwLuRGxURioThhlpG8nhtS7QL5lGUT7rkEkxGb+ng4ll8XAFbCrrddGS3tf  
+k5rw/ulUIxeRFxM/KBod3Vw1VdbS3HsC2seKQryh4DiTj/ojI3LMe6I28rfLsKp  
076nDSx3a0Y=fpa0  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#js