Red Hat Security Advisory 2022-8840-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include buffer overflow, bypass, code execution, denial of service, double free, and out of bounds read vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update  
Advisory ID:       RHSA-2022:8840-01  
Product:           Red Hat JBoss Core Services  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8840  
Issue date:        2022-12-08  
CVE Names:         CVE-2022-1292 CVE-2022-2068 CVE-2022-22721  
                   CVE-2022-23943 CVE-2022-26377 CVE-2022-28330  
                   CVE-2022-28614 CVE-2022-28615 CVE-2022-30522  
                   CVE-2022-31813 CVE-2022-32206 CVE-2022-32207  
                   CVE-2022-32208 CVE-2022-32221 CVE-2022-35252  
                   CVE-2022-42915 CVE-2022-42916  
====================================================================  
1. Summary:

An update is now available for Red Hat JBoss Core Services.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat JBoss Core Services on RHEL 7 Server - noarch, x86_64  
Red Hat JBoss Core Services on RHEL 8 - noarch, x86_64

3. Description:

Red Hat JBoss Core Services is a set of supplementary software for Red Hat  
JBoss middleware products. This software, such as Apache HTTP Server, is  
common to multiple JBoss middleware products, and is packaged under Red Hat  
JBoss Core Services to allow for faster distribution of updates, and for a  
more consistent update experience.

This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51  
Service Pack 1 serves as a replacement for Red Hat JBoss Core Services  
Apache HTTP Server 2.4.51, and includes bug fixes and enhancements, which  
are documented in the Release Notes document linked to in the References.

Security Fix(es):

* curl: HSTS bypass via IDN (CVE-2022-42916)

* curl: HTTP proxy double-free (CVE-2022-42915)

* curl: POST following PUT confusion (CVE-2022-32221)

* httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism  
(CVE-2022-31813)

* httpd: mod_sed: DoS vulnerability (CVE-2022-30522)

* httpd: out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)

* httpd: out-of-bounds read via ap_rwrite() (CVE-2022-28614)

* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)

* curl: control code in cookie denial of service (CVE-2022-35252)

* jbcs-httpd24-httpd: httpd: mod_isapi: out-of-bounds read (CVE-2022-28330)

* curl: Unpreserved file permissions (CVE-2022-32207)

* curl: various flaws (CVE-2022-32206 CVE-2022-32208)

* openssl: the c_rehash script allows command injection (CVE-2022-2068)

* openssl: c_rehash script allows command injection (CVE-2022-1292)

* jbcs-httpd24-httpd: httpd: core: Possible buffer overflow with very large  
or unlimited LimitXMLRequestBody (CVE-2022-22721)

* jbcs-httpd24-httpd: httpd: mod_sed: Read/write beyond bounds  
(CVE-2022-23943)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

Applications using the APR libraries, such as httpd, must be restarted for  
this update to take effect. After installing the updated packages, the  
httpd daemon will be restarted automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds  
2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody  
2081494 - CVE-2022-1292 openssl: c_rehash script allows command injection  
2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling  
2095000 - CVE-2022-28330 httpd: mod_isapi: out-of-bounds read  
2095002 - CVE-2022-28614 httpd: Out-of-bounds read via ap_rwrite()  
2095006 - CVE-2022-28615 httpd: Out-of-bounds read in ap_strcmp_match()  
2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability  
2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism  
2097310 - CVE-2022-2068 openssl: the c_rehash script allows command injection  
2099300 - CVE-2022-32206 curl: HTTP compression denial of service  
2099305 - CVE-2022-32207 curl: Unpreserved file permissions  
2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification  
2120718 - CVE-2022-35252 curl: control code in cookie denial of service  
2135411 - CVE-2022-32221 curl: POST following PUT confusion  
2135413 - CVE-2022-42915 curl: HTTP proxy double-free  
2135416 - CVE-2022-42916 curl: HSTS bypass via IDN

6. Package List:

Red Hat JBoss Core Services on RHEL 7 Server:

Source:  
jbcs-httpd24-apr-util-1.6.1-99.el7jbcs.src.rpm  
jbcs-httpd24-curl-7.86.0-2.el7jbcs.src.rpm  
jbcs-httpd24-httpd-2.4.51-37.el7jbcs.src.rpm  
jbcs-httpd24-mod_http2-1.15.19-20.el7jbcs.src.rpm  
jbcs-httpd24-mod_jk-1.2.48-44.redhat_1.el7jbcs.src.rpm  
jbcs-httpd24-mod_md-2.4.0-18.el7jbcs.src.rpm  
jbcs-httpd24-mod_proxy_cluster-1.3.17-13.el7jbcs.src.rpm  
jbcs-httpd24-mod_security-2.9.3-22.el7jbcs.src.rpm  
jbcs-httpd24-nghttp2-1.43.0-11.el7jbcs.src.rpm  
jbcs-httpd24-openssl-1.1.1k-13.el7jbcs.src.rpm  
jbcs-httpd24-openssl-chil-1.0.0-17.el7jbcs.src.rpm  
jbcs-httpd24-openssl-pkcs11-0.4.10-32.el7jbcs.src.rpm

noarch:  
jbcs-httpd24-httpd-manual-2.4.51-37.el7jbcs.noarch.rpm

x86_64:  
jbcs-httpd24-apr-util-1.6.1-99.el7jbcs.x86_64.rpm  
jbcs-httpd24-apr-util-debuginfo-1.6.1-99.el7jbcs.x86_64.rpm  
jbcs-httpd24-apr-util-devel-1.6.1-99.el7jbcs.x86_64.rpm  
jbcs-httpd24-apr-util-ldap-1.6.1-99.el7jbcs.x86_64.rpm  
jbcs-httpd24-apr-util-mysql-1.6.1-99.el7jbcs.x86_64.rpm  
jbcs-httpd24-apr-util-nss-1.6.1-99.el7jbcs.x86_64.rpm  
jbcs-httpd24-apr-util-odbc-1.6.1-99.el7jbcs.x86_64.rpm  
jbcs-httpd24-apr-util-openssl-1.6.1-99.el7jbcs.x86_64.rpm  
jbcs-httpd24-apr-util-pgsql-1.6.1-99.el7jbcs.x86_64.rpm  
jbcs-httpd24-apr-util-sqlite-1.6.1-99.el7jbcs.x86_64.rpm  
jbcs-httpd24-curl-7.86.0-2.el7jbcs.x86_64.rpm  
jbcs-httpd24-curl-debuginfo-7.86.0-2.el7jbcs.x86_64.rpm  
jbcs-httpd24-httpd-2.4.51-37.el7jbcs.x86_64.rpm  
jbcs-httpd24-httpd-debuginfo-2.4.51-37.el7jbcs.x86_64.rpm  
jbcs-httpd24-httpd-devel-2.4.51-37.el7jbcs.x86_64.rpm  
jbcs-httpd24-httpd-selinux-2.4.51-37.el7jbcs.x86_64.rpm  
jbcs-httpd24-httpd-tools-2.4.51-37.el7jbcs.x86_64.rpm  
jbcs-httpd24-libcurl-7.86.0-2.el7jbcs.x86_64.rpm  
jbcs-httpd24-libcurl-devel-7.86.0-2.el7jbcs.x86_64.rpm  
jbcs-httpd24-mod_http2-1.15.19-20.el7jbcs.x86_64.rpm  
jbcs-httpd24-mod_http2-debuginfo-1.15.19-20.el7jbcs.x86_64.rpm  
jbcs-httpd24-mod_jk-ap24-1.2.48-44.redhat_1.el7jbcs.x86_64.rpm  
jbcs-httpd24-mod_jk-debuginfo-1.2.48-44.redhat_1.el7jbcs.x86_64.rpm  
jbcs-httpd24-mod_ldap-2.4.51-37.el7jbcs.x86_64.rpm  
jbcs-httpd24-mod_md-2.4.0-18.el7jbcs.x86_64.rpm  
jbcs-httpd24-mod_md-debuginfo-2.4.0-18.el7jbcs.x86_64.rpm  
jbcs-httpd24-mod_proxy_cluster-1.3.17-13.el7jbcs.x86_64.rpm  
jbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-13.el7jbcs.x86_64.rpm  
jbcs-httpd24-mod_proxy_html-2.4.51-37.el7jbcs.x86_64.rpm  
jbcs-httpd24-mod_security-2.9.3-22.el7jbcs.x86_64.rpm  
jbcs-httpd24-mod_security-debuginfo-2.9.3-22.el7jbcs.x86_64.rpm  
jbcs-httpd24-mod_session-2.4.51-37.el7jbcs.x86_64.rpm  
jbcs-httpd24-mod_ssl-2.4.51-37.el7jbcs.x86_64.rpm  
jbcs-httpd24-nghttp2-1.43.0-11.el7jbcs.x86_64.rpm  
jbcs-httpd24-nghttp2-debuginfo-1.43.0-11.el7jbcs.x86_64.rpm  
jbcs-httpd24-nghttp2-devel-1.43.0-11.el7jbcs.x86_64.rpm  
jbcs-httpd24-openssl-1.1.1k-13.el7jbcs.x86_64.rpm  
jbcs-httpd24-openssl-chil-1.0.0-17.el7jbcs.x86_64.rpm  
jbcs-httpd24-openssl-chil-debuginfo-1.0.0-17.el7jbcs.x86_64.rpm  
jbcs-httpd24-openssl-debuginfo-1.1.1k-13.el7jbcs.x86_64.rpm  
jbcs-httpd24-openssl-devel-1.1.1k-13.el7jbcs.x86_64.rpm  
jbcs-httpd24-openssl-libs-1.1.1k-13.el7jbcs.x86_64.rpm  
jbcs-httpd24-openssl-perl-1.1.1k-13.el7jbcs.x86_64.rpm  
jbcs-httpd24-openssl-pkcs11-0.4.10-32.el7jbcs.x86_64.rpm  
jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-32.el7jbcs.x86_64.rpm  
jbcs-httpd24-openssl-static-1.1.1k-13.el7jbcs.x86_64.rpm

Red Hat JBoss Core Services on RHEL 8:

Source:  
jbcs-httpd24-apr-util-1.6.1-99.el8jbcs.src.rpm  
jbcs-httpd24-curl-7.86.0-2.el8jbcs.src.rpm  
jbcs-httpd24-httpd-2.4.51-37.el8jbcs.src.rpm  
jbcs-httpd24-mod_http2-1.15.19-20.el8jbcs.src.rpm  
jbcs-httpd24-mod_jk-1.2.48-44.redhat_1.el8jbcs.src.rpm  
jbcs-httpd24-mod_md-2.4.0-18.el8jbcs.src.rpm  
jbcs-httpd24-mod_proxy_cluster-1.3.17-13.el8jbcs.src.rpm  
jbcs-httpd24-mod_security-2.9.3-22.el8jbcs.src.rpm  
jbcs-httpd24-nghttp2-1.43.0-11.el8jbcs.src.rpm  
jbcs-httpd24-openssl-1.1.1k-13.el8jbcs.src.rpm  
jbcs-httpd24-openssl-chil-1.0.0-17.el8jbcs.src.rpm  
jbcs-httpd24-openssl-pkcs11-0.4.10-32.el8jbcs.src.rpm

noarch:  
jbcs-httpd24-httpd-manual-2.4.51-37.el8jbcs.noarch.rpm

x86_64:  
jbcs-httpd24-apr-util-1.6.1-99.el8jbcs.x86_64.rpm  
jbcs-httpd24-apr-util-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm  
jbcs-httpd24-apr-util-devel-1.6.1-99.el8jbcs.x86_64.rpm  
jbcs-httpd24-apr-util-ldap-1.6.1-99.el8jbcs.x86_64.rpm  
jbcs-httpd24-apr-util-ldap-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm  
jbcs-httpd24-apr-util-mysql-1.6.1-99.el8jbcs.x86_64.rpm  
jbcs-httpd24-apr-util-mysql-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm  
jbcs-httpd24-apr-util-nss-1.6.1-99.el8jbcs.x86_64.rpm  
jbcs-httpd24-apr-util-nss-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm  
jbcs-httpd24-apr-util-odbc-1.6.1-99.el8jbcs.x86_64.rpm  
jbcs-httpd24-apr-util-odbc-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm  
jbcs-httpd24-apr-util-openssl-1.6.1-99.el8jbcs.x86_64.rpm  
jbcs-httpd24-apr-util-openssl-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm  
jbcs-httpd24-apr-util-pgsql-1.6.1-99.el8jbcs.x86_64.rpm  
jbcs-httpd24-apr-util-pgsql-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm  
jbcs-httpd24-apr-util-sqlite-1.6.1-99.el8jbcs.x86_64.rpm  
jbcs-httpd24-apr-util-sqlite-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm  
jbcs-httpd24-curl-7.86.0-2.el8jbcs.x86_64.rpm  
jbcs-httpd24-curl-debuginfo-7.86.0-2.el8jbcs.x86_64.rpm  
jbcs-httpd24-httpd-2.4.51-37.el8jbcs.x86_64.rpm  
jbcs-httpd24-httpd-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm  
jbcs-httpd24-httpd-devel-2.4.51-37.el8jbcs.x86_64.rpm  
jbcs-httpd24-httpd-selinux-2.4.51-37.el8jbcs.x86_64.rpm  
jbcs-httpd24-httpd-tools-2.4.51-37.el8jbcs.x86_64.rpm  
jbcs-httpd24-httpd-tools-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm  
jbcs-httpd24-libcurl-7.86.0-2.el8jbcs.x86_64.rpm  
jbcs-httpd24-libcurl-debuginfo-7.86.0-2.el8jbcs.x86_64.rpm  
jbcs-httpd24-libcurl-devel-7.86.0-2.el8jbcs.x86_64.rpm  
jbcs-httpd24-mod_http2-1.15.19-20.el8jbcs.x86_64.rpm  
jbcs-httpd24-mod_http2-debuginfo-1.15.19-20.el8jbcs.x86_64.rpm  
jbcs-httpd24-mod_jk-ap24-1.2.48-44.redhat_1.el8jbcs.x86_64.rpm  
jbcs-httpd24-mod_jk-ap24-debuginfo-1.2.48-44.redhat_1.el8jbcs.x86_64.rpm  
jbcs-httpd24-mod_ldap-2.4.51-37.el8jbcs.x86_64.rpm  
jbcs-httpd24-mod_ldap-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm  
jbcs-httpd24-mod_md-2.4.0-18.el8jbcs.x86_64.rpm  
jbcs-httpd24-mod_md-debuginfo-2.4.0-18.el8jbcs.x86_64.rpm  
jbcs-httpd24-mod_proxy_cluster-1.3.17-13.el8jbcs.x86_64.rpm  
jbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-13.el8jbcs.x86_64.rpm  
jbcs-httpd24-mod_proxy_html-2.4.51-37.el8jbcs.x86_64.rpm  
jbcs-httpd24-mod_proxy_html-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm  
jbcs-httpd24-mod_security-2.9.3-22.el8jbcs.x86_64.rpm  
jbcs-httpd24-mod_security-debuginfo-2.9.3-22.el8jbcs.x86_64.rpm  
jbcs-httpd24-mod_session-2.4.51-37.el8jbcs.x86_64.rpm  
jbcs-httpd24-mod_session-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm  
jbcs-httpd24-mod_ssl-2.4.51-37.el8jbcs.x86_64.rpm  
jbcs-httpd24-mod_ssl-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm  
jbcs-httpd24-nghttp2-1.43.0-11.el8jbcs.x86_64.rpm  
jbcs-httpd24-nghttp2-debuginfo-1.43.0-11.el8jbcs.x86_64.rpm  
jbcs-httpd24-nghttp2-devel-1.43.0-11.el8jbcs.x86_64.rpm  
jbcs-httpd24-openssl-1.1.1k-13.el8jbcs.x86_64.rpm  
jbcs-httpd24-openssl-chil-1.0.0-17.el8jbcs.x86_64.rpm  
jbcs-httpd24-openssl-chil-debuginfo-1.0.0-17.el8jbcs.x86_64.rpm  
jbcs-httpd24-openssl-debuginfo-1.1.1k-13.el8jbcs.x86_64.rpm  
jbcs-httpd24-openssl-devel-1.1.1k-13.el8jbcs.x86_64.rpm  
jbcs-httpd24-openssl-libs-1.1.1k-13.el8jbcs.x86_64.rpm  
jbcs-httpd24-openssl-libs-debuginfo-1.1.1k-13.el8jbcs.x86_64.rpm  
jbcs-httpd24-openssl-perl-1.1.1k-13.el8jbcs.x86_64.rpm  
jbcs-httpd24-openssl-pkcs11-0.4.10-32.el8jbcs.x86_64.rpm  
jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-32.el8jbcs.x86_64.rpm  
jbcs-httpd24-openssl-static-1.1.1k-13.el8jbcs.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1292  
https://access.redhat.com/security/cve/CVE-2022-2068  
https://access.redhat.com/security/cve/CVE-2022-22721  
https://access.redhat.com/security/cve/CVE-2022-23943  
https://access.redhat.com/security/cve/CVE-2022-26377  
https://access.redhat.com/security/cve/CVE-2022-28330  
https://access.redhat.com/security/cve/CVE-2022-28614  
https://access.redhat.com/security/cve/CVE-2022-28615  
https://access.redhat.com/security/cve/CVE-2022-30522  
https://access.redhat.com/security/cve/CVE-2022-31813  
https://access.redhat.com/security/cve/CVE-2022-32206  
https://access.redhat.com/security/cve/CVE-2022-32207  
https://access.redhat.com/security/cve/CVE-2022-32208  
https://access.redhat.com/security/cve/CVE-2022-32221  
https://access.redhat.com/security/cve/CVE-2022-35252  
https://access.redhat.com/security/cve/CVE-2022-42915  
https://access.redhat.com/security/cve/CVE-2022-42916  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5ISE9zjgjWX9erEAQixuA//dX5Q3wtu2MRvrjD/sK/r6dqBz4fWWhS9  
ws2A8cRa5ki3RlCaYQ3pP7LkRtIdankAP3HG1NU4er/odsMEW5aEgku+5foV7w4M  
WEd0USLKs3Pw5a7/3TjOBUf5CA7oet03C7/u9idWaLD/ip4UMhskSnz33qFQSFZf  
FAWNdsRhH8+ql6qFMg9Odv5RFX3i2+wBy5pC69Akr2FBEt9j+/PbvSPWuPD26n6H  
0l+QUKrI3OW1EHzz+S/8aEfTFKLluXfhVJn61wdA8Kjs4ZKrnBz8czJjxn4hOi7a  
z0tpzg5d1BJEf/UB7EdyyLBGRIliWhf978qtG8QS37GEgnQSof2xgcfu1NGiHl9j  
ypCqX1R4oOkeoISynnZUKWZ1uFp5GkMiRtPu0Bw7WYB6z/8OWZce4yIqh1rcG09d  
NcyleabDtpJ7C3BJQzpnhXAWjri7oJ6wHBvcbQ9sLj2xkQRX2Zpi0KJGIH8iLwdn  
Ik+RIZ7u/mXeW3ulcwiQTPYbTQLWGXqgZV1qxJq91HIcu+y3STQwZjb4fZuqjH5M  
onO/rF2y50l9LqArg/v9KAJUbHSKMDP6r7Dx02J+iKjW3g7NczoImrU7JcyAgce9  
mCN7gMmU9bQx1tagIKcKKW5IVN/jHyWKJW/t0teoaECsa2LMgoEIt+6RcmQXWpdF  
6t6oQh+b3NY=UGfz  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8840-01

IE is still a vector: South Koreans lured in with references to the deadly Halloween celebration crowd crush in Seoul last October.

North Korean threat group APT37 was able to exploit an Internet Explorer zero-day vulnerability to deploy documents loaded with malware as part of its ongoing campaign targeting users in South Korea, including defectors, journalists, and human rights groups.

Google's Threat Analysis Group (TAG) found the zero-day flaw in the Internet Explorer JScript engine in late October, tracked under CVE-2022-41128, and now reports that Microsoft was responsive and has issued applicable patches.

To lure in potential victims, the malicious documents referenced the deadly crowd crushing incident in Seoul that happened during Halloween celebrations on Oct. 29.

"This incident was widely reported on, and the lure takes advantage of widespread public interest in the accident," the TAG team reported. "This is not not the first time APT37 has used Internet Explorer 0-day exploits to target users."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

APT37 Uses Internet Explorer Zero-Day to Spread Malware

Red Hat Security Advisory 2022-8781-01 - Logging Subsystem for Red Hat OpenShift has a security update. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: Logging Subsystem 5.5.5 - Red Hat OpenShift security update  
Advisory ID:       RHSA-2022:8781-01  
Product:           Logging Subsystem for Red Hat OpenShift  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8781  
Issue date:        2022-12-08  
CVE Names:         CVE-2016-3709 CVE-2020-35525 CVE-2020-35527   
                   CVE-2020-36516 CVE-2020-36518 CVE-2020-36558   
                   CVE-2021-3640 CVE-2021-30002 CVE-2022-0168   
                   CVE-2022-0561 CVE-2022-0562 CVE-2022-0617   
                   CVE-2022-0854 CVE-2022-0865 CVE-2022-0891   
                   CVE-2022-0908 CVE-2022-0909 CVE-2022-0924   
                   CVE-2022-1016 CVE-2022-1048 CVE-2022-1055   
                   CVE-2022-1184 CVE-2022-1292 CVE-2022-1304   
                   CVE-2022-1355 CVE-2022-1586 CVE-2022-1785   
                   CVE-2022-1852 CVE-2022-1897 CVE-2022-1927   
                   CVE-2022-2068 CVE-2022-2078 CVE-2022-2097   
                   CVE-2022-2509 CVE-2022-2586 CVE-2022-2639   
                   CVE-2022-2879 CVE-2022-2880 CVE-2022-2938   
                   CVE-2022-3515 CVE-2022-20368 CVE-2022-21499   
                   CVE-2022-21618 CVE-2022-21619 CVE-2022-21624   
                   CVE-2022-21626 CVE-2022-21628 CVE-2022-22624   
                   CVE-2022-22628 CVE-2022-22629 CVE-2022-22662   
                   CVE-2022-22844 CVE-2022-23960 CVE-2022-24448   
                   CVE-2022-25255 CVE-2022-26373 CVE-2022-26700   
                   CVE-2022-26709 CVE-2022-26710 CVE-2022-26716   
                   CVE-2022-26717 CVE-2022-26719 CVE-2022-27404   
                   CVE-2022-27405 CVE-2022-27406 CVE-2022-27664   
                   CVE-2022-27950 CVE-2022-28390 CVE-2022-28893   
                   CVE-2022-29581 CVE-2022-30293 CVE-2022-32189   
                   CVE-2022-34903 CVE-2022-36946 CVE-2022-37434   
                   CVE-2022-37603 CVE-2022-39399 CVE-2022-41715   
                   CVE-2022-42003 CVE-2022-42004   
=====================================================================

1. Summary:

Logging Subsystem 5.5.5 - Red Hat OpenShift

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Logging Subsystem 5.5.5 - Red Hat OpenShift

Security Fixe(s):

* jackson-databind: denial of service via a large depth of nested  
objects (CVE-2020-36518)

* golang: net/http: handle server errors after sending GOAWAY  
(CVE-2022-27664)

* golang: archive/tar: unbounded memory consumption when reading headers  
(CVE-2022-2879, CVE-2022-2880, CVE-2022-41715)

* jackson-databind: deep wrapper array nesting wrt  
UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)

* jackson-databind: use of deeply nested arrays (CVE-2022-42004)

* loader-utils: Regular expression denial of service (CVE-2022-37603)

* golang: math/big: decoding big.Float and big.Rat types can panic if the  
encoded message is too short, potentially allowing a denial of service  
(CVE-2022-32189)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

For OpenShift Container Platform 4.11 see the following documentation,  
which will be updated shortly for this release, for important instructions  
on how to upgrade your cluster and fully apply this errata update:

https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

For Red Hat OpenShift Logging 5.5, see the following instructions to apply  
this update:

https://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html

4. Bugs fixed (https://bugzilla.redhat.com/):

2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects  
2113814 - CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service  
2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY  
2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers  
2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters  
2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps  
2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS  
2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays  
2140597 - CVE-2022-37603 loader-utils:Regular expression denial of service

5. JIRA issues fixed (https://issues.jboss.org/):

LOG-2860 - Error on LokiStack Components when forwarding logs to Loki on proxy cluster  
LOG-3131 - vector: kube API server certificate validation failure due to hostname mismatch  
LOG-3222 - [release-5.5] fluentd plugin for kafka ca-bundle secret doesn't support multiple CAs  
LOG-3226 - FluentdQueueLengthIncreasing rule failing to be evaluated.  
LOG-3284 - [release-5.5][Vector] logs parsed into structured when json is set without structured types.  
LOG-3287 - [release-5.5] Increase value of cluster-logging PriorityClass to move closer to system-cluster-critical value  
LOG-3301 - [release-5.5][ClusterLogging] elasticsearchStatus in ClusterLogging instance CR is not updated when Elasticsearch status is changed  
LOG-3305 - [release-5.5] Kibana Authentication Exception cookie issue  
LOG-3310 - [release-5.5] Can't choose correct CA ConfigMap Key when creating lokistack in Console  
LOG-3332 - [release-5.5] Reconcile error on controller when creating LokiStack with tls config

6. References:

https://access.redhat.com/security/cve/CVE-2016-3709  
https://access.redhat.com/security/cve/CVE-2020-35525  
https://access.redhat.com/security/cve/CVE-2020-35527  
https://access.redhat.com/security/cve/CVE-2020-36516  
https://access.redhat.com/security/cve/CVE-2020-36518  
https://access.redhat.com/security/cve/CVE-2020-36558  
https://access.redhat.com/security/cve/CVE-2021-3640  
https://access.redhat.com/security/cve/CVE-2021-30002  
https://access.redhat.com/security/cve/CVE-2022-0168  
https://access.redhat.com/security/cve/CVE-2022-0561  
https://access.redhat.com/security/cve/CVE-2022-0562  
https://access.redhat.com/security/cve/CVE-2022-0617  
https://access.redhat.com/security/cve/CVE-2022-0854  
https://access.redhat.com/security/cve/CVE-2022-0865  
https://access.redhat.com/security/cve/CVE-2022-0891  
https://access.redhat.com/security/cve/CVE-2022-0908  
https://access.redhat.com/security/cve/CVE-2022-0909  
https://access.redhat.com/security/cve/CVE-2022-0924  
https://access.redhat.com/security/cve/CVE-2022-1016  
https://access.redhat.com/security/cve/CVE-2022-1048  
https://access.redhat.com/security/cve/CVE-2022-1055  
https://access.redhat.com/security/cve/CVE-2022-1184  
https://access.redhat.com/security/cve/CVE-2022-1292  
https://access.redhat.com/security/cve/CVE-2022-1304  
https://access.redhat.com/security/cve/CVE-2022-1355  
https://access.redhat.com/security/cve/CVE-2022-1586  
https://access.redhat.com/security/cve/CVE-2022-1785  
https://access.redhat.com/security/cve/CVE-2022-1852  
https://access.redhat.com/security/cve/CVE-2022-1897  
https://access.redhat.com/security/cve/CVE-2022-1927  
https://access.redhat.com/security/cve/CVE-2022-2068  
https://access.redhat.com/security/cve/CVE-2022-2078  
https://access.redhat.com/security/cve/CVE-2022-2097  
https://access.redhat.com/security/cve/CVE-2022-2509  
https://access.redhat.com/security/cve/CVE-2022-2586  
https://access.redhat.com/security/cve/CVE-2022-2639  
https://access.redhat.com/security/cve/CVE-2022-2879  
https://access.redhat.com/security/cve/CVE-2022-2880  
https://access.redhat.com/security/cve/CVE-2022-2938  
https://access.redhat.com/security/cve/CVE-2022-3515  
https://access.redhat.com/security/cve/CVE-2022-20368  
https://access.redhat.com/security/cve/CVE-2022-21499  
https://access.redhat.com/security/cve/CVE-2022-21618  
https://access.redhat.com/security/cve/CVE-2022-21619  
https://access.redhat.com/security/cve/CVE-2022-21624  
https://access.redhat.com/security/cve/CVE-2022-21626  
https://access.redhat.com/security/cve/CVE-2022-21628  
https://access.redhat.com/security/cve/CVE-2022-22624  
https://access.redhat.com/security/cve/CVE-2022-22628  
https://access.redhat.com/security/cve/CVE-2022-22629  
https://access.redhat.com/security/cve/CVE-2022-22662  
https://access.redhat.com/security/cve/CVE-2022-22844  
https://access.redhat.com/security/cve/CVE-2022-23960  
https://access.redhat.com/security/cve/CVE-2022-24448  
https://access.redhat.com/security/cve/CVE-2022-25255  
https://access.redhat.com/security/cve/CVE-2022-26373  
https://access.redhat.com/security/cve/CVE-2022-26700  
https://access.redhat.com/security/cve/CVE-2022-26709  
https://access.redhat.com/security/cve/CVE-2022-26710  
https://access.redhat.com/security/cve/CVE-2022-26716  
https://access.redhat.com/security/cve/CVE-2022-26717  
https://access.redhat.com/security/cve/CVE-2022-26719  
https://access.redhat.com/security/cve/CVE-2022-27404  
https://access.redhat.com/security/cve/CVE-2022-27405  
https://access.redhat.com/security/cve/CVE-2022-27406  
https://access.redhat.com/security/cve/CVE-2022-27664  
https://access.redhat.com/security/cve/CVE-2022-27950  
https://access.redhat.com/security/cve/CVE-2022-28390  
https://access.redhat.com/security/cve/CVE-2022-28893  
https://access.redhat.com/security/cve/CVE-2022-29581  
https://access.redhat.com/security/cve/CVE-2022-30293  
https://access.redhat.com/security/cve/CVE-2022-32189  
https://access.redhat.com/security/cve/CVE-2022-34903  
https://access.redhat.com/security/cve/CVE-2022-36946  
https://access.redhat.com/security/cve/CVE-2022-37434  
https://access.redhat.com/security/cve/CVE-2022-37603  
https://access.redhat.com/security/cve/CVE-2022-39399  
https://access.redhat.com/security/cve/CVE-2022-41715  
https://access.redhat.com/security/cve/CVE-2022-42003  
https://access.redhat.com/security/cve/CVE-2022-42004  
https://access.redhat.com/security/updates/classification/#moderate

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5G9q9zjgjWX9erEAQgdfBAApTzFp8Tp32Bv5jN1EnhSqzcQ93cUa2Nr  
ot9YGh2Dzqr0lzAP2uf1O61EEYq9mte6X4DckjUDo7BT7u5ZZxMWWSstpNbFUzXl  
4xs393yEZM52DN174XOP5V7GUG0pyNlEqHYMGjdZF6pzIx2zzF300kAjB4Hpg4wK  
kKUDVnIyHlvlNcsvjms4p1rzAsIns4c73W89KVkwMyo1pvPQt6v34BWZg5DNnYAM  
hTzl0JR5XRYW4aZhIMq7FApvh4GeA7n7L0kmnDHFVcx0cnrHrjHZxmRQX0Gai1bc  
r8MvGvbMTqEAZ4VKKrgNVvVzkdrO4dw20JfbskPgTIbFXH6ns5605b31veRhMYmv  
NCSJUbq4BLYVAZEhmLa0QIqru1WVCB1e2eRUhvehLiuVlAkgmIgtKvECZ3kpQHxj  
DvOdnaWC5R9eKtNlX9N1xOtqgOF2w+/M+5ml5RJgq48Wlb41VpypDIKFBUXh+wR9  
ArrG8kao75Hl0t8/YQMouqDvgJLNgfceF+WETYryfDus9OlB4YMxhI88mx7HH9zu  
Hy4rb7RhF1OcH/kWjmMl/YJQpYSFKJDyls3tAx5ZAWGCpwAzoBZoc9BEKUQwVfnW  
f3PFotJeQdxKBsbqKVF5h0gHcfSUP+P0kQhx1GD51kxJkUmq47m3OZKIe1QLwYgm  
T1GSDHkQTcg=  
=y/FA  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8781-01

Red Hat Security Advisory 2022-8849-01 - An update for python-XStatic-Angular is now available for Red Hat OpenStack Platform 16.2.4 (Train).

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenStack Platform 16.2.4 (python-XStatic-Angular) security update  
Advisory ID:       RHSA-2022:8849-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8849  
Issue date:        2022-12-07  
CVE Names:         CVE-2019-10768  
====================================================================  
1. Summary:

An update for python-XStatic-Angular is now available for Red Hat OpenStack  
Platform 16.2.4 (Train).

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 16.2 - noarch

3. Description:

Angular JavaScript library packaged for setuptools (easy_install) / pip.

Security Fix(es):

* Prototype pollution in merge function could result in code injection  
(CVE-2019-10768)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1813309 - CVE-2019-10768 AngularJS: Prototype pollution in merge function could result in code injection

6. Package List:

Red Hat OpenStack Platform 16.2:

Source:  
python-XStatic-Angular-1.5.8.0-13.el8ost.src.rpm

noarch:  
XStatic-Angular-common-1.5.8.0-13.el8ost.noarch.rpm  
python3-XStatic-Angular-1.5.8.0-13.el8ost.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-10768  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5FpVdzjgjWX9erEAQhHKw//R+N/9lZBpBGHZo/FYTh/4l1u1L/m07bG  
wW/+z3D185zL4LZQQS//K2WpzMgZEgEV8GlvVJ8FG0Olw8urrZzervxI8r72xApD  
9Wx0TAFh8Sgf/t5qJvvt022jrXlOE9/+Y9EjYxoSWkbVmFUKUodeL4Me1H0oTpRY  
OzKtkRg/E7TNwQEllFpJgyFICUoUr21EyhreE7gSRga/2MqVNDwsWOiPhcxNZqB1  
Cz/yssJftzrUL3dbi9BbOsIelsMDAS9woSkZD7uS4xXdNmwcFxbxVazaX6L/XzuR  
HTETjmy2xxy/oO6eFj8/Ym/ZvjnCxkesaSigvUMFV5CMNqMEMWO4xZKdDXTuFY4X  
4iZFc4FTQKwRqd8bCosFEqUcinw3NmuByIU3MnPhSbaY0La+FsqbZ614K+wBxxlC  
NlBfUV5WkgYWP/Jd++I4vOWOLoxfabplRlvN84lperErtieX+YAMKZWgQpP0rEXd  
bfC9O3/N1sfA3wg4ZFf8KQPFPR9EAEaI3WPyqmrx7QX6wt+nO1n6HueiQ8G2hkfT  
RAkBCoPikgNk7mLBxFdicMX8mvawKoDGam3SByk8NLK6nS4TDogfmTKOhioaRL18  
e3JvzZ0Qyr3xHdnXwyOHpbZEL2lOCcgAOQIWxDbUj7EZul9Vu5jpFHtqYmPHmOEn  
YO5E1kZUxbE=KRoQ  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8849-01

Red Hat Security Advisory 2022-8852-01 - A fast multidimensional array facility for Python. Issues addressed include a null pointer vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenStack Platform 16.2.4 (numpy) security update  
Advisory ID:       RHSA-2022:8852-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8852  
Issue date:        2022-12-07  
CVE Names:         CVE-2021-41495  
====================================================================  
1. Summary:

An update for numpy is now available for Red Hat OpenStack Platform 16.2.4  
(Train) for Red Hat Enterprise Linux (RHEL) 8.4.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 16.2 - ppc64le, x86_64

3. Description:

A fast multidimensional array facility for Python

Security Fix(es):

* NULL pointer dereference in numpy.sort in the PyArray_DescrNew() due  
to missing return-value validation (CVE-2021-41495)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2035037 - CVE-2021-41495 numpy: NULL pointer dereference in numpy.sort in in the PyArray_DescrNew() due to missing return-value validation

6. Package List:

Red Hat OpenStack Platform 16.2:

Source:  
numpy-1.17.0-11.el8ost.src.rpm

ppc64le:  
numpy-debugsource-1.17.0-11.el8ost.ppc64le.rpm  
python3-numpy-1.17.0-11.el8ost.ppc64le.rpm  
python3-numpy-debuginfo-1.17.0-11.el8ost.ppc64le.rpm  
python3-numpy-f2py-1.17.0-11.el8ost.ppc64le.rpm

x86_64:  
numpy-debugsource-1.17.0-11.el8ost.x86_64.rpm  
python3-numpy-1.17.0-11.el8ost.x86_64.rpm  
python3-numpy-debuginfo-1.17.0-11.el8ost.x86_64.rpm  
python3-numpy-f2py-1.17.0-11.el8ost.x86_64.rpm

Red Hat OpenStack Platform 16.2:

Source:  
numpy-1.17.0-11.el8ost.src.rpm

ppc64le:  
numpy-debugsource-1.17.0-11.el8ost.ppc64le.rpm  
python3-numpy-1.17.0-11.el8ost.ppc64le.rpm  
python3-numpy-debuginfo-1.17.0-11.el8ost.ppc64le.rpm  
python3-numpy-f2py-1.17.0-11.el8ost.ppc64le.rpm

x86_64:  
numpy-debugsource-1.17.0-11.el8ost.x86_64.rpm  
python3-numpy-1.17.0-11.el8ost.x86_64.rpm  
python3-numpy-debuginfo-1.17.0-11.el8ost.x86_64.rpm  
python3-numpy-f2py-1.17.0-11.el8ost.x86_64.rpm

Red Hat OpenStack Platform 16.2:

Source:  
numpy-1.17.0-11.el8ost.src.rpm

ppc64le:  
numpy-debugsource-1.17.0-11.el8ost.ppc64le.rpm  
python3-numpy-1.17.0-11.el8ost.ppc64le.rpm  
python3-numpy-debuginfo-1.17.0-11.el8ost.ppc64le.rpm  
python3-numpy-f2py-1.17.0-11.el8ost.ppc64le.rpm

x86_64:  
numpy-debugsource-1.17.0-11.el8ost.x86_64.rpm  
python3-numpy-1.17.0-11.el8ost.x86_64.rpm  
python3-numpy-debuginfo-1.17.0-11.el8ost.x86_64.rpm  
python3-numpy-f2py-1.17.0-11.el8ost.x86_64.rpm

Red Hat OpenStack Platform 16.2:

Source:  
numpy-1.17.0-11.el8ost.src.rpm

x86_64:  
numpy-debugsource-1.17.0-11.el8ost.x86_64.rpm  
python3-numpy-1.17.0-11.el8ost.x86_64.rpm  
python3-numpy-debuginfo-1.17.0-11.el8ost.x86_64.rpm  
python3-numpy-f2py-1.17.0-11.el8ost.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-41495  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5FpYNzjgjWX9erEAQhgfg//f83LbU6ItAgUp+zoZFPPbzSk47S195bN  
43EB3UOSd4Sf+JCtClkeGgzS05ogVF/7aEuQkpUDAMYplJrv6gxBEy1NKbW3vLOI  
/H/Zh3baeXBA9SwT57kah/iLyao4T1QvuIWQXaJRnmtNGftZWHTsldsiBQpCn+/j  
JEZx6edutX1I8U2+j4arfd2RqPWG/RnXSEBsuutoTqFz4rLI8igC+lHf9k8EiJe8  
N/5h39IUBIveahOj3zV64p4hdatQ3MMjl7cTIgeapnoigSRSPsQmX+5pQ2DPlNlu  
5ObBwCsSAmEy2cygPAq2E7/BglaYey3gxUrjPaUSUsX3FmVFaDh+sKzgnr1jS5oq  
eX+hToVOehvoDktDJs17Drv+H0xvZwYKZueACEk9oY0zWfl4PShxZqEb9Zj/G4ay  
TAoAc8+hAXE51X+INfpfMVvP5pB8y7Yk40+AWfhfojiTl34FsafG3PM8kGhhodr9  
p3HYLVVb4UhGgSTIJ+CCz4jhZrmBMYRu4R+kL4p7itZwDUVEs9eScIdHZgrHV4C9  
J9BapgqnjNq7wkrkdJFgfVh9E3lCQsOD1mHNDBcEh2PMeiZQLR294PYqspDfYmqd  
IAKuP4bz4L28euC0fsHzt6xG+Iya5UqjbkFfrGyqgNo3J0rS9YyTcGsFxtc+bYZi  
FD+LO1bgUAQ=7igt  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8852-01

Red Hat Security Advisory 2022-8873-01 - An update for python-oslo-utils is now available for Red Hat OpenStack Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenStack Platform 16.1.9 (python-oslo-utils) security update  
Advisory ID:       RHSA-2022:8873-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8873  
Issue date:        2022-12-07  
CVE Names:         CVE-2022-0718  
====================================================================  
1. Summary:

An update for python-oslo-utils is now available for Red Hat OpenStack  
Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 16.1 - noarch

3. Description:

The OpenStack Oslo Utility library.

Security Fix(es):

* incorrect password masking in debug output (CVE-2022-0718)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2056850 - CVE-2022-0718 python-oslo-utils: incorrect password masking in debug output

6. Package List:

Red Hat OpenStack Platform 16.1:

Source:  
python-oslo-utils-3.41.6-1.20220426095230.f4deaad.el8ost.src.rpm

noarch:  
python-oslo-utils-lang-3.41.6-1.20220426095230.f4deaad.el8ost.noarch.rpm  
python3-oslo-utils-3.41.6-1.20220426095230.f4deaad.el8ost.noarch.rpm

Red Hat OpenStack Platform 16.1:

Source:  
python-oslo-utils-3.41.6-1.20220426095230.f4deaad.el8ost.src.rpm

noarch:  
python-oslo-utils-lang-3.41.6-1.20220426095230.f4deaad.el8ost.noarch.rpm  
python3-oslo-utils-3.41.6-1.20220426095230.f4deaad.el8ost.noarch.rpm

Red Hat OpenStack Platform 16.1:

Source:  
python-oslo-utils-3.41.6-1.20220426095230.f4deaad.el8ost.src.rpm

noarch:  
python-oslo-utils-lang-3.41.6-1.20220426095230.f4deaad.el8ost.noarch.rpm  
python3-oslo-utils-3.41.6-1.20220426095230.f4deaad.el8ost.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-0718  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5FpmtzjgjWX9erEAQgS3Q//RqYOosziJEn6E8s0Vk7RSiHHbDGrdAYy  
CeJjTvb/4rGYW91Mr6zhuRkAgmjVOPHHcNAx18fBmig8W0yb4phF21I5IbaOezjv  
mp4r9MD7XKxtu1SPbwscIyne0HTzMKH1rtTQXRPgXxARefrANNIdsdBrH/u1c1Uo  
hL5G/ohmfu9hNWSV/2vAqKZMneIQOLWVeogmS2lVyynHwUZDluJSDbP52r7DcJ/Q  
vcyqhuzbRUBODv3s361v8TmZ1KAsypbxfs30jXRgthMx0Pz43IZ9XvoGFEhvyGSx  
lWllxT47flsDOuUulCqCvRe8TcTFRvzOQ6f6Y+YcxJZDuR3SfdjQbizySaNlglSq  
NNY8Y6AqEmZj9CGx4FkZ+OLp8IZ2D6dNRF04ILiMPoKkYS/hGe/qSU0krJ+uS9UF  
yF97rSZe7TduSVu5erE/sXVQiAHqUt/Nz/LCuRe+f8MclHaHx8KHTEs6x4fluIvD  
PlRseR2oN7ePWiTBgbQ3XMPh6wNhKsm0y1oaNK7E2dUo2qa8aQO2ziqNMZPrOJsv  
O6jc5OZes6R4XvoXCqmVPURMOdmeQJ16V7Fp1QDUWVNLvZupQFxy/RwmYPkLV4Fv  
0Ywg6QbxNHPnLBsBlW+0TeTsgLCYxICrSbUNp3duWplCWcBqKZOoXtMFfzJrD3PS  
5Jyxu/2yRRY=qIcJ  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8873-01

Red Hat Security Advisory 2022-8866-01 - An update for python-XStatic-Angular is now available for Red Hat OpenStack Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenStack Platform 16.1.9 (python-XStatic-Angular) security update  
Advisory ID:       RHSA-2022:8866-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8866  
Issue date:        2022-12-07  
CVE Names:         CVE-2019-10768  
====================================================================  
1. Summary:

An update for python-XStatic-Angular is now available for Red Hat OpenStack  
Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 16.1 - noarch

3. Description:

Angular JavaScript library packaged for setuptools (easy_install) / pip.

Security Fix(es):

* Prototype pollution in merge function could result in code injection  
(CVE-2019-10768)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1813309 - CVE-2019-10768 AngularJS: Prototype pollution in merge function could result in code injection

6. Package List:

Red Hat OpenStack Platform 16.1:

Source:  
python-XStatic-Angular-1.5.8.0-13.el8ost.src.rpm

noarch:  
XStatic-Angular-common-1.5.8.0-13.el8ost.noarch.rpm  
python3-XStatic-Angular-1.5.8.0-13.el8ost.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-10768  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5FpatzjgjWX9erEAQhl+w/5AfKkbI34bXXE7yfPixf+GvcfYai7s7Ku  
3PBTymbKFdIla+c5zJfv5xux0YRYcqRt7tSlHHbybEEWxtrFXS9H8QSMW9q8h7QH  
B32AsI3ooAKyrTTZqWDXyri77Z2WeNGXbyTc/2OTbNJANNZjAE5OmP2YtrInh0I9  
y0Dds9U1gWJMFqO6mKamISJz6V+k7bmaaFeSHwZ59LfwIW5HD8OXM7yLsxgWyb4d  
AxUSHugrRHgmjjoAwfylYlT+VPRgL9TvAa9/kuQgrGzq4Iy3bgtO3tkoJihweM/Y  
BjxthGzwXBBA6MKHiwCqujm0GwtkfaBKMGNNJOVeY5BkqEYJOOyjN6y9kE/cYZ1K  
zxvqotXYrhvx8RzQUNhaqpjreTa4AadLvGMdBEqMunAlXdUF9n3841lcfs0/daD3  
I+N2YhPQHQ1ltusqp+50QIMf8EIAzptCQ4btMYhIRLdYYd7LwujcalqX5q4gC6is  
lngsTlZ/HwQai5UJ//BozTTWegW5zeBEcqFdqsS7D4WQM/bn5o1eR6shBIzxsAhA  
X3cpMk4vJ7E+nS+1wYVUEkmJZ26oZ4evCNYYpNu9FHtsUpN25IiM3qC5iw4GFIcZ  
/zLmVLXAt/YN/4zDuu5I9fQD/MkaMoGnYppPkMXxja2ducJNuPnZiO0n2Qi2XbwB  
qu4qTT4UppI=vX3U  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8866-01

Red Hat Security Advisory 2022-8865-01 - An update for python-XStatic-Bootstrap-SCSS is now available for Red Hat OpenStack Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2. Issues addressed include a cross site scripting vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenStack 16.1.9 (python-XStatic-Bootstrap-SCSS) security update  
Advisory ID:       RHSA-2022:8865-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8865  
Issue date:        2022-12-07  
CVE Names:         CVE-2019-8331  
====================================================================  
1. Summary:

An update for python-XStatic-Bootstrap-SCSS is now available for Red Hat  
OpenStack Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 16.1 - noarch

3. Description:

Bootstrap style library packaged for setuptools (easy_install) / pip.

Security Fix(es):

* XSS in the tooltip or popover data-template attribute (CVE-2019-8331)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute

6. Package List:

Red Hat OpenStack Platform 16.1:

Source:  
python-XStatic-Bootstrap-SCSS-3.4.1.0-2.el8ost.src.rpm

noarch:  
python3-XStatic-Bootstrap-SCSS-3.4.1.0-2.el8ost.noarch.rpm  
xstatic-bootstrap-scss-common-3.4.1.0-2.el8ost.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-8331  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5FpdtzjgjWX9erEAQi+PQ//WgtiRPFZgWZEJYXEuv1aa6qZ1aeDOuHp  
5r8DVEov/APq+k0y1Hu9KQts7ruvUSwWtXwiCmldhEGcTdrs53PnuuykZqG2hKcT  
IzRj7Cat55yIs6hWFNUT6Whj+6LUEZd3kLfz9xqaYhNTJrIEtUAKxXoPjjd97DAQ  
j1OpfOGJKvdQyJ469RBOWbVeWaKCnFbJSkotlbW3OkhA4Qm8hbxvf8DCC1ysqXr3  
eN9lLabMpO69iHX9EUzGaSe73s+Yh/bT+Z/kN9fksAPC5uFRbEKwLS3Z0uONQbXm  
dtWbSiZRTLNZj3oSZg4FYIz8GJEFIZhPG7nP/pIoN0Pm2z0cwxbk+KxCdphsI05N  
k0vJst5aMX4AxvR1tocBDK5uwAQtfGgaitw/xIVw+63NtRMpmwqpva645i9pOpzC  
Fr9aCGJRZfpDt2AtMaKweCnuUBsPu3RaJWy786qGOAZ8W7WOqJL51nzJrUqCpvSB  
JVTEUYrwoCImeodmtl9OtpmTDUp7GKhrpdf0Jvugmau7H+J++SwA5CQE8BWw/JTm  
gs04sOX7ObmjqSBew6b1UbBMqqqMLSpBlAP6UoPYeQWjcK8ZMtiNVf2XhDb+KLc2  
0T4WGH0a6iT3v9NVromgDjFEXcKrw3mZ9QdUkzCSzAQDpO48Unw+Lf9IXPQCHRRA  
zJike7DwksY=ICYc  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8865-01

Red Hat Security Advisory 2022-8864-01 - UltraJSON is an ultra fast JSON encoder and decoder. Issues addressed include a double free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenStack Platform 16.1.9 (python-ujson) security update  
Advisory ID:       RHSA-2022:8864-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8864  
Issue date:        2022-12-07  
CVE Names:         CVE-2022-31116 CVE-2022-31117  
====================================================================  
1. Summary:

An update for python-ujson is now available for Red Hat OpenStack Platform  
16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 16.1 - ppc64le, x86_64

3. Description:

UltraJSON is an ultra fast JSON encoder and decoder

Security Fix(es):

* improper decoding of escaped surrogate characters may lead to string  
corruption key confusion or value overwriting (CVE-2022-31116)

* Potential double free of buffer during string decoding (CVE-2022-31117)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2104739 - CVE-2022-31117 python-ujson: Potential double free of buffer during string decoding  
2104740 - CVE-2022-31116 python-ujson: improper decoding of escaped surrogate characters may lead to string corruption, key confusion or value overwriting

6. Package List:

Red Hat OpenStack Platform 16.1:

Source:  
python-ujson-2.0.3-3.el8ost.src.rpm

ppc64le:  
python-ujson-debugsource-2.0.3-3.el8ost.ppc64le.rpm  
python3-ujson-2.0.3-3.el8ost.ppc64le.rpm  
python3-ujson-debuginfo-2.0.3-3.el8ost.ppc64le.rpm

x86_64:  
python-ujson-debugsource-2.0.3-3.el8ost.x86_64.rpm  
python3-ujson-2.0.3-3.el8ost.x86_64.rpm  
python3-ujson-debuginfo-2.0.3-3.el8ost.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-31116  
https://access.redhat.com/security/cve/CVE-2022-31117  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5FpmNzjgjWX9erEAQhZfQ/+IhYH6eqe+ywktC+Y63UbIW62u+lB3vlZ  
XUHQnxrfTfdrFs5NzaAWRpEq09NAa+BTqaveN4s9UwL7GHkBCjVcUaefV6jW1ZNf  
kee52203dPdPfQhkC048p+g9tfb4rIZmGkh/bK13z/T7cD5GhEDbI1600hYGP2YB  
YhmyzU3J+dGhm7RzgSCmpvXTE7A0Aw0glXq3gGHTG9za2970TeS64QFo/x7IrI54  
ZjuL8O6zZS/nQbx7PpE60i/unjlMHqlAs1VjF5a4JsMrvE+cGr2DW2OL6Bs8a7yH  
hVSLDIsG/hqUrmIlk0uvhzf1YX+sRRBvfI1883Pv26/NMXBAcie/yTn/VFRnnCzq  
dsEzWG1BPc14x+ZTvDNd/UtJvEJQ01p8du9x6iOLXtdZI5GvvmSAqRime9TsObFc  
GYVmPfhMIaA+Gqw9GUDk1eunRMPwtSxO5fnwaXZQ8Mpmdst/bYMFqe5KQvWINbqW  
uTC7pvv18H0PI2kNfJMYbImSCGCOaT3SW6mC+RNtKdIVJN4xzlwNkH9Q/P37/CdU  
lQDPal/FJgIDT7JDOuYJPF9Ln4DpGc+EjL9DekKpDQytQxVH7DONgAeZMmi99r4l  
unWj9QI6H/Nar0UHEyv4UExvJrInVl17McZ+V6gAvzM86ePqkf6xiESzoXGwAQBa  
ZQt1OY6ucVg¦iB  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8864-01

Red Hat Security Advisory 2022-8853-01 - An update for python-django20 is now available for Red Hat OpenStack Platform 16.2.4 (Train) for Red Hat Enterprise Linux (RHEL) 8.4. Issues addressed include cross site scripting and denial of service vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenStack Platform 16.2.4 (python-django20) security update  
Advisory ID:       RHSA-2022:8853-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8853  
Issue date:        2022-12-07  
CVE Names:         CVE-2022-22818 CVE-2022-23833  
====================================================================  
1. Summary:

An update for python-django20 is now available for Red Hat OpenStack  
Platform 16.2.4 (Train) for Red Hat Enterprise Linux (RHEL) 8.4.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 16.2 - noarch

3. Description:

Security Fix(es):

* Possible XSS via '{% debug %}' template tag (CVE-2022-22818)

* Denial of service possibility in file uploads (CVE-2022-23833)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2048775 - CVE-2022-22818 django: Possible XSS via '{% debug %}' template tag  
2048778 - CVE-2022-23833 django: Denial-of-service possibility in file uploads

6. Package List:

Red Hat OpenStack Platform 16.2:

Source:  
python-django20-2.0.13-18.el8ost.src.rpm

noarch:  
python3-django20-2.0.13-18.el8ost.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-22818  
https://access.redhat.com/security/cve/CVE-2022-23833  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5FpY9zjgjWX9erEAQj1thAApODPOfrstOl0YkXLW8QcfS6do+Yx3SzB  
e0FtoGW3L1rRLjSXj4vNNK6Xa81zgx+BMns7uMpntqvScBGOpB8bbRdJOwizQcVc  
bJDpIZTccCg2L6J1G2XaFyMsHR82OmPc3AZtXpmx9hg81AQJ6R2nhpTYWUJA4Lkm  
OUZRlkOP1CP9CaJawGct4lNWo3ZJZ69XgJ78+ltkLBn1IXWtfrn8bDFtiGnZ7N7Y  
Qa50Ggqq+cYL2mHW0fDUsdgbgNYpmrfF1qlF/0B9HASQC1xx0fxc0S125vmU8yja  
ILOC+bwpDOBSnDKv/IKnAKt5Zb80ojUC519s8SPVHrZF/71DlZid0ly+pL9YWNAL  
hpziugB224Fp3GYEWlvzzoBz/C0XDFV/A3nSUnJ8CuP7QisxI1Jt068jvTlDdPjI  
Sv4uJE7u/eG/ME9SY74rfevznkrh0iLDOdAvPgS/4ScD4RoTZPFnH7/sn3d92mGC  
77yF0ZCxJe1iNCaCvHPRGuQ1aCfxEUhLRSAPO4wdd5TTMPGc2fFcYIYlgyoqQ2Z0  
KjKfL5cX4lUCDWKZ1fSbr2BxeNBpOt/udM3bRLRjEJsEVGh15CC7b/J+fyXuL1tq  
nBxhqzqTo3+ZtZTsGSchsZa/0kUNNJ9okGT2sm++YVKyuKRIU9KbVUiMLh6sRdMF  
wLUsVkAfhUQ=aJ8/  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#js