An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab was leaking Conan packages names due to incorrect permissions verification.

Scheduled maintenance on the database layer will take place on 2022-07-02. We expect GitLab.com to be unavailable for up to 2 hours starting from 06:00 UTC. Kindly follow our status page for updates and read more in our blog post.

*   GitLab.org
*   cves
*   Repository

CVE-2022-2270: 2022/CVE-2022-2270.json · master · GitLab.org / cves · GitLab

An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows project memebers with reporter role to manage issues in project's error tracking feature.

🤖 GitLab Bot 🤖 authored Jul 01, 2022

CVE-2022-2244: 2022/CVE-2022-2244.json · master · GitLab.org / cves · GitLab

An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary location if they trust the URL.

CVE-2022-2250: 2022/CVE-2022-2250.json · master · GitLab.org / cves · GitLab

A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where it was possible for an unauthorised user to execute arbitrary code on the server using the project import feature.

CVE-2022-2185: 2022/CVE-2022-2185.json · master · GitLab.org / cves · GitLab

Several PHP compatibility libraries contain a potential remote code execution flaw in their json_decode() function based on having copy pasted existing vulnerable code. Affected components include the WassUp Realtime analytics WordPress plugin, AjaXplorer Core, and more.

    JAHx221 - RCE in copy/pasted PHP compat libraries, json_decode function===============================================================================Several PHP compatability libraries contain a potential remote codeexecutionflaw in their `json_decode()` function based on having copy pasted existingvulnerable code.Identifiers--------------------------------------- * JAHx221 - http://www.justanotherhacker.com/advisories/JAHx221.txtAffected components--------------------------------------- * WassUp Realtime analytics wordpress plugin/compat library -https://wordpress.org/plugins/wassup/ * AjaXplorer Core -https://pydio.com/en/community/releases/pydio-core/ajaxplorer-core-503-released * FlexoCMS - https://github.com/flexocms/flexo1.source * Various code -https://github.com/search?p=6&q=if+function_exists+json_decode+eval+%24out&type=Code * compat_functions.php - http://techfromhel.comDescription---------------------------------------This appears to date back to a compatability library published in 2010 andappears in several code bases, with no, or a few variations.The vulnerable code generally share the following characteristic: * The json_decode function is declared if it does not exist * some str_replace occurs to transform the json representation to PHP * eval($out)Since `eval()` is turing complete, it is generally considered unsafe to useiton user controlled or user influenced data, however it is unclear ifpracticalexploitation would be possible due to the likely presence of an existing json_decode function.```php/** * compat_functions.php * Description: Emulate some functions from PHP 5.2+ and Wordpress 2.6+ for *   backwards compatibility with PHP 4.3+ and Wordpress 2.2+, respectively * @author: Helene D. <http://techfromhel.com> * @version: 0.3 - 2010-09-13 * @since Wassup 1.8 *//** * Convert simple JSON data into a PHP object (default) or associative *   array. Emulates 'json_decode' function from PHP 5.2+ * @author: Helene Duncker <http://techfromhel.com> * @param string,boolean * @return (array or object) */if (!function_exists('json_decode')) {function json_decode($json,$to_array=false) {$x=false;if (!empty($json) && strpos($json,'{"')!==false) {$out ='$x='.str_replace(array('{','":','}'),array('array(','"=>',')'),$json);eval($out.';');if (!$to_array) $x = (object) $x;}return $x;} //end function json_decode}```Proof of Concept---------------------------------------The eval can be exploited a number of ways, both via full or partialcontrol of the json string:```php/* Payload`id`;//{"*/json_decode('`id`;//{"');```or partially controlled content:```php/* Payload{"key":"value");echo `id`;//"}*/json_decode('{"key":"value");echo `id`;//"}');```Credit---------------------------------------Eldar "Wireghoul" MarcussenSolution---------------------------------------Ensure json_decode is present as a native function for your PHPinstallation.

PHP Library Remote Code Execution

Red Hat Security Advisory 2022-5483-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: Migration Toolkit for Containers (MTC) 1.7.2 security and bug fix update  
Advisory ID:       RHSA-2022:5483-01  
Product:           Red Hat Migration Toolkit  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5483  
Issue date:        2022-07-01  
CVE Names:         CVE-2018-25032 CVE-2020-0404 CVE-2020-4788  
                   CVE-2020-13974 CVE-2020-19131 CVE-2020-27820  
                   CVE-2020-35492 CVE-2021-0941 CVE-2021-3612  
                   CVE-2021-3634 CVE-2021-3669 CVE-2021-3737  
                   CVE-2021-3743 CVE-2021-3744 CVE-2021-3752  
                   CVE-2021-3759 CVE-2021-3764 CVE-2021-3772  
                   CVE-2021-3773 CVE-2021-3807 CVE-2021-4002  
                   CVE-2021-4037 CVE-2021-4083 CVE-2021-4157  
                   CVE-2021-4189 CVE-2021-4197 CVE-2021-4203  
                   CVE-2021-20322 CVE-2021-21781 CVE-2021-26401  
                   CVE-2021-29154 CVE-2021-37159 CVE-2021-41617  
                   CVE-2021-41864 CVE-2021-42739 CVE-2021-43056  
                   CVE-2021-43389 CVE-2021-43976 CVE-2021-44733  
                   CVE-2021-45485 CVE-2021-45486 CVE-2022-0001  
                   CVE-2022-0002 CVE-2022-0235 CVE-2022-0286  
                   CVE-2022-0322 CVE-2022-0536 CVE-2022-1011  
                   CVE-2022-1154 CVE-2022-1271 CVE-2022-23852  
                   CVE-2022-26691  
====================================================================  
1. Summary:

The Migration Toolkit for Containers (MTC) 1.7.2 is now available.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

The Migration Toolkit for Containers (MTC) enables you to migrate  
Kubernetes resources, persistent volume data, and internal container images  
between OpenShift Container Platform clusters, using the MTC web console or  
the Kubernetes API.

Security Fix(es) from Bugzilla:

* nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching  
ANSI escape codes (CVE-2021-3807)

* node-fetch: exposure of sensitive information to an unauthorized actor  
(CVE-2022-0235)

* follow-redirects: Exposure of Sensitive Information via Authorization  
Header leak (CVE-2022-0536)

For more details about the security issue(s), including the impact, a CVSS  
score, and other related information, refer to the CVE page(s) listed in  
the References section.

3. Solution:

For details on how to install and use MTC, refer to:

https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html

4. Bugs fixed (https://bugzilla.redhat.com/):

2007557 - CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes  
2038898 - [UI] ?Update Repository? option not getting disabled after adding the Replication Repository details to the MTC web console  
2040693 - ?Replication repository? wizard has no validation for name length  
2040695 - [MTC UI] ?Add Cluster? wizard stucks when the cluster name length is more than 63 characters  
2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor  
2048537 - Exposed route host to image registry? connecting successfully to invalid registry ?xyz.com?  
2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak  
2055658 - [MTC UI] Cancel button on ?Migrations? page does not disappear when migration gets Failed/Succeeded with warnings  
2056962 - [MTC UI] UI shows the wrong migration type info after changing the target namespace  
2058172 - [MTC UI] Successful Rollback is not showing the green success icon in the ?Last State? field.  
2058529 - [MTC UI] Migrations Plan is missing the type for the state migration performed before upgrade  
2061335 - [MTC UI] ?Update cluster? button is not getting disabled  
2062266 - MTC UI does not display logs properly [OADP-BL]  
2062862 - [MTC UI] Clusters page behaving unexpectedly on deleting the remote cluster?s service account secret from backend  
2074675 - HPAs of DeploymentConfigs are not being updated when migration from Openshift 3.x to Openshift 4.x  
2076593 - Velero pod log missing from UI  drop down  
2076599 - Velero pod log missing from downloaded logs folder [OADP-BL]  
2078459 - [MTC UI] Storageclass conversion plan is adding migstorage reference in migplan  
2079252 - [MTC]  Rsync options logs not visible in log-reader pod  
2082221 - Don't allow Storage class conversion migration if source cluster has only one storage class defined [UI]  
2082225 - non-numeric user when launching stage pods [OADP-BL]  
2088022 - Default CPU requests on Velero/Restic are too demanding making scheduling fail in certain environments  
2088026 - Cloud propagation phase in migration controller is not doing anything due to missing labels on Velero pods  
2089126 - [MTC] Migration controller cannot find Velero Pod because of wrong labels  
2089411 - [MTC] Log reader pod is missing velero and restic pod logs [OADP-BL]  
2089859 - [Crane] DPA CR is missing the required flag - Migration is getting failed at the EnsureCloudSecretPropagated phase due to the missing secret VolumeMounts  
2090317 - [MTC] mig-operator failed to create a DPA CR due to null values are passed instead of int [OADP-BL]  
2096939 - Fix legacy operator.yml inconsistencies and errors  
2100486 - [MTC UI] Target storage class field is not getting respected when clusters don't have replication repo configured.

5. References:

https://access.redhat.com/security/cve/CVE-2018-25032  
https://access.redhat.com/security/cve/CVE-2020-0404  
https://access.redhat.com/security/cve/CVE-2020-4788  
https://access.redhat.com/security/cve/CVE-2020-13974  
https://access.redhat.com/security/cve/CVE-2020-19131  
https://access.redhat.com/security/cve/CVE-2020-27820  
https://access.redhat.com/security/cve/CVE-2020-35492  
https://access.redhat.com/security/cve/CVE-2021-0941  
https://access.redhat.com/security/cve/CVE-2021-3612  
https://access.redhat.com/security/cve/CVE-2021-3634  
https://access.redhat.com/security/cve/CVE-2021-3669  
https://access.redhat.com/security/cve/CVE-2021-3737  
https://access.redhat.com/security/cve/CVE-2021-3743  
https://access.redhat.com/security/cve/CVE-2021-3744  
https://access.redhat.com/security/cve/CVE-2021-3752  
https://access.redhat.com/security/cve/CVE-2021-3759  
https://access.redhat.com/security/cve/CVE-2021-3764  
https://access.redhat.com/security/cve/CVE-2021-3772  
https://access.redhat.com/security/cve/CVE-2021-3773  
https://access.redhat.com/security/cve/CVE-2021-3807  
https://access.redhat.com/security/cve/CVE-2021-4002  
https://access.redhat.com/security/cve/CVE-2021-4037  
https://access.redhat.com/security/cve/CVE-2021-4083  
https://access.redhat.com/security/cve/CVE-2021-4157  
https://access.redhat.com/security/cve/CVE-2021-4189  
https://access.redhat.com/security/cve/CVE-2021-4197  
https://access.redhat.com/security/cve/CVE-2021-4203  
https://access.redhat.com/security/cve/CVE-2021-20322  
https://access.redhat.com/security/cve/CVE-2021-21781  
https://access.redhat.com/security/cve/CVE-2021-26401  
https://access.redhat.com/security/cve/CVE-2021-29154  
https://access.redhat.com/security/cve/CVE-2021-37159  
https://access.redhat.com/security/cve/CVE-2021-41617  
https://access.redhat.com/security/cve/CVE-2021-41864  
https://access.redhat.com/security/cve/CVE-2021-42739  
https://access.redhat.com/security/cve/CVE-2021-43056  
https://access.redhat.com/security/cve/CVE-2021-43389  
https://access.redhat.com/security/cve/CVE-2021-43976  
https://access.redhat.com/security/cve/CVE-2021-44733  
https://access.redhat.com/security/cve/CVE-2021-45485  
https://access.redhat.com/security/cve/CVE-2021-45486  
https://access.redhat.com/security/cve/CVE-2022-0001  
https://access.redhat.com/security/cve/CVE-2022-0002  
https://access.redhat.com/security/cve/CVE-2022-0235  
https://access.redhat.com/security/cve/CVE-2022-0286  
https://access.redhat.com/security/cve/CVE-2022-0322  
https://access.redhat.com/security/cve/CVE-2022-0536  
https://access.redhat.com/security/cve/CVE-2022-1011  
https://access.redhat.com/security/cve/CVE-2022-1154  
https://access.redhat.com/security/cve/CVE-2022-1271  
https://access.redhat.com/security/cve/CVE-2022-23852  
https://access.redhat.com/security/cve/CVE-2022-26691  
https://access.redhat.com/security/updates/classification/#moderate

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYr7qBNzjgjWX9erEAQgugw//ZP+OR2wysl+DmxNE9P5ri+kd/NBxdBKg  
C6vlBpczeXUvPLEFp03wuoBoagTRfib6xjrKdc8+joCQv6UFYcO1kjqZqgcZgBeu  
xJ6y7IzygYwK+nIoN3MP9YTYrejkwe7iaQnC3vLt3SIdg+u5s4N5kht4JPcnyRtY  
ERa6u3OBoJ9C62y+jeQct+lziaARoldGeRtXzA70PP7WJ9N0cEvlk3AkOHsxfhZS  
YXKPR+v94VlzU+egp97boMXZnvjvB/pGJLLtbPQtFsWIOMMzZ9iNHv2GsxQdsTyV  
0GO1PlI7vRleqiYig1pHCjCuqJ4LUxWSis1AX3GYNRnqNC4RvYh8JBx82pKAR/eI  
jhFC/r0A0AGzmpjHgY2S+2nz+P/O93aKr+RFfW+T+LVwAt854a0KPzZyMNWx1NPV  
ccRq5kcphGCNMphRm0jqK2P1/urzIEVhCN4QgsJjqiEN+JGP4c2URdlcUXHOI6td  
cR7jZfNb4T/sPg64h9fzip/FRoZNV3kYE8jjUd/pmFv7iJvAwuPij0H/dZsix4Zr  
vboj+aDdTzuWU6pXLq0Z9xjlhh2Um172HsTimBxO6l5oXrzpVKvxFgi3dp56F2ql  
6mkKuEr9gDWAxCkKBXsy5UQPNny7vxWc2cVGucevOYfF51zd/7cf1UDobG6scH2r  
wqRrUS7nR3w=nCFJ  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5483-01

Red Hat Security Advisory 2022-5245-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include bypass and password leak vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: curl security update  
Advisory ID:       RHSA-2022:5245-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5245  
Issue date:        2022-06-28  
CVE Names:         CVE-2022-22576 CVE-2022-27774 CVE-2022-27776  
                   CVE-2022-27782  
====================================================================  
1. Summary:

An update for curl is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

The curl packages provide the libcurl library and the curl utility for  
downloading files from servers using various protocols, including HTTP,  
FTP, and LDAP.

Security Fix(es):

* curl: OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)

* curl: credential leak on redirect (CVE-2022-27774)

* curl: auth/cookie leak on redirect (CVE-2022-27776)

* curl: TLS and SSH connection too eager reuse (CVE-2022-27782)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2077541 - CVE-2022-22576 curl: OAUTH2 bearer bypass in connection re-use  
2077547 - CVE-2022-27774 curl: credential leak on redirect  
2078408 - CVE-2022-27776 curl: auth/cookie leak on redirect  
2082215 - CVE-2022-27782 curl: TLS and SSH connection too eager reuse

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

aarch64:  
curl-debuginfo-7.76.1-14.el9_0.4.aarch64.rpm  
curl-debugsource-7.76.1-14.el9_0.4.aarch64.rpm  
curl-minimal-debuginfo-7.76.1-14.el9_0.4.aarch64.rpm  
libcurl-debuginfo-7.76.1-14.el9_0.4.aarch64.rpm  
libcurl-devel-7.76.1-14.el9_0.4.aarch64.rpm  
libcurl-minimal-debuginfo-7.76.1-14.el9_0.4.aarch64.rpm

ppc64le:  
curl-debuginfo-7.76.1-14.el9_0.4.ppc64le.rpm  
curl-debugsource-7.76.1-14.el9_0.4.ppc64le.rpm  
curl-minimal-debuginfo-7.76.1-14.el9_0.4.ppc64le.rpm  
libcurl-debuginfo-7.76.1-14.el9_0.4.ppc64le.rpm  
libcurl-devel-7.76.1-14.el9_0.4.ppc64le.rpm  
libcurl-minimal-debuginfo-7.76.1-14.el9_0.4.ppc64le.rpm

s390x:  
curl-debuginfo-7.76.1-14.el9_0.4.s390x.rpm  
curl-debugsource-7.76.1-14.el9_0.4.s390x.rpm  
curl-minimal-debuginfo-7.76.1-14.el9_0.4.s390x.rpm  
libcurl-debuginfo-7.76.1-14.el9_0.4.s390x.rpm  
libcurl-devel-7.76.1-14.el9_0.4.s390x.rpm  
libcurl-minimal-debuginfo-7.76.1-14.el9_0.4.s390x.rpm

x86_64:  
curl-debuginfo-7.76.1-14.el9_0.4.i686.rpm  
curl-debuginfo-7.76.1-14.el9_0.4.x86_64.rpm  
curl-debugsource-7.76.1-14.el9_0.4.i686.rpm  
curl-debugsource-7.76.1-14.el9_0.4.x86_64.rpm  
curl-minimal-debuginfo-7.76.1-14.el9_0.4.i686.rpm  
curl-minimal-debuginfo-7.76.1-14.el9_0.4.x86_64.rpm  
libcurl-debuginfo-7.76.1-14.el9_0.4.i686.rpm  
libcurl-debuginfo-7.76.1-14.el9_0.4.x86_64.rpm  
libcurl-devel-7.76.1-14.el9_0.4.i686.rpm  
libcurl-devel-7.76.1-14.el9_0.4.x86_64.rpm  
libcurl-minimal-debuginfo-7.76.1-14.el9_0.4.i686.rpm  
libcurl-minimal-debuginfo-7.76.1-14.el9_0.4.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 9):

Source:  
curl-7.76.1-14.el9_0.4.src.rpm

aarch64:  
curl-7.76.1-14.el9_0.4.aarch64.rpm  
curl-debuginfo-7.76.1-14.el9_0.4.aarch64.rpm  
curl-debugsource-7.76.1-14.el9_0.4.aarch64.rpm  
curl-minimal-7.76.1-14.el9_0.4.aarch64.rpm  
curl-minimal-debuginfo-7.76.1-14.el9_0.4.aarch64.rpm  
libcurl-7.76.1-14.el9_0.4.aarch64.rpm  
libcurl-debuginfo-7.76.1-14.el9_0.4.aarch64.rpm  
libcurl-minimal-7.76.1-14.el9_0.4.aarch64.rpm  
libcurl-minimal-debuginfo-7.76.1-14.el9_0.4.aarch64.rpm

ppc64le:  
curl-7.76.1-14.el9_0.4.ppc64le.rpm  
curl-debuginfo-7.76.1-14.el9_0.4.ppc64le.rpm  
curl-debugsource-7.76.1-14.el9_0.4.ppc64le.rpm  
curl-minimal-7.76.1-14.el9_0.4.ppc64le.rpm  
curl-minimal-debuginfo-7.76.1-14.el9_0.4.ppc64le.rpm  
libcurl-7.76.1-14.el9_0.4.ppc64le.rpm  
libcurl-debuginfo-7.76.1-14.el9_0.4.ppc64le.rpm  
libcurl-minimal-7.76.1-14.el9_0.4.ppc64le.rpm  
libcurl-minimal-debuginfo-7.76.1-14.el9_0.4.ppc64le.rpm

s390x:  
curl-7.76.1-14.el9_0.4.s390x.rpm  
curl-debuginfo-7.76.1-14.el9_0.4.s390x.rpm  
curl-debugsource-7.76.1-14.el9_0.4.s390x.rpm  
curl-minimal-7.76.1-14.el9_0.4.s390x.rpm  
curl-minimal-debuginfo-7.76.1-14.el9_0.4.s390x.rpm  
libcurl-7.76.1-14.el9_0.4.s390x.rpm  
libcurl-debuginfo-7.76.1-14.el9_0.4.s390x.rpm  
libcurl-minimal-7.76.1-14.el9_0.4.s390x.rpm  
libcurl-minimal-debuginfo-7.76.1-14.el9_0.4.s390x.rpm

x86_64:  
curl-7.76.1-14.el9_0.4.x86_64.rpm  
curl-debuginfo-7.76.1-14.el9_0.4.i686.rpm  
curl-debuginfo-7.76.1-14.el9_0.4.x86_64.rpm  
curl-debugsource-7.76.1-14.el9_0.4.i686.rpm  
curl-debugsource-7.76.1-14.el9_0.4.x86_64.rpm  
curl-minimal-7.76.1-14.el9_0.4.x86_64.rpm  
curl-minimal-debuginfo-7.76.1-14.el9_0.4.i686.rpm  
curl-minimal-debuginfo-7.76.1-14.el9_0.4.x86_64.rpm  
libcurl-7.76.1-14.el9_0.4.i686.rpm  
libcurl-7.76.1-14.el9_0.4.x86_64.rpm  
libcurl-debuginfo-7.76.1-14.el9_0.4.i686.rpm  
libcurl-debuginfo-7.76.1-14.el9_0.4.x86_64.rpm  
libcurl-minimal-7.76.1-14.el9_0.4.i686.rpm  
libcurl-minimal-7.76.1-14.el9_0.4.x86_64.rpm  
libcurl-minimal-debuginfo-7.76.1-14.el9_0.4.i686.rpm  
libcurl-minimal-debuginfo-7.76.1-14.el9_0.4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-22576  
https://access.redhat.com/security/cve/CVE-2022-27774  
https://access.redhat.com/security/cve/CVE-2022-27776  
https://access.redhat.com/security/cve/CVE-2022-27782  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYr6V1tzjgjWX9erEAQgY5A//Qy7jG3WkMsxLzIF2jSzG4llo3ULFmTC3  
dK/5aRXCDJklLHAvL/kzQ2jMQA224VHcCTBBH8uZNUU+rodX6ouFAPcjVHG68SX9  
L2yRNlSqryQxKR0uCHJ0ndeHYtkbfVD9dBltRkJmrNmXa4ql+YfAWqwbXLKYNCUV  
caM5UskdyQ5IHIkjkPfNsY/vaB6RP/fm8Qs1d4Lt/N0lvxj2mgMDk8EOFaEI79Gm  
Rvy044/igG6VbTJsowZQxF8dwslEVNzJ4fg1afYQATkfBL20BYxrMm7QtAWYPrxk  
QkHvwsxcGbYWRRXi4keffJtrPg1O+9EqI11OHo9NHmieoUGNMZLwgQWXJttuksak  
k3oXXywWUxCeRl5V43/Q+SSSShs1HWvR6e5g16axdzSOvlK7cI3iamgxLgjUOqnJ  
ThF+jH+T7CvtUecDz7H//XB9uQD9OCA0ZdyQ6RI5rMYW5gz1glSZ4H8AcINYwxhc  
jta7vBre8cU7aPdhTYE5N7sw8u+5GhSg63SVYjk8UUoQ1hqKx8Ao1LI7ubptRKZ7  
ey05JiFRGnHYoCkF/HDFOmLgAuITFXcTRwuJ8Yr6mmDAxMhEDEpzwUJg1t/5mkMn  
LvDKI+m+Vo+9iCzahD3+SUtxYJb8Esy95cYeM9459vaxhQw9v9EDgY2sd8Yz4bwC  
WcynFEXdDQA=bldl  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5245-01

Red Hat Security Advisory 2022-5257-01 - libinput is a library that handles input devices for display servers and other applications that need to directly deal with input devices. Issues addressed include format string and privilege escalation vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: libinput security update  
Advisory ID:       RHSA-2022:5257-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5257  
Issue date:        2022-06-28  
CVE Names:         CVE-2022-1215  
====================================================================  
1. Summary:

An update for libinput is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 9) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

libinput is a library that handles input devices for display servers and  
other applications that need to directly deal with input devices.

Security Fix(es):

* libinput: format string vulnerability may lead to privilege escalation  
(CVE-2022-1215)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2074952 - CVE-2022-1215 libinput: format string vulnerability may lead to privilege escalation

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
libinput-1.19.3-2.el9_0.src.rpm

aarch64:  
libinput-1.19.3-2.el9_0.aarch64.rpm  
libinput-debuginfo-1.19.3-2.el9_0.aarch64.rpm  
libinput-debugsource-1.19.3-2.el9_0.aarch64.rpm  
libinput-test-debuginfo-1.19.3-2.el9_0.aarch64.rpm  
libinput-utils-1.19.3-2.el9_0.aarch64.rpm  
libinput-utils-debuginfo-1.19.3-2.el9_0.aarch64.rpm

ppc64le:  
libinput-1.19.3-2.el9_0.ppc64le.rpm  
libinput-debuginfo-1.19.3-2.el9_0.ppc64le.rpm  
libinput-debugsource-1.19.3-2.el9_0.ppc64le.rpm  
libinput-test-debuginfo-1.19.3-2.el9_0.ppc64le.rpm  
libinput-utils-1.19.3-2.el9_0.ppc64le.rpm  
libinput-utils-debuginfo-1.19.3-2.el9_0.ppc64le.rpm

s390x:  
libinput-1.19.3-2.el9_0.s390x.rpm  
libinput-debuginfo-1.19.3-2.el9_0.s390x.rpm  
libinput-debugsource-1.19.3-2.el9_0.s390x.rpm  
libinput-test-debuginfo-1.19.3-2.el9_0.s390x.rpm  
libinput-utils-1.19.3-2.el9_0.s390x.rpm  
libinput-utils-debuginfo-1.19.3-2.el9_0.s390x.rpm

x86_64:  
libinput-1.19.3-2.el9_0.i686.rpm  
libinput-1.19.3-2.el9_0.x86_64.rpm  
libinput-debuginfo-1.19.3-2.el9_0.i686.rpm  
libinput-debuginfo-1.19.3-2.el9_0.x86_64.rpm  
libinput-debugsource-1.19.3-2.el9_0.i686.rpm  
libinput-debugsource-1.19.3-2.el9_0.x86_64.rpm  
libinput-test-debuginfo-1.19.3-2.el9_0.i686.rpm  
libinput-test-debuginfo-1.19.3-2.el9_0.x86_64.rpm  
libinput-utils-1.19.3-2.el9_0.x86_64.rpm  
libinput-utils-debuginfo-1.19.3-2.el9_0.i686.rpm  
libinput-utils-debuginfo-1.19.3-2.el9_0.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 9):

aarch64:  
libinput-debuginfo-1.19.3-2.el9_0.aarch64.rpm  
libinput-debugsource-1.19.3-2.el9_0.aarch64.rpm  
libinput-devel-1.19.3-2.el9_0.aarch64.rpm  
libinput-test-debuginfo-1.19.3-2.el9_0.aarch64.rpm  
libinput-utils-debuginfo-1.19.3-2.el9_0.aarch64.rpm

ppc64le:  
libinput-debuginfo-1.19.3-2.el9_0.ppc64le.rpm  
libinput-debugsource-1.19.3-2.el9_0.ppc64le.rpm  
libinput-devel-1.19.3-2.el9_0.ppc64le.rpm  
libinput-test-debuginfo-1.19.3-2.el9_0.ppc64le.rpm  
libinput-utils-debuginfo-1.19.3-2.el9_0.ppc64le.rpm

s390x:  
libinput-debuginfo-1.19.3-2.el9_0.s390x.rpm  
libinput-debugsource-1.19.3-2.el9_0.s390x.rpm  
libinput-devel-1.19.3-2.el9_0.s390x.rpm  
libinput-test-debuginfo-1.19.3-2.el9_0.s390x.rpm  
libinput-utils-debuginfo-1.19.3-2.el9_0.s390x.rpm

x86_64:  
libinput-debuginfo-1.19.3-2.el9_0.i686.rpm  
libinput-debuginfo-1.19.3-2.el9_0.x86_64.rpm  
libinput-debugsource-1.19.3-2.el9_0.i686.rpm  
libinput-debugsource-1.19.3-2.el9_0.x86_64.rpm  
libinput-devel-1.19.3-2.el9_0.i686.rpm  
libinput-devel-1.19.3-2.el9_0.x86_64.rpm  
libinput-test-debuginfo-1.19.3-2.el9_0.i686.rpm  
libinput-test-debuginfo-1.19.3-2.el9_0.x86_64.rpm  
libinput-utils-debuginfo-1.19.3-2.el9_0.i686.rpm  
libinput-utils-debuginfo-1.19.3-2.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1215  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYr6Vx9zjgjWX9erEAQgDZQ/+LE4gkZAB/xKeUf1ieMYdn9/AAJBGvcCk  
9L2SpD+HSW/f5zsmceT3lpl92BT6PgPUdvH6FJ6pV2CH+K0USpdogEKmVu4fAKcw  
jc+hykKTB1hkb2gIizhCKoFK44sz5oYDTRJJJl3Mlfez7KZSHitqRCC3RuQ+xqGq  
rbb/Ul7flJjsklJRjB6uowrUoM5N0fS5YQEiCUA7o52qNORD3nLryM8Kg0cinWPB  
pvjaK+khdt/Nq8o4i8+SdynF393ZYK9LSBtSsdw8Niro3V62eBp4ibWWin7wfsmD  
8y+UiXMTVrE6B2keO9Ap1P54KkLTr+Vl2agYYpBj3E9ZRCBvX2PSbtv4EulpdjbQ  
vnBrN8/wyxPjvGS4qkWReY33YHNHu5Sf2+wklgO+3E9L7vnIuWYbWtc53sQfT0e5  
vUhMnw1kMgXf3rWiZeDjSNaBkVNyDSqNVPotMMbLPWtuCw12fCCBSY73AawGGy2Z  
1QsmM4S8hqsX/CH+MMHDxzKuzKN70HBT87Ubqghc7wOF5jVhHWCMq1nhyymN+Pty  
bDoBq26qS5/Wff43Y4LHfu23BYs6IRq9HZjYeD9vZTwTJ7TsL1WZ7VHNFOHBnuXL  
wy0Y0mZEwUHbw9eWBWR2w62RSLCN+afPjTdz/itIibv/3tulrS/9LVVIJLI+wWp6  
XMLK800/ihM=Xcgo  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5257-01

Red Hat Security Advisory 2022-5244-01 - Expat is a C library for parsing XML documents. Issues addressed include an integer overflow vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: expat security update  
Advisory ID:       RHSA-2022:5244-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5244  
Issue date:        2022-06-28  
CVE Names:         CVE-2022-25313 CVE-2022-25314  
====================================================================  
1. Summary:

An update for expat is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Expat is a C library for parsing XML documents.

Security Fix(es):

* expat: stack exhaustion in doctype parsing (CVE-2022-25313)

* expat: integer overflow in copyString() (CVE-2022-25314)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, applications using the Expat library  
must be restarted for the update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2056350 - CVE-2022-25313 expat: stack exhaustion in doctype parsing  
2056354 - CVE-2022-25314 expat: integer overflow in copyString()

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

aarch64:  
expat-debuginfo-2.2.10-12.el9_0.2.aarch64.rpm  
expat-debugsource-2.2.10-12.el9_0.2.aarch64.rpm  
expat-devel-2.2.10-12.el9_0.2.aarch64.rpm

ppc64le:  
expat-debuginfo-2.2.10-12.el9_0.2.ppc64le.rpm  
expat-debugsource-2.2.10-12.el9_0.2.ppc64le.rpm  
expat-devel-2.2.10-12.el9_0.2.ppc64le.rpm

s390x:  
expat-debuginfo-2.2.10-12.el9_0.2.s390x.rpm  
expat-debugsource-2.2.10-12.el9_0.2.s390x.rpm  
expat-devel-2.2.10-12.el9_0.2.s390x.rpm

x86_64:  
expat-debuginfo-2.2.10-12.el9_0.2.i686.rpm  
expat-debuginfo-2.2.10-12.el9_0.2.x86_64.rpm  
expat-debugsource-2.2.10-12.el9_0.2.i686.rpm  
expat-debugsource-2.2.10-12.el9_0.2.x86_64.rpm  
expat-devel-2.2.10-12.el9_0.2.i686.rpm  
expat-devel-2.2.10-12.el9_0.2.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 9):

Source:  
expat-2.2.10-12.el9_0.2.src.rpm

aarch64:  
expat-2.2.10-12.el9_0.2.aarch64.rpm  
expat-debuginfo-2.2.10-12.el9_0.2.aarch64.rpm  
expat-debugsource-2.2.10-12.el9_0.2.aarch64.rpm

ppc64le:  
expat-2.2.10-12.el9_0.2.ppc64le.rpm  
expat-debuginfo-2.2.10-12.el9_0.2.ppc64le.rpm  
expat-debugsource-2.2.10-12.el9_0.2.ppc64le.rpm

s390x:  
expat-2.2.10-12.el9_0.2.s390x.rpm  
expat-debuginfo-2.2.10-12.el9_0.2.s390x.rpm  
expat-debugsource-2.2.10-12.el9_0.2.s390x.rpm

x86_64:  
expat-2.2.10-12.el9_0.2.i686.rpm  
expat-2.2.10-12.el9_0.2.x86_64.rpm  
expat-debuginfo-2.2.10-12.el9_0.2.i686.rpm  
expat-debuginfo-2.2.10-12.el9_0.2.x86_64.rpm  
expat-debugsource-2.2.10-12.el9_0.2.i686.rpm  
expat-debugsource-2.2.10-12.el9_0.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-25313  
https://access.redhat.com/security/cve/CVE-2022-25314  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYr6V2tzjgjWX9erEAQhx2BAApcJi2EvcUkiTKbkRqHYQEu+aGBlMy0m0  
FwD5XuL/DWKDz2EVTOTOlBsWzMpFijbpe8F/+Esi1airKxvG5fUNJ1kLxEnvAwxI  
ndZfHNjwURLNlrvYASazjCAwkxai4pI9M/YaUXRv4nRbjgsQWww0nbamsbRsGjUx  
PO+4DDTvFG8tu579I0OWSWUuq6q1l2keKGdIKH/q2PXeMZj4GUcsUP7grwtrMzGb  
PsWw9vAcaOls6ukllEoLgJHwYgHX+zxiG58S2x7UqwnEo7sK8F1YgEcAu3daWtDv  
duT3QpFHZzwL74ImfyPGnqxOFz0IeotLPZTdPyYA5uTqvXcvhnjVignyOER5x3Ll  
xvwQwjmEJ7rUX4TJS5irpEN98+Rz8CZRgUkTpjxuEGWpoAKNovHGGVaCdifPaeBF  
ZvqPDfSzaHPHDnvkpuNkiin3Xr0OznZRLMMQe8+H/YDax4oza+KTsyJ6//QvaDxA  
C2p6EApD4d1PFV7fMN5cX1VI1mHvTwBXqzjjrBIVkyQuDlqWzdc0Nu4LgfOysMEM  
ZfPUDWZeGc/uKuTbG8iKnfqQR1KMo2A0doOMPVcg7YWwe3y/uNBWrwmo6xYLwnug  
/3Uknknm+JWXEhcdKnim6NgkJSZ7qNl+iy9cyYPGLFYfr61DnsLsnf/MtMZa0BZn  
L4f1Gjmc9Io=jvNX  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5244-01

Red Hat Security Advisory 2022-5479-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.11 ESR. Issues addressed include bypass, integer overflow, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2022:5479-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5479  
Issue date:        2022-06-30  
CVE Names:         CVE-2022-2200 CVE-2022-31744 CVE-2022-34468  
                   CVE-2022-34470 CVE-2022-34472 CVE-2022-34479  
                   CVE-2022-34481 CVE-2022-34484  
====================================================================  
1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64  
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64  
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - x86_64  
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 91.11 ESR.

Security Fix(es):

* Mozilla: CSP sandbox header without `allow-scripts` can be bypassed via  
retargeted javascript: URI (CVE-2022-34468)

* Mozilla: Use-after-free in nsSHistory (CVE-2022-34470)

* Mozilla: A popup window could be resized in a way to overlay the address  
bar with web content (CVE-2022-34479)

* Mozilla: Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11  
(CVE-2022-34484)

* Mozilla: Undesired attributes could be set as part of prototype pollution  
(CVE-2022-2200)

* Mozilla: CSP bypass enabling stylesheet injection (CVE-2022-31744)

* Mozilla: Unavailable PAC file resulted in OCSP requests being blocked  
(CVE-2022-34472)

* Mozilla: Potential integer overflow in ReplaceElementsAt (CVE-2022-34481)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2102161 - CVE-2022-34479 Mozilla: A popup window could be resized in a way to overlay the address bar with web content  
2102162 - CVE-2022-34470 Mozilla: Use-after-free in nsSHistory  
2102163 - CVE-2022-34468 Mozilla: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI  
2102164 - CVE-2022-34481 Mozilla: Potential integer overflow in ReplaceElementsAt  
2102165 - CVE-2022-31744 Mozilla: CSP bypass enabling stylesheet injection  
2102166 - CVE-2022-34472 Mozilla: Unavailable PAC file resulted in OCSP requests being blocked  
2102168 - CVE-2022-2200 Mozilla: Undesired attributes could be set as part of prototype pollution  
2102169 - CVE-2022-34484 Mozilla: Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
firefox-91.11.0-2.el7_9.src.rpm

x86_64:  
firefox-91.11.0-2.el7_9.x86_64.rpm  
firefox-debuginfo-91.11.0-2.el7_9.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:  
firefox-91.11.0-2.el7_9.i686.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
firefox-91.11.0-2.el7_9.src.rpm

ppc64:  
firefox-91.11.0-2.el7_9.ppc64.rpm  
firefox-debuginfo-91.11.0-2.el7_9.ppc64.rpm

ppc64le:  
firefox-91.11.0-2.el7_9.ppc64le.rpm  
firefox-debuginfo-91.11.0-2.el7_9.ppc64le.rpm

s390x:  
firefox-91.11.0-2.el7_9.s390x.rpm  
firefox-debuginfo-91.11.0-2.el7_9.s390x.rpm

x86_64:  
firefox-91.11.0-2.el7_9.x86_64.rpm  
firefox-debuginfo-91.11.0-2.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

x86_64:  
firefox-91.11.0-2.el7_9.i686.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
firefox-91.11.0-2.el7_9.src.rpm

x86_64:  
firefox-91.11.0-2.el7_9.x86_64.rpm  
firefox-debuginfo-91.11.0-2.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:  
firefox-91.11.0-2.el7_9.i686.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2200  
https://access.redhat.com/security/cve/CVE-2022-31744  
https://access.redhat.com/security/cve/CVE-2022-34468  
https://access.redhat.com/security/cve/CVE-2022-34470  
https://access.redhat.com/security/cve/CVE-2022-34472  
https://access.redhat.com/security/cve/CVE-2022-34479  
https://access.redhat.com/security/cve/CVE-2022-34481  
https://access.redhat.com/security/cve/CVE-2022-34484  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYr6VptzjgjWX9erEAQgSDxAAkuWv71TEBonOS/cdE39fjaqt8UvCGc+Z  
hIgLHFcUhmpHkJ/7WR5kfLk1KdNNyeC8IWxFM7k6RCnoHNhQlgdBbqRoit8aA5Zi  
JIub4cec/VfGUprxwAlsw5r9UjVpMK5nT3rhAqU64oA3UqmL+u3mh81WDh3HMYaS  
8oX+esI4257GiJU5Spag2yzS1LxI3xCq8dVrLrU1ULZ6xZzItV+4GGNCh/FTc77e  
fELLNt7pWUzoZdWFt37LfoJ14k75zzU9hHeMz3G0RTUDns1lh0Qo41ulutlzDW/z  
If0EjPDIZR7cnbOfYlV0ZKiBHEpr1keZzb+x1eJ7CruICagmrHcmtMC9hRTvUJ8c  
/0q3iIUQTXznN2FXt+Ducx1GNt67saXSW2YuaPdkm9YqyW/2nMzxDKUOPxkUjSW1  
Hc3ZcjE0yJkywkPV1yP1Yn+pRtXH6envmktTzOYZkIvS/eeT4ZdVFKgDqUaIaY28  
ZkxHskgVTYgRsAURlq+EEKD8Pj2gygJj/PhKrzSY9sCxQ8mFWfFaQnG4c2wIZW6D  
6Sigm+6HLr15pyATAfcuDvnZoiamqKq5FNP6hwQMcimyr9fbv8n3yXo6HexqDjl8  
8JGDXYACjf3W7qxXUbnehkagZxblA08dqydvv3dpDNqhGMxJ+ovE92lGmpLQi8jM  
6drZd1bInL0=Pd42  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#js