Red Hat Security Advisory 2023-4139-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: curl security update  
Advisory ID:       RHSA-2023:4139-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4139  
Issue date:        2023-07-18  
CVE Names:         CVE-2022-32221 CVE-2023-23916   
=====================================================================

1. Summary:

An update for curl is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64

3. Description:

The curl packages provide the libcurl library and the curl utility for  
downloading files from servers using various protocols, including HTTP,  
FTP, and LDAP.

Security Fix(es):

* curl: POST following PUT confusion (CVE-2022-32221)

* curl: HTTP multi-header compression denial of service (CVE-2023-23916)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2135411 - CVE-2022-32221 curl: POST following PUT confusion  
2167815 - CVE-2023-23916 curl: HTTP multi-header compression denial of service

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

aarch64:  
curl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm  
curl-debugsource-7.76.1-14.el9_0.6.aarch64.rpm  
curl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm  
libcurl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm  
libcurl-devel-7.76.1-14.el9_0.6.aarch64.rpm  
libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm

ppc64le:  
curl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm  
curl-debugsource-7.76.1-14.el9_0.6.ppc64le.rpm  
curl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm  
libcurl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm  
libcurl-devel-7.76.1-14.el9_0.6.ppc64le.rpm  
libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm

s390x:  
curl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm  
curl-debugsource-7.76.1-14.el9_0.6.s390x.rpm  
curl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm  
libcurl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm  
libcurl-devel-7.76.1-14.el9_0.6.s390x.rpm  
libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm

x86_64:  
curl-debuginfo-7.76.1-14.el9_0.6.i686.rpm  
curl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm  
curl-debugsource-7.76.1-14.el9_0.6.i686.rpm  
curl-debugsource-7.76.1-14.el9_0.6.x86_64.rpm  
curl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm  
curl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm  
libcurl-debuginfo-7.76.1-14.el9_0.6.i686.rpm  
libcurl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm  
libcurl-devel-7.76.1-14.el9_0.6.i686.rpm  
libcurl-devel-7.76.1-14.el9_0.6.x86_64.rpm  
libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm  
libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm

Red Hat Enterprise Linux BaseOS EUS (v.9.0):

Source:  
curl-7.76.1-14.el9_0.6.src.rpm

aarch64:  
curl-7.76.1-14.el9_0.6.aarch64.rpm  
curl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm  
curl-debugsource-7.76.1-14.el9_0.6.aarch64.rpm  
curl-minimal-7.76.1-14.el9_0.6.aarch64.rpm  
curl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm  
libcurl-7.76.1-14.el9_0.6.aarch64.rpm  
libcurl-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm  
libcurl-minimal-7.76.1-14.el9_0.6.aarch64.rpm  
libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.aarch64.rpm

ppc64le:  
curl-7.76.1-14.el9_0.6.ppc64le.rpm  
curl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm  
curl-debugsource-7.76.1-14.el9_0.6.ppc64le.rpm  
curl-minimal-7.76.1-14.el9_0.6.ppc64le.rpm  
curl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm  
libcurl-7.76.1-14.el9_0.6.ppc64le.rpm  
libcurl-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm  
libcurl-minimal-7.76.1-14.el9_0.6.ppc64le.rpm  
libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.ppc64le.rpm

s390x:  
curl-7.76.1-14.el9_0.6.s390x.rpm  
curl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm  
curl-debugsource-7.76.1-14.el9_0.6.s390x.rpm  
curl-minimal-7.76.1-14.el9_0.6.s390x.rpm  
curl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm  
libcurl-7.76.1-14.el9_0.6.s390x.rpm  
libcurl-debuginfo-7.76.1-14.el9_0.6.s390x.rpm  
libcurl-minimal-7.76.1-14.el9_0.6.s390x.rpm  
libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.s390x.rpm

x86_64:  
curl-7.76.1-14.el9_0.6.x86_64.rpm  
curl-debuginfo-7.76.1-14.el9_0.6.i686.rpm  
curl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm  
curl-debugsource-7.76.1-14.el9_0.6.i686.rpm  
curl-debugsource-7.76.1-14.el9_0.6.x86_64.rpm  
curl-minimal-7.76.1-14.el9_0.6.x86_64.rpm  
curl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm  
curl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm  
libcurl-7.76.1-14.el9_0.6.i686.rpm  
libcurl-7.76.1-14.el9_0.6.x86_64.rpm  
libcurl-debuginfo-7.76.1-14.el9_0.6.i686.rpm  
libcurl-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm  
libcurl-minimal-7.76.1-14.el9_0.6.i686.rpm  
libcurl-minimal-7.76.1-14.el9_0.6.x86_64.rpm  
libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.i686.rpm  
libcurl-minimal-debuginfo-7.76.1-14.el9_0.6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-32221  
https://access.redhat.com/security/cve/CVE-2023-23916  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJktmwhAAoJENzjgjWX9erERi8P/2SDDRgrMlMpO4mXOQOHpnBc  
sDfOVF79svk3OP6kjP2zVTGOOVjsUneyROB9GWyuPPjXxJGVBPGibuAPWwD6ismM  
HSsoPAxZjFVJiaf8aoeJorDS/DNQbYV1pvUrhMqVNWgoobyMMFHrWMvniz+mBUve  
TquHFuWcu5/5a48KGtTa6fLZlnby5bII/saN1+gIadA57iTL+JNLf/6emT15LGab  
1JvQMg5qA5IiW2mzQFLdW/diUJSI9Kp1VZllAT6FenMlSVU/tZ5oaILvmRbnIBdC  
3UNZfrJHr8R3D/Go/7mtcxyA9w/kqY1JQS+hhepApZxxFa1x7sAWc7CjNE0NslqA  
QScUuV4lRiiXVCSERBYJ8r3Wd0yQ1yA8cKq48GDQLpBPMS62yeUANPGykBvB54MW  
DYj0EWmjwKTZQvnDrKczMA2g1HEIEoGsp84XgZu2xRX6V5uXKjFVTxJNVnPCOlt6  
67VZdr3D8LgE88+7ON7cEoumzk2i7mjZvO9KFioifb8vOll1zGNt0PhvSdNCj7A7  
eQKZRNiwM7Jq60uvX5Ej3CDR6ih+hvY0l/g5aQHhBwvI9OXAt3CotqivY8mZkPWo  
aZ97c6+XBqH4oVagM2ytYlV0CqWvlFOUROoTlM9uapBL9NYGG4/unbtMPQyX4y+B  
sCjCekvuX9Rj0R7DT/vf  
=PgSQ  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4139-01

Red Hat Security Advisory 2023-4151-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update  
Advisory ID:       RHSA-2023:4151-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4151  
Issue date:        2023-07-18  
CVE Names:         CVE-2022-3564   
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64  
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64  
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: use-after-free caused by l2cap_reassemble_sdu() in  
net/bluetooth/l2cap_core.c (CVE-2022-3564)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* perf record -ag does not capture user space stack frames on s390x  
(BZ#2207745)

* RHEL7.9 - kernel: handle new reply code FILTERED_BY_HYPERVISOR  
(BZ#2212672)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2150999 - CVE-2022-3564 kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
kernel-3.10.0-1160.95.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-1160.95.1.el7.noarch.rpm  
kernel-doc-3.10.0-1160.95.1.el7.noarch.rpm

x86_64:  
bpftool-3.10.0-1160.95.1.el7.x86_64.rpm  
bpftool-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debug-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-devel-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-headers-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-tools-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-1160.95.1.el7.x86_64.rpm  
perf-3.10.0-1160.95.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
python-perf-3.10.0-1160.95.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:  
bpftool-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-1160.95.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:  
kernel-3.10.0-1160.95.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-1160.95.1.el7.noarch.rpm  
kernel-doc-3.10.0-1160.95.1.el7.noarch.rpm

x86_64:  
bpftool-3.10.0-1160.95.1.el7.x86_64.rpm  
bpftool-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debug-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-devel-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-headers-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-tools-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-1160.95.1.el7.x86_64.rpm  
perf-3.10.0-1160.95.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
python-perf-3.10.0-1160.95.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:  
bpftool-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-1160.95.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
kernel-3.10.0-1160.95.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-1160.95.1.el7.noarch.rpm  
kernel-doc-3.10.0-1160.95.1.el7.noarch.rpm

ppc64:  
bpftool-3.10.0-1160.95.1.el7.ppc64.rpm  
bpftool-debuginfo-3.10.0-1160.95.1.el7.ppc64.rpm  
kernel-3.10.0-1160.95.1.el7.ppc64.rpm  
kernel-bootwrapper-3.10.0-1160.95.1.el7.ppc64.rpm  
kernel-debug-3.10.0-1160.95.1.el7.ppc64.rpm  
kernel-debug-debuginfo-3.10.0-1160.95.1.el7.ppc64.rpm  
kernel-debug-devel-3.10.0-1160.95.1.el7.ppc64.rpm  
kernel-debuginfo-3.10.0-1160.95.1.el7.ppc64.rpm  
kernel-debuginfo-common-ppc64-3.10.0-1160.95.1.el7.ppc64.rpm  
kernel-devel-3.10.0-1160.95.1.el7.ppc64.rpm  
kernel-headers-3.10.0-1160.95.1.el7.ppc64.rpm  
kernel-tools-3.10.0-1160.95.1.el7.ppc64.rpm  
kernel-tools-debuginfo-3.10.0-1160.95.1.el7.ppc64.rpm  
kernel-tools-libs-3.10.0-1160.95.1.el7.ppc64.rpm  
perf-3.10.0-1160.95.1.el7.ppc64.rpm  
perf-debuginfo-3.10.0-1160.95.1.el7.ppc64.rpm  
python-perf-3.10.0-1160.95.1.el7.ppc64.rpm  
python-perf-debuginfo-3.10.0-1160.95.1.el7.ppc64.rpm

ppc64le:  
bpftool-3.10.0-1160.95.1.el7.ppc64le.rpm  
bpftool-debuginfo-3.10.0-1160.95.1.el7.ppc64le.rpm  
kernel-3.10.0-1160.95.1.el7.ppc64le.rpm  
kernel-bootwrapper-3.10.0-1160.95.1.el7.ppc64le.rpm  
kernel-debug-3.10.0-1160.95.1.el7.ppc64le.rpm  
kernel-debug-debuginfo-3.10.0-1160.95.1.el7.ppc64le.rpm  
kernel-debuginfo-3.10.0-1160.95.1.el7.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-3.10.0-1160.95.1.el7.ppc64le.rpm  
kernel-devel-3.10.0-1160.95.1.el7.ppc64le.rpm  
kernel-headers-3.10.0-1160.95.1.el7.ppc64le.rpm  
kernel-tools-3.10.0-1160.95.1.el7.ppc64le.rpm  
kernel-tools-debuginfo-3.10.0-1160.95.1.el7.ppc64le.rpm  
kernel-tools-libs-3.10.0-1160.95.1.el7.ppc64le.rpm  
perf-3.10.0-1160.95.1.el7.ppc64le.rpm  
perf-debuginfo-3.10.0-1160.95.1.el7.ppc64le.rpm  
python-perf-3.10.0-1160.95.1.el7.ppc64le.rpm  
python-perf-debuginfo-3.10.0-1160.95.1.el7.ppc64le.rpm

s390x:  
bpftool-3.10.0-1160.95.1.el7.s390x.rpm  
bpftool-debuginfo-3.10.0-1160.95.1.el7.s390x.rpm  
kernel-3.10.0-1160.95.1.el7.s390x.rpm  
kernel-debug-3.10.0-1160.95.1.el7.s390x.rpm  
kernel-debug-debuginfo-3.10.0-1160.95.1.el7.s390x.rpm  
kernel-debug-devel-3.10.0-1160.95.1.el7.s390x.rpm  
kernel-debuginfo-3.10.0-1160.95.1.el7.s390x.rpm  
kernel-debuginfo-common-s390x-3.10.0-1160.95.1.el7.s390x.rpm  
kernel-devel-3.10.0-1160.95.1.el7.s390x.rpm  
kernel-headers-3.10.0-1160.95.1.el7.s390x.rpm  
kernel-kdump-3.10.0-1160.95.1.el7.s390x.rpm  
kernel-kdump-debuginfo-3.10.0-1160.95.1.el7.s390x.rpm  
kernel-kdump-devel-3.10.0-1160.95.1.el7.s390x.rpm  
perf-3.10.0-1160.95.1.el7.s390x.rpm  
perf-debuginfo-3.10.0-1160.95.1.el7.s390x.rpm  
python-perf-3.10.0-1160.95.1.el7.s390x.rpm  
python-perf-debuginfo-3.10.0-1160.95.1.el7.s390x.rpm

x86_64:  
bpftool-3.10.0-1160.95.1.el7.x86_64.rpm  
bpftool-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debug-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-devel-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-headers-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-tools-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-1160.95.1.el7.x86_64.rpm  
perf-3.10.0-1160.95.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
python-perf-3.10.0-1160.95.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:  
bpftool-debuginfo-3.10.0-1160.95.1.el7.ppc64.rpm  
kernel-debug-debuginfo-3.10.0-1160.95.1.el7.ppc64.rpm  
kernel-debuginfo-3.10.0-1160.95.1.el7.ppc64.rpm  
kernel-debuginfo-common-ppc64-3.10.0-1160.95.1.el7.ppc64.rpm  
kernel-tools-debuginfo-3.10.0-1160.95.1.el7.ppc64.rpm  
kernel-tools-libs-devel-3.10.0-1160.95.1.el7.ppc64.rpm  
perf-debuginfo-3.10.0-1160.95.1.el7.ppc64.rpm  
python-perf-debuginfo-3.10.0-1160.95.1.el7.ppc64.rpm

ppc64le:  
bpftool-debuginfo-3.10.0-1160.95.1.el7.ppc64le.rpm  
kernel-debug-debuginfo-3.10.0-1160.95.1.el7.ppc64le.rpm  
kernel-debug-devel-3.10.0-1160.95.1.el7.ppc64le.rpm  
kernel-debuginfo-3.10.0-1160.95.1.el7.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-3.10.0-1160.95.1.el7.ppc64le.rpm  
kernel-tools-debuginfo-3.10.0-1160.95.1.el7.ppc64le.rpm  
kernel-tools-libs-devel-3.10.0-1160.95.1.el7.ppc64le.rpm  
perf-debuginfo-3.10.0-1160.95.1.el7.ppc64le.rpm  
python-perf-debuginfo-3.10.0-1160.95.1.el7.ppc64le.rpm

x86_64:  
bpftool-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-1160.95.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
kernel-3.10.0-1160.95.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-1160.95.1.el7.noarch.rpm  
kernel-doc-3.10.0-1160.95.1.el7.noarch.rpm

x86_64:  
bpftool-3.10.0-1160.95.1.el7.x86_64.rpm  
bpftool-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debug-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-devel-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-headers-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-tools-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-1160.95.1.el7.x86_64.rpm  
perf-3.10.0-1160.95.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
python-perf-3.10.0-1160.95.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:  
bpftool-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-1160.95.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1160.95.1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-3564  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJktmwSAAoJENzjgjWX9erEt6cP/1fkp69jI6fbByZXKQSjLw0f  
F+P+X+ZpO/+WFU2DSA8re83/9dRg0tJCHpQXSCnVqMdd+lvMqqXALldIn37rm03X  
O+x/InkmzJrnwhna5viIF/hHmj3q1n0P3zxqkv1A2sWXbD71HYQgTZUQ7AJ1xCQg  
J913u1Aq7CQv3DZgU30AhaYqFYubZCAIxOg093k1tE46IhaM8kaZ0+/YlzazBaeY  
o8yjkdl86qPxb+E+aEp01GfkWDVz2oKrjZzG5RH6pEnbbIcV4fg8xR14cVFAoMql  
7+Lwa+SMN/3x0S2yMQk5nXVoEm2m3m2OBHZjFj3GvYKJBrfrgbTb5cyferOImEqE  
mRNNxQpPeUQNQDlOAQp6uC0ODUcVoAWOT/CRqhP9zK2oU//yxv4l4/DkCJUQbQZh  
Y+PFt5SlFPdoFvy4dG4SfJoA8F9QfXJ7T3arjyrAikM0AS+tZ53wKTSTvvUbLWR7  
8yA/ICqMD7HMco9LB5CPEOyIyJTNe86EODzIQlzeCwi7h5uSSWfF/WNvXr/oruTR  
Nu6TqkO0NSw3SdkZlNjZR5FojxmGQ+FUff0Xd+jTEz4m6DgQMDIRXpxZ3eixBALl  
L26AUp/LirMgpitXCobe456SqbSDEXndP+rLE9DUbJ8PUrsDja0nnVQsePCYyFUe  
Kd+YqMTvBv9Q3TVer7fj  
=5yWc  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4151-01

Red Hat Security Advisory 2023-4150-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel-rt security and bug fix update  
Advisory ID:       RHSA-2023:4150-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4150  
Issue date:        2023-07-18  
CVE Names:         CVE-2022-3564   
=====================================================================

1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux for Real Time (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux for Real Time for NFV (v. 7) - noarch, x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables  
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: use-after-free caused by l2cap_reassemble_sdu() in  
net/bluetooth/l2cap_core.c (CVE-2022-3564)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* kernel-rt: update to the latest RHEL7.9.z24 source tree (BZ#2212577)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2150999 - CVE-2022-3564 kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c

6. Package List:

Red Hat Enterprise Linux for Real Time for NFV (v. 7):

Source:  
kernel-rt-3.10.0-1160.95.1.rt56.1241.el7.src.rpm

noarch:  
kernel-rt-doc-3.10.0-1160.95.1.rt56.1241.el7.noarch.rpm

x86_64:  
kernel-rt-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-debug-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-debug-debuginfo-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-debug-devel-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-debug-kvm-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-debug-kvm-debuginfo-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-debuginfo-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-devel-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-kvm-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-kvm-debuginfo-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-trace-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-trace-debuginfo-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-trace-devel-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-trace-kvm-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-trace-kvm-debuginfo-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm

Red Hat Enterprise Linux for Real Time (v. 7):

Source:  
kernel-rt-3.10.0-1160.95.1.rt56.1241.el7.src.rpm

noarch:  
kernel-rt-doc-3.10.0-1160.95.1.rt56.1241.el7.noarch.rpm

x86_64:  
kernel-rt-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-debug-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-debug-debuginfo-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-debug-devel-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-debuginfo-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-devel-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-trace-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-trace-debuginfo-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm  
kernel-rt-trace-devel-3.10.0-1160.95.1.rt56.1241.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-3564  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJktmwRAAoJENzjgjWX9erEsIYP/AzS2OWYZFXkbQAPbhrpQUWb  
JKXU9U3LH4uXtY8MXapXRSDKGvk+a0zoXHLf8QpAd6e1RF8b3uOulMYsVH0iNHnH  
MVCgjza8bF5X2zY/dNnYpcWHUkJDYDH8neP0tJQMvFjJCmregpHyv8P/nSPo49EV  
ikG5kyRl5gbXdWf9Wir4cGAVTARMS+Sy8UkuyHeWhIctYBwfILx6yrgqiRx7g05k  
usGkBFLTZw0U9BiPHG1NrjlunR/ais6IwQS7qdFJ68C24ygc2c6AFCQAwMrl/XH6  
IAy/60x4EZTU0PVEVqub9ovkZAfaUFGeNKnQCJ0m/iANLV36htpi24KMtA4iQnck  
qsOHMRwywgVhJw1NNUGg1oeVJRlbd+wcehoF2kG/LZG6ZafaLO9H1bwZdGggtg91  
pYjEFlnwwOcTZlejfdbKCNPqtY7lxumihV7Y9CZnsE3maL+7BKrx/EHQlyYR4jj3  
ePsxQzWeuElpaOK+IcYGkPiuMJrwFOSjje0ZK67phdncZzdmEk1/RFpArfqO/Or4  
Ai0fCHk5zLs5VQ9m7k+Qxyv166g+0Ro+BvsIiTyhwnaKplrRgr2xbNXJkQGg/JpL  
BvMYvAkeBWFdtX27jfBZyrJGUNCwHHUEhm/KLDTONpycP8q7vPblrE3O/AAxI1oU  
h2MBryWZxxVJP4348IBG  
=eYzn  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4150-01

Red Hat Security Advisory 2023-4126-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include denial of service, privilege escalation, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel-rt security and bug fix update  
Advisory ID:       RHSA-2023:4126-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4126  
Issue date:        2023-07-18  
CVE Names:         CVE-2023-0461 CVE-2023-1281 CVE-2023-1390   
                   CVE-2023-32233   
=====================================================================

1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2  
Telecommunications Update Service.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Real Time TUS (v. 8.2) - x86_64  
Red Hat Enterprise Linux Real Time for NFV TUS (v. 8.2) - x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables  
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: net/ulp: use-after-free in listening ULP sockets (CVE-2023-0461)

* kernel: tcindex: use-after-free vulnerability in traffic control index  
filter allows privilege escalation (CVE-2023-1281)

* kernel: remote DoS in TIPC kernel module (CVE-2023-1390)

* kernel: netfilter: use-after-free in nf_tables when processing batch  
requests can lead to privilege escalation (CVE-2023-32233)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* kernel-rt: update RT source tree to the RHEL-8.2.z27 source tree  
(BZ#2209127)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2176192 - CVE-2023-0461 kernel: net/ulp: use-after-free in listening ULP sockets  
2178212 - CVE-2023-1390 kernel: remote DoS in TIPC kernel module  
2181847 - CVE-2023-1281 kernel: tcindex: use-after-free vulnerability in traffic control index filter allows privilege escalation  
2196105 - CVE-2023-32233 kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation

6. Package List:

Red Hat Enterprise Linux Real Time for NFV TUS (v. 8.2):

Source:  
kernel-rt-4.18.0-193.109.1.rt13.160.el8_2.src.rpm

x86_64:  
kernel-rt-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-core-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-debug-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-debug-core-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-debug-debuginfo-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-debug-devel-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-debug-kvm-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-debug-modules-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-debug-modules-extra-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-debuginfo-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-devel-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-kvm-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-modules-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-modules-extra-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm

Red Hat Enterprise Linux Real Time TUS (v. 8.2):

Source:  
kernel-rt-4.18.0-193.109.1.rt13.160.el8_2.src.rpm

x86_64:  
kernel-rt-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-core-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-debug-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-debug-core-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-debug-debuginfo-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-debug-devel-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-debug-modules-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-debug-modules-extra-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-debuginfo-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-devel-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-modules-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm  
kernel-rt-modules-extra-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0461  
https://access.redhat.com/security/cve/CVE-2023-1281  
https://access.redhat.com/security/cve/CVE-2023-1390  
https://access.redhat.com/security/cve/CVE-2023-32233  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJktmwOAAoJENzjgjWX9erE/bAP/13KpeTH0KZgRa34ZpWWaYij  
6p3R83Bz7WnamsjPzVV6PHS/EZ//KdZZvCoUwxHR5Vc8toKlg2BMwETpdWMVCtyj  
BZ28ZBc/rWjOrQLdnvuY+C5cIqqWB2zqQQKCQsXVd1xmsZR1WL2fFOLY/99YQrZu  
UyOvXPXvOrMFd2JNJVgfk0pjrntcO19Ql40gFQ3zT8LKfseWL4907MsIGfTgT4ou  
fi28Ckx/GUzPyvO6A0sr4EPfX93Ckyj8e3kX5UxC+70+jV91L4d0rGhkgPgiB9Xp  
iIu8/NqMK39ywywFL/RJpruWEdUkpKi6ahVGOeLW4Ph5PsgGTRsyPYfv3kN0Ddlh  
SWq1lT0KcHOo94fcfE9DD/jX8X8VIKJSMAFxjhhRlIuIQskDqAEMfVW+9PFAdMsX  
lEPtny2OHm7XLuo1Zei2XWJfS4/CR3Pdvsxbni3dNYu+VQhX5Ot0ZMtTxdflP3TF  
Ouc15lQxRdGZ+14x+2ZbqWTLqd3nzE0baU41X7gPv1wMWmjbkhgXQtxLLqsM2hyF  
O4z0kKsy9ePGxxiGMv0Lt63BKO3/y5NiVrCYpGApC/U88cT+qy2vBS9YVm5rZAc+  
0t3uyOiHFRITDGCP0+Ppjx33YAbX7e3A0k5DkkAkXfJCHJa1pDddRwdo4p5IlIh9  
lBmGBMSGy7/PZfhv++Aa  
=PBqO  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4126-01

Red Hat Security Advisory 2023-4130-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update  
Advisory ID:       RHSA-2023:4130-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4130  
Issue date:        2023-07-18  
CVE Names:         CVE-2023-1281 CVE-2023-32233   
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v.8.6) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux BaseOS EUS (v.8.6) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: tcindex: use-after-free vulnerability in traffic control index  
filter allows privilege escalation (CVE-2023-1281)

* kernel: netfilter: use-after-free in nf_tables when processing batch  
requests can lead to privilege escalation (CVE-2023-32233)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* RHEL8.4 - s390/smp,vdso: fix ASCE handling (BZ#2176464)

* After powerstore LUNs are mapped,  OS crashed and host reboot.  
(BZ#2179068)

* qla2xxx NVMe-FC:  WARNING: CPU: 0 PID: 124072 at  
drivers/scsi/qla2xxx/qla_init.c:70 qla2xxx_rel_done_warning+0x25/0x30  
[qla2xxx] (BZ#2181529)

* iscsi target deadlocks when the same host acts as an initiator to itself  
(i.e. connects via 127.0.0.1) (BZ#2182095)

* Dying percpu kworkers cause issues on isolated CPUs [rhel-8] (BZ#2189597)

* Azure RHEL8: Live resize of disk does not trigger a rescan of the device  
capacity (BZ#2192345)

* RHEL8.4 - kernel: fix __clear_user() inline assembly constraints  
(BZ#2192604)

* RHEL8.6, lockd : oops on nlmsvc_mark_host (BZ#2196386)

* xfs: deadlock in xfs_btree_split_worker (BZ#2196392)

* Intel E810 card unable to create a MACVLAN on interface already  
configured as SRIOV (BZ#2203217)

* ice: ptp4l cpu usage spikes (BZ#2203287)

* Kernel - Significant performance drop for getrandom system call when FIPS  
is enabled (compared to RHEL 8.x for all x < 6.z) (BZ#2208130)

* Azure RHEL8: CVM patch list requirement-storvsc patch (BZ#2208601)

* BUG_ON "kernel BUG at mm/rmap.c:1041!" in __page_set_anon_rmap() when  
vma->anon_vma==NULL (BZ#2211661)

* RHEL 8.6 opening console with mkvterm on novalink terminal fails due to  
drmgr reporting failure (L3:) (BZ#2212374)

* ESXi RHEL8: Haswell generation CPU are impacted with performance due to  
IBRS (BZ#2213367)

* Hyper-V RHEL-8: Fix VM crash/hang Issues due to fast VF add/remove events  
(BZ#2216544)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2181847 - CVE-2023-1281 kernel: tcindex: use-after-free vulnerability in traffic control index filter allows privilege escalation  
2196105 - CVE-2023-32233 kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v.8.6):

Source:  
kernel-4.18.0-372.64.1.el8_6.src.rpm

aarch64:  
bpftool-4.18.0-372.64.1.el8_6.aarch64.rpm  
bpftool-debuginfo-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-core-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-cross-headers-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-debug-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-debug-core-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-debug-devel-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-debug-modules-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-debug-modules-extra-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-debuginfo-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-devel-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-headers-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-modules-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-modules-extra-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-tools-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-tools-libs-4.18.0-372.64.1.el8_6.aarch64.rpm  
perf-4.18.0-372.64.1.el8_6.aarch64.rpm  
perf-debuginfo-4.18.0-372.64.1.el8_6.aarch64.rpm  
python3-perf-4.18.0-372.64.1.el8_6.aarch64.rpm  
python3-perf-debuginfo-4.18.0-372.64.1.el8_6.aarch64.rpm

noarch:  
kernel-abi-stablelists-4.18.0-372.64.1.el8_6.noarch.rpm  
kernel-doc-4.18.0-372.64.1.el8_6.noarch.rpm

ppc64le:  
bpftool-4.18.0-372.64.1.el8_6.ppc64le.rpm  
bpftool-debuginfo-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-core-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-cross-headers-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-debug-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-debug-core-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-debug-devel-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-debug-modules-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-debug-modules-extra-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-debuginfo-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-devel-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-headers-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-modules-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-modules-extra-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-tools-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-tools-libs-4.18.0-372.64.1.el8_6.ppc64le.rpm  
perf-4.18.0-372.64.1.el8_6.ppc64le.rpm  
perf-debuginfo-4.18.0-372.64.1.el8_6.ppc64le.rpm  
python3-perf-4.18.0-372.64.1.el8_6.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-372.64.1.el8_6.ppc64le.rpm

s390x:  
bpftool-4.18.0-372.64.1.el8_6.s390x.rpm  
bpftool-debuginfo-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-core-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-cross-headers-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-debug-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-debug-core-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-debug-debuginfo-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-debug-devel-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-debug-modules-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-debug-modules-extra-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-debuginfo-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-debuginfo-common-s390x-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-devel-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-headers-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-modules-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-modules-extra-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-tools-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-tools-debuginfo-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-zfcpdump-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-zfcpdump-core-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-zfcpdump-debuginfo-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-zfcpdump-devel-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-zfcpdump-modules-4.18.0-372.64.1.el8_6.s390x.rpm  
kernel-zfcpdump-modules-extra-4.18.0-372.64.1.el8_6.s390x.rpm  
perf-4.18.0-372.64.1.el8_6.s390x.rpm  
perf-debuginfo-4.18.0-372.64.1.el8_6.s390x.rpm  
python3-perf-4.18.0-372.64.1.el8_6.s390x.rpm  
python3-perf-debuginfo-4.18.0-372.64.1.el8_6.s390x.rpm

x86_64:  
bpftool-4.18.0-372.64.1.el8_6.x86_64.rpm  
bpftool-debuginfo-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-core-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-cross-headers-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-debug-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-debug-core-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-debug-devel-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-debug-modules-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-debug-modules-extra-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-debuginfo-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-devel-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-headers-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-modules-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-modules-extra-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-tools-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-tools-libs-4.18.0-372.64.1.el8_6.x86_64.rpm  
perf-4.18.0-372.64.1.el8_6.x86_64.rpm  
perf-debuginfo-4.18.0-372.64.1.el8_6.x86_64.rpm  
python3-perf-4.18.0-372.64.1.el8_6.x86_64.rpm  
python3-perf-debuginfo-4.18.0-372.64.1.el8_6.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v.8.6):

aarch64:  
bpftool-debuginfo-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-debuginfo-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-372.64.1.el8_6.aarch64.rpm  
kernel-tools-libs-devel-4.18.0-372.64.1.el8_6.aarch64.rpm  
perf-debuginfo-4.18.0-372.64.1.el8_6.aarch64.rpm  
python3-perf-debuginfo-4.18.0-372.64.1.el8_6.aarch64.rpm

ppc64le:  
bpftool-debuginfo-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-debuginfo-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-372.64.1.el8_6.ppc64le.rpm  
kernel-tools-libs-devel-4.18.0-372.64.1.el8_6.ppc64le.rpm  
perf-debuginfo-4.18.0-372.64.1.el8_6.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-372.64.1.el8_6.ppc64le.rpm

x86_64:  
bpftool-debuginfo-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-debuginfo-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-372.64.1.el8_6.x86_64.rpm  
kernel-tools-libs-devel-4.18.0-372.64.1.el8_6.x86_64.rpm  
perf-debuginfo-4.18.0-372.64.1.el8_6.x86_64.rpm  
python3-perf-debuginfo-4.18.0-372.64.1.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-1281  
https://access.redhat.com/security/cve/CVE-2023-32233  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIbBAEBCAAGBQJktmwHAAoJENzjgjWX9erER6oP9jnSN4MJeD96PCOQdmWUgdD7  
oiIComGT0rXk+KnSo/LkE147Qc6peJk2UMLKBXwLb0i36b7vXNzP4KldjoOA+JAp  
VIKHuCyUp50Ixh5CHgHU8iITRUKimyps+hGwmWYvRKE8XlEJ0r2Z3fcIRVopc/Zv  
xpqOx/EoPAwVOzLPH2A59uWT9YGuu3OFvxewF9bZTtT73E275vk7IUgBnZm4hr+N  
lAkk3Gs6BQ/6RFF8liY358NTjOPs80dmQWqHvl0cdrItqmGGtqwvAIzlQazOXn5L  
5iinMRAzwIQ0zG4tA+FyoVBL1pJlMZ6pTYNxBw0xCEx1BpfqGASp+aWvUHIS1POz  
lVJdggTb9IRWPrZQkYO2JooApTlciOdAtEg2cc6fvJtpGR5oMRfOMbIRC36F42kV  
XlbI9d1HyoxXsFvVEHCIaccAotmXPD6Wpn4FD9cxsGKRaRxUbtn+2KdDUZ+cIae0  
CXGb/JUnA7carkHzmtoXLqBxwXyFteZggP5QOHp20lmOP3MWwYe1JofqPkCQYAHa  
V0I+PExZcUgcyjgljJcAbZm+x3LUfjuWIS4Ipo8ofi2vSu4xtkh49pthuM4/WJAt  
gi++OcC3Enrsw0REq4AJMqn/nbCdsareo4p2G4U7SKmQIKdNXCGZs9n8omkKNazt  
CkLVI7SM7bFFIVZqN8k=  
=c4ba  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4130-01

Red Hat Security Advisory 2023-4138-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include out of bounds access and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel-rt security and bug fix update  
Advisory ID:       RHSA-2023:4138-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4138  
Issue date:        2023-07-18  
CVE Names:         CVE-2022-1016 CVE-2022-42703 CVE-2022-42896   
                   CVE-2023-2002 CVE-2023-2124 CVE-2023-2235   
=====================================================================

1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Real Time EUS (v.9.0) - x86_64  
Red Hat Enterprise Linux Real Time for NFV EUS (v.9.0) - x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables  
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in  
net/bluetooth/l2cap_core.c (CVE-2022-42896)

* kernel: use-after-free vulnerability in the perf_group_detach function of  
the Linux Kernel Performance Events (CVE-2023-2235)

* kernel: uninitialized registers on stack in nft_do_chain can cause kernel  
pointer leakage to UM (CVE-2022-1016)

* kernel: use-after-free related to leaf anon_vma double reuse  
(CVE-2022-42703)

* Kernel: bluetooth: Unauthorized management command execution  
(CVE-2023-2002)

* kernel: OOB access in the Linux kernel's XFS subsystem (CVE-2023-2124)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* kernel-rt: update RT source tree to the latest RHEL-9.0.z10 Batch  
(BZ#2209984)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2066614 - CVE-2022-1016 kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM  
2133483 - CVE-2022-42703 kernel: use-after-free related to leaf anon_vma double reuse  
2147364 - CVE-2022-42896 kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c  
2187308 - CVE-2023-2002 Kernel: bluetooth: Unauthorized management command execution  
2187439 - CVE-2023-2124 kernel: OOB access in the Linux kernel's XFS subsystem  
2192589 - CVE-2023-2235 kernel: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance Events

6. Package List:

Red Hat Enterprise Linux Real Time for NFV EUS (v.9.0):

Source:  
kernel-rt-5.14.0-70.64.1.rt21.135.el9_0.src.rpm

x86_64:  
kernel-rt-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-core-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debug-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debug-core-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debug-debuginfo-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debug-devel-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debug-kvm-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debug-modules-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debug-modules-extra-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debuginfo-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-devel-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-kvm-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-modules-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-modules-extra-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm

Red Hat Enterprise Linux Real Time EUS (v.9.0):

Source:  
kernel-rt-5.14.0-70.64.1.rt21.135.el9_0.src.rpm

x86_64:  
kernel-rt-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-core-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debug-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debug-core-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debug-debuginfo-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debug-devel-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debug-modules-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debug-modules-extra-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debuginfo-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-devel-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-modules-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-modules-extra-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1016  
https://access.redhat.com/security/cve/CVE-2022-42703  
https://access.redhat.com/security/cve/CVE-2022-42896  
https://access.redhat.com/security/cve/CVE-2023-2002  
https://access.redhat.com/security/cve/CVE-2023-2124  
https://access.redhat.com/security/cve/CVE-2023-2235  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJktmwGAAoJENzjgjWX9erEkE0P/jfzPJ5Ii7eIYAmKXZQdTSEP  
FpJp7cvUx+L4/B6h9WaPXz/qJGbBnLpqGcXn2RgzWkyJXCwVbM/MQat32cCBoyLZ  
pz4h3kUonDj3QVS43ytHwg7RNT1TTvu6FYoBNtzTIRHTEIfn3jUuh980liO0O/cf  
4jeNydlGB34mPtNaVgSRWFsPxvXjYJQORXS/0IQ2BZ9i1N6X7ifvOHLGTd8EbkBQ  
XMVLh67LDXf5RiPnMxYYNkzbzzGZkyTwjW+oNA45jJL2DxpE4au43VPQA+aelOpl  
TwWCxlMoGbOHy5ZTd6fSKmDU21kdXZEPg7gGv1IT8mhYMf5G6LAQ4+ZUjJFfGbSF  
hTsu6HY6rthOiZ/VS+PNeC6J3k+5sepaSMiy2Z6ZuJVzMYH0EJ8jKJBKi/xTOk29  
Q72doQDUnOnczQKpSAfU7vC9F6De3sDFXOzCcGuy/1QWV7a2xTp1EKPy63LT9uLy  
bY2ZnOxGRSomao8YyVlMY/JxA3PyTE6/RP+XSAT7PmfqwkxPO77FmOmNQ1mkSLLw  
w3UNIBS1kAz9096b8TKedxFif1ZWjNQI53/zTlAPnlF7pZuixb3Gv8Gieu1XQPz3  
0+fm59WS03bq+9M3tRA0zOaWEkqNF16ZoyLqZVqTStcQ/tz87EVXll2x4iapCKTa  
IDz+8UxDBDA1hw50cBcY  
=k9cm  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4138-01

Red Hat Security Advisory 2023-4137-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds access and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update  
Advisory ID:       RHSA-2023:4137-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4137  
Issue date:        2023-07-18  
CVE Names:         CVE-2022-1016 CVE-2022-42703 CVE-2022-42896   
                   CVE-2023-2002 CVE-2023-2124 CVE-2023-2235   
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS EUS (v.9.0) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in  
net/bluetooth/l2cap_core.c (CVE-2022-42896)

* kernel: use-after-free vulnerability in the perf_group_detach function of  
the Linux Kernel Performance Events (CVE-2023-2235)

* kernel: uninitialized registers on stack in nft_do_chain can cause kernel  
pointer leakage to UM (CVE-2022-1016)

* kernel: use-after-free related to leaf anon_vma double reuse  
(CVE-2022-42703)

* Kernel: bluetooth: Unauthorized management command execution  
(CVE-2023-2002)

* kernel: OOB access in the Linux kernel's XFS subsystem (CVE-2023-2124)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* Backport kernel audit enhancements and fixes from v5.13-rc1 to v5.16-rc6  
(BZ#2098210)

* INTEL 9.0 BUG VROC: RAID rebuild doesn't start after removing drive  
during FIO (BZ#2174890)

* HPEMC RHEL 9 BUG: acpi-cpufreq: Skip initializtion if a cpufreq driver  
exists (BZ#2186564)

* RHEL9.3: Update locking code to upstream 6.1 and further fixes  
(BZ#2187517)

* block layer: update with upstream v6.0 (BZ#2196175)

* rhel-9: Invalid character detected by rpminspect in  
Documentation/translations/zh_CN/process/magic-number.rst (BZ#2208244)

* Trouble getting callstacks when signal has interrupted clock_gettime  
(BZ#2210076)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2066614 - CVE-2022-1016 kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM  
2133483 - CVE-2022-42703 kernel: use-after-free related to leaf anon_vma double reuse  
2147364 - CVE-2022-42896 kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c  
2187308 - CVE-2023-2002 Kernel: bluetooth: Unauthorized management command execution  
2187439 - CVE-2023-2124 kernel: OOB access in the Linux kernel's XFS subsystem  
2192589 - CVE-2023-2235 kernel: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance Events

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

aarch64:  
bpftool-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debug-devel-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debug-devel-matched-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debuginfo-common-aarch64-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-devel-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-devel-matched-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-headers-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
perf-5.14.0-70.64.1.el9_0.aarch64.rpm  
perf-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm

noarch:  
kernel-doc-5.14.0-70.64.1.el9_0.noarch.rpm

ppc64le:  
bpftool-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debug-devel-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debug-devel-matched-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-devel-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-devel-matched-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-headers-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
perf-5.14.0-70.64.1.el9_0.ppc64le.rpm  
perf-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm

s390x:  
bpftool-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debug-devel-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debug-devel-matched-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debuginfo-common-s390x-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-devel-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-devel-matched-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-headers-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-zfcpdump-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-zfcpdump-devel-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-zfcpdump-devel-matched-5.14.0-70.64.1.el9_0.s390x.rpm  
perf-5.14.0-70.64.1.el9_0.s390x.rpm  
perf-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm

x86_64:  
bpftool-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debug-devel-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debug-devel-matched-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debuginfo-common-x86_64-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-devel-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-devel-matched-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-headers-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
perf-5.14.0-70.64.1.el9_0.x86_64.rpm  
perf-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm

Red Hat Enterprise Linux BaseOS EUS (v.9.0):

Source:  
kernel-5.14.0-70.64.1.el9_0.src.rpm

aarch64:  
bpftool-5.14.0-70.64.1.el9_0.aarch64.rpm  
bpftool-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-core-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debug-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debug-core-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debug-modules-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debug-modules-extra-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debuginfo-common-aarch64-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-modules-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-modules-extra-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-tools-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-tools-libs-5.14.0-70.64.1.el9_0.aarch64.rpm  
perf-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
python3-perf-5.14.0-70.64.1.el9_0.aarch64.rpm  
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm

noarch:  
kernel-abi-stablelists-5.14.0-70.64.1.el9_0.noarch.rpm

ppc64le:  
bpftool-5.14.0-70.64.1.el9_0.ppc64le.rpm  
bpftool-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-core-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debug-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debug-core-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debug-modules-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debug-modules-extra-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-modules-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-modules-extra-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-tools-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-tools-libs-5.14.0-70.64.1.el9_0.ppc64le.rpm  
perf-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
python3-perf-5.14.0-70.64.1.el9_0.ppc64le.rpm  
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm

s390x:  
bpftool-5.14.0-70.64.1.el9_0.s390x.rpm  
bpftool-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-core-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debug-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debug-core-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debug-modules-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debug-modules-extra-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debuginfo-common-s390x-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-modules-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-modules-extra-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-tools-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-zfcpdump-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-zfcpdump-core-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-zfcpdump-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-zfcpdump-modules-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-zfcpdump-modules-extra-5.14.0-70.64.1.el9_0.s390x.rpm  
perf-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
python3-perf-5.14.0-70.64.1.el9_0.s390x.rpm  
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm

x86_64:  
bpftool-5.14.0-70.64.1.el9_0.x86_64.rpm  
bpftool-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-core-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debug-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debug-core-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debug-modules-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debug-modules-extra-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debuginfo-common-x86_64-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-modules-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-modules-extra-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-tools-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-tools-libs-5.14.0-70.64.1.el9_0.x86_64.rpm  
perf-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
python3-perf-5.14.0-70.64.1.el9_0.x86_64.rpm  
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v.9.0):

aarch64:  
bpftool-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-cross-headers-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debuginfo-common-aarch64-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-tools-libs-devel-5.14.0-70.64.1.el9_0.aarch64.rpm  
perf-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm

ppc64le:  
bpftool-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-cross-headers-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-tools-libs-devel-5.14.0-70.64.1.el9_0.ppc64le.rpm  
perf-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm

s390x:  
bpftool-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-cross-headers-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debuginfo-common-s390x-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-zfcpdump-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
perf-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm

x86_64:  
bpftool-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-cross-headers-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debuginfo-common-x86_64-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-tools-libs-devel-5.14.0-70.64.1.el9_0.x86_64.rpm  
perf-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1016  
https://access.redhat.com/security/cve/CVE-2022-42703  
https://access.redhat.com/security/cve/CVE-2022-42896  
https://access.redhat.com/security/cve/CVE-2023-2002  
https://access.redhat.com/security/cve/CVE-2023-2124  
https://access.redhat.com/security/cve/CVE-2023-2235  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJktmwCAAoJENzjgjWX9erEhgIP/3YYLK2bjhLKWvvRbMdH9gRU  
mWFTBr3AeiKs9tMOpcqe5JbI2nwy6M41Qi8Mdz1D+5MC+4Yx+NTLFLmYKbwdY665  
aO6IdgBXvkrEpVm3a4fjt4lFFa/66VsvzphmyduXKLGcMzHGShjGQpJZEHZYdpbN  
EiS7Z1rEGLExmxt9z5vLbhzSmfPTH9bMKx6JL6EBWyimA/OYk1uysfAjVBMe1q6X  
OS5VYobqY2HKj9+TT/cHe0rFZTK7q+9Gw3W3ndQ958p9yux3FrLgFF0oLdLiKwzH  
IZC/cR+ivRnzpxUZD3YDc5Vag3faQ2VmIdBLMEMY6oXwHBYZyKEsCA7oZ1Eh0uCJ  
nWYA7h7J0+CQiBSlo2DAv/pmsalLrOF4OJZ7kOVcXIS93EFjhZfr9zN+ap0A5y6a  
UPEpGGLa19PPYy3g17y27JvtsCoErDcYVc/3w7yS+NE/cvrigyBxNl8BZZyWcPVT  
ONN8rsrIQMA2LHgPygklxc/SHHRIgLEFJdKyuIc2Qc/wYS+XorsVfTmDi1WT29+H  
4k0c0syaR5+XHbfwTylaVXAmTO8+pI0zN9bePZkv2josDzhgwQMO9uPFlPpKZnq6  
rIrD2HZQH67vNdaM4i0RgZAJFiBrVsz73LlkEX5WYZ/UDsOdB62VLfqunuQuKmjG  
AXwX8eBFthNYpnnQVPSa  
=mkOj  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4137-01

Red Hat Security Advisory 2023-4125-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-4125-01

Red Hat Security Advisory 2023-4128-01 - EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: edk2 security update  
Advisory ID:       RHSA-2023:4128-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4128  
Issue date:        2023-07-18  
CVE Names:         CVE-2022-4304 CVE-2023-0215 CVE-2023-0286   
=====================================================================

1. Summary:

An update for edk2 is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.6) - noarch

3. Description:

EDK (Embedded Development Kit) is a project to enable UEFI support for  
Virtual Machines. This package contains a sample 64-bit UEFI firmware for  
QEMU and KVM.

Security Fix(es):

* openssl: X.400 address type confusion in X.509 GeneralName  
(CVE-2023-0286)

* openssl: timing attack in RSA Decryption implementation (CVE-2022-4304)

* openssl: use-after-free following BIO_new_NDEF (CVE-2023-0215)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2164440 - CVE-2023-0286 openssl: X.400 address type confusion in X.509 GeneralName  
2164487 - CVE-2022-4304 openssl: timing attack in RSA Decryption implementation  
2164492 - CVE-2023-0215 openssl: use-after-free following BIO_new_NDEF

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
edk2-20220126gitbb1bba3d77-2.el8_6.1.src.rpm

noarch:  
edk2-aarch64-20220126gitbb1bba3d77-2.el8_6.1.noarch.rpm  
edk2-ovmf-20220126gitbb1bba3d77-2.el8_6.1.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-4304  
https://access.redhat.com/security/cve/CVE-2023-0215  
https://access.redhat.com/security/cve/CVE-2023-0286  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJktmv1AAoJENzjgjWX9erEFcoQAJTzG4roJ6kbvvqMOY2ghpO4  
IhSAfGvAf7Opuahtv+VqJcxWtcW8TVGRwaQlLWv70f8rgUUYJH7Ll3k3Wa76UPQd  
Z91cvsKKrh1XP47bPlcU5zVuNRxuqT3TLTeT9WeEyVxh/JkFBkuSkn36PCPR6fuM  
ii+ppKALwEuNlHT99ebAgL9tUVvUiPVPkvwmJBITxCqgTR3ddyDR+6V7fXrXnT/4  
UybIF6lv7l+N2yHI5u9vEsph9yb/qUFFWbC81NAqCjHe+Ko4aitAW2AZJMt4qWPb  
mR9+cJHyNf4+/fWxjJwlKjKoWNqSmqsg2MzwEng0qqTrlJ2DGpIEBaVXxjFDhhGI  
3LpGHNzipP9jD+QyPd1fqEmGdSuiWdf7UU7BA7uTvTqOBrowjxOiQbN+7/cn2+9V  
yg3Ik6KxTap2vesbTBoOZFId9Z1VPrMoOx9Cvz4atEjqlqBak4jNjnBe4kV52m26  
gIVgvmWxaXOd2L/X3nzNY3z9WpXnfYh/1gQtaUgopNBsVclX+GNT0leDIuh8LRVz  
c/MohxUqW/Xz9bbb90AqhUoxIQWhmZFcWxsmpORWALl18kssXHluEugNf5GgkA3s  
7DbUVhHEEK/vMeNteaI6tW8le5ik377DfQ4vFbyeJ/gR/fcfDTywL96hL3Mc2oaK  
+FUJnnzz277KjTWripMk  
=xPii  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4128-01

Red Hat Security Advisory 2023-4124-01 - EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: edk2 security update  
Advisory ID:       RHSA-2023:4124-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4124  
Issue date:        2023-07-18  
CVE Names:         CVE-2023-0286   
=====================================================================

1. Summary:

An update for edk2 is now available for Red Hat Enterprise Linux 8.2  
Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications  
Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v. 8.2) - noarch  
Red Hat Enterprise Linux AppStream E4S (v. 8.2) - noarch  
Red Hat Enterprise Linux AppStream TUS (v. 8.2) - noarch

3. Description:

EDK (Embedded Development Kit) is a project to enable UEFI support for  
Virtual Machines. This package contains a sample 64-bit UEFI firmware for  
QEMU and KVM.

Security Fix(es):

* openssl: X.400 address type confusion in X.509 GeneralName  
(CVE-2023-0286)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2164440 - CVE-2023-0286 openssl: X.400 address type confusion in X.509 GeneralName

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v. 8.2):

Source:  
edk2-20190829git37eef91017ad-9.el8_2.2.src.rpm

noarch:  
edk2-aarch64-20190829git37eef91017ad-9.el8_2.2.noarch.rpm  
edk2-ovmf-20190829git37eef91017ad-9.el8_2.2.noarch.rpm

Red Hat Enterprise Linux AppStream E4S (v. 8.2):

Source:  
edk2-20190829git37eef91017ad-9.el8_2.2.src.rpm

noarch:  
edk2-aarch64-20190829git37eef91017ad-9.el8_2.2.noarch.rpm  
edk2-ovmf-20190829git37eef91017ad-9.el8_2.2.noarch.rpm

Red Hat Enterprise Linux AppStream TUS (v. 8.2):

Source:  
edk2-20190829git37eef91017ad-9.el8_2.2.src.rpm

noarch:  
edk2-aarch64-20190829git37eef91017ad-9.el8_2.2.noarch.rpm  
edk2-ovmf-20190829git37eef91017ad-9.el8_2.2.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0286  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJktmvzAAoJENzjgjWX9erEnOUP/RmQroGJmVsCj3/4cdhZz0OF  
0XblN1tcCVwjCy46hDtOKtRKbF1WOv4zUSgyO8FYEDhEljgMIVOI0RP3YkvH8RsW  
4IARJnAUmeHfzs13gLws1p38f8KCKpaCJNkZJIVeztuEWvZbRtwk1K3wJbF3IAoh  
0Dw008UwdO/B4bezlB+DOJCOyNynbKxxWMZjWUHJ9Wr8EYEySG3kIIx+odUxCKlr  
o19bMoHpsWs/BWA37/2dbZQJ6w7/p6aH6CcHl1WkMP+xG5xe/pQI8WpdxEqrkTFk  
DaVTAUTiPrNWRYZMrl1GBVfgQuKm3TSQb46Rrgw1QmYAV4JLU2iZgni2jtFSyixj  
j+epxHv7EcQpWiFQsoxpG41IkpFp9ARoBDbbMaAyzanl0XGQjf4izBOdcUURsbRY  
N3AgXAAi4L5xxFNC8H6ZYvHgWTlSmM2H+5mSKbD2K+NayDN0wxMq8yCLRcz6BUvu  
lCKbfXfZYuqsZpHGiajwfU5QwjY5f90MbKk/EwfQNuRr9Ft2kfZLDDWIq8Fjx3wo  
aMDX1G5ULVd0jQu49S+9h1radANpKEIYnd0x0fVdkdJBMtf0PaOmTy2yGErRNq4Q  
MOHOYCbE6sO2z/oRMCHrHNV2x8YL+9kWh90EtNktmSlZlWShP6lgfV2Clv/BX44y  
AqzlcmqwnUTe3NPG2XLI  
=LaDq  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#linux