axTLS v2.1.5 was discovered to contain a heap buffer overflow in the bi_import function in axtls-code/crypto/bigint.c. This vulnerability allows attackers to cause a Denial of Service (DoS) when parsing a private key.

*   Summary
*   Files
*   Reviews
*   Support
*   Mailing Lists
*   Tickets ▾
    *   Patches
    *   Feature Requests
    *   Bugs
*   News
*   Discussion
*   Code

Menu ▾ ▴

From: Xm Chen <xichi...@gm...> - 2023-05-11 16:00:09

Hi, we found a bug in the latest version of axtls(v2.1.5) when parsing
private key.

Here's how we trigger the bug and the error log from AddressSanitizer.

\`\`\`
./axssl s\_server -accept 15001 -pass abcd -key POC10 -cert ./a.pem
=================================================================
==436778==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x6020000000bf at pc 0x5583a5a5a903 bp 0x7fffb8107e00 sp 0x7fffb8107df0
READ of size 1 at 0x6020000000bf thread T0
    #0 0x5583a5a5a902 in bi\_import ./axtls-code/crypto/bigint.c:631
    #1 0x5583a5a61912 in RSA\_priv\_key\_new ./axtls-code/crypto/rsa.c:66
    #2 0x5583a5a6d786 in asn1\_get\_private\_key ./axtls-code/ssl/asn1.c:299
    #3 0x5583a5a430d4 in add\_private\_key ./axtls-code/ssl/tls1.c:648
    #4 0x5583a5a3d21b in do\_obj ./axtls-code/ssl/loader.c:134
    #5 0x5583a5a3d0b7 in ssl\_obj\_load ./axtls-code/ssl/loader.c:92
    #6 0x5583a5a3a8a3 in do\_server ./axtls-code/samples/c/axssl.c:232
    #7 0x5583a5a39dcd in main ./axtls-code/samples/c/axssl.c:90
    #8 0x7f51816ce082 in \_\_libc\_start\_main ../csu/libc-start.c:308
    #9 0x5583a5a39b4d in \_start (axssl+0x8b4d)

0x6020000000bf is located 13 bytes to the right of 2-byte region
\[0x6020000000b0,0x6020000000b2)
allocated by thread T0 here:
    #0 0x7f518194c527 in \_\_interceptor\_malloc
../../../../src/libsanitizer/asan/asan\_malloc\_linux.cpp:145
    #1 0x5583a5a6cbbd in asn1\_get\_big\_int ./axtls-code/ssl/asn1.c:168
    #2 0x5583a5a6d559 in asn1\_get\_private\_key ./axtls-code/ssl/asn1.c:292
    #3 0x5583a5a430d4 in add\_private\_key ./axtls-code/ssl/tls1.c:648
    #4 0x5583a5a3d21b in do\_obj ./axtls-code/ssl/loader.c:134
    #5 0x5583a5a3d0b7 in ssl\_obj\_load ./axtls-code/ssl/loader.c:92
    #6 0x5583a5a3a8a3 in do\_server ./axtls-code/samples/c/axssl.c:232
    #7 0x5583a5a39dcd in main ./axtls-code/samples/c/axssl.c:90
    #8 0x7f51816ce082 in \_\_libc\_start\_main ../csu/libc-start.c:308

SUMMARY: AddressSanitizer: heap-buffer-overflow
./axtls-code/crypto/bigint.c:631 in bi\_import
Shadow bytes around the buggy address:
  0x0c047fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff8000: fa fa 00 00 fa fa 02 fa fa fa 02 fa fa fa 02 fa
=>0x0c047fff8010: fa fa 05 fa fa fa 02\[fa\]fa fa 02 fa fa fa 02 fa
  0x0c047fff8020: fa fa 00 fa fa fa 04 fa fa fa 00 fa fa fa fd fa
  0x0c047fff8030: fa fa 00 00 fa fa 00 04 fa fa fd fa fa fa 00 00
  0x0c047fff8040: fa fa fd fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==436778==ABORTING
\`\`\`

We triaged the crash, and found that the bug locates at ./ssl/asn1.c.
Firstly, when invoking \`RSA\_priv\_key\_new\`, function \`asn1\_get\_private\_key\`
uses the values from \`asn1\_get\_big\_int\` as arguments without any check.
Secondly, when calling \`bi\_import\` from \`RSA\_priv\_key\_new\`, the data and
its len may not match.
Finally, there might be an out-of-bound access in function \`bi\_import\` at
line 631 within the loop.


You can use the attached files and the following compile command to
reproduce the bug.
\`\`\`
LDFLAGS="-fsanitize=address" CFLAGS="-g -O0 -fsanitize=address"
CXXFLAGS="-g -O0 -fsanitize=address" make
\`\`\`

Thank you for your work. We are prepared to provide more information and
looking forward for your reply!

Xingman Chen

View entire thread

CVE-2023-33613: [axtls-general] [Bug Report] heap buffer overflow when parsing private key

Red Hat Security Advisory 2023-3460-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: curl security update  
Advisory ID:       RHSA-2023:3460-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3460  
Issue date:        2023-06-06  
CVE Names:         CVE-2022-32206 CVE-2023-23916   
=====================================================================

1. Summary:

An update for curl is now available for Red Hat Enterprise Linux 8.4  
Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4  
Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update  
Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS AUS (v.8.4) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS E4S (v.8.4) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS TUS (v.8.4) - aarch64, ppc64le, s390x, x86_64

3. Description:

The curl packages provide the libcurl library and the curl utility for  
downloading files from servers using various protocols, including HTTP,  
FTP, and LDAP.

Security Fix(es):

* curl: HTTP compression denial of service (CVE-2022-32206)

* curl: HTTP multi-header compression denial of service (CVE-2023-23916)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2099300 - CVE-2022-32206 curl: HTTP compression denial of service  
2167815 - CVE-2023-23916 curl: HTTP multi-header compression denial of service

6. Package List:

Red Hat Enterprise Linux BaseOS AUS (v.8.4):

Source:  
curl-7.61.1-18.el8_4.3.src.rpm

aarch64:  
curl-7.61.1-18.el8_4.3.aarch64.rpm  
curl-debuginfo-7.61.1-18.el8_4.3.aarch64.rpm  
curl-debugsource-7.61.1-18.el8_4.3.aarch64.rpm  
curl-minimal-debuginfo-7.61.1-18.el8_4.3.aarch64.rpm  
libcurl-7.61.1-18.el8_4.3.aarch64.rpm  
libcurl-debuginfo-7.61.1-18.el8_4.3.aarch64.rpm  
libcurl-devel-7.61.1-18.el8_4.3.aarch64.rpm  
libcurl-minimal-7.61.1-18.el8_4.3.aarch64.rpm  
libcurl-minimal-debuginfo-7.61.1-18.el8_4.3.aarch64.rpm

ppc64le:  
curl-7.61.1-18.el8_4.3.ppc64le.rpm  
curl-debuginfo-7.61.1-18.el8_4.3.ppc64le.rpm  
curl-debugsource-7.61.1-18.el8_4.3.ppc64le.rpm  
curl-minimal-debuginfo-7.61.1-18.el8_4.3.ppc64le.rpm  
libcurl-7.61.1-18.el8_4.3.ppc64le.rpm  
libcurl-debuginfo-7.61.1-18.el8_4.3.ppc64le.rpm  
libcurl-devel-7.61.1-18.el8_4.3.ppc64le.rpm  
libcurl-minimal-7.61.1-18.el8_4.3.ppc64le.rpm  
libcurl-minimal-debuginfo-7.61.1-18.el8_4.3.ppc64le.rpm

s390x:  
curl-7.61.1-18.el8_4.3.s390x.rpm  
curl-debuginfo-7.61.1-18.el8_4.3.s390x.rpm  
curl-debugsource-7.61.1-18.el8_4.3.s390x.rpm  
curl-minimal-debuginfo-7.61.1-18.el8_4.3.s390x.rpm  
libcurl-7.61.1-18.el8_4.3.s390x.rpm  
libcurl-debuginfo-7.61.1-18.el8_4.3.s390x.rpm  
libcurl-devel-7.61.1-18.el8_4.3.s390x.rpm  
libcurl-minimal-7.61.1-18.el8_4.3.s390x.rpm  
libcurl-minimal-debuginfo-7.61.1-18.el8_4.3.s390x.rpm

x86_64:  
curl-7.61.1-18.el8_4.3.x86_64.rpm  
curl-debuginfo-7.61.1-18.el8_4.3.i686.rpm  
curl-debuginfo-7.61.1-18.el8_4.3.x86_64.rpm  
curl-debugsource-7.61.1-18.el8_4.3.i686.rpm  
curl-debugsource-7.61.1-18.el8_4.3.x86_64.rpm  
curl-minimal-debuginfo-7.61.1-18.el8_4.3.i686.rpm  
curl-minimal-debuginfo-7.61.1-18.el8_4.3.x86_64.rpm  
libcurl-7.61.1-18.el8_4.3.i686.rpm  
libcurl-7.61.1-18.el8_4.3.x86_64.rpm  
libcurl-debuginfo-7.61.1-18.el8_4.3.i686.rpm  
libcurl-debuginfo-7.61.1-18.el8_4.3.x86_64.rpm  
libcurl-devel-7.61.1-18.el8_4.3.i686.rpm  
libcurl-devel-7.61.1-18.el8_4.3.x86_64.rpm  
libcurl-minimal-7.61.1-18.el8_4.3.i686.rpm  
libcurl-minimal-7.61.1-18.el8_4.3.x86_64.rpm  
libcurl-minimal-debuginfo-7.61.1-18.el8_4.3.i686.rpm  
libcurl-minimal-debuginfo-7.61.1-18.el8_4.3.x86_64.rpm

Red Hat Enterprise Linux BaseOS E4S (v.8.4):

Source:  
curl-7.61.1-18.el8_4.3.src.rpm

aarch64:  
curl-7.61.1-18.el8_4.3.aarch64.rpm  
curl-debuginfo-7.61.1-18.el8_4.3.aarch64.rpm  
curl-debugsource-7.61.1-18.el8_4.3.aarch64.rpm  
curl-minimal-debuginfo-7.61.1-18.el8_4.3.aarch64.rpm  
libcurl-7.61.1-18.el8_4.3.aarch64.rpm  
libcurl-debuginfo-7.61.1-18.el8_4.3.aarch64.rpm  
libcurl-devel-7.61.1-18.el8_4.3.aarch64.rpm  
libcurl-minimal-7.61.1-18.el8_4.3.aarch64.rpm  
libcurl-minimal-debuginfo-7.61.1-18.el8_4.3.aarch64.rpm

ppc64le:  
curl-7.61.1-18.el8_4.3.ppc64le.rpm  
curl-debuginfo-7.61.1-18.el8_4.3.ppc64le.rpm  
curl-debugsource-7.61.1-18.el8_4.3.ppc64le.rpm  
curl-minimal-debuginfo-7.61.1-18.el8_4.3.ppc64le.rpm  
libcurl-7.61.1-18.el8_4.3.ppc64le.rpm  
libcurl-debuginfo-7.61.1-18.el8_4.3.ppc64le.rpm  
libcurl-devel-7.61.1-18.el8_4.3.ppc64le.rpm  
libcurl-minimal-7.61.1-18.el8_4.3.ppc64le.rpm  
libcurl-minimal-debuginfo-7.61.1-18.el8_4.3.ppc64le.rpm

s390x:  
curl-7.61.1-18.el8_4.3.s390x.rpm  
curl-debuginfo-7.61.1-18.el8_4.3.s390x.rpm  
curl-debugsource-7.61.1-18.el8_4.3.s390x.rpm  
curl-minimal-debuginfo-7.61.1-18.el8_4.3.s390x.rpm  
libcurl-7.61.1-18.el8_4.3.s390x.rpm  
libcurl-debuginfo-7.61.1-18.el8_4.3.s390x.rpm  
libcurl-devel-7.61.1-18.el8_4.3.s390x.rpm  
libcurl-minimal-7.61.1-18.el8_4.3.s390x.rpm  
libcurl-minimal-debuginfo-7.61.1-18.el8_4.3.s390x.rpm

x86_64:  
curl-7.61.1-18.el8_4.3.x86_64.rpm  
curl-debuginfo-7.61.1-18.el8_4.3.i686.rpm  
curl-debuginfo-7.61.1-18.el8_4.3.x86_64.rpm  
curl-debugsource-7.61.1-18.el8_4.3.i686.rpm  
curl-debugsource-7.61.1-18.el8_4.3.x86_64.rpm  
curl-minimal-debuginfo-7.61.1-18.el8_4.3.i686.rpm  
curl-minimal-debuginfo-7.61.1-18.el8_4.3.x86_64.rpm  
libcurl-7.61.1-18.el8_4.3.i686.rpm  
libcurl-7.61.1-18.el8_4.3.x86_64.rpm  
libcurl-debuginfo-7.61.1-18.el8_4.3.i686.rpm  
libcurl-debuginfo-7.61.1-18.el8_4.3.x86_64.rpm  
libcurl-devel-7.61.1-18.el8_4.3.i686.rpm  
libcurl-devel-7.61.1-18.el8_4.3.x86_64.rpm  
libcurl-minimal-7.61.1-18.el8_4.3.i686.rpm  
libcurl-minimal-7.61.1-18.el8_4.3.x86_64.rpm  
libcurl-minimal-debuginfo-7.61.1-18.el8_4.3.i686.rpm  
libcurl-minimal-debuginfo-7.61.1-18.el8_4.3.x86_64.rpm

Red Hat Enterprise Linux BaseOS TUS (v.8.4):

Source:  
curl-7.61.1-18.el8_4.3.src.rpm

aarch64:  
curl-7.61.1-18.el8_4.3.aarch64.rpm  
curl-debuginfo-7.61.1-18.el8_4.3.aarch64.rpm  
curl-debugsource-7.61.1-18.el8_4.3.aarch64.rpm  
curl-minimal-debuginfo-7.61.1-18.el8_4.3.aarch64.rpm  
libcurl-7.61.1-18.el8_4.3.aarch64.rpm  
libcurl-debuginfo-7.61.1-18.el8_4.3.aarch64.rpm  
libcurl-devel-7.61.1-18.el8_4.3.aarch64.rpm  
libcurl-minimal-7.61.1-18.el8_4.3.aarch64.rpm  
libcurl-minimal-debuginfo-7.61.1-18.el8_4.3.aarch64.rpm

ppc64le:  
curl-7.61.1-18.el8_4.3.ppc64le.rpm  
curl-debuginfo-7.61.1-18.el8_4.3.ppc64le.rpm  
curl-debugsource-7.61.1-18.el8_4.3.ppc64le.rpm  
curl-minimal-debuginfo-7.61.1-18.el8_4.3.ppc64le.rpm  
libcurl-7.61.1-18.el8_4.3.ppc64le.rpm  
libcurl-debuginfo-7.61.1-18.el8_4.3.ppc64le.rpm  
libcurl-devel-7.61.1-18.el8_4.3.ppc64le.rpm  
libcurl-minimal-7.61.1-18.el8_4.3.ppc64le.rpm  
libcurl-minimal-debuginfo-7.61.1-18.el8_4.3.ppc64le.rpm

s390x:  
curl-7.61.1-18.el8_4.3.s390x.rpm  
curl-debuginfo-7.61.1-18.el8_4.3.s390x.rpm  
curl-debugsource-7.61.1-18.el8_4.3.s390x.rpm  
curl-minimal-debuginfo-7.61.1-18.el8_4.3.s390x.rpm  
libcurl-7.61.1-18.el8_4.3.s390x.rpm  
libcurl-debuginfo-7.61.1-18.el8_4.3.s390x.rpm  
libcurl-devel-7.61.1-18.el8_4.3.s390x.rpm  
libcurl-minimal-7.61.1-18.el8_4.3.s390x.rpm  
libcurl-minimal-debuginfo-7.61.1-18.el8_4.3.s390x.rpm

x86_64:  
curl-7.61.1-18.el8_4.3.x86_64.rpm  
curl-debuginfo-7.61.1-18.el8_4.3.i686.rpm  
curl-debuginfo-7.61.1-18.el8_4.3.x86_64.rpm  
curl-debugsource-7.61.1-18.el8_4.3.i686.rpm  
curl-debugsource-7.61.1-18.el8_4.3.x86_64.rpm  
curl-minimal-debuginfo-7.61.1-18.el8_4.3.i686.rpm  
curl-minimal-debuginfo-7.61.1-18.el8_4.3.x86_64.rpm  
libcurl-7.61.1-18.el8_4.3.i686.rpm  
libcurl-7.61.1-18.el8_4.3.x86_64.rpm  
libcurl-debuginfo-7.61.1-18.el8_4.3.i686.rpm  
libcurl-debuginfo-7.61.1-18.el8_4.3.x86_64.rpm  
libcurl-devel-7.61.1-18.el8_4.3.i686.rpm  
libcurl-devel-7.61.1-18.el8_4.3.x86_64.rpm  
libcurl-minimal-7.61.1-18.el8_4.3.i686.rpm  
libcurl-minimal-7.61.1-18.el8_4.3.x86_64.rpm  
libcurl-minimal-debuginfo-7.61.1-18.el8_4.3.i686.rpm  
libcurl-minimal-debuginfo-7.61.1-18.el8_4.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-32206  
https://access.redhat.com/security/cve/CVE-2023-23916  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZH8fmNzjgjWX9erEAQhwWhAAihPZFD+07+tsujy6vcmAJ1qHNNzZKtTL  
HPQ2qIJRrcIxoM2gnwhOnPWYYuO1yAUVizJUWe+xTDbkzQmzQYXprRpdwqcULqih  
ZSCNK1k8UGtERyUVbm9YyzGcVV+KHXvtQL7FkQFEpIwiCDtJCQoREa0fj2vEU4T0  
QwBzyvl8IuhdPH0O9Z0vfMRJcn5f1IA3qIeJQGyQbRH0DtKt+NFjlyBsu1B5uvp9  
VR9QxF13LsJD4kOpAZ/nklOofUYa+CtWTLAhnxmKSYqJcSab8+ulaCtGsoP4TQeV  
WowqvP7Tp8NN2XCGu5x/EwHKK3vJGGQWkbp14M+4uGTG4UY+qIdogRLSI2EFkaLV  
ndLLj1EtoIUw905g8fcvIlZ4MJmuO1lzMaTbLL/NHcqnBtkJXQToESHpg4tRpc2G  
bHuyAP5cC0DxAlNGBpfuV/Je9J+zqS/YqaoULsvX2UBBxI4sN/2rtdiNWvQxoP11  
GdH4lBszF9IWJGKWgh9AOsV5VK7gDzSBSPrsL3PWRv/BiYKt4iDMvRDYkpuEgeos  
rJ98VghY0K4pczvlHIs1/PboiqDDqLOLA5n/or7vHJm+yh3wfp1hr5V0QUo6ncYr  
/M9lvdqEWxRHLcmUd8a4OavTn5b1Bkv0vHqXK1VKMepCFN9uW1xB39lwsgNJuNDh  
XzXU/fx8IJI=  
=KCBX  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3460-01

Red Hat Security Advisory 2023-3465-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update  
Advisory ID:       RHSA-2023:3465-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3465  
Issue date:        2023-06-06  
CVE Names:         CVE-2023-0461 CVE-2023-2008 CVE-2023-32233   
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS EUS (v.9.0) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: net/ulp: use-after-free in listening ULP sockets (CVE-2023-0461)

* kernel: udmabuf: improper validation of array index leading to local  
privilege escalation (CVE-2023-2008)

* kernel: use-after-free in Netfilter nf_tables when processing batch  
requests can lead to privilege escalation (CVE-2023-32233)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* Intel QAT Update - (kernel changes) (BZ#2176848)

* Significant performance drop for getrandom system call when FIPS is  
enabled (compared to RHEL 8) (BZ#2183477)

* Azure RHEL9 Backport upstream commit  
93827a0a36396f2fd6368a54a020f420c8916e9b [KVM: VMX: Fix crash due to  
uninitialized current_vmcs] (BZ#2186824)

* kernel[-rt]: task deadline_test:1778 blocked for more than 622 seconds  
(BZ#2188657)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2176192 - CVE-2023-0461 kernel: net/ulp: use-after-free in listening ULP sockets  
2186862 - CVE-2023-2008 kernel: udmabuf: improper validation of array index leading to local privilege escalation  
2196105 - CVE-2023-32233 kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

aarch64:  
bpftool-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debug-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debug-devel-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debug-devel-matched-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debuginfo-common-aarch64-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-devel-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-devel-matched-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-headers-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-tools-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
perf-5.14.0-70.58.1.el9_0.aarch64.rpm  
perf-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
python3-perf-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm

noarch:  
kernel-doc-5.14.0-70.58.1.el9_0.noarch.rpm

ppc64le:  
bpftool-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debug-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debug-devel-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debug-devel-matched-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-devel-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-devel-matched-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-headers-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-tools-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
perf-5.14.0-70.58.1.el9_0.ppc64le.rpm  
perf-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
python3-perf-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm

s390x:  
bpftool-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debug-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debug-devel-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debug-devel-matched-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debuginfo-common-s390x-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-devel-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-devel-matched-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-headers-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-tools-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-zfcpdump-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-zfcpdump-devel-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-zfcpdump-devel-matched-5.14.0-70.58.1.el9_0.s390x.rpm  
perf-5.14.0-70.58.1.el9_0.s390x.rpm  
perf-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
python3-perf-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm

x86_64:  
bpftool-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debug-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debug-devel-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debug-devel-matched-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debuginfo-common-x86_64-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-devel-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-devel-matched-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-headers-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-tools-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
perf-5.14.0-70.58.1.el9_0.x86_64.rpm  
perf-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
python3-perf-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm

Red Hat Enterprise Linux BaseOS EUS (v.9.0):

Source:  
kernel-5.14.0-70.58.1.el9_0.src.rpm

aarch64:  
bpftool-5.14.0-70.58.1.el9_0.aarch64.rpm  
bpftool-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-core-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debug-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debug-core-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debug-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debug-modules-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debug-modules-extra-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debuginfo-common-aarch64-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-modules-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-modules-extra-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-tools-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-tools-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-tools-libs-5.14.0-70.58.1.el9_0.aarch64.rpm  
perf-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
python3-perf-5.14.0-70.58.1.el9_0.aarch64.rpm  
python3-perf-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm

noarch:  
kernel-abi-stablelists-5.14.0-70.58.1.el9_0.noarch.rpm

ppc64le:  
bpftool-5.14.0-70.58.1.el9_0.ppc64le.rpm  
bpftool-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-core-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debug-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debug-core-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debug-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debug-modules-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debug-modules-extra-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-modules-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-modules-extra-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-tools-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-tools-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-tools-libs-5.14.0-70.58.1.el9_0.ppc64le.rpm  
perf-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
python3-perf-5.14.0-70.58.1.el9_0.ppc64le.rpm  
python3-perf-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm

s390x:  
bpftool-5.14.0-70.58.1.el9_0.s390x.rpm  
bpftool-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-core-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debug-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debug-core-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debug-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debug-modules-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debug-modules-extra-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debuginfo-common-s390x-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-modules-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-modules-extra-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-tools-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-tools-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-zfcpdump-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-zfcpdump-core-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-zfcpdump-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-zfcpdump-modules-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-zfcpdump-modules-extra-5.14.0-70.58.1.el9_0.s390x.rpm  
perf-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
python3-perf-5.14.0-70.58.1.el9_0.s390x.rpm  
python3-perf-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm

x86_64:  
bpftool-5.14.0-70.58.1.el9_0.x86_64.rpm  
bpftool-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-core-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debug-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debug-core-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debug-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debug-modules-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debug-modules-extra-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debuginfo-common-x86_64-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-modules-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-modules-extra-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-tools-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-tools-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-tools-libs-5.14.0-70.58.1.el9_0.x86_64.rpm  
perf-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
python3-perf-5.14.0-70.58.1.el9_0.x86_64.rpm  
python3-perf-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v.9.0):

aarch64:  
bpftool-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-cross-headers-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debug-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debuginfo-common-aarch64-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-tools-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-tools-libs-devel-5.14.0-70.58.1.el9_0.aarch64.rpm  
perf-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
python3-perf-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm

ppc64le:  
bpftool-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-cross-headers-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debug-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-tools-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-tools-libs-devel-5.14.0-70.58.1.el9_0.ppc64le.rpm  
perf-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
python3-perf-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm

s390x:  
bpftool-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-cross-headers-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debug-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debuginfo-common-s390x-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-tools-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-zfcpdump-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
perf-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
python3-perf-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm

x86_64:  
bpftool-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-cross-headers-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debug-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debuginfo-common-x86_64-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-tools-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-tools-libs-devel-5.14.0-70.58.1.el9_0.x86_64.rpm  
perf-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
python3-perf-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0461  
https://access.redhat.com/security/cve/CVE-2023-2008  
https://access.redhat.com/security/cve/CVE-2023-32233  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZH8fhdzjgjWX9erEAQjndA//UpRBwgHz32ghunmBO+fNfeWyHc8iYacs  
pblLL1XPHvdAIZQd/lNJ66EJt2GSNYOB1mLaem7ovXOFUpa/4GdKsFalxFSvyeRS  
msMDfjqt71Qa+iAa3u6+cn9GOgwjijUVjS6DtoMJzPNIIEViDEaYYVJNrxMyMVt9  
M+K/lETdq9SyVxXwWDQs47Y44677PJjGIf6rg8WPjgkZalEf94MxRLQ60pmM6AU0  
a77urCDLwioSGTxoJ5dzyPRxazJM+tqwWaZlsa37c0MB22yk9N+dIpmMhSU+yAPL  
OJQHxmCX3FfQkewlAq90Yc//zCUdmc/+XpUv+sBVOAcCuc3U9Mrhx7BY9YctUPNV  
V2ixlUEj2Rgr7b2boPJNWDM4lAS8WN4OEGcrpNbtYRHrNfS6+7pWcJXpO8s5S+ZU  
aUpRHq0mrWj7Vwew0YQFeO0l6dF40bWXAkvlWRfJyG2NQR6TGNuPDmgkxX1Kifbf  
+Xfsw/bljKkTSZajmiEjKC/0b6J8a2aeIsQZRTkf8g9OyZR6DJTNjdXd99Utwekb  
OaGpRUBoIottSNn1Su1jb3U+N85DBlGinAEEnfZVTur3GjO+o/Tx4bhgvm58WCy3  
t7OrMG0wh3Bx9W6QVnkwh374ejTkfsfN+n4mGnTiIWG1GiukbFSYYJuFipaGUcu5  
KKIPwXF9gSY=  
=sBr4  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3465-01

Red Hat Security Advisory 2023-3462-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel-rt security and bug fix update  
Advisory ID:       RHSA-2023:3462-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3462  
Issue date:        2023-06-06  
CVE Names:         CVE-2022-42896   
=====================================================================

1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4  
Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4  
Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update  
Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux NFV E4S (v.8.4) - x86_64  
Red Hat Enterprise Linux NFV TUS (v.8.4) - x86_64  
Red Hat Enterprise Linux RT TUS (v.8.4) - x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables  
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in  
net/bluetooth/l2cap_core.c (CVE-2022-42896)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* kernel-rt: update RT source tree to the RHEL-8.4.z17 source tree  
(BZ#2185910)

* RHEL-8.7 kernel-rt: INFO: task deadline_test:2526 blocked for more than  
600 seconds. (BZ#2188652)

* Crash: kernel BUG at kernel/locking/rtmutex.c:1338! (BZ#2188725)

* kernel-rt: workqueue: Fix divergence from stock 8.4 (BZ#2209152)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2147364 - CVE-2022-42896 kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c

6. Package List:

Red Hat Enterprise Linux NFV E4S (v.8.4):

Source:  
kernel-rt-4.18.0-305.91.1.rt7.166.el8_4.src.rpm

x86_64:  
kernel-rt-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-core-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-core-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-debuginfo-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-devel-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-kvm-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-modules-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-modules-extra-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debuginfo-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-devel-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-kvm-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-modules-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-modules-extra-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm

Red Hat Enterprise Linux NFV TUS (v.8.4):

Source:  
kernel-rt-4.18.0-305.91.1.rt7.166.el8_4.src.rpm

x86_64:  
kernel-rt-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-core-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-core-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-debuginfo-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-devel-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-kvm-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-modules-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-modules-extra-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debuginfo-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-devel-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-kvm-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-modules-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-modules-extra-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm

Red Hat Enterprise Linux RT TUS (v.8.4):

Source:  
kernel-rt-4.18.0-305.91.1.rt7.166.el8_4.src.rpm

x86_64:  
kernel-rt-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-core-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-core-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-debuginfo-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-devel-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-modules-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-modules-extra-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debuginfo-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-devel-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-modules-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-modules-extra-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-42896  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZH8ffNzjgjWX9erEAQgyzQ//ePc2fU5umHOIMReDPuiaMY7szYylgtmi  
x2gO6L9pgdS9eveUQjsiBK4Clin+7MIX1RTa0Kr+QzC+VCo+4SRP85vE/WDXwEI1  
usJ23fZH2CUURcy38ejG7Cw+xQbFQWnhoFAl0s8TZbLAzKo4CNoVf0FtLrwGif/x  
KadeI4bpdI9kjnVqjdraIaUJeTGAaLH6oKfCBimgTudV1hpOYJF7nO7gnr2Jn9fh  
o1Wa5VXj+z33U6+l6SEVcUtCXRrWIpuwVa47Nan5vAdD5I3tQQbWhsac9AUWF5GO  
KJBdJl8hF3nEYtyQWWlgtg6wQce1WwQCEJBE2ZKjOjz/ppxE8+X9sZnm3GRsTd47  
CvtB7SiMlDAVpSPs6ILahXpQwXCnW0Nhg/Egs5K6QBtVGi1/06h1oSRKuToa6B+v  
0E6USqCbehmneZAs+SfwOcD5de4VmuVS1pCfc905eO+DdWWyA7Zfu6kofYlpxFCU  
+z/GUKj5xyMZgOV6TpJNDrmHuvaaoheNyYdh7kf9d5QYElyrBb/o0UinzGkNghAP  
lrcyKis3NsGxcH0kNkNt6k+Q3g2zLa42OdA7JxtgfoXK/2mpXHTeqxd2RuZrp87G  
qCI2oFQv/20OG6APwESBC0ae3ipF9sZA9do4Y1LrI44pdsBBif3TXBX5HGkmDhit  
VTe8HYqeOrw=  
=lylS  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3462-01

Red Hat Security Advisory 2023-3461-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-3461-01

Red Hat Security Advisory 2023-3470-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include privilege escalation and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel-rt security and bug fix update  
Advisory ID:       RHSA-2023:3470-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3470  
Issue date:        2023-06-06  
CVE Names:         CVE-2023-0461 CVE-2023-2008 CVE-2023-32233   
=====================================================================

1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Real Time EUS (v.9.0) - x86_64  
Red Hat Enterprise Linux Real Time for NFV EUS (v.9.0) - x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables  
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: net/ulp: use-after-free in listening ULP sockets (CVE-2023-0461)

* kernel: udmabuf: improper validation of array index leading to local  
privilege escalation (CVE-2023-2008)

* kernel: netfilter: use-after-free in nf_tables when processing batch  
requests can lead to privilege escalation (CVE-2023-32233)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* kernel-rt-debug: BUG: MAX_LOCKDEP_CHAINS too low (BZ#2181286)

* kernel-rt: update RT source tree to the latest RHEL-9.0.z9 Batch  
(BZ#2186491)

* kernel-rt: INFO: task deadline_test:1778 blocked for more than 622  
seconds (BZ#2188662)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2176192 - CVE-2023-0461 kernel: net/ulp: use-after-free in listening ULP sockets  
2186862 - CVE-2023-2008 kernel: udmabuf: improper validation of array index leading to local privilege escalation  
2196105 - CVE-2023-32233 kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation

6. Package List:

Red Hat Enterprise Linux Real Time for NFV EUS (v.9.0):

Source:  
kernel-rt-5.14.0-70.58.1.rt21.129.el9_0.src.rpm

x86_64:  
kernel-rt-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-core-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debug-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debug-core-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debug-debuginfo-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debug-devel-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debug-kvm-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debug-modules-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debug-modules-extra-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debuginfo-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-devel-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-kvm-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-modules-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-modules-extra-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm

Red Hat Enterprise Linux Real Time EUS (v.9.0):

Source:  
kernel-rt-5.14.0-70.58.1.rt21.129.el9_0.src.rpm

x86_64:  
kernel-rt-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-core-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debug-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debug-core-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debug-debuginfo-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debug-devel-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debug-modules-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debug-modules-extra-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debuginfo-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-devel-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-modules-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-modules-extra-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0461  
https://access.redhat.com/security/cve/CVE-2023-2008  
https://access.redhat.com/security/cve/CVE-2023-32233  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZH8fc9zjgjWX9erEAQixqg//TKjSUs6S1BZfD0fAMLRlETm8X+zQSko2  
/0J2pHxC77zfwa4Tdf0vgCx9WDOzrZE8OQwPU7rchBIRLd/3LZyaVpw88ujtkO7z  
gmTE1EVBOrNrQF4UsZvvI1DhIIjHJTgyA0YZu6k3SnSJ3WCVLJvZoiFMMFJwE3BT  
qFZUe78WC/KwSM2sNsnyPiHEbkv5sIU/nCpHdf0CuriSNaOmf8vYhB5lO4w5+D3G  
pe4ebCa/urh0PRY9XAvlcneN6JhAhrGKerdx2U3M1JV2xLUi6GEiTUabQwaWsIeP  
pTOMQ13b2+0Dx2yGjNVGb4BiNczq1J+4xC2Y6agGhsrEjS25cTs/+VUIU7u55Z6v  
ekZXQqqszCWpmzbFtsPB2piRVswywCcv5C3H+PjIkwtb/ZXt6s0wf15EXubp70Pk  
nxWMI3bDuZKWGqV4QJ0WjCyv9ZrZ07Z/tz/x5+G7W8dsz5NYOd57QWVOH1N8abJe  
0BAn/wxLiovVp8SVXvFhv62HgD0jwWCm/2Qnnk8vUpz14o4WDhazki2n240fG/to  
Gf4V9+u59QhSJoqm15Wn8TdagXGtAJpoF4035uxIsDc6qitqfgUdr+/QKdS1DHbw  
dteCG6cCVXKsdiAP5sLoZc1TLIL7rsW24mKemHx/WA97wYdyfOq1lUR5YyvcZupy  
uaJN7YNDHbs=  
=rdIS  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3470-01

Red Hat Security Advisory 2023-3433-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include out of bounds read and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: webkit2gtk3 security update  
Advisory ID:       RHSA-2023:3433-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3433  
Issue date:        2023-06-05  
CVE Names:         CVE-2023-28204 CVE-2023-32373   
=====================================================================

1. Summary:

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

WebKitGTK is the port of the portable web rendering engine WebKit to the  
GTK platform.

Security Fix(es):

* webkitgtk: a use-after-free when processing maliciously crafted web  
content (CVE-2023-32373)

* webkitgtk: an out-of-bounds read when processing malicious content  
(CVE-2023-28204)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2209208 - CVE-2023-28204 webkitgtk: an out-of-bounds read when processing malicious content  
2209214 - CVE-2023-32373 webkitgtk: a use-after-free when processing maliciously crafted web content

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
webkit2gtk3-2.38.5-1.el8_8.4.src.rpm

aarch64:  
webkit2gtk3-2.38.5-1.el8_8.4.aarch64.rpm  
webkit2gtk3-debuginfo-2.38.5-1.el8_8.4.aarch64.rpm  
webkit2gtk3-debugsource-2.38.5-1.el8_8.4.aarch64.rpm  
webkit2gtk3-devel-2.38.5-1.el8_8.4.aarch64.rpm  
webkit2gtk3-devel-debuginfo-2.38.5-1.el8_8.4.aarch64.rpm  
webkit2gtk3-jsc-2.38.5-1.el8_8.4.aarch64.rpm  
webkit2gtk3-jsc-debuginfo-2.38.5-1.el8_8.4.aarch64.rpm  
webkit2gtk3-jsc-devel-2.38.5-1.el8_8.4.aarch64.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el8_8.4.aarch64.rpm

ppc64le:  
webkit2gtk3-2.38.5-1.el8_8.4.ppc64le.rpm  
webkit2gtk3-debuginfo-2.38.5-1.el8_8.4.ppc64le.rpm  
webkit2gtk3-debugsource-2.38.5-1.el8_8.4.ppc64le.rpm  
webkit2gtk3-devel-2.38.5-1.el8_8.4.ppc64le.rpm  
webkit2gtk3-devel-debuginfo-2.38.5-1.el8_8.4.ppc64le.rpm  
webkit2gtk3-jsc-2.38.5-1.el8_8.4.ppc64le.rpm  
webkit2gtk3-jsc-debuginfo-2.38.5-1.el8_8.4.ppc64le.rpm  
webkit2gtk3-jsc-devel-2.38.5-1.el8_8.4.ppc64le.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el8_8.4.ppc64le.rpm

s390x:  
webkit2gtk3-2.38.5-1.el8_8.4.s390x.rpm  
webkit2gtk3-debuginfo-2.38.5-1.el8_8.4.s390x.rpm  
webkit2gtk3-debugsource-2.38.5-1.el8_8.4.s390x.rpm  
webkit2gtk3-devel-2.38.5-1.el8_8.4.s390x.rpm  
webkit2gtk3-devel-debuginfo-2.38.5-1.el8_8.4.s390x.rpm  
webkit2gtk3-jsc-2.38.5-1.el8_8.4.s390x.rpm  
webkit2gtk3-jsc-debuginfo-2.38.5-1.el8_8.4.s390x.rpm  
webkit2gtk3-jsc-devel-2.38.5-1.el8_8.4.s390x.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el8_8.4.s390x.rpm

x86_64:  
webkit2gtk3-2.38.5-1.el8_8.4.i686.rpm  
webkit2gtk3-2.38.5-1.el8_8.4.x86_64.rpm  
webkit2gtk3-debuginfo-2.38.5-1.el8_8.4.i686.rpm  
webkit2gtk3-debuginfo-2.38.5-1.el8_8.4.x86_64.rpm  
webkit2gtk3-debugsource-2.38.5-1.el8_8.4.i686.rpm  
webkit2gtk3-debugsource-2.38.5-1.el8_8.4.x86_64.rpm  
webkit2gtk3-devel-2.38.5-1.el8_8.4.i686.rpm  
webkit2gtk3-devel-2.38.5-1.el8_8.4.x86_64.rpm  
webkit2gtk3-devel-debuginfo-2.38.5-1.el8_8.4.i686.rpm  
webkit2gtk3-devel-debuginfo-2.38.5-1.el8_8.4.x86_64.rpm  
webkit2gtk3-jsc-2.38.5-1.el8_8.4.i686.rpm  
webkit2gtk3-jsc-2.38.5-1.el8_8.4.x86_64.rpm  
webkit2gtk3-jsc-debuginfo-2.38.5-1.el8_8.4.i686.rpm  
webkit2gtk3-jsc-debuginfo-2.38.5-1.el8_8.4.x86_64.rpm  
webkit2gtk3-jsc-devel-2.38.5-1.el8_8.4.i686.rpm  
webkit2gtk3-jsc-devel-2.38.5-1.el8_8.4.x86_64.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el8_8.4.i686.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el8_8.4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-28204  
https://access.redhat.com/security/cve/CVE-2023-32373  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZH54S9zjgjWX9erEAQik3A/+IpcsSu+L3IB36Z1OGQp+3Ub+9kJQ32iq  
q683C4Md3OK5k8MBLO2lry3iRwz++Dr6sYJnUkzgehxvDbg/EEjVajGy3XkOt4gH  
z4NLf9ANS6uxGbH4vAyh58y4eUCwcFDAmbQ4mls/vsCUj/nWLtYYwkPurq8UT0tC  
A2Wkdy74Qy6S6x9sPMFhjX6/IxLEbyT4zspxoV3w04Hkv8JhGGc6N48d7TZkc0wL  
ta8p2J9J2zs44MxpAOpO1CUemZouLDAGYIFZK0OuqiD4PGJO1zrKvpxklK2iQb8L  
Xo5E3AOeqA9OypynpFp3+/qM7kdLKkN4iGeh4OyyBF1d2/qfEF4yhy8L0ZB1Jngz  
o78+8uB01skD3lLsz+hrln7IF7WWQKClS2nLhiplTM+PRiwVU0OfaB4cX3aQI0CH  
uoO4846LV6GJssLUax9LsBVAu3tM4PeYvb1Ci0dScsvxb8MO+UFuqwYDRh76IJWK  
xYEmDYC6dgcDvnUbiky99OENpJZte9t19pA9x/T3oPYw//DkIBxL8oYqxPDfMo4z  
uO2NavUxK4VWoX/qPZ2cMEEDvAJH6EpSvzur0vX97I42+RKYuds6VuF2gifv5EeD  
7QKKK7zm2xdkMiJVMq5wo7tIPhud5miXU6QUXxD08EAf0KbSjlt6OrTViluaGcOA  
wjHPL3ZkmgQ=  
=cMOt  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3433-01

Red Hat Security Advisory 2023-3432-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include out of bounds read and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: webkit2gtk3 security update  
Advisory ID:       RHSA-2023:3432-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3432  
Issue date:        2023-06-05  
CVE Names:         CVE-2023-28204 CVE-2023-32373   
=====================================================================

1. Summary:

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

WebKitGTK is the port of the portable web rendering engine WebKit to the  
GTK platform.

Security Fix(es):

* webkitgtk: a use-after-free when processing maliciously crafted web  
content (CVE-2023-32373)

* webkitgtk: an out-of-bounds read when processing malicious content  
(CVE-2023-28204)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2209208 - CVE-2023-28204 webkitgtk: an out-of-bounds read when processing malicious content  
2209214 - CVE-2023-32373 webkitgtk: a use-after-free when processing maliciously crafted web content

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
webkit2gtk3-2.38.5-1.el9_2.2.src.rpm

aarch64:  
webkit2gtk3-2.38.5-1.el9_2.2.aarch64.rpm  
webkit2gtk3-debuginfo-2.38.5-1.el9_2.2.aarch64.rpm  
webkit2gtk3-debugsource-2.38.5-1.el9_2.2.aarch64.rpm  
webkit2gtk3-devel-2.38.5-1.el9_2.2.aarch64.rpm  
webkit2gtk3-devel-debuginfo-2.38.5-1.el9_2.2.aarch64.rpm  
webkit2gtk3-jsc-2.38.5-1.el9_2.2.aarch64.rpm  
webkit2gtk3-jsc-debuginfo-2.38.5-1.el9_2.2.aarch64.rpm  
webkit2gtk3-jsc-devel-2.38.5-1.el9_2.2.aarch64.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9_2.2.aarch64.rpm

ppc64le:  
webkit2gtk3-2.38.5-1.el9_2.2.ppc64le.rpm  
webkit2gtk3-debuginfo-2.38.5-1.el9_2.2.ppc64le.rpm  
webkit2gtk3-debugsource-2.38.5-1.el9_2.2.ppc64le.rpm  
webkit2gtk3-devel-2.38.5-1.el9_2.2.ppc64le.rpm  
webkit2gtk3-devel-debuginfo-2.38.5-1.el9_2.2.ppc64le.rpm  
webkit2gtk3-jsc-2.38.5-1.el9_2.2.ppc64le.rpm  
webkit2gtk3-jsc-debuginfo-2.38.5-1.el9_2.2.ppc64le.rpm  
webkit2gtk3-jsc-devel-2.38.5-1.el9_2.2.ppc64le.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9_2.2.ppc64le.rpm

s390x:  
webkit2gtk3-2.38.5-1.el9_2.2.s390x.rpm  
webkit2gtk3-debuginfo-2.38.5-1.el9_2.2.s390x.rpm  
webkit2gtk3-debugsource-2.38.5-1.el9_2.2.s390x.rpm  
webkit2gtk3-devel-2.38.5-1.el9_2.2.s390x.rpm  
webkit2gtk3-devel-debuginfo-2.38.5-1.el9_2.2.s390x.rpm  
webkit2gtk3-jsc-2.38.5-1.el9_2.2.s390x.rpm  
webkit2gtk3-jsc-debuginfo-2.38.5-1.el9_2.2.s390x.rpm  
webkit2gtk3-jsc-devel-2.38.5-1.el9_2.2.s390x.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9_2.2.s390x.rpm

x86_64:  
webkit2gtk3-2.38.5-1.el9_2.2.i686.rpm  
webkit2gtk3-2.38.5-1.el9_2.2.x86_64.rpm  
webkit2gtk3-debuginfo-2.38.5-1.el9_2.2.i686.rpm  
webkit2gtk3-debuginfo-2.38.5-1.el9_2.2.x86_64.rpm  
webkit2gtk3-debugsource-2.38.5-1.el9_2.2.i686.rpm  
webkit2gtk3-debugsource-2.38.5-1.el9_2.2.x86_64.rpm  
webkit2gtk3-devel-2.38.5-1.el9_2.2.i686.rpm  
webkit2gtk3-devel-2.38.5-1.el9_2.2.x86_64.rpm  
webkit2gtk3-devel-debuginfo-2.38.5-1.el9_2.2.i686.rpm  
webkit2gtk3-devel-debuginfo-2.38.5-1.el9_2.2.x86_64.rpm  
webkit2gtk3-jsc-2.38.5-1.el9_2.2.i686.rpm  
webkit2gtk3-jsc-2.38.5-1.el9_2.2.x86_64.rpm  
webkit2gtk3-jsc-debuginfo-2.38.5-1.el9_2.2.i686.rpm  
webkit2gtk3-jsc-debuginfo-2.38.5-1.el9_2.2.x86_64.rpm  
webkit2gtk3-jsc-devel-2.38.5-1.el9_2.2.i686.rpm  
webkit2gtk3-jsc-devel-2.38.5-1.el9_2.2.x86_64.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9_2.2.i686.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9_2.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-28204  
https://access.redhat.com/security/cve/CVE-2023-32373  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZH54RdzjgjWX9erEAQiM7A//TKXn2wpY6wdYmxPDnxde9QRSLmDWvzpQ  
0DDeU7as/ZzwMJkoDoBstFnj3r02GnkRpn5CCshiJK0uqQY/Q/4T3d+y0Co+t2lP  
6wm/v2wkpoSy3CrVIBoIrN93WTXpOWKqyNUX1e7TiPCfATtKiLQg2a9Qmcs6A7Le  
NYS5kdTYIVWsTy1WR6hcbAJozraUNXU60sW5XoViKoR5WsnsFfTXX4v06vhxnW6p  
NR6+I4FyrEtQNo2+UuSQ0eEBEmUaH11CnrNl1TzagKZm49f3nf112ef895GNgxXG  
pGthaReUfwQilgIXMqwv+ei24npA1X/t+RIpazzhUHXh9gmjiGaLMyrEuDpVAwzk  
HEd3R/B7H+lDouoSJbAJ5H0IuMyjOYUZ3Y3JBKhzMGn0ASdCLYX5zQUSzJbBWqsh  
qOU43YUQ3GyODM3qhrQkIzSicNUacYP/ysTi8Lm7nZmGTZdVvTHYO+iobfZ/cvGJ  
IjvjqwA7D0Rgp28fKVdfAw6BNEdd0fonPTZhMn1fCm45v7F6Bdc49khnASX6Scqx  
2ifRaoVupFGKg8uQ+BaYKrCcGlXfO2jj8P/41JUJfaerYMKzqG5HGR6wlplcOfxt  
eCy3c+ItcyacSYViLVq6/jB9ynrRV0gwjVPlOdV3eBgWi4JDsXMx4EQQ171g/ee1  
EnHoatQ58/E=  
=8Vmi  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3432-01

Red Hat Security Advisory 2023-3428-01 - The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System distribution but is now maintained independently. Issues addressed include a code execution vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: cups-filters security update  
Advisory ID:       RHSA-2023:3428-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3428  
Issue date:        2023-06-02  
CVE Names:         CVE-2023-24805   
=====================================================================

1. Summary:

An update for cups-filters is now available for Red Hat Enterprise Linux  
8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2  
Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update  
Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream E4S (v. 8.2) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream TUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64

3. Description:

The cups-filters package contains back ends, filters, and other software  
that was once part of the core Common UNIX Printing System (CUPS)  
distribution but is now maintained independently.

Security Fix(es):

* cups-filters: remote code execution in cups-filters, beh CUPS backend  
(CVE-2023-24805)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2203051 - CVE-2023-24805 cups-filters: remote code execution in cups-filters, beh CUPS backend

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v. 8.2):

Source:  
cups-filters-1.20.0-19.el8_2.1.src.rpm

aarch64:  
cups-filters-1.20.0-19.el8_2.1.aarch64.rpm  
cups-filters-debuginfo-1.20.0-19.el8_2.1.aarch64.rpm  
cups-filters-debugsource-1.20.0-19.el8_2.1.aarch64.rpm  
cups-filters-libs-1.20.0-19.el8_2.1.aarch64.rpm  
cups-filters-libs-debuginfo-1.20.0-19.el8_2.1.aarch64.rpm

ppc64le:  
cups-filters-1.20.0-19.el8_2.1.ppc64le.rpm  
cups-filters-debuginfo-1.20.0-19.el8_2.1.ppc64le.rpm  
cups-filters-debugsource-1.20.0-19.el8_2.1.ppc64le.rpm  
cups-filters-libs-1.20.0-19.el8_2.1.ppc64le.rpm  
cups-filters-libs-debuginfo-1.20.0-19.el8_2.1.ppc64le.rpm

s390x:  
cups-filters-1.20.0-19.el8_2.1.s390x.rpm  
cups-filters-debuginfo-1.20.0-19.el8_2.1.s390x.rpm  
cups-filters-debugsource-1.20.0-19.el8_2.1.s390x.rpm  
cups-filters-libs-1.20.0-19.el8_2.1.s390x.rpm  
cups-filters-libs-debuginfo-1.20.0-19.el8_2.1.s390x.rpm

x86_64:  
cups-filters-1.20.0-19.el8_2.1.x86_64.rpm  
cups-filters-debuginfo-1.20.0-19.el8_2.1.i686.rpm  
cups-filters-debuginfo-1.20.0-19.el8_2.1.x86_64.rpm  
cups-filters-debugsource-1.20.0-19.el8_2.1.i686.rpm  
cups-filters-debugsource-1.20.0-19.el8_2.1.x86_64.rpm  
cups-filters-libs-1.20.0-19.el8_2.1.i686.rpm  
cups-filters-libs-1.20.0-19.el8_2.1.x86_64.rpm  
cups-filters-libs-debuginfo-1.20.0-19.el8_2.1.i686.rpm  
cups-filters-libs-debuginfo-1.20.0-19.el8_2.1.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v. 8.2):

Source:  
cups-filters-1.20.0-19.el8_2.1.src.rpm

aarch64:  
cups-filters-1.20.0-19.el8_2.1.aarch64.rpm  
cups-filters-debuginfo-1.20.0-19.el8_2.1.aarch64.rpm  
cups-filters-debugsource-1.20.0-19.el8_2.1.aarch64.rpm  
cups-filters-libs-1.20.0-19.el8_2.1.aarch64.rpm  
cups-filters-libs-debuginfo-1.20.0-19.el8_2.1.aarch64.rpm

ppc64le:  
cups-filters-1.20.0-19.el8_2.1.ppc64le.rpm  
cups-filters-debuginfo-1.20.0-19.el8_2.1.ppc64le.rpm  
cups-filters-debugsource-1.20.0-19.el8_2.1.ppc64le.rpm  
cups-filters-libs-1.20.0-19.el8_2.1.ppc64le.rpm  
cups-filters-libs-debuginfo-1.20.0-19.el8_2.1.ppc64le.rpm

s390x:  
cups-filters-1.20.0-19.el8_2.1.s390x.rpm  
cups-filters-debuginfo-1.20.0-19.el8_2.1.s390x.rpm  
cups-filters-debugsource-1.20.0-19.el8_2.1.s390x.rpm  
cups-filters-libs-1.20.0-19.el8_2.1.s390x.rpm  
cups-filters-libs-debuginfo-1.20.0-19.el8_2.1.s390x.rpm

x86_64:  
cups-filters-1.20.0-19.el8_2.1.x86_64.rpm  
cups-filters-debuginfo-1.20.0-19.el8_2.1.i686.rpm  
cups-filters-debuginfo-1.20.0-19.el8_2.1.x86_64.rpm  
cups-filters-debugsource-1.20.0-19.el8_2.1.i686.rpm  
cups-filters-debugsource-1.20.0-19.el8_2.1.x86_64.rpm  
cups-filters-libs-1.20.0-19.el8_2.1.i686.rpm  
cups-filters-libs-1.20.0-19.el8_2.1.x86_64.rpm  
cups-filters-libs-debuginfo-1.20.0-19.el8_2.1.i686.rpm  
cups-filters-libs-debuginfo-1.20.0-19.el8_2.1.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v. 8.2):

Source:  
cups-filters-1.20.0-19.el8_2.1.src.rpm

aarch64:  
cups-filters-1.20.0-19.el8_2.1.aarch64.rpm  
cups-filters-debuginfo-1.20.0-19.el8_2.1.aarch64.rpm  
cups-filters-debugsource-1.20.0-19.el8_2.1.aarch64.rpm  
cups-filters-libs-1.20.0-19.el8_2.1.aarch64.rpm  
cups-filters-libs-debuginfo-1.20.0-19.el8_2.1.aarch64.rpm

ppc64le:  
cups-filters-1.20.0-19.el8_2.1.ppc64le.rpm  
cups-filters-debuginfo-1.20.0-19.el8_2.1.ppc64le.rpm  
cups-filters-debugsource-1.20.0-19.el8_2.1.ppc64le.rpm  
cups-filters-libs-1.20.0-19.el8_2.1.ppc64le.rpm  
cups-filters-libs-debuginfo-1.20.0-19.el8_2.1.ppc64le.rpm

s390x:  
cups-filters-1.20.0-19.el8_2.1.s390x.rpm  
cups-filters-debuginfo-1.20.0-19.el8_2.1.s390x.rpm  
cups-filters-debugsource-1.20.0-19.el8_2.1.s390x.rpm  
cups-filters-libs-1.20.0-19.el8_2.1.s390x.rpm  
cups-filters-libs-debuginfo-1.20.0-19.el8_2.1.s390x.rpm

x86_64:  
cups-filters-1.20.0-19.el8_2.1.x86_64.rpm  
cups-filters-debuginfo-1.20.0-19.el8_2.1.i686.rpm  
cups-filters-debuginfo-1.20.0-19.el8_2.1.x86_64.rpm  
cups-filters-debugsource-1.20.0-19.el8_2.1.i686.rpm  
cups-filters-debugsource-1.20.0-19.el8_2.1.x86_64.rpm  
cups-filters-libs-1.20.0-19.el8_2.1.i686.rpm  
cups-filters-libs-1.20.0-19.el8_2.1.x86_64.rpm  
cups-filters-libs-debuginfo-1.20.0-19.el8_2.1.i686.rpm  
cups-filters-libs-debuginfo-1.20.0-19.el8_2.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-24805  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZH532NzjgjWX9erEAQgRTg//S+AGLsYC080CU+gk/O5Rc5n9kdqpmbCi  
iHEyADw4qL5n5m03dmgXVdcEQRFx8+GNjbs6kQhh8Jzhb0Ior8TdXwkw4htBtbvI  
N+vj1+tFoSkWGU6yUXRor6V2Cck1dtGm9wQHxVsr3hvTPKBU1zMELLl1r0BwkMiF  
dGLf23Z8T2iEp5FsOeQT/2dyMbuI7KAejntX4m1kNLcW3rgL2cHXqUlh1GvDPnAF  
M08f2meAXDd/PC4bJyn+pzAaO5laTg2JNY0djTatiRMDwl6RE6wznHgnEfPbAw7J  
52n2MERjaUIf9yRqG9yV6uVcjm06WF7bSIvYe2hoEQqE4y3TTdQY26Lvrolebg4X  
5HXe7TFHEJCu+C3FQk1SqvpgAezezQpxtKY9xdSnApO5mFLON68z97YZQt+B7pu5  
TgCmItBIdpgez7qkoqUf6iNAC/Mv4YT+lY62dMxE0eDjuzrYvhc+KbU4MbNHiHjJ  
Fx0TKzIWkjU5Vz6IWlTCBz13qfbsQ+9HtgRBClwiF7g8X/keWBWVxVe4mZMLLaRz  
uXdi5ip7ExDG1ALLd4TrcihT/zYlZK6Dwi1hZS9w4Tda3B2pH4tW9osnfq4xv+Ki  
RACA5RoL9j5qegbyfAD/Urz3hngixa8gMPZINHF0ZAkufjLZKh8bovzTsxIGTtDW  
bPKGGtQG5qI=  
=JdrW  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3428-01

Red Hat Security Advisory 2023-3425-01 - The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System distribution but is now maintained independently. Issues addressed include a code execution vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: cups-filters security update  
Advisory ID:       RHSA-2023:3425-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3425  
Issue date:        2023-06-02  
CVE Names:         CVE-2023-24805   
=====================================================================

1. Summary:

An update for cups-filters is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

The cups-filters package contains back ends, filters, and other software  
that was once part of the core Common UNIX Printing System (CUPS)  
distribution but is now maintained independently.

Security Fix(es):

* cups-filters: remote code execution in cups-filters, beh CUPS backend  
(CVE-2023-24805)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2203051 - CVE-2023-24805 cups-filters: remote code execution in cups-filters, beh CUPS backend

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
cups-filters-1.20.0-29.el8_8.2.src.rpm

aarch64:  
cups-filters-1.20.0-29.el8_8.2.aarch64.rpm  
cups-filters-debuginfo-1.20.0-29.el8_8.2.aarch64.rpm  
cups-filters-debugsource-1.20.0-29.el8_8.2.aarch64.rpm  
cups-filters-libs-1.20.0-29.el8_8.2.aarch64.rpm  
cups-filters-libs-debuginfo-1.20.0-29.el8_8.2.aarch64.rpm

ppc64le:  
cups-filters-1.20.0-29.el8_8.2.ppc64le.rpm  
cups-filters-debuginfo-1.20.0-29.el8_8.2.ppc64le.rpm  
cups-filters-debugsource-1.20.0-29.el8_8.2.ppc64le.rpm  
cups-filters-libs-1.20.0-29.el8_8.2.ppc64le.rpm  
cups-filters-libs-debuginfo-1.20.0-29.el8_8.2.ppc64le.rpm

s390x:  
cups-filters-1.20.0-29.el8_8.2.s390x.rpm  
cups-filters-debuginfo-1.20.0-29.el8_8.2.s390x.rpm  
cups-filters-debugsource-1.20.0-29.el8_8.2.s390x.rpm  
cups-filters-libs-1.20.0-29.el8_8.2.s390x.rpm  
cups-filters-libs-debuginfo-1.20.0-29.el8_8.2.s390x.rpm

x86_64:  
cups-filters-1.20.0-29.el8_8.2.x86_64.rpm  
cups-filters-debuginfo-1.20.0-29.el8_8.2.i686.rpm  
cups-filters-debuginfo-1.20.0-29.el8_8.2.x86_64.rpm  
cups-filters-debugsource-1.20.0-29.el8_8.2.i686.rpm  
cups-filters-debugsource-1.20.0-29.el8_8.2.x86_64.rpm  
cups-filters-libs-1.20.0-29.el8_8.2.i686.rpm  
cups-filters-libs-1.20.0-29.el8_8.2.x86_64.rpm  
cups-filters-libs-debuginfo-1.20.0-29.el8_8.2.i686.rpm  
cups-filters-libs-debuginfo-1.20.0-29.el8_8.2.x86_64.rpm

Red Hat Enterprise Linux CRB (v. 8):

aarch64:  
cups-filters-debuginfo-1.20.0-29.el8_8.2.aarch64.rpm  
cups-filters-debugsource-1.20.0-29.el8_8.2.aarch64.rpm  
cups-filters-devel-1.20.0-29.el8_8.2.aarch64.rpm  
cups-filters-libs-debuginfo-1.20.0-29.el8_8.2.aarch64.rpm

ppc64le:  
cups-filters-debuginfo-1.20.0-29.el8_8.2.ppc64le.rpm  
cups-filters-debugsource-1.20.0-29.el8_8.2.ppc64le.rpm  
cups-filters-devel-1.20.0-29.el8_8.2.ppc64le.rpm  
cups-filters-libs-debuginfo-1.20.0-29.el8_8.2.ppc64le.rpm

s390x:  
cups-filters-debuginfo-1.20.0-29.el8_8.2.s390x.rpm  
cups-filters-debugsource-1.20.0-29.el8_8.2.s390x.rpm  
cups-filters-devel-1.20.0-29.el8_8.2.s390x.rpm  
cups-filters-libs-debuginfo-1.20.0-29.el8_8.2.s390x.rpm

x86_64:  
cups-filters-debuginfo-1.20.0-29.el8_8.2.i686.rpm  
cups-filters-debuginfo-1.20.0-29.el8_8.2.x86_64.rpm  
cups-filters-debugsource-1.20.0-29.el8_8.2.i686.rpm  
cups-filters-debugsource-1.20.0-29.el8_8.2.x86_64.rpm  
cups-filters-devel-1.20.0-29.el8_8.2.i686.rpm  
cups-filters-devel-1.20.0-29.el8_8.2.x86_64.rpm  
cups-filters-libs-debuginfo-1.20.0-29.el8_8.2.i686.rpm  
cups-filters-libs-debuginfo-1.20.0-29.el8_8.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-24805  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZH53xtzjgjWX9erEAQinZQ//e8C3UZz2YSdb+iZcCQkHvpAXS5G4OnnF  
+TDdAQ+fdNuXkMzQey2UEl8/h/0xyEJqF33gOlbgEtIAHNtNR2WP6Wk1HgGNZONA  
teCMda5qliPG0L8H/t/sgNqrWxhQnGE4LbKLQLTXn8Bq0sZhSlZyiSBK4wLxURjS  
Ospqc6yZYpceh/AxJeN8UPkZqWtPq1U4GEVBeb6fQJNPKsCCORCZ+tQYlZlarZJ0  
TnWtzFnDCiAzgck/BKiu16KT4MLGwAzyAGVup3fMcumSkNqvfUtrlNeH7aO4CYMe  
wBmUtKubwrcxQielC/vMwIAZ2F6kgroqyuYrIubUQ/+DvyySy9J8QZmKjF2gc5h4  
yGkrjJEH2tTjdIPa2RF+9oVAKd+MuWj6K2dn0C0y1P8T7903JLt3IV1CYJiO8/Nu  
oWQginskxa+zMwpCeoRzqjx7ZjGUv89MQoh4c4QyD3iWs1suDGFLFbuUGKaX/mpx  
WhIyqOPGFw6jAfWUmW1kbmIjMPNniKLAcxy8Z1tugHfONAgpImbR3DA1KPzyUmQ2  
zssn6Mzn8L10r3oyXPoVJzXhRinbgLjrEuW9APDZR4vgC+8xWfbAO46EBMmjTrsN  
cmDILmHdkpM1Re8/0B8a3DE+y9X2QJi8jVDM/3s+7c8ccdHOu+Re5fMZ8zbFvhQo  
kJ9fZbZQauo=  
=3N+S  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#linux