Red Hat Security Advisory 2023-3465-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update  
Advisory ID:       RHSA-2023:3465-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3465  
Issue date:        2023-06-06  
CVE Names:         CVE-2023-0461 CVE-2023-2008 CVE-2023-32233   
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS EUS (v.9.0) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: net/ulp: use-after-free in listening ULP sockets (CVE-2023-0461)

* kernel: udmabuf: improper validation of array index leading to local  
privilege escalation (CVE-2023-2008)

* kernel: use-after-free in Netfilter nf_tables when processing batch  
requests can lead to privilege escalation (CVE-2023-32233)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* Intel QAT Update - (kernel changes) (BZ#2176848)

* Significant performance drop for getrandom system call when FIPS is  
enabled (compared to RHEL 8) (BZ#2183477)

* Azure RHEL9 Backport upstream commit  
93827a0a36396f2fd6368a54a020f420c8916e9b [KVM: VMX: Fix crash due to  
uninitialized current_vmcs] (BZ#2186824)

* kernel[-rt]: task deadline_test:1778 blocked for more than 622 seconds  
(BZ#2188657)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2176192 - CVE-2023-0461 kernel: net/ulp: use-after-free in listening ULP sockets  
2186862 - CVE-2023-2008 kernel: udmabuf: improper validation of array index leading to local privilege escalation  
2196105 - CVE-2023-32233 kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

aarch64:  
bpftool-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debug-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debug-devel-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debug-devel-matched-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debuginfo-common-aarch64-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-devel-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-devel-matched-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-headers-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-tools-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
perf-5.14.0-70.58.1.el9_0.aarch64.rpm  
perf-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
python3-perf-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm

noarch:  
kernel-doc-5.14.0-70.58.1.el9_0.noarch.rpm

ppc64le:  
bpftool-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debug-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debug-devel-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debug-devel-matched-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-devel-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-devel-matched-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-headers-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-tools-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
perf-5.14.0-70.58.1.el9_0.ppc64le.rpm  
perf-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
python3-perf-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm

s390x:  
bpftool-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debug-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debug-devel-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debug-devel-matched-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debuginfo-common-s390x-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-devel-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-devel-matched-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-headers-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-tools-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-zfcpdump-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-zfcpdump-devel-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-zfcpdump-devel-matched-5.14.0-70.58.1.el9_0.s390x.rpm  
perf-5.14.0-70.58.1.el9_0.s390x.rpm  
perf-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
python3-perf-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm

x86_64:  
bpftool-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debug-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debug-devel-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debug-devel-matched-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debuginfo-common-x86_64-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-devel-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-devel-matched-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-headers-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-tools-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
perf-5.14.0-70.58.1.el9_0.x86_64.rpm  
perf-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
python3-perf-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm

Red Hat Enterprise Linux BaseOS EUS (v.9.0):

Source:  
kernel-5.14.0-70.58.1.el9_0.src.rpm

aarch64:  
bpftool-5.14.0-70.58.1.el9_0.aarch64.rpm  
bpftool-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-core-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debug-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debug-core-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debug-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debug-modules-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debug-modules-extra-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debuginfo-common-aarch64-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-modules-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-modules-extra-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-tools-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-tools-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-tools-libs-5.14.0-70.58.1.el9_0.aarch64.rpm  
perf-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
python3-perf-5.14.0-70.58.1.el9_0.aarch64.rpm  
python3-perf-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm

noarch:  
kernel-abi-stablelists-5.14.0-70.58.1.el9_0.noarch.rpm

ppc64le:  
bpftool-5.14.0-70.58.1.el9_0.ppc64le.rpm  
bpftool-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-core-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debug-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debug-core-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debug-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debug-modules-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debug-modules-extra-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-modules-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-modules-extra-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-tools-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-tools-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-tools-libs-5.14.0-70.58.1.el9_0.ppc64le.rpm  
perf-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
python3-perf-5.14.0-70.58.1.el9_0.ppc64le.rpm  
python3-perf-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm

s390x:  
bpftool-5.14.0-70.58.1.el9_0.s390x.rpm  
bpftool-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-core-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debug-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debug-core-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debug-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debug-modules-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debug-modules-extra-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debuginfo-common-s390x-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-modules-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-modules-extra-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-tools-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-tools-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-zfcpdump-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-zfcpdump-core-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-zfcpdump-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-zfcpdump-modules-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-zfcpdump-modules-extra-5.14.0-70.58.1.el9_0.s390x.rpm  
perf-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
python3-perf-5.14.0-70.58.1.el9_0.s390x.rpm  
python3-perf-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm

x86_64:  
bpftool-5.14.0-70.58.1.el9_0.x86_64.rpm  
bpftool-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-core-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debug-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debug-core-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debug-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debug-modules-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debug-modules-extra-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debuginfo-common-x86_64-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-modules-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-modules-extra-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-tools-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-tools-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-tools-libs-5.14.0-70.58.1.el9_0.x86_64.rpm  
perf-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
python3-perf-5.14.0-70.58.1.el9_0.x86_64.rpm  
python3-perf-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v.9.0):

aarch64:  
bpftool-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-cross-headers-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debug-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debuginfo-common-aarch64-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-tools-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-tools-libs-devel-5.14.0-70.58.1.el9_0.aarch64.rpm  
perf-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
python3-perf-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm

ppc64le:  
bpftool-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-cross-headers-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debug-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-tools-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-tools-libs-devel-5.14.0-70.58.1.el9_0.ppc64le.rpm  
perf-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
python3-perf-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm

s390x:  
bpftool-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-cross-headers-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debug-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debuginfo-common-s390x-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-tools-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-zfcpdump-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
perf-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
python3-perf-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm

x86_64:  
bpftool-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-cross-headers-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debug-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debuginfo-common-x86_64-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-tools-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-tools-libs-devel-5.14.0-70.58.1.el9_0.x86_64.rpm  
perf-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
python3-perf-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0461  
https://access.redhat.com/security/cve/CVE-2023-2008  
https://access.redhat.com/security/cve/CVE-2023-32233  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZH8fhdzjgjWX9erEAQjndA//UpRBwgHz32ghunmBO+fNfeWyHc8iYacs  
pblLL1XPHvdAIZQd/lNJ66EJt2GSNYOB1mLaem7ovXOFUpa/4GdKsFalxFSvyeRS  
msMDfjqt71Qa+iAa3u6+cn9GOgwjijUVjS6DtoMJzPNIIEViDEaYYVJNrxMyMVt9  
M+K/lETdq9SyVxXwWDQs47Y44677PJjGIf6rg8WPjgkZalEf94MxRLQ60pmM6AU0  
a77urCDLwioSGTxoJ5dzyPRxazJM+tqwWaZlsa37c0MB22yk9N+dIpmMhSU+yAPL  
OJQHxmCX3FfQkewlAq90Yc//zCUdmc/+XpUv+sBVOAcCuc3U9Mrhx7BY9YctUPNV  
V2ixlUEj2Rgr7b2boPJNWDM4lAS8WN4OEGcrpNbtYRHrNfS6+7pWcJXpO8s5S+ZU  
aUpRHq0mrWj7Vwew0YQFeO0l6dF40bWXAkvlWRfJyG2NQR6TGNuPDmgkxX1Kifbf  
+Xfsw/bljKkTSZajmiEjKC/0b6J8a2aeIsQZRTkf8g9OyZR6DJTNjdXd99Utwekb  
OaGpRUBoIottSNn1Su1jb3U+N85DBlGinAEEnfZVTur3GjO+o/Tx4bhgvm58WCy3  
t7OrMG0wh3Bx9W6QVnkwh374ejTkfsfN+n4mGnTiIWG1GiukbFSYYJuFipaGUcu5  
KKIPwXF9gSY=  
=sBr4  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3465-01

Red Hat Security Advisory 2023-3462-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel-rt security and bug fix update  
Advisory ID:       RHSA-2023:3462-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3462  
Issue date:        2023-06-06  
CVE Names:         CVE-2022-42896   
=====================================================================

1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4  
Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4  
Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update  
Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux NFV E4S (v.8.4) - x86_64  
Red Hat Enterprise Linux NFV TUS (v.8.4) - x86_64  
Red Hat Enterprise Linux RT TUS (v.8.4) - x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables  
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in  
net/bluetooth/l2cap_core.c (CVE-2022-42896)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* kernel-rt: update RT source tree to the RHEL-8.4.z17 source tree  
(BZ#2185910)

* RHEL-8.7 kernel-rt: INFO: task deadline_test:2526 blocked for more than  
600 seconds. (BZ#2188652)

* Crash: kernel BUG at kernel/locking/rtmutex.c:1338! (BZ#2188725)

* kernel-rt: workqueue: Fix divergence from stock 8.4 (BZ#2209152)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2147364 - CVE-2022-42896 kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c

6. Package List:

Red Hat Enterprise Linux NFV E4S (v.8.4):

Source:  
kernel-rt-4.18.0-305.91.1.rt7.166.el8_4.src.rpm

x86_64:  
kernel-rt-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-core-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-core-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-debuginfo-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-devel-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-kvm-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-modules-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-modules-extra-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debuginfo-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-devel-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-kvm-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-modules-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-modules-extra-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm

Red Hat Enterprise Linux NFV TUS (v.8.4):

Source:  
kernel-rt-4.18.0-305.91.1.rt7.166.el8_4.src.rpm

x86_64:  
kernel-rt-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-core-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-core-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-debuginfo-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-devel-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-kvm-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-modules-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-modules-extra-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debuginfo-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-devel-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-kvm-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-modules-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-modules-extra-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm

Red Hat Enterprise Linux RT TUS (v.8.4):

Source:  
kernel-rt-4.18.0-305.91.1.rt7.166.el8_4.src.rpm

x86_64:  
kernel-rt-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-core-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-core-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-debuginfo-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-devel-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-modules-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-modules-extra-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debuginfo-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-devel-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-modules-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-modules-extra-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-42896  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZH8ffNzjgjWX9erEAQgyzQ//ePc2fU5umHOIMReDPuiaMY7szYylgtmi  
x2gO6L9pgdS9eveUQjsiBK4Clin+7MIX1RTa0Kr+QzC+VCo+4SRP85vE/WDXwEI1  
usJ23fZH2CUURcy38ejG7Cw+xQbFQWnhoFAl0s8TZbLAzKo4CNoVf0FtLrwGif/x  
KadeI4bpdI9kjnVqjdraIaUJeTGAaLH6oKfCBimgTudV1hpOYJF7nO7gnr2Jn9fh  
o1Wa5VXj+z33U6+l6SEVcUtCXRrWIpuwVa47Nan5vAdD5I3tQQbWhsac9AUWF5GO  
KJBdJl8hF3nEYtyQWWlgtg6wQce1WwQCEJBE2ZKjOjz/ppxE8+X9sZnm3GRsTd47  
CvtB7SiMlDAVpSPs6ILahXpQwXCnW0Nhg/Egs5K6QBtVGi1/06h1oSRKuToa6B+v  
0E6USqCbehmneZAs+SfwOcD5de4VmuVS1pCfc905eO+DdWWyA7Zfu6kofYlpxFCU  
+z/GUKj5xyMZgOV6TpJNDrmHuvaaoheNyYdh7kf9d5QYElyrBb/o0UinzGkNghAP  
lrcyKis3NsGxcH0kNkNt6k+Q3g2zLa42OdA7JxtgfoXK/2mpXHTeqxd2RuZrp87G  
qCI2oFQv/20OG6APwESBC0ae3ipF9sZA9do4Y1LrI44pdsBBif3TXBX5HGkmDhit  
VTe8HYqeOrw=  
=lylS  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3462-01

Red Hat Security Advisory 2023-3461-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-3461-01

Red Hat Security Advisory 2023-3470-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include privilege escalation and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel-rt security and bug fix update  
Advisory ID:       RHSA-2023:3470-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3470  
Issue date:        2023-06-06  
CVE Names:         CVE-2023-0461 CVE-2023-2008 CVE-2023-32233   
=====================================================================

1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Real Time EUS (v.9.0) - x86_64  
Red Hat Enterprise Linux Real Time for NFV EUS (v.9.0) - x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables  
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: net/ulp: use-after-free in listening ULP sockets (CVE-2023-0461)

* kernel: udmabuf: improper validation of array index leading to local  
privilege escalation (CVE-2023-2008)

* kernel: netfilter: use-after-free in nf_tables when processing batch  
requests can lead to privilege escalation (CVE-2023-32233)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* kernel-rt-debug: BUG: MAX_LOCKDEP_CHAINS too low (BZ#2181286)

* kernel-rt: update RT source tree to the latest RHEL-9.0.z9 Batch  
(BZ#2186491)

* kernel-rt: INFO: task deadline_test:1778 blocked for more than 622  
seconds (BZ#2188662)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2176192 - CVE-2023-0461 kernel: net/ulp: use-after-free in listening ULP sockets  
2186862 - CVE-2023-2008 kernel: udmabuf: improper validation of array index leading to local privilege escalation  
2196105 - CVE-2023-32233 kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation

6. Package List:

Red Hat Enterprise Linux Real Time for NFV EUS (v.9.0):

Source:  
kernel-rt-5.14.0-70.58.1.rt21.129.el9_0.src.rpm

x86_64:  
kernel-rt-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-core-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debug-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debug-core-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debug-debuginfo-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debug-devel-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debug-kvm-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debug-modules-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debug-modules-extra-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debuginfo-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-devel-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-kvm-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-modules-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-modules-extra-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm

Red Hat Enterprise Linux Real Time EUS (v.9.0):

Source:  
kernel-rt-5.14.0-70.58.1.rt21.129.el9_0.src.rpm

x86_64:  
kernel-rt-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-core-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debug-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debug-core-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debug-debuginfo-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debug-devel-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debug-modules-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debug-modules-extra-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debuginfo-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-devel-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-modules-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-modules-extra-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0461  
https://access.redhat.com/security/cve/CVE-2023-2008  
https://access.redhat.com/security/cve/CVE-2023-32233  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZH8fc9zjgjWX9erEAQixqg//TKjSUs6S1BZfD0fAMLRlETm8X+zQSko2  
/0J2pHxC77zfwa4Tdf0vgCx9WDOzrZE8OQwPU7rchBIRLd/3LZyaVpw88ujtkO7z  
gmTE1EVBOrNrQF4UsZvvI1DhIIjHJTgyA0YZu6k3SnSJ3WCVLJvZoiFMMFJwE3BT  
qFZUe78WC/KwSM2sNsnyPiHEbkv5sIU/nCpHdf0CuriSNaOmf8vYhB5lO4w5+D3G  
pe4ebCa/urh0PRY9XAvlcneN6JhAhrGKerdx2U3M1JV2xLUi6GEiTUabQwaWsIeP  
pTOMQ13b2+0Dx2yGjNVGb4BiNczq1J+4xC2Y6agGhsrEjS25cTs/+VUIU7u55Z6v  
ekZXQqqszCWpmzbFtsPB2piRVswywCcv5C3H+PjIkwtb/ZXt6s0wf15EXubp70Pk  
nxWMI3bDuZKWGqV4QJ0WjCyv9ZrZ07Z/tz/x5+G7W8dsz5NYOd57QWVOH1N8abJe  
0BAn/wxLiovVp8SVXvFhv62HgD0jwWCm/2Qnnk8vUpz14o4WDhazki2n240fG/to  
Gf4V9+u59QhSJoqm15Wn8TdagXGtAJpoF4035uxIsDc6qitqfgUdr+/QKdS1DHbw  
dteCG6cCVXKsdiAP5sLoZc1TLIL7rsW24mKemHx/WA97wYdyfOq1lUR5YyvcZupy  
uaJN7YNDHbs=  
=rdIS  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3470-01

Red Hat Security Advisory 2023-3433-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include out of bounds read and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: webkit2gtk3 security update  
Advisory ID:       RHSA-2023:3433-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3433  
Issue date:        2023-06-05  
CVE Names:         CVE-2023-28204 CVE-2023-32373   
=====================================================================

1. Summary:

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

WebKitGTK is the port of the portable web rendering engine WebKit to the  
GTK platform.

Security Fix(es):

* webkitgtk: a use-after-free when processing maliciously crafted web  
content (CVE-2023-32373)

* webkitgtk: an out-of-bounds read when processing malicious content  
(CVE-2023-28204)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2209208 - CVE-2023-28204 webkitgtk: an out-of-bounds read when processing malicious content  
2209214 - CVE-2023-32373 webkitgtk: a use-after-free when processing maliciously crafted web content

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
webkit2gtk3-2.38.5-1.el8_8.4.src.rpm

aarch64:  
webkit2gtk3-2.38.5-1.el8_8.4.aarch64.rpm  
webkit2gtk3-debuginfo-2.38.5-1.el8_8.4.aarch64.rpm  
webkit2gtk3-debugsource-2.38.5-1.el8_8.4.aarch64.rpm  
webkit2gtk3-devel-2.38.5-1.el8_8.4.aarch64.rpm  
webkit2gtk3-devel-debuginfo-2.38.5-1.el8_8.4.aarch64.rpm  
webkit2gtk3-jsc-2.38.5-1.el8_8.4.aarch64.rpm  
webkit2gtk3-jsc-debuginfo-2.38.5-1.el8_8.4.aarch64.rpm  
webkit2gtk3-jsc-devel-2.38.5-1.el8_8.4.aarch64.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el8_8.4.aarch64.rpm

ppc64le:  
webkit2gtk3-2.38.5-1.el8_8.4.ppc64le.rpm  
webkit2gtk3-debuginfo-2.38.5-1.el8_8.4.ppc64le.rpm  
webkit2gtk3-debugsource-2.38.5-1.el8_8.4.ppc64le.rpm  
webkit2gtk3-devel-2.38.5-1.el8_8.4.ppc64le.rpm  
webkit2gtk3-devel-debuginfo-2.38.5-1.el8_8.4.ppc64le.rpm  
webkit2gtk3-jsc-2.38.5-1.el8_8.4.ppc64le.rpm  
webkit2gtk3-jsc-debuginfo-2.38.5-1.el8_8.4.ppc64le.rpm  
webkit2gtk3-jsc-devel-2.38.5-1.el8_8.4.ppc64le.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el8_8.4.ppc64le.rpm

s390x:  
webkit2gtk3-2.38.5-1.el8_8.4.s390x.rpm  
webkit2gtk3-debuginfo-2.38.5-1.el8_8.4.s390x.rpm  
webkit2gtk3-debugsource-2.38.5-1.el8_8.4.s390x.rpm  
webkit2gtk3-devel-2.38.5-1.el8_8.4.s390x.rpm  
webkit2gtk3-devel-debuginfo-2.38.5-1.el8_8.4.s390x.rpm  
webkit2gtk3-jsc-2.38.5-1.el8_8.4.s390x.rpm  
webkit2gtk3-jsc-debuginfo-2.38.5-1.el8_8.4.s390x.rpm  
webkit2gtk3-jsc-devel-2.38.5-1.el8_8.4.s390x.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el8_8.4.s390x.rpm

x86_64:  
webkit2gtk3-2.38.5-1.el8_8.4.i686.rpm  
webkit2gtk3-2.38.5-1.el8_8.4.x86_64.rpm  
webkit2gtk3-debuginfo-2.38.5-1.el8_8.4.i686.rpm  
webkit2gtk3-debuginfo-2.38.5-1.el8_8.4.x86_64.rpm  
webkit2gtk3-debugsource-2.38.5-1.el8_8.4.i686.rpm  
webkit2gtk3-debugsource-2.38.5-1.el8_8.4.x86_64.rpm  
webkit2gtk3-devel-2.38.5-1.el8_8.4.i686.rpm  
webkit2gtk3-devel-2.38.5-1.el8_8.4.x86_64.rpm  
webkit2gtk3-devel-debuginfo-2.38.5-1.el8_8.4.i686.rpm  
webkit2gtk3-devel-debuginfo-2.38.5-1.el8_8.4.x86_64.rpm  
webkit2gtk3-jsc-2.38.5-1.el8_8.4.i686.rpm  
webkit2gtk3-jsc-2.38.5-1.el8_8.4.x86_64.rpm  
webkit2gtk3-jsc-debuginfo-2.38.5-1.el8_8.4.i686.rpm  
webkit2gtk3-jsc-debuginfo-2.38.5-1.el8_8.4.x86_64.rpm  
webkit2gtk3-jsc-devel-2.38.5-1.el8_8.4.i686.rpm  
webkit2gtk3-jsc-devel-2.38.5-1.el8_8.4.x86_64.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el8_8.4.i686.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el8_8.4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-28204  
https://access.redhat.com/security/cve/CVE-2023-32373  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZH54S9zjgjWX9erEAQik3A/+IpcsSu+L3IB36Z1OGQp+3Ub+9kJQ32iq  
q683C4Md3OK5k8MBLO2lry3iRwz++Dr6sYJnUkzgehxvDbg/EEjVajGy3XkOt4gH  
z4NLf9ANS6uxGbH4vAyh58y4eUCwcFDAmbQ4mls/vsCUj/nWLtYYwkPurq8UT0tC  
A2Wkdy74Qy6S6x9sPMFhjX6/IxLEbyT4zspxoV3w04Hkv8JhGGc6N48d7TZkc0wL  
ta8p2J9J2zs44MxpAOpO1CUemZouLDAGYIFZK0OuqiD4PGJO1zrKvpxklK2iQb8L  
Xo5E3AOeqA9OypynpFp3+/qM7kdLKkN4iGeh4OyyBF1d2/qfEF4yhy8L0ZB1Jngz  
o78+8uB01skD3lLsz+hrln7IF7WWQKClS2nLhiplTM+PRiwVU0OfaB4cX3aQI0CH  
uoO4846LV6GJssLUax9LsBVAu3tM4PeYvb1Ci0dScsvxb8MO+UFuqwYDRh76IJWK  
xYEmDYC6dgcDvnUbiky99OENpJZte9t19pA9x/T3oPYw//DkIBxL8oYqxPDfMo4z  
uO2NavUxK4VWoX/qPZ2cMEEDvAJH6EpSvzur0vX97I42+RKYuds6VuF2gifv5EeD  
7QKKK7zm2xdkMiJVMq5wo7tIPhud5miXU6QUXxD08EAf0KbSjlt6OrTViluaGcOA  
wjHPL3ZkmgQ=  
=cMOt  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3433-01

Red Hat Security Advisory 2023-3432-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include out of bounds read and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: webkit2gtk3 security update  
Advisory ID:       RHSA-2023:3432-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3432  
Issue date:        2023-06-05  
CVE Names:         CVE-2023-28204 CVE-2023-32373   
=====================================================================

1. Summary:

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

WebKitGTK is the port of the portable web rendering engine WebKit to the  
GTK platform.

Security Fix(es):

* webkitgtk: a use-after-free when processing maliciously crafted web  
content (CVE-2023-32373)

* webkitgtk: an out-of-bounds read when processing malicious content  
(CVE-2023-28204)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2209208 - CVE-2023-28204 webkitgtk: an out-of-bounds read when processing malicious content  
2209214 - CVE-2023-32373 webkitgtk: a use-after-free when processing maliciously crafted web content

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
webkit2gtk3-2.38.5-1.el9_2.2.src.rpm

aarch64:  
webkit2gtk3-2.38.5-1.el9_2.2.aarch64.rpm  
webkit2gtk3-debuginfo-2.38.5-1.el9_2.2.aarch64.rpm  
webkit2gtk3-debugsource-2.38.5-1.el9_2.2.aarch64.rpm  
webkit2gtk3-devel-2.38.5-1.el9_2.2.aarch64.rpm  
webkit2gtk3-devel-debuginfo-2.38.5-1.el9_2.2.aarch64.rpm  
webkit2gtk3-jsc-2.38.5-1.el9_2.2.aarch64.rpm  
webkit2gtk3-jsc-debuginfo-2.38.5-1.el9_2.2.aarch64.rpm  
webkit2gtk3-jsc-devel-2.38.5-1.el9_2.2.aarch64.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9_2.2.aarch64.rpm

ppc64le:  
webkit2gtk3-2.38.5-1.el9_2.2.ppc64le.rpm  
webkit2gtk3-debuginfo-2.38.5-1.el9_2.2.ppc64le.rpm  
webkit2gtk3-debugsource-2.38.5-1.el9_2.2.ppc64le.rpm  
webkit2gtk3-devel-2.38.5-1.el9_2.2.ppc64le.rpm  
webkit2gtk3-devel-debuginfo-2.38.5-1.el9_2.2.ppc64le.rpm  
webkit2gtk3-jsc-2.38.5-1.el9_2.2.ppc64le.rpm  
webkit2gtk3-jsc-debuginfo-2.38.5-1.el9_2.2.ppc64le.rpm  
webkit2gtk3-jsc-devel-2.38.5-1.el9_2.2.ppc64le.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9_2.2.ppc64le.rpm

s390x:  
webkit2gtk3-2.38.5-1.el9_2.2.s390x.rpm  
webkit2gtk3-debuginfo-2.38.5-1.el9_2.2.s390x.rpm  
webkit2gtk3-debugsource-2.38.5-1.el9_2.2.s390x.rpm  
webkit2gtk3-devel-2.38.5-1.el9_2.2.s390x.rpm  
webkit2gtk3-devel-debuginfo-2.38.5-1.el9_2.2.s390x.rpm  
webkit2gtk3-jsc-2.38.5-1.el9_2.2.s390x.rpm  
webkit2gtk3-jsc-debuginfo-2.38.5-1.el9_2.2.s390x.rpm  
webkit2gtk3-jsc-devel-2.38.5-1.el9_2.2.s390x.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9_2.2.s390x.rpm

x86_64:  
webkit2gtk3-2.38.5-1.el9_2.2.i686.rpm  
webkit2gtk3-2.38.5-1.el9_2.2.x86_64.rpm  
webkit2gtk3-debuginfo-2.38.5-1.el9_2.2.i686.rpm  
webkit2gtk3-debuginfo-2.38.5-1.el9_2.2.x86_64.rpm  
webkit2gtk3-debugsource-2.38.5-1.el9_2.2.i686.rpm  
webkit2gtk3-debugsource-2.38.5-1.el9_2.2.x86_64.rpm  
webkit2gtk3-devel-2.38.5-1.el9_2.2.i686.rpm  
webkit2gtk3-devel-2.38.5-1.el9_2.2.x86_64.rpm  
webkit2gtk3-devel-debuginfo-2.38.5-1.el9_2.2.i686.rpm  
webkit2gtk3-devel-debuginfo-2.38.5-1.el9_2.2.x86_64.rpm  
webkit2gtk3-jsc-2.38.5-1.el9_2.2.i686.rpm  
webkit2gtk3-jsc-2.38.5-1.el9_2.2.x86_64.rpm  
webkit2gtk3-jsc-debuginfo-2.38.5-1.el9_2.2.i686.rpm  
webkit2gtk3-jsc-debuginfo-2.38.5-1.el9_2.2.x86_64.rpm  
webkit2gtk3-jsc-devel-2.38.5-1.el9_2.2.i686.rpm  
webkit2gtk3-jsc-devel-2.38.5-1.el9_2.2.x86_64.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9_2.2.i686.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9_2.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-28204  
https://access.redhat.com/security/cve/CVE-2023-32373  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZH54RdzjgjWX9erEAQiM7A//TKXn2wpY6wdYmxPDnxde9QRSLmDWvzpQ  
0DDeU7as/ZzwMJkoDoBstFnj3r02GnkRpn5CCshiJK0uqQY/Q/4T3d+y0Co+t2lP  
6wm/v2wkpoSy3CrVIBoIrN93WTXpOWKqyNUX1e7TiPCfATtKiLQg2a9Qmcs6A7Le  
NYS5kdTYIVWsTy1WR6hcbAJozraUNXU60sW5XoViKoR5WsnsFfTXX4v06vhxnW6p  
NR6+I4FyrEtQNo2+UuSQ0eEBEmUaH11CnrNl1TzagKZm49f3nf112ef895GNgxXG  
pGthaReUfwQilgIXMqwv+ei24npA1X/t+RIpazzhUHXh9gmjiGaLMyrEuDpVAwzk  
HEd3R/B7H+lDouoSJbAJ5H0IuMyjOYUZ3Y3JBKhzMGn0ASdCLYX5zQUSzJbBWqsh  
qOU43YUQ3GyODM3qhrQkIzSicNUacYP/ysTi8Lm7nZmGTZdVvTHYO+iobfZ/cvGJ  
IjvjqwA7D0Rgp28fKVdfAw6BNEdd0fonPTZhMn1fCm45v7F6Bdc49khnASX6Scqx  
2ifRaoVupFGKg8uQ+BaYKrCcGlXfO2jj8P/41JUJfaerYMKzqG5HGR6wlplcOfxt  
eCy3c+ItcyacSYViLVq6/jB9ynrRV0gwjVPlOdV3eBgWi4JDsXMx4EQQ171g/ee1  
EnHoatQ58/E=  
=8Vmi  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3432-01

Red Hat Security Advisory 2023-3428-01 - The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System distribution but is now maintained independently. Issues addressed include a code execution vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: cups-filters security update  
Advisory ID:       RHSA-2023:3428-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3428  
Issue date:        2023-06-02  
CVE Names:         CVE-2023-24805   
=====================================================================

1. Summary:

An update for cups-filters is now available for Red Hat Enterprise Linux  
8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2  
Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update  
Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream E4S (v. 8.2) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream TUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64

3. Description:

The cups-filters package contains back ends, filters, and other software  
that was once part of the core Common UNIX Printing System (CUPS)  
distribution but is now maintained independently.

Security Fix(es):

* cups-filters: remote code execution in cups-filters, beh CUPS backend  
(CVE-2023-24805)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2203051 - CVE-2023-24805 cups-filters: remote code execution in cups-filters, beh CUPS backend

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v. 8.2):

Source:  
cups-filters-1.20.0-19.el8_2.1.src.rpm

aarch64:  
cups-filters-1.20.0-19.el8_2.1.aarch64.rpm  
cups-filters-debuginfo-1.20.0-19.el8_2.1.aarch64.rpm  
cups-filters-debugsource-1.20.0-19.el8_2.1.aarch64.rpm  
cups-filters-libs-1.20.0-19.el8_2.1.aarch64.rpm  
cups-filters-libs-debuginfo-1.20.0-19.el8_2.1.aarch64.rpm

ppc64le:  
cups-filters-1.20.0-19.el8_2.1.ppc64le.rpm  
cups-filters-debuginfo-1.20.0-19.el8_2.1.ppc64le.rpm  
cups-filters-debugsource-1.20.0-19.el8_2.1.ppc64le.rpm  
cups-filters-libs-1.20.0-19.el8_2.1.ppc64le.rpm  
cups-filters-libs-debuginfo-1.20.0-19.el8_2.1.ppc64le.rpm

s390x:  
cups-filters-1.20.0-19.el8_2.1.s390x.rpm  
cups-filters-debuginfo-1.20.0-19.el8_2.1.s390x.rpm  
cups-filters-debugsource-1.20.0-19.el8_2.1.s390x.rpm  
cups-filters-libs-1.20.0-19.el8_2.1.s390x.rpm  
cups-filters-libs-debuginfo-1.20.0-19.el8_2.1.s390x.rpm

x86_64:  
cups-filters-1.20.0-19.el8_2.1.x86_64.rpm  
cups-filters-debuginfo-1.20.0-19.el8_2.1.i686.rpm  
cups-filters-debuginfo-1.20.0-19.el8_2.1.x86_64.rpm  
cups-filters-debugsource-1.20.0-19.el8_2.1.i686.rpm  
cups-filters-debugsource-1.20.0-19.el8_2.1.x86_64.rpm  
cups-filters-libs-1.20.0-19.el8_2.1.i686.rpm  
cups-filters-libs-1.20.0-19.el8_2.1.x86_64.rpm  
cups-filters-libs-debuginfo-1.20.0-19.el8_2.1.i686.rpm  
cups-filters-libs-debuginfo-1.20.0-19.el8_2.1.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v. 8.2):

Source:  
cups-filters-1.20.0-19.el8_2.1.src.rpm

aarch64:  
cups-filters-1.20.0-19.el8_2.1.aarch64.rpm  
cups-filters-debuginfo-1.20.0-19.el8_2.1.aarch64.rpm  
cups-filters-debugsource-1.20.0-19.el8_2.1.aarch64.rpm  
cups-filters-libs-1.20.0-19.el8_2.1.aarch64.rpm  
cups-filters-libs-debuginfo-1.20.0-19.el8_2.1.aarch64.rpm

ppc64le:  
cups-filters-1.20.0-19.el8_2.1.ppc64le.rpm  
cups-filters-debuginfo-1.20.0-19.el8_2.1.ppc64le.rpm  
cups-filters-debugsource-1.20.0-19.el8_2.1.ppc64le.rpm  
cups-filters-libs-1.20.0-19.el8_2.1.ppc64le.rpm  
cups-filters-libs-debuginfo-1.20.0-19.el8_2.1.ppc64le.rpm

s390x:  
cups-filters-1.20.0-19.el8_2.1.s390x.rpm  
cups-filters-debuginfo-1.20.0-19.el8_2.1.s390x.rpm  
cups-filters-debugsource-1.20.0-19.el8_2.1.s390x.rpm  
cups-filters-libs-1.20.0-19.el8_2.1.s390x.rpm  
cups-filters-libs-debuginfo-1.20.0-19.el8_2.1.s390x.rpm

x86_64:  
cups-filters-1.20.0-19.el8_2.1.x86_64.rpm  
cups-filters-debuginfo-1.20.0-19.el8_2.1.i686.rpm  
cups-filters-debuginfo-1.20.0-19.el8_2.1.x86_64.rpm  
cups-filters-debugsource-1.20.0-19.el8_2.1.i686.rpm  
cups-filters-debugsource-1.20.0-19.el8_2.1.x86_64.rpm  
cups-filters-libs-1.20.0-19.el8_2.1.i686.rpm  
cups-filters-libs-1.20.0-19.el8_2.1.x86_64.rpm  
cups-filters-libs-debuginfo-1.20.0-19.el8_2.1.i686.rpm  
cups-filters-libs-debuginfo-1.20.0-19.el8_2.1.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v. 8.2):

Source:  
cups-filters-1.20.0-19.el8_2.1.src.rpm

aarch64:  
cups-filters-1.20.0-19.el8_2.1.aarch64.rpm  
cups-filters-debuginfo-1.20.0-19.el8_2.1.aarch64.rpm  
cups-filters-debugsource-1.20.0-19.el8_2.1.aarch64.rpm  
cups-filters-libs-1.20.0-19.el8_2.1.aarch64.rpm  
cups-filters-libs-debuginfo-1.20.0-19.el8_2.1.aarch64.rpm

ppc64le:  
cups-filters-1.20.0-19.el8_2.1.ppc64le.rpm  
cups-filters-debuginfo-1.20.0-19.el8_2.1.ppc64le.rpm  
cups-filters-debugsource-1.20.0-19.el8_2.1.ppc64le.rpm  
cups-filters-libs-1.20.0-19.el8_2.1.ppc64le.rpm  
cups-filters-libs-debuginfo-1.20.0-19.el8_2.1.ppc64le.rpm

s390x:  
cups-filters-1.20.0-19.el8_2.1.s390x.rpm  
cups-filters-debuginfo-1.20.0-19.el8_2.1.s390x.rpm  
cups-filters-debugsource-1.20.0-19.el8_2.1.s390x.rpm  
cups-filters-libs-1.20.0-19.el8_2.1.s390x.rpm  
cups-filters-libs-debuginfo-1.20.0-19.el8_2.1.s390x.rpm

x86_64:  
cups-filters-1.20.0-19.el8_2.1.x86_64.rpm  
cups-filters-debuginfo-1.20.0-19.el8_2.1.i686.rpm  
cups-filters-debuginfo-1.20.0-19.el8_2.1.x86_64.rpm  
cups-filters-debugsource-1.20.0-19.el8_2.1.i686.rpm  
cups-filters-debugsource-1.20.0-19.el8_2.1.x86_64.rpm  
cups-filters-libs-1.20.0-19.el8_2.1.i686.rpm  
cups-filters-libs-1.20.0-19.el8_2.1.x86_64.rpm  
cups-filters-libs-debuginfo-1.20.0-19.el8_2.1.i686.rpm  
cups-filters-libs-debuginfo-1.20.0-19.el8_2.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-24805  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZH532NzjgjWX9erEAQgRTg//S+AGLsYC080CU+gk/O5Rc5n9kdqpmbCi  
iHEyADw4qL5n5m03dmgXVdcEQRFx8+GNjbs6kQhh8Jzhb0Ior8TdXwkw4htBtbvI  
N+vj1+tFoSkWGU6yUXRor6V2Cck1dtGm9wQHxVsr3hvTPKBU1zMELLl1r0BwkMiF  
dGLf23Z8T2iEp5FsOeQT/2dyMbuI7KAejntX4m1kNLcW3rgL2cHXqUlh1GvDPnAF  
M08f2meAXDd/PC4bJyn+pzAaO5laTg2JNY0djTatiRMDwl6RE6wznHgnEfPbAw7J  
52n2MERjaUIf9yRqG9yV6uVcjm06WF7bSIvYe2hoEQqE4y3TTdQY26Lvrolebg4X  
5HXe7TFHEJCu+C3FQk1SqvpgAezezQpxtKY9xdSnApO5mFLON68z97YZQt+B7pu5  
TgCmItBIdpgez7qkoqUf6iNAC/Mv4YT+lY62dMxE0eDjuzrYvhc+KbU4MbNHiHjJ  
Fx0TKzIWkjU5Vz6IWlTCBz13qfbsQ+9HtgRBClwiF7g8X/keWBWVxVe4mZMLLaRz  
uXdi5ip7ExDG1ALLd4TrcihT/zYlZK6Dwi1hZS9w4Tda3B2pH4tW9osnfq4xv+Ki  
RACA5RoL9j5qegbyfAD/Urz3hngixa8gMPZINHF0ZAkufjLZKh8bovzTsxIGTtDW  
bPKGGtQG5qI=  
=JdrW  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3428-01

Red Hat Security Advisory 2023-3425-01 - The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System distribution but is now maintained independently. Issues addressed include a code execution vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: cups-filters security update  
Advisory ID:       RHSA-2023:3425-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3425  
Issue date:        2023-06-02  
CVE Names:         CVE-2023-24805   
=====================================================================

1. Summary:

An update for cups-filters is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

The cups-filters package contains back ends, filters, and other software  
that was once part of the core Common UNIX Printing System (CUPS)  
distribution but is now maintained independently.

Security Fix(es):

* cups-filters: remote code execution in cups-filters, beh CUPS backend  
(CVE-2023-24805)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2203051 - CVE-2023-24805 cups-filters: remote code execution in cups-filters, beh CUPS backend

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
cups-filters-1.20.0-29.el8_8.2.src.rpm

aarch64:  
cups-filters-1.20.0-29.el8_8.2.aarch64.rpm  
cups-filters-debuginfo-1.20.0-29.el8_8.2.aarch64.rpm  
cups-filters-debugsource-1.20.0-29.el8_8.2.aarch64.rpm  
cups-filters-libs-1.20.0-29.el8_8.2.aarch64.rpm  
cups-filters-libs-debuginfo-1.20.0-29.el8_8.2.aarch64.rpm

ppc64le:  
cups-filters-1.20.0-29.el8_8.2.ppc64le.rpm  
cups-filters-debuginfo-1.20.0-29.el8_8.2.ppc64le.rpm  
cups-filters-debugsource-1.20.0-29.el8_8.2.ppc64le.rpm  
cups-filters-libs-1.20.0-29.el8_8.2.ppc64le.rpm  
cups-filters-libs-debuginfo-1.20.0-29.el8_8.2.ppc64le.rpm

s390x:  
cups-filters-1.20.0-29.el8_8.2.s390x.rpm  
cups-filters-debuginfo-1.20.0-29.el8_8.2.s390x.rpm  
cups-filters-debugsource-1.20.0-29.el8_8.2.s390x.rpm  
cups-filters-libs-1.20.0-29.el8_8.2.s390x.rpm  
cups-filters-libs-debuginfo-1.20.0-29.el8_8.2.s390x.rpm

x86_64:  
cups-filters-1.20.0-29.el8_8.2.x86_64.rpm  
cups-filters-debuginfo-1.20.0-29.el8_8.2.i686.rpm  
cups-filters-debuginfo-1.20.0-29.el8_8.2.x86_64.rpm  
cups-filters-debugsource-1.20.0-29.el8_8.2.i686.rpm  
cups-filters-debugsource-1.20.0-29.el8_8.2.x86_64.rpm  
cups-filters-libs-1.20.0-29.el8_8.2.i686.rpm  
cups-filters-libs-1.20.0-29.el8_8.2.x86_64.rpm  
cups-filters-libs-debuginfo-1.20.0-29.el8_8.2.i686.rpm  
cups-filters-libs-debuginfo-1.20.0-29.el8_8.2.x86_64.rpm

Red Hat Enterprise Linux CRB (v. 8):

aarch64:  
cups-filters-debuginfo-1.20.0-29.el8_8.2.aarch64.rpm  
cups-filters-debugsource-1.20.0-29.el8_8.2.aarch64.rpm  
cups-filters-devel-1.20.0-29.el8_8.2.aarch64.rpm  
cups-filters-libs-debuginfo-1.20.0-29.el8_8.2.aarch64.rpm

ppc64le:  
cups-filters-debuginfo-1.20.0-29.el8_8.2.ppc64le.rpm  
cups-filters-debugsource-1.20.0-29.el8_8.2.ppc64le.rpm  
cups-filters-devel-1.20.0-29.el8_8.2.ppc64le.rpm  
cups-filters-libs-debuginfo-1.20.0-29.el8_8.2.ppc64le.rpm

s390x:  
cups-filters-debuginfo-1.20.0-29.el8_8.2.s390x.rpm  
cups-filters-debugsource-1.20.0-29.el8_8.2.s390x.rpm  
cups-filters-devel-1.20.0-29.el8_8.2.s390x.rpm  
cups-filters-libs-debuginfo-1.20.0-29.el8_8.2.s390x.rpm

x86_64:  
cups-filters-debuginfo-1.20.0-29.el8_8.2.i686.rpm  
cups-filters-debuginfo-1.20.0-29.el8_8.2.x86_64.rpm  
cups-filters-debugsource-1.20.0-29.el8_8.2.i686.rpm  
cups-filters-debugsource-1.20.0-29.el8_8.2.x86_64.rpm  
cups-filters-devel-1.20.0-29.el8_8.2.i686.rpm  
cups-filters-devel-1.20.0-29.el8_8.2.x86_64.rpm  
cups-filters-libs-debuginfo-1.20.0-29.el8_8.2.i686.rpm  
cups-filters-libs-debuginfo-1.20.0-29.el8_8.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-24805  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZH53xtzjgjWX9erEAQinZQ//e8C3UZz2YSdb+iZcCQkHvpAXS5G4OnnF  
+TDdAQ+fdNuXkMzQey2UEl8/h/0xyEJqF33gOlbgEtIAHNtNR2WP6Wk1HgGNZONA  
teCMda5qliPG0L8H/t/sgNqrWxhQnGE4LbKLQLTXn8Bq0sZhSlZyiSBK4wLxURjS  
Ospqc6yZYpceh/AxJeN8UPkZqWtPq1U4GEVBeb6fQJNPKsCCORCZ+tQYlZlarZJ0  
TnWtzFnDCiAzgck/BKiu16KT4MLGwAzyAGVup3fMcumSkNqvfUtrlNeH7aO4CYMe  
wBmUtKubwrcxQielC/vMwIAZ2F6kgroqyuYrIubUQ/+DvyySy9J8QZmKjF2gc5h4  
yGkrjJEH2tTjdIPa2RF+9oVAKd+MuWj6K2dn0C0y1P8T7903JLt3IV1CYJiO8/Nu  
oWQginskxa+zMwpCeoRzqjx7ZjGUv89MQoh4c4QyD3iWs1suDGFLFbuUGKaX/mpx  
WhIyqOPGFw6jAfWUmW1kbmIjMPNniKLAcxy8Z1tugHfONAgpImbR3DA1KPzyUmQ2  
zssn6Mzn8L10r3oyXPoVJzXhRinbgLjrEuW9APDZR4vgC+8xWfbAO46EBMmjTrsN  
cmDILmHdkpM1Re8/0B8a3DE+y9X2QJi8jVDM/3s+7c8ccdHOu+Re5fMZ8zbFvhQo  
kJ9fZbZQauo=  
=3N+S  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3425-01

Red Hat Security Advisory 2023-3431-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kpatch-patch security update  
Advisory ID:       RHSA-2023:3431-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3431  
Issue date:        2023-06-05  
CVE Names:         CVE-2022-3564 CVE-2022-4378   
=====================================================================

1. Summary:

An update for kpatch-patch is now available for Red Hat Enterprise Linux  
8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS EUS (v.8.6) - ppc64le, x86_64

3. Description:

This is a kernel live patch module which is automatically loaded by the RPM  
post-install script to modify the code of a running kernel.

Security Fix(es):

* kernel: use-after-free caused by l2cap_reassemble_sdu() in  
net/bluetooth/l2cap_core.c (CVE-2022-3564)

* kernel: stack overflow in do_proc_dointvec and proc_skip_spaces  
(CVE-2022-4378)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2150999 - CVE-2022-3564 kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c  
2152548 - CVE-2022-4378 kernel: stack overflow in do_proc_dointvec and proc_skip_spaces

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v.8.6):

Source:  
kpatch-patch-4_18_0-372_36_1-1-6.el8_6.src.rpm  
kpatch-patch-4_18_0-372_40_1-1-6.el8_6.src.rpm  
kpatch-patch-4_18_0-372_41_1-1-5.el8_6.src.rpm  
kpatch-patch-4_18_0-372_46_1-1-3.el8_6.src.rpm  
kpatch-patch-4_18_0-372_51_1-1-2.el8_6.src.rpm  
kpatch-patch-4_18_0-372_52_1-1-1.el8_6.src.rpm

ppc64le:  
kpatch-patch-4_18_0-372_36_1-1-6.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_36_1-debuginfo-1-6.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_36_1-debugsource-1-6.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_40_1-1-6.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_40_1-debuginfo-1-6.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_40_1-debugsource-1-6.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_41_1-1-5.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_41_1-debuginfo-1-5.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_41_1-debugsource-1-5.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_46_1-1-3.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_46_1-debuginfo-1-3.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_46_1-debugsource-1-3.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_51_1-1-2.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_51_1-debuginfo-1-2.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_51_1-debugsource-1-2.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_52_1-1-1.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_52_1-debuginfo-1-1.el8_6.ppc64le.rpm  
kpatch-patch-4_18_0-372_52_1-debugsource-1-1.el8_6.ppc64le.rpm

x86_64:  
kpatch-patch-4_18_0-372_36_1-1-6.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_36_1-debuginfo-1-6.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_36_1-debugsource-1-6.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_40_1-1-6.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_40_1-debuginfo-1-6.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_40_1-debugsource-1-6.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_41_1-1-5.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_41_1-debuginfo-1-5.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_41_1-debugsource-1-5.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_46_1-1-3.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_46_1-debuginfo-1-3.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_46_1-debugsource-1-3.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_51_1-1-2.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_51_1-debuginfo-1-2.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_51_1-debugsource-1-2.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_52_1-1-1.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_52_1-debuginfo-1-1.el8_6.x86_64.rpm  
kpatch-patch-4_18_0-372_52_1-debugsource-1-1.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-3564  
https://access.redhat.com/security/cve/CVE-2022-4378  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZH53ltzjgjWX9erEAQjL1A//SXtOUNzylRkLiafG9pFKnIdAzNlLG/Fy  
9sieWb7ffaXBYe3uty4JztqZE5a8kXylXVxvGexKq8PwrNhA9WIGo1GqbrZ0T+CF  
4ycGhbr+DXyHaNvXFIdnj1e1v6jrGlNdFbofmEQ2lQ/FpbaCLvmV1E2Z95dIIa75  
Usvf8mt6kDPP4NtOlGucrUSqBId6SleAnNjI4i3Itt/K35ErcAjsx1dLmjcpy7wX  
VdSj75kFiJv2iknwy0IfWyEnXmbFpH9rw9QCoy4804m6Q8ldqgj/C5+HKF2wkkjx  
k7UvAbQtQhpUiGKDmGEU1iXTrW7gJXPwpj6r+HpXgcnzxl0pn6pdA1l2oVZaExQY  
Ak3dwPeR+XHmRdnt7XE3osxvv5xNBFitdfVdq0Stk578PvUT0/IzKoKydaAzgFJb  
6hR7g+ab7yHSbUCaZoRgMfVPopPkYE6qLxfH4pEOjc/Xf9EGyJgTVIObZgigcKqI  
3OSkwJ4Db+h7VZlIZqpxp/e72DXT3CaihXLxgPLhGBxhz1xlOZrxZLjWyVR7iQw9  
wb9U2zBVxOYHryw+hoBMDgqVZcriwXWjV0dW5ExpJEU6EwXiw2+Ge5Gc/iy10zZP  
JM1f1H0xIKoA9Xufvl6MtmHzHpif2hSb1PJ+wV/M+MPo39FBMbujo0fx+111LHdK  
vWX7iHWwHCw=  
=yZd1  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3431-01

Red Hat Security Advisory 2023-3429-02 - The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System distribution but is now maintained independently. Issues addressed include a code execution vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: cups-filters security update  
Advisory ID:       RHSA-2023:3429-02  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3429  
Issue date:        2023-06-02  
CVE Names:         CVE-2023-24805   
=====================================================================

1. Summary:

An update for cups-filters is now available for Red Hat Enterprise Linux  
8.1 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - aarch64, ppc64le, s390x, x86_64

3. Description:

The cups-filters package contains back ends, filters, and other software  
that was once part of the core Common UNIX Printing System (CUPS)  
distribution but is now maintained independently.

Security Fix(es):

* cups-filters: remote code execution in cups-filters, beh CUPS backend  
(CVE-2023-24805)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2203051 - CVE-2023-24805 cups-filters: remote code execution in cups-filters, beh CUPS backend

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

Source:  
cups-filters-1.20.0-18.el8_1.1.src.rpm

aarch64:  
cups-filters-1.20.0-18.el8_1.1.aarch64.rpm  
cups-filters-debuginfo-1.20.0-18.el8_1.1.aarch64.rpm  
cups-filters-debugsource-1.20.0-18.el8_1.1.aarch64.rpm  
cups-filters-libs-1.20.0-18.el8_1.1.aarch64.rpm  
cups-filters-libs-debuginfo-1.20.0-18.el8_1.1.aarch64.rpm

ppc64le:  
cups-filters-1.20.0-18.el8_1.1.ppc64le.rpm  
cups-filters-debuginfo-1.20.0-18.el8_1.1.ppc64le.rpm  
cups-filters-debugsource-1.20.0-18.el8_1.1.ppc64le.rpm  
cups-filters-libs-1.20.0-18.el8_1.1.ppc64le.rpm  
cups-filters-libs-debuginfo-1.20.0-18.el8_1.1.ppc64le.rpm

s390x:  
cups-filters-1.20.0-18.el8_1.1.s390x.rpm  
cups-filters-debuginfo-1.20.0-18.el8_1.1.s390x.rpm  
cups-filters-debugsource-1.20.0-18.el8_1.1.s390x.rpm  
cups-filters-libs-1.20.0-18.el8_1.1.s390x.rpm  
cups-filters-libs-debuginfo-1.20.0-18.el8_1.1.s390x.rpm

x86_64:  
cups-filters-1.20.0-18.el8_1.1.x86_64.rpm  
cups-filters-debuginfo-1.20.0-18.el8_1.1.i686.rpm  
cups-filters-debuginfo-1.20.0-18.el8_1.1.x86_64.rpm  
cups-filters-debugsource-1.20.0-18.el8_1.1.i686.rpm  
cups-filters-debugsource-1.20.0-18.el8_1.1.x86_64.rpm  
cups-filters-libs-1.20.0-18.el8_1.1.i686.rpm  
cups-filters-libs-1.20.0-18.el8_1.1.x86_64.rpm  
cups-filters-libs-debuginfo-1.20.0-18.el8_1.1.i686.rpm  
cups-filters-libs-debuginfo-1.20.0-18.el8_1.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-24805  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZH53jtzjgjWX9erEAQh0vg//UBqwZMmzLAZt1mOBI3HSkj041LcSFG7w  
s70FPF3/KUdtxYcZvwVLWt4J4HdUSXIfgh9hY1ZLfOhbYtRmel32GWUAqM6RK1nX  
U4ZXwDF+wSF1bxyybzMnCRUFifHM6ACNfqZUxZ8GTy7zG9r8LAN0k76y5DxfmiHg  
RJFowO6p4aCQDPqU1X0GxFre9D99YSrhMKeefzF0cmFF1QPpdWPgRIy6pkzJ+cK1  
WG1pF6c+/F6RrubW3nyubLFkMnlLe6/KAgG5pub8iuGpUNqC0EF85hOnigA8S6qH  
3XzVBAz52WIErT69CHTqv+c/EIZJNME69fTDNFqegwOzCu8sCX2iXmaaaMF21okf  
NoJqS5OeizkKMndAwMPAp4JxNg9n+HNDrfLTDsdVkNJi8TBYh4ODzJEgy9WWciwB  
mxp5lFtzHDt4K/4HiI74FltUPK3LhtS8c8tRP9f/BCBIIMmdi/Fvhta+RgKinoLP  
tW3b+/oO4Lqmat16YzsnjQsCSkowxUYPdKwOtlXN1q9fH2O7G8zeXPB2fewGyyoj  
c/qn1sO4iTEiB8CStxStNIqjIjux4O4qNmPbZN9iLwRZRo/1DT/8Gzz1aFRiJdQo  
31wetgcMa+kdiYQcwl5J6BXFmJsfIW6FQ3hxgiF0fzcaMKApbz3+sBfSj+BiPAEX  
vAPD413QGSM=  
=n2OG  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#linux