Red Hat Security Advisory 2023-3155-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.11.0. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:3155-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3155  
Issue date:        2023-05-16  
CVE Names:         CVE-2023-32205 CVE-2023-32206 CVE-2023-32207  
                   CVE-2023-32211 CVE-2023-32212 CVE-2023-32213  
                   CVE-2023-32215  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.11.0.

Security Fix(es):

* Mozilla: Browser prompts could have been obscured by popups  
(CVE-2023-32205)

* Mozilla: Crash in RLBox Expat driver (CVE-2023-32206)

* Mozilla: Potential permissions request bypass via clickjacking  
(CVE-2023-32207)

* Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11  
(CVE-2023-32215)

* Mozilla: Content process crash due to invalid wasm code (CVE-2023-32211)

* Mozilla: Potential spoof due to obscured address bar (CVE-2023-32212)

* Mozilla: Potential memory corruption in FileReader::DoReadData()  
(CVE-2023-32213)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2196736 - CVE-2023-32205 Mozilla: Browser prompts could have been obscured by popups  
2196737 - CVE-2023-32206 Mozilla: Crash in RLBox Expat driver  
2196738 - CVE-2023-32207 Mozilla: Potential permissions request bypass via clickjacking  
2196740 - CVE-2023-32211 Mozilla: Content process crash due to invalid wasm code  
2196741 - CVE-2023-32212 Mozilla: Potential spoof due to obscured address bar  
2196742 - CVE-2023-32213 Mozilla: Potential memory corruption in FileReader::DoReadData()  
2196753 - CVE-2023-32215 Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
thunderbird-102.11.0-1.el8_6.src.rpm

aarch64:  
thunderbird-102.11.0-1.el8_6.aarch64.rpm  
thunderbird-debuginfo-102.11.0-1.el8_6.aarch64.rpm  
thunderbird-debugsource-102.11.0-1.el8_6.aarch64.rpm

ppc64le:  
thunderbird-102.11.0-1.el8_6.ppc64le.rpm  
thunderbird-debuginfo-102.11.0-1.el8_6.ppc64le.rpm  
thunderbird-debugsource-102.11.0-1.el8_6.ppc64le.rpm

s390x:  
thunderbird-102.11.0-1.el8_6.s390x.rpm  
thunderbird-debuginfo-102.11.0-1.el8_6.s390x.rpm  
thunderbird-debugsource-102.11.0-1.el8_6.s390x.rpm

x86_64:  
thunderbird-102.11.0-1.el8_6.x86_64.rpm  
thunderbird-debuginfo-102.11.0-1.el8_6.x86_64.rpm  
thunderbird-debugsource-102.11.0-1.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-32205  
https://access.redhat.com/security/cve/CVE-2023-32206  
https://access.redhat.com/security/cve/CVE-2023-32207  
https://access.redhat.com/security/cve/CVE-2023-32211  
https://access.redhat.com/security/cve/CVE-2023-32212  
https://access.redhat.com/security/cve/CVE-2023-32213  
https://access.redhat.com/security/cve/CVE-2023-32215  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGQXqtzjgjWX9erEAQgLGw/+Nms5Ev0EIc+b4UVd1YnUR5FFjvNXquvt  
WR9NpsXrjMMjQQ5kHZCcvSopeWsWA0G2uCa7vY/8MMCQvXU+8gN1J1QaqbAsIQmK  
azKRn5B1pemKMW98XyxnOO9J6u0N+zBrLnLFYTuWVPZwTqZjRJ+MIv2cMQM3vM+2  
1N+5ElLTNVzkExNBro8ylOGZthcAqAMVYXpf2hDW0JZoToJA3toMjXwdjiJcewmg  
VSFi6iM8KaYepUkwDOPRg/GyzTd6mNe+kaLgLHs46Z3CN8pT3r05kftHLF7Qh2Ua  
qIpPRjqW9I88YFRF1dgxk45I6CcGDoCTDjWYW8c28nOKO9Ntop/XqIZTyKjgZjpW  
DKINKnpru38Xn9+ilkSLL3MI3FQMcI/3bZMIFH/BtiQbu4pPiWeysmP2BiRP8sRm  
I1D7mcavFG5o3k0xnW8/AwMx2es+4TuQnIXz70b0tW/U8TrbW3HWWtQA3Sba+nHe  
zF+AoMjJ4UxlPY0EE1EQ6/M0adp3niumP15Xy625ywXdN4toyra1MBsBqJcx3AiZ  
1jyK1TTgzMCBkftw/96ojdGTU5JiFfHSb0l4uONykI1sw79AhmzjFvrC1xn5L4Kj  
k1V4jhsLx74BWG7++TGwUyxkTXSucu0qxHtAv7KhxmiELs/9qVt58zA+p3wjO/z4  
RF3PcjF94kw=fLdi  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3155-01

Red Hat Security Advisory 2023-3142-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.11.0 ESR. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2023:3142-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3142  
Issue date:        2023-05-16  
CVE Names:         CVE-2023-32205 CVE-2023-32206 CVE-2023-32207  
                   CVE-2023-32211 CVE-2023-32212 CVE-2023-32213  
                   CVE-2023-32215  
====================================================================  
1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.11.0 ESR.

Security Fix(es):

* Mozilla: Browser prompts could have been obscured by popups  
(CVE-2023-32205)

* Mozilla: Crash in RLBox Expat driver (CVE-2023-32206)

* Mozilla: Potential permissions request bypass via clickjacking  
(CVE-2023-32207)

* Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11  
(CVE-2023-32215)

* Mozilla: Content process crash due to invalid wasm code (CVE-2023-32211)

* Mozilla: Potential spoof due to obscured address bar (CVE-2023-32212)

* Mozilla: Potential memory corruption in FileReader::DoReadData()  
(CVE-2023-32213)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2196736 - CVE-2023-32205 Mozilla: Browser prompts could have been obscured by popups  
2196737 - CVE-2023-32206 Mozilla: Crash in RLBox Expat driver  
2196738 - CVE-2023-32207 Mozilla: Potential permissions request bypass via clickjacking  
2196740 - CVE-2023-32211 Mozilla: Content process crash due to invalid wasm code  
2196741 - CVE-2023-32212 Mozilla: Potential spoof due to obscured address bar  
2196742 - CVE-2023-32213 Mozilla: Potential memory corruption in FileReader::DoReadData()  
2196753 - CVE-2023-32215 Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

Source:  
firefox-102.11.0-2.el9_0.src.rpm

aarch64:  
firefox-102.11.0-2.el9_0.aarch64.rpm  
firefox-debuginfo-102.11.0-2.el9_0.aarch64.rpm  
firefox-debugsource-102.11.0-2.el9_0.aarch64.rpm

ppc64le:  
firefox-102.11.0-2.el9_0.ppc64le.rpm  
firefox-debuginfo-102.11.0-2.el9_0.ppc64le.rpm  
firefox-debugsource-102.11.0-2.el9_0.ppc64le.rpm

s390x:  
firefox-102.11.0-2.el9_0.s390x.rpm  
firefox-debuginfo-102.11.0-2.el9_0.s390x.rpm  
firefox-debugsource-102.11.0-2.el9_0.s390x.rpm

x86_64:  
firefox-102.11.0-2.el9_0.x86_64.rpm  
firefox-debuginfo-102.11.0-2.el9_0.x86_64.rpm  
firefox-debugsource-102.11.0-2.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-32205  
https://access.redhat.com/security/cve/CVE-2023-32206  
https://access.redhat.com/security/cve/CVE-2023-32207  
https://access.redhat.com/security/cve/CVE-2023-32211  
https://access.redhat.com/security/cve/CVE-2023-32212  
https://access.redhat.com/security/cve/CVE-2023-32213  
https://access.redhat.com/security/cve/CVE-2023-32215  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGQXiNzjgjWX9erEAQiRXBAAiVIUbn7dOf2NutaLOvipz864YOInXgvg  
DBBWDy4c5i7SlkDPst2YcxDnhKv4k9aj9HUDcNEL8eYgSR6l7brPPj2SSMQdlfCe  
gc0F0E6kHqPzkZ8EO4OCjQHUCfYYKlHRWCqCXRpYYCL0At9XZsk2Br1NsSqnRk3H  
lh9uGVrq56NJcJwjQHKVDrN/jXTDGTzPgqyLMmIUiVh5eTipYnkisRIEAjhRK9Rz  
MDeoIBdywRk6W4uKpNBtj2Q4CdiHJ2RNTjFvtdpYzxUqCdRp1/9G7hz/LRwR8Hnc  
k83snO3fALH46af/hLFej1GZir3EhpG8zJMkOqxtivGd+ly36Ba1iEOeodUxYGh1  
ebjmdj2dGWsaedhxwMy2hDWMoVjXu4629VpnuSJdsxptTxraMGGkyZB0TRSMAGEZ  
NiXXLEUGVWqgq8dOii4vefq75IzSXGUwPguts0jUpxLJG2RhA1M+Uqu0UH7MPdOB  
UKGu+mW5eRHBs62v8ntu6kG6qMw4LpAKAX0Yc/2vBsqJqMaXjoHN5tmrl9oUQKvj  
7FtoaTGl+2RF9zLKUi2LSeQrTws92duNWomoAY8DC6ks0PS0zmLXi8OnX/PLIl6q  
zGo+wLaUqOv+lZmSYx/r58e1pFQoaHvsbPO1yy49s8mUlXS18HmMDVyraiBEnMsC  
6uKZMJvihQI=G9dm  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3142-01

Red Hat Security Advisory 2023-3145-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: apr-util security update  
Advisory ID:       RHSA-2023:3145-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3145  
Issue date:        2023-05-16  
CVE Names:         CVE-2022-25147  
====================================================================  
1. Summary:

An update for apr-util is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64  
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64  
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64  
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - x86_64  
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

The Apache Portable Runtime (APR) is a portability library used by the  
Apache HTTP Server and other projects. apr-util is a library which provides  
additional utility interfaces for APR; including support for XML parsing,  
LDAP, database interfaces, URI parsing, and more.

Security Fix(es):

* apr-util: out-of-bounds writes in the apr_base64 (CVE-2022-25147)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

Applications using the APR libraries, such as httpd, must be restarted for  
this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2169652 - CVE-2022-25147 apr-util: out-of-bounds writes in the apr_base64

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
apr-util-1.5.2-6.el7_9.1.src.rpm

x86_64:  
apr-util-1.5.2-6.el7_9.1.i686.rpm  
apr-util-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-debuginfo-1.5.2-6.el7_9.1.i686.rpm  
apr-util-debuginfo-1.5.2-6.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:  
apr-util-debuginfo-1.5.2-6.el7_9.1.i686.rpm  
apr-util-debuginfo-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-devel-1.5.2-6.el7_9.1.i686.rpm  
apr-util-devel-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-ldap-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-mysql-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-nss-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-odbc-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-openssl-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-pgsql-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-sqlite-1.5.2-6.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Source:  
apr-util-1.5.2-6.el7_9.1.src.rpm

x86_64:  
apr-util-1.5.2-6.el7_9.1.i686.rpm  
apr-util-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-debuginfo-1.5.2-6.el7_9.1.i686.rpm  
apr-util-debuginfo-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-devel-1.5.2-6.el7_9.1.i686.rpm  
apr-util-devel-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-ldap-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-mysql-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-nss-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-odbc-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-openssl-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-pgsql-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-sqlite-1.5.2-6.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
apr-util-1.5.2-6.el7_9.1.src.rpm

ppc64:  
apr-util-1.5.2-6.el7_9.1.ppc.rpm  
apr-util-1.5.2-6.el7_9.1.ppc64.rpm  
apr-util-debuginfo-1.5.2-6.el7_9.1.ppc.rpm  
apr-util-debuginfo-1.5.2-6.el7_9.1.ppc64.rpm  
apr-util-devel-1.5.2-6.el7_9.1.ppc.rpm  
apr-util-devel-1.5.2-6.el7_9.1.ppc64.rpm  
apr-util-openssl-1.5.2-6.el7_9.1.ppc64.rpm

ppc64le:  
apr-util-1.5.2-6.el7_9.1.ppc64le.rpm  
apr-util-debuginfo-1.5.2-6.el7_9.1.ppc64le.rpm  
apr-util-devel-1.5.2-6.el7_9.1.ppc64le.rpm  
apr-util-openssl-1.5.2-6.el7_9.1.ppc64le.rpm

s390x:  
apr-util-1.5.2-6.el7_9.1.s390.rpm  
apr-util-1.5.2-6.el7_9.1.s390x.rpm  
apr-util-debuginfo-1.5.2-6.el7_9.1.s390.rpm  
apr-util-debuginfo-1.5.2-6.el7_9.1.s390x.rpm  
apr-util-devel-1.5.2-6.el7_9.1.s390.rpm  
apr-util-devel-1.5.2-6.el7_9.1.s390x.rpm  
apr-util-openssl-1.5.2-6.el7_9.1.s390x.rpm

x86_64:  
apr-util-1.5.2-6.el7_9.1.i686.rpm  
apr-util-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-debuginfo-1.5.2-6.el7_9.1.i686.rpm  
apr-util-debuginfo-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-devel-1.5.2-6.el7_9.1.i686.rpm  
apr-util-devel-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-openssl-1.5.2-6.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:  
apr-util-debuginfo-1.5.2-6.el7_9.1.ppc64.rpm  
apr-util-ldap-1.5.2-6.el7_9.1.ppc64.rpm  
apr-util-mysql-1.5.2-6.el7_9.1.ppc64.rpm  
apr-util-nss-1.5.2-6.el7_9.1.ppc64.rpm  
apr-util-odbc-1.5.2-6.el7_9.1.ppc64.rpm  
apr-util-pgsql-1.5.2-6.el7_9.1.ppc64.rpm  
apr-util-sqlite-1.5.2-6.el7_9.1.ppc64.rpm

ppc64le:  
apr-util-debuginfo-1.5.2-6.el7_9.1.ppc64le.rpm  
apr-util-ldap-1.5.2-6.el7_9.1.ppc64le.rpm  
apr-util-mysql-1.5.2-6.el7_9.1.ppc64le.rpm  
apr-util-nss-1.5.2-6.el7_9.1.ppc64le.rpm  
apr-util-odbc-1.5.2-6.el7_9.1.ppc64le.rpm  
apr-util-pgsql-1.5.2-6.el7_9.1.ppc64le.rpm  
apr-util-sqlite-1.5.2-6.el7_9.1.ppc64le.rpm

s390x:  
apr-util-debuginfo-1.5.2-6.el7_9.1.s390x.rpm  
apr-util-ldap-1.5.2-6.el7_9.1.s390x.rpm  
apr-util-mysql-1.5.2-6.el7_9.1.s390x.rpm  
apr-util-nss-1.5.2-6.el7_9.1.s390x.rpm  
apr-util-odbc-1.5.2-6.el7_9.1.s390x.rpm  
apr-util-pgsql-1.5.2-6.el7_9.1.s390x.rpm  
apr-util-sqlite-1.5.2-6.el7_9.1.s390x.rpm

x86_64:  
apr-util-debuginfo-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-ldap-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-mysql-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-nss-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-odbc-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-pgsql-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-sqlite-1.5.2-6.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
apr-util-1.5.2-6.el7_9.1.src.rpm

x86_64:  
apr-util-1.5.2-6.el7_9.1.i686.rpm  
apr-util-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-debuginfo-1.5.2-6.el7_9.1.i686.rpm  
apr-util-debuginfo-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-devel-1.5.2-6.el7_9.1.i686.rpm  
apr-util-devel-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-openssl-1.5.2-6.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:  
apr-util-debuginfo-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-ldap-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-mysql-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-nss-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-odbc-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-pgsql-1.5.2-6.el7_9.1.x86_64.rpm  
apr-util-sqlite-1.5.2-6.el7_9.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-25147  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGQX0NzjgjWX9erEAQgRyQ//dcncRu48Jh6moW96jAzVAd5aO1+ZC04/  
o3sqB/de75bp2ISpOCKFsTO5iRY8q4O3pXM5ZBXpVvOmnCfUdBfZDYqrirp0EJGJ  
cbC+p46UdjV6VltZVjK10BG6D2YozMLtyMOOvK4CMYhqlbYRkznkzCsY8CFayANU  
bbBwkDSPFhpoVZHrnxBkXa0jJM25Bt4DD1lmrWsBI46J1Y0PQOdRo0r1gC7jX+EP  
tP1GDnAwdN/e70/wCuehr92Y+idv8Ngbsc71pt0siWh3A3kgMIHy6+QZiZUWW8Zo  
koUSIL9YEgCQ70TAdOSqH2P4Gq2g9CzA/NyB1Kt+AFdpkV4Q+SWrSVbommhI/BeY  
zV20beFPZ+QAS8ddPl/GKWPmpGsTakDIkA1dmo8y7F7S4AXDk8zFqOt5yu4i6e0j  
GL8DHm3mIE2N4DJRFb8lLJ2QN9QQDzlIQg/v3hw+6P8dEiZb/ajh8H92zwlmoH/r  
W3UWyym5l3OvnEFIGqHPY8mBodZhYp/F7WfgsFP2hxjwWuGcpwUW2MBZ0PbIB31l  
Wrx6nJoHMV3tgGEkEIZ7IjRtj/JEP3/y+rFa1GNtp+/3KLpx+fgHFcIg7ESz+h5Z  
1vkti/h/dqn4DDuJ24z9yuSYX8TtRPk0oQJC5twRJHn2zfAdc+z/lgH32USwImTJ  
vgTT/CsNs2s=+nCK  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3145-01

Red Hat Security Advisory 2023-3152-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.11.0. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:3152-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3152  
Issue date:        2023-05-16  
CVE Names:         CVE-2023-32205 CVE-2023-32206 CVE-2023-32207  
                   CVE-2023-32211 CVE-2023-32212 CVE-2023-32213  
                   CVE-2023-32215  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - ppc64le, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.11.0.

Security Fix(es):

* Mozilla: Browser prompts could have been obscured by popups  
(CVE-2023-32205)

* Mozilla: Crash in RLBox Expat driver (CVE-2023-32206)

* Mozilla: Potential permissions request bypass via clickjacking  
(CVE-2023-32207)

* Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11  
(CVE-2023-32215)

* Mozilla: Content process crash due to invalid wasm code (CVE-2023-32211)

* Mozilla: Potential spoof due to obscured address bar (CVE-2023-32212)

* Mozilla: Potential memory corruption in FileReader::DoReadData()  
(CVE-2023-32213)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2196736 - CVE-2023-32205 Mozilla: Browser prompts could have been obscured by popups  
2196737 - CVE-2023-32206 Mozilla: Crash in RLBox Expat driver  
2196738 - CVE-2023-32207 Mozilla: Potential permissions request bypass via clickjacking  
2196740 - CVE-2023-32211 Mozilla: Content process crash due to invalid wasm code  
2196741 - CVE-2023-32212 Mozilla: Potential spoof due to obscured address bar  
2196742 - CVE-2023-32213 Mozilla: Potential memory corruption in FileReader::DoReadData()  
2196753 - CVE-2023-32215 Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

Source:  
thunderbird-102.11.0-1.el8_1.src.rpm

ppc64le:  
thunderbird-102.11.0-1.el8_1.ppc64le.rpm  
thunderbird-debuginfo-102.11.0-1.el8_1.ppc64le.rpm  
thunderbird-debugsource-102.11.0-1.el8_1.ppc64le.rpm

x86_64:  
thunderbird-102.11.0-1.el8_1.x86_64.rpm  
thunderbird-debuginfo-102.11.0-1.el8_1.x86_64.rpm  
thunderbird-debugsource-102.11.0-1.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-32205  
https://access.redhat.com/security/cve/CVE-2023-32206  
https://access.redhat.com/security/cve/CVE-2023-32207  
https://access.redhat.com/security/cve/CVE-2023-32211  
https://access.redhat.com/security/cve/CVE-2023-32212  
https://access.redhat.com/security/cve/CVE-2023-32213  
https://access.redhat.com/security/cve/CVE-2023-32215  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGQXiNzjgjWX9erEAQiHWw//ajvOZcTDGCJ+4O4WOLrInKQl1QUrneko  
4jfE8vi/IOiFFEvdl8oGYj1rROVVBmsR0R1hesHm76AHcCvqXcXQJNRx3k2zFkFU  
VFwkBFq4kkdmdAM08ZVY/oRz6BEqJT+yD4HxkIXwSi32U8i/bIl1W+g8Pw/2a99W  
lbwnoGPbnKMBDtQggpiSFVhDDHnamUkAVYUj6R2v9Q7BwFA9Hm4ir7+6/jbNUzZG  
jM3wllzLPp1Lhi+KzQosL09SKQPJ2rRbc4seBLTRFFdylu1qt6zB/qa+VHbcfByn  
mnVHnN95tj4DPhOxEDC5jfCKOC16+bXSK5x71ClaCjf6DwIqy6zpPredt1HMxB/U  
Q6oxhiMn9+N4/zoslO/5SpbPGibPQ5a+aiHHOlEY9LNlckKFFjxC1LnKxwV0pomV  
JPVtS1sLZuHpUI34hHDid9auwoeqzKEFEcJAkqtESXOHN8BhvSZfP5yiDbm5mKu7  
jHphcOvxt935M8pEc5zYHOumcKCiDD8Wug2TlGL9WNZglqKw03NRxDFIaFy0GMLX  
h2Zg4tts+2zgOe2ESYb44S0m9v4273eSgyMflbY89eFYnzTGdswiAr30cVRDnyvR  
L2Sn7eyNIeK73/OcH4btiuAEC0EXw/o+YKDk5GnDPNvRHp9nqvL6PhT36CX3wO4R  
0NGifNvNLUM=Noqz  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3152-01

Red Hat Security Advisory 2023-3138-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.11.0 ESR. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2023:3138-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3138  
Issue date:        2023-05-16  
CVE Names:         CVE-2023-32205 CVE-2023-32206 CVE-2023-32207  
                   CVE-2023-32211 CVE-2023-32212 CVE-2023-32213  
                   CVE-2023-32215  
====================================================================  
1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - ppc64le, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.11.0 ESR.

Security Fix(es):

* Mozilla: Browser prompts could have been obscured by popups  
(CVE-2023-32205)

* Mozilla: Crash in RLBox Expat driver (CVE-2023-32206)

* Mozilla: Potential permissions request bypass via clickjacking  
(CVE-2023-32207)

* Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11  
(CVE-2023-32215)

* Mozilla: Content process crash due to invalid wasm code (CVE-2023-32211)

* Mozilla: Potential spoof due to obscured address bar (CVE-2023-32212)

* Mozilla: Potential memory corruption in FileReader::DoReadData()  
(CVE-2023-32213)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2196736 - CVE-2023-32205 Mozilla: Browser prompts could have been obscured by popups  
2196737 - CVE-2023-32206 Mozilla: Crash in RLBox Expat driver  
2196738 - CVE-2023-32207 Mozilla: Potential permissions request bypass via clickjacking  
2196740 - CVE-2023-32211 Mozilla: Content process crash due to invalid wasm code  
2196741 - CVE-2023-32212 Mozilla: Potential spoof due to obscured address bar  
2196742 - CVE-2023-32213 Mozilla: Potential memory corruption in FileReader::DoReadData()  
2196753 - CVE-2023-32215 Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

Source:  
firefox-102.11.0-2.el8_1.src.rpm

ppc64le:  
firefox-102.11.0-2.el8_1.ppc64le.rpm  
firefox-debuginfo-102.11.0-2.el8_1.ppc64le.rpm  
firefox-debugsource-102.11.0-2.el8_1.ppc64le.rpm

x86_64:  
firefox-102.11.0-2.el8_1.x86_64.rpm  
firefox-debuginfo-102.11.0-2.el8_1.x86_64.rpm  
firefox-debugsource-102.11.0-2.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-32205  
https://access.redhat.com/security/cve/CVE-2023-32206  
https://access.redhat.com/security/cve/CVE-2023-32207  
https://access.redhat.com/security/cve/CVE-2023-32211  
https://access.redhat.com/security/cve/CVE-2023-32212  
https://access.redhat.com/security/cve/CVE-2023-32213  
https://access.redhat.com/security/cve/CVE-2023-32215  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGQXc9zjgjWX9erEAQgQLQ//WDSrnqY65X9Z7UuItp6kvlGnIVeIplBE  
8AnuFdw9Np9RMRD8HfuUotRbFCtqiv4N/hUiNIKsfIh4R9lydALWZDlgIrjzPOLY  
KZXjs1JVJcqNcCKZxpCLxyamqR6MIqetD2HkcxrApGWphPRsYnvSmwKaHggAONw/  
DpRHa6VyYlA3BFT/cG5zwnNz9HVAl26aEIo0CooDdNvAYzv0kcjSO/pgC/Zrw4OG  
hnSfSDmVfWQedc9v1UqiAbQUsMfbN8lDj/c1T89laGyZZIJe5h5dG+lOVDdpAOSF  
XTYY595TouGFrcx7OBXRJHTAxxBaNwbMgfQExfDKKX3GRQ9LLbNcCC4wKhcM10Gj  
j4CFBnBQIK5ktYV+hCofPjLZuluF9tQxK9rmgFbttl0dNghQUOAZZ02ZEzsstdzQ  
cap9ZeJHUEuABrBepJH6jBgXyj0Ih2vKyh+0EsF+uhmoCSe6i48vwxWZs1Ns1HGu  
8Wl2jQ2DV2gsQTagPBtDRRALD6iNuvS1ukEQ9a4/m+f4UnrvqP3FIDvwH7kyA8j/  
xZ+aTatzqvDmyU8ObhyNXAc9SIJ2uU1B2oIP9gEi2w65q+VAG0nT1U3ujtFTZHVp  
2v0eKPKM5Sj0KKMbyZsrp+9Ay9YQ7/b+Pk4QBJsjnNOBBINsFRZc/1ToDGQwsoqB  
M3/zADpjqCc=Y/u0  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3138-01

Red Hat Security Advisory 2023-3147-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: apr-util security update  
Advisory ID:       RHSA-2023:3147-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3147  
Issue date:        2023-05-16  
CVE Names:         CVE-2022-25147  
====================================================================  
1. Summary:

An update for apr-util is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

The Apache Portable Runtime (APR) is a portability library used by the  
Apache HTTP Server and other projects. apr-util is a library which provides  
additional utility interfaces for APR; including support for XML parsing,  
LDAP, database interfaces, URI parsing, and more.

Security Fix(es):

* apr-util: out-of-bounds writes in the apr_base64 (CVE-2022-25147)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

Applications using the APR libraries, such as httpd, must be restarted for  
this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2169652 - CVE-2022-25147 apr-util: out-of-bounds writes in the apr_base64

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
apr-util-1.6.1-20.el9_2.1.src.rpm

aarch64:  
apr-util-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-bdb-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-bdb-debuginfo-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-debuginfo-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-debugsource-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-devel-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-ldap-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-ldap-debuginfo-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-mysql-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-mysql-debuginfo-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-odbc-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-odbc-debuginfo-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-openssl-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-openssl-debuginfo-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-pgsql-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-pgsql-debuginfo-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-sqlite-1.6.1-20.el9_2.1.aarch64.rpm  
apr-util-sqlite-debuginfo-1.6.1-20.el9_2.1.aarch64.rpm

ppc64le:  
apr-util-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-bdb-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-bdb-debuginfo-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-debuginfo-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-debugsource-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-devel-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-ldap-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-ldap-debuginfo-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-mysql-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-mysql-debuginfo-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-odbc-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-odbc-debuginfo-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-openssl-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-openssl-debuginfo-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-pgsql-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-pgsql-debuginfo-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-sqlite-1.6.1-20.el9_2.1.ppc64le.rpm  
apr-util-sqlite-debuginfo-1.6.1-20.el9_2.1.ppc64le.rpm

s390x:  
apr-util-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-bdb-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-bdb-debuginfo-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-debuginfo-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-debugsource-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-devel-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-ldap-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-ldap-debuginfo-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-mysql-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-mysql-debuginfo-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-odbc-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-odbc-debuginfo-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-openssl-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-openssl-debuginfo-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-pgsql-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-pgsql-debuginfo-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-sqlite-1.6.1-20.el9_2.1.s390x.rpm  
apr-util-sqlite-debuginfo-1.6.1-20.el9_2.1.s390x.rpm

x86_64:  
apr-util-1.6.1-20.el9_2.1.i686.rpm  
apr-util-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-bdb-1.6.1-20.el9_2.1.i686.rpm  
apr-util-bdb-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-bdb-debuginfo-1.6.1-20.el9_2.1.i686.rpm  
apr-util-bdb-debuginfo-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-debuginfo-1.6.1-20.el9_2.1.i686.rpm  
apr-util-debuginfo-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-debugsource-1.6.1-20.el9_2.1.i686.rpm  
apr-util-debugsource-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-devel-1.6.1-20.el9_2.1.i686.rpm  
apr-util-devel-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-ldap-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-ldap-debuginfo-1.6.1-20.el9_2.1.i686.rpm  
apr-util-ldap-debuginfo-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-mysql-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-mysql-debuginfo-1.6.1-20.el9_2.1.i686.rpm  
apr-util-mysql-debuginfo-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-odbc-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-odbc-debuginfo-1.6.1-20.el9_2.1.i686.rpm  
apr-util-odbc-debuginfo-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-openssl-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-openssl-debuginfo-1.6.1-20.el9_2.1.i686.rpm  
apr-util-openssl-debuginfo-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-pgsql-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-pgsql-debuginfo-1.6.1-20.el9_2.1.i686.rpm  
apr-util-pgsql-debuginfo-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-sqlite-1.6.1-20.el9_2.1.x86_64.rpm  
apr-util-sqlite-debuginfo-1.6.1-20.el9_2.1.i686.rpm  
apr-util-sqlite-debuginfo-1.6.1-20.el9_2.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-25147  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGQXqtzjgjWX9erEAQjKfxAAi9nkw6scvMzD7KVjI2+BZrNp2RmTLuhO  
Gc/m7y7+XV3ZE8tfMb2GdjvTvR6/p9V/J5LX7/hBQ03/EIVjNmv5IbLi4bDsBw2e  
yUpQk2SOdZNhFs7jKeEMHq6fgkYxkeOWLkttH19MZmNv8n8I9X8rQl+KHtUPJ5HZ  
fYtm+oV28kQFkbGIHErZ094KsJKc0Dqsvypf+ywDDXaCqwiK0FU541GWNFiCB7kz  
ncKd6MsZla/az/+vu9dOMrZYTu9bfiEL0smI8XfXwpdo1xC+XNmkNlAkSq2e3paw  
rWhriq3P2Fstjp5Fuz6TksV8b4D86PdP3b2d3VcHHdfnZnMfNy+oYtJoPxo/krJ/  
48SY0BbLgSGRgPeUTjwCh1RUaR9BfIys02TuTnoi4ORKCvQ96Rz2bMlwk+Cdtm6V  
DHbgKn11Morh8ge2myVEOfqaDzAIhLQdLMe7d34fQdKqmQH1A60fCwkQvyUC7BqR  
LLzX6uJUH3hUHmFS05RxqfPu+Bwjp3DYn8+G3pGBLs3hKZqEHVy6ObFQx44Dbuc3  
HLFVizZddN8nDqnBP9VGNdizEnDOKhK5XclCzR58JHTQJzgsvNdKX42N/fmSF4vm  
6256481Doepc67tjtx3bw6vstM+hq9s97Yq7gr1TDR9oTrVZiS6Han7eWK0oSrKk  
ptqJa8LgcIE=yPCQ  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3147-01

Red Hat Security Advisory 2023-3151-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.11.0. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:3151-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3151  
Issue date:        2023-05-16  
CVE Names:         CVE-2023-32205 CVE-2023-32206 CVE-2023-32207  
                   CVE-2023-32211 CVE-2023-32212 CVE-2023-32213  
                   CVE-2023-32215  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.11.0.

Security Fix(es):

* Mozilla: Browser prompts could have been obscured by popups  
(CVE-2023-32205)

* Mozilla: Crash in RLBox Expat driver (CVE-2023-32206)

* Mozilla: Potential permissions request bypass via clickjacking  
(CVE-2023-32207)

* Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11  
(CVE-2023-32215)

* Mozilla: Content process crash due to invalid wasm code (CVE-2023-32211)

* Mozilla: Potential spoof due to obscured address bar (CVE-2023-32212)

* Mozilla: Potential memory corruption in FileReader::DoReadData()  
(CVE-2023-32213)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2196736 - CVE-2023-32205 Mozilla: Browser prompts could have been obscured by popups  
2196737 - CVE-2023-32206 Mozilla: Crash in RLBox Expat driver  
2196738 - CVE-2023-32207 Mozilla: Potential permissions request bypass via clickjacking  
2196740 - CVE-2023-32211 Mozilla: Content process crash due to invalid wasm code  
2196741 - CVE-2023-32212 Mozilla: Potential spoof due to obscured address bar  
2196742 - CVE-2023-32213 Mozilla: Potential memory corruption in FileReader::DoReadData()  
2196753 - CVE-2023-32215 Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
thunderbird-102.11.0-1.el7_9.src.rpm

x86_64:  
thunderbird-102.11.0-1.el7_9.x86_64.rpm  
thunderbird-debuginfo-102.11.0-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

Source:  
thunderbird-102.11.0-1.el7_9.src.rpm

ppc64le:  
thunderbird-102.11.0-1.el7_9.ppc64le.rpm  
thunderbird-debuginfo-102.11.0-1.el7_9.ppc64le.rpm

x86_64:  
thunderbird-102.11.0-1.el7_9.x86_64.rpm  
thunderbird-debuginfo-102.11.0-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
thunderbird-102.11.0-1.el7_9.src.rpm

x86_64:  
thunderbird-102.11.0-1.el7_9.x86_64.rpm  
thunderbird-debuginfo-102.11.0-1.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-32205  
https://access.redhat.com/security/cve/CVE-2023-32206  
https://access.redhat.com/security/cve/CVE-2023-32207  
https://access.redhat.com/security/cve/CVE-2023-32211  
https://access.redhat.com/security/cve/CVE-2023-32212  
https://access.redhat.com/security/cve/CVE-2023-32213  
https://access.redhat.com/security/cve/CVE-2023-32215  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGQXstzjgjWX9erEAQh50A//QFlGYqgaEPQsSggYbY2ENj1xRZc5kyVM  
iuNxOCUKQksfBnbz8dFKlZCsBT1+xXnhtvUEov/gViXEt19j32aOUcBsAm1Kd0W+  
Sc5kELdH+zDNuxsMctfFiqrKB3WWwlqec2fll3I9q0YOcrQP8Tr1PkL7GnZK8FUn  
JsyGGijvorIgQ+bAsQDai4xD5EbZRqDyVq8l7rNGz04q1ojYdTaBTCWZtJHUJx+k  
31t0CpGJXE0lbAcPnoApLqFvkU6yW07xckSohXg8u0GHInaz6N7Dz9Um5WAazaIk  
4GLsZZq3pIjW3lvIbQ1FKW5M/+wBINGfDdpC+g+Xeca+fFe8zQwD4KoKQ8bph2OY  
uq3Y9AtHGP/Ngqc3DFJ8hE/bvBvXEvnlTJAb1UhZs2vz33ZU6v9f3HnFvt+Ie4Ja  
xSkstW/AY7YtVnPwALo3SeAgZl4TWeOPbYl8f3/BRPjlvp+kF88C6OeqUWDFyRNH  
CyS9UZlrFSz0ua4fyb3cziZxrXW/eXttlX1Scm07gDoJ7uSB5pggAjgjHMz1dQJN  
87/InHqFfk35zpsdJR6H1/taLc7fEGzasdKIYOrV36HTebRLvx77z/6rkCGMSmeP  
vdbWVwH6bpIGa0yKVWGjBg+lwv1xoiCxgoCRqlJXJ9Qm2bgweJ55HVdS3e5w8Q9+  
q73Lq1N0xjwNq  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3151-01

Red Hat Security Advisory 2023-3148-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: libreswan security update  
Advisory ID:       RHSA-2023:3148-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3148  
Issue date:        2023-05-16  
CVE Names:         CVE-2023-2295  
====================================================================  
1. Summary:

An update for libreswan is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the  
Internet Protocol Security and uses strong cryptography to provide both  
authentication and encryption services. These services allow you to build  
secure tunnels through untrusted networks such as virtual private network  
(VPN).

Security Fix(es):

* libreswan: Regression of CVE-2023-30570 fixes in the Red Hat Enterprise  
Linux (CVE-2023-2295)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2189777 - CVE-2023-2295 libreswan: Regression of CVE-2023-30570 fixes in the Red Hat Enterprise Linux

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
libreswan-4.9-4.el9_2.src.rpm

aarch64:  
libreswan-4.9-4.el9_2.aarch64.rpm  
libreswan-debuginfo-4.9-4.el9_2.aarch64.rpm  
libreswan-debugsource-4.9-4.el9_2.aarch64.rpm

ppc64le:  
libreswan-4.9-4.el9_2.ppc64le.rpm  
libreswan-debuginfo-4.9-4.el9_2.ppc64le.rpm  
libreswan-debugsource-4.9-4.el9_2.ppc64le.rpm

s390x:  
libreswan-4.9-4.el9_2.s390x.rpm  
libreswan-debuginfo-4.9-4.el9_2.s390x.rpm  
libreswan-debugsource-4.9-4.el9_2.s390x.rpm

x86_64:  
libreswan-4.9-4.el9_2.x86_64.rpm  
libreswan-debuginfo-4.9-4.el9_2.x86_64.rpm  
libreswan-debugsource-4.9-4.el9_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-2295  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGQXfdzjgjWX9erEAQg9FRAAnL3tJXhK6Py6sym5OucQPBi1bA4aPUEm  
tLHxjGDD9c1AVS5lZlPwhOQ6Djf2yCxyEZ3tdJszsYTMgutyaAlZlijy4u1UK9Fv  
EFWpApuLTx10urf/ClchWW1FQTcCvl0uIUO54oMb6FRbVkQZQaWBb/Quk9TCXDcK  
nbQydTIm0mG3e4kwIQxi65x/RHMr5n4Bs3EVQbO4AYD+BXFUhT9YS1a5tjVygS3h  
V1+X9rXIghLVCHmsSAoExuUn+rVtSZJOWKdhaRotJ42FjXVxfSDQHq+VWFbNXagb  
Eryx8XeouSfbZBXH77vlveyJLRTHl9Ke5RYq5sICJqOsMkeYSWZSfXPDxIEtzyx1  
ZYQa8rTODujUP8Aoe3P+XgP8qPCF+xAQyvVe3eSO88oIzAVXgoa5T3iqBT6di9N5  
KQh4GY0jyswrA2bcMcIZaidK+qeN1KGEmv04w3dB8rZ9r/+jpiyN8hKYUMHOs1d8  
qxD44kWpn48OHJCSBetjXEu+rXJewBIWfd5Duz5JIIg5MwlW2okWoh6+Nnt5rIrw  
chtHnNIpOfIxhTpI94v8NIFCtOP1alySY64RNLBDdHyKRKR7jlgIVd7zgjC3qCCN  
UZbErt0E31icaQc5qATzsy6jId0jQXutj596mNEYVlgTOTKqw4w6SXy9UiUlEQWA  
SfH+13W21hE=NOtk  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3148-01

Red Hat Security Advisory 2023-3143-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.11.0 ESR. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2023:3143-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3143  
Issue date:        2023-05-16  
CVE Names:         CVE-2023-32205 CVE-2023-32206 CVE-2023-32207  
                   CVE-2023-32211 CVE-2023-32212 CVE-2023-32213  
                   CVE-2023-32215  
====================================================================  
1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.11.0 ESR.

Security Fix(es):

* Mozilla: Browser prompts could have been obscured by popups  
(CVE-2023-32205)

* Mozilla: Crash in RLBox Expat driver (CVE-2023-32206)

* Mozilla: Potential permissions request bypass via clickjacking  
(CVE-2023-32207)

* Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11  
(CVE-2023-32215)

* Mozilla: Content process crash due to invalid wasm code (CVE-2023-32211)

* Mozilla: Potential spoof due to obscured address bar (CVE-2023-32212)

* Mozilla: Potential memory corruption in FileReader::DoReadData()  
(CVE-2023-32213)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2196736 - CVE-2023-32205 Mozilla: Browser prompts could have been obscured by popups  
2196737 - CVE-2023-32206 Mozilla: Crash in RLBox Expat driver  
2196738 - CVE-2023-32207 Mozilla: Potential permissions request bypass via clickjacking  
2196740 - CVE-2023-32211 Mozilla: Content process crash due to invalid wasm code  
2196741 - CVE-2023-32212 Mozilla: Potential spoof due to obscured address bar  
2196742 - CVE-2023-32213 Mozilla: Potential memory corruption in FileReader::DoReadData()  
2196753 - CVE-2023-32215 Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
firefox-102.11.0-2.el9_2.src.rpm

aarch64:  
firefox-102.11.0-2.el9_2.aarch64.rpm  
firefox-debuginfo-102.11.0-2.el9_2.aarch64.rpm  
firefox-debugsource-102.11.0-2.el9_2.aarch64.rpm  
firefox-x11-102.11.0-2.el9_2.aarch64.rpm

ppc64le:  
firefox-102.11.0-2.el9_2.ppc64le.rpm  
firefox-debuginfo-102.11.0-2.el9_2.ppc64le.rpm  
firefox-debugsource-102.11.0-2.el9_2.ppc64le.rpm  
firefox-x11-102.11.0-2.el9_2.ppc64le.rpm

s390x:  
firefox-102.11.0-2.el9_2.s390x.rpm  
firefox-debuginfo-102.11.0-2.el9_2.s390x.rpm  
firefox-debugsource-102.11.0-2.el9_2.s390x.rpm  
firefox-x11-102.11.0-2.el9_2.s390x.rpm

x86_64:  
firefox-102.11.0-2.el9_2.x86_64.rpm  
firefox-debuginfo-102.11.0-2.el9_2.x86_64.rpm  
firefox-debugsource-102.11.0-2.el9_2.x86_64.rpm  
firefox-x11-102.11.0-2.el9_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-32205  
https://access.redhat.com/security/cve/CVE-2023-32206  
https://access.redhat.com/security/cve/CVE-2023-32207  
https://access.redhat.com/security/cve/CVE-2023-32211  
https://access.redhat.com/security/cve/CVE-2023-32212  
https://access.redhat.com/security/cve/CVE-2023-32213  
https://access.redhat.com/security/cve/CVE-2023-32215  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGQXetzjgjWX9erEAQjeqhAAh/K0SyWl8IbZowaQrIVmgTZFH9DhymF7  
A/HdvrslYLvbJIODOobhYcx42BHv1lViEW5FwoHgP+Gozs3sJml01Dngs0RHxmzj  
oZNkDwzynlwvBX0Anp0lY4OvioAetRRM6h1rgNrhBYTcIHAEUHK5sGaON+biuy5T  
IpTDSESMV136ZkF8BkHX4rEqongYb35UvAb9hdy2fCuS1sYpi8qCYomCjsDuHI4P  
5bsGeWuxwz5Q6gpt+IwN4ObXYWEaqpFlT4FTGPVDKmcZeOKwFdpxkmSBO3/G5dqD  
iS3uu11y27QyKDL5vZ0atHRO+cc5TM5TY2VCmjXlyuXmnoVKZFT+Y+ZoWbgcIpYL  
TDgm0zbM7VdYAAtF46TEQvaysKdPJGBBxdi/NTlexZa1YUiLfSLWZwrPngNZaNB8  
/x8ZP7LNcO8iPTpBj98KFc/ttPwEeMHbNur97prZwprWHCGyNJVlhspf7YrSn5HB  
5mSlx2eZDC407s28EmueGY9hmYWWNOa6DQzCW2iZBJ6BpZqpY9BKdkQORUH1gbD0  
ggoFCMVeE9jSMm6evF7JORryp7gBBuoW9b7PZBHxzRJuIyMVwLBZnjy1z6XeMCoP  
KtvigAw6KP+/ZgSFVUgb9mfc7zyj04WDVeWwuJjTomnVjWDlaSUgnLrDGMx61Wsx  
25e+FwcsilY=oUqA  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3143-01

Red Hat Security Advisory 2023-3153-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.11.0. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:3153-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3153  
Issue date:        2023-05-16  
CVE Names:         CVE-2023-32205 CVE-2023-32206 CVE-2023-32207  
                   CVE-2023-32211 CVE-2023-32212 CVE-2023-32213  
                   CVE-2023-32215  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2  
Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications  
Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v. 8.2) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux AppStream E4S (v. 8.2) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux AppStream TUS (v. 8.2) - aarch64, ppc64le, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.11.0.

Security Fix(es):

* Mozilla: Browser prompts could have been obscured by popups  
(CVE-2023-32205)

* Mozilla: Crash in RLBox Expat driver (CVE-2023-32206)

* Mozilla: Potential permissions request bypass via clickjacking  
(CVE-2023-32207)

* Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11  
(CVE-2023-32215)

* Mozilla: Content process crash due to invalid wasm code (CVE-2023-32211)

* Mozilla: Potential spoof due to obscured address bar (CVE-2023-32212)

* Mozilla: Potential memory corruption in FileReader::DoReadData()  
(CVE-2023-32213)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2196736 - CVE-2023-32205 Mozilla: Browser prompts could have been obscured by popups  
2196737 - CVE-2023-32206 Mozilla: Crash in RLBox Expat driver  
2196738 - CVE-2023-32207 Mozilla: Potential permissions request bypass via clickjacking  
2196740 - CVE-2023-32211 Mozilla: Content process crash due to invalid wasm code  
2196741 - CVE-2023-32212 Mozilla: Potential spoof due to obscured address bar  
2196742 - CVE-2023-32213 Mozilla: Potential memory corruption in FileReader::DoReadData()  
2196753 - CVE-2023-32215 Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v. 8.2):

Source:  
thunderbird-102.11.0-1.el8_2.src.rpm

aarch64:  
thunderbird-102.11.0-1.el8_2.aarch64.rpm  
thunderbird-debuginfo-102.11.0-1.el8_2.aarch64.rpm  
thunderbird-debugsource-102.11.0-1.el8_2.aarch64.rpm

ppc64le:  
thunderbird-102.11.0-1.el8_2.ppc64le.rpm  
thunderbird-debuginfo-102.11.0-1.el8_2.ppc64le.rpm  
thunderbird-debugsource-102.11.0-1.el8_2.ppc64le.rpm

x86_64:  
thunderbird-102.11.0-1.el8_2.x86_64.rpm  
thunderbird-debuginfo-102.11.0-1.el8_2.x86_64.rpm  
thunderbird-debugsource-102.11.0-1.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v. 8.2):

Source:  
thunderbird-102.11.0-1.el8_2.src.rpm

aarch64:  
thunderbird-102.11.0-1.el8_2.aarch64.rpm  
thunderbird-debuginfo-102.11.0-1.el8_2.aarch64.rpm  
thunderbird-debugsource-102.11.0-1.el8_2.aarch64.rpm

ppc64le:  
thunderbird-102.11.0-1.el8_2.ppc64le.rpm  
thunderbird-debuginfo-102.11.0-1.el8_2.ppc64le.rpm  
thunderbird-debugsource-102.11.0-1.el8_2.ppc64le.rpm

x86_64:  
thunderbird-102.11.0-1.el8_2.x86_64.rpm  
thunderbird-debuginfo-102.11.0-1.el8_2.x86_64.rpm  
thunderbird-debugsource-102.11.0-1.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v. 8.2):

Source:  
thunderbird-102.11.0-1.el8_2.src.rpm

aarch64:  
thunderbird-102.11.0-1.el8_2.aarch64.rpm  
thunderbird-debuginfo-102.11.0-1.el8_2.aarch64.rpm  
thunderbird-debugsource-102.11.0-1.el8_2.aarch64.rpm

ppc64le:  
thunderbird-102.11.0-1.el8_2.ppc64le.rpm  
thunderbird-debuginfo-102.11.0-1.el8_2.ppc64le.rpm  
thunderbird-debugsource-102.11.0-1.el8_2.ppc64le.rpm

x86_64:  
thunderbird-102.11.0-1.el8_2.x86_64.rpm  
thunderbird-debuginfo-102.11.0-1.el8_2.x86_64.rpm  
thunderbird-debugsource-102.11.0-1.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-32205  
https://access.redhat.com/security/cve/CVE-2023-32206  
https://access.redhat.com/security/cve/CVE-2023-32207  
https://access.redhat.com/security/cve/CVE-2023-32211  
https://access.redhat.com/security/cve/CVE-2023-32212  
https://access.redhat.com/security/cve/CVE-2023-32213  
https://access.redhat.com/security/cve/CVE-2023-32215  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGQXjdzjgjWX9erEAQhLnRAAiBYKNQ2zJhN1Vj4Vei/iFiM4NyLq8mvl  
PxtWqaE/F8b5Zu1EumNlOu1mwq+iBHlYyzl1OS58n6xQidglrWNpmOsvXlgNCSVt  
f/qeRE86h4ZsLahdc3h31hsc4BrskcqsjnkeP5JoA085bYvBkTfH6CI1qXzi85eU  
eNTnu1Owyp1stCOrDh0vPW+p59ozGY9wa4A4pMSEy8l1R567VLokAP4FZ/wkLugs  
MNvdO6J6gkdHAnLXDmGFz0wmaftkdOPX/Lkl+ATnCN0tfq17S4d8S8gyN8T2RPBt  
BLBB66sTzmvaV3keBM5wex/1mJaruSsphP/22sWJ5TKv9SPjIrC5OjOxaspeVHPz  
3YHrfDzpXat3vOb0TLdXwQfZsAndAfznTB+XvxEARkBX3sECY8SWaCb8nEUsqmbz  
5bMjRA8owrv3bCmUb8nwPL2Y2WnlvQOzUKu5I5jZvtSfGOb6imLhpu2ep2WD8qkS  
mLTomXCcsUF7qyYO/aED4bYHciU2P6L1T8RaHsNOZHN7j1OE3sVqk10+tFW9SUXg  
21TYuU4y7kDWBRxfAw0zUW4IUghe097uc6hnnTDU+4G80mtNJeBcDylZ6LGnZfCO  
StjY35/A94TAOid38kNXL62eSM6ptheoG6KHlx9iy2YWWXpE5LhMgcDx6CF0wyQ3  
M3gw0UbjrEA=2g/y  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#linux