An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Data loading jobs in gsql_server, created by any user with designer permissions, can read sensitive data from arbitrary locations.

CVE-2023-22950: Data Loading Vulnerability

libiec61850 v1.5.1 was discovered to contain a segmentation violation via the function ControlObjectClient_setOrigin() at /client/client_control.c.

Hi, team  
There is a SEGV in function ControlObjectClient_setOrigin in src/iec61850/client/client_control.c:328 when called from libiec61850/examples/iec61850\_client\_example\_control/client\_example\_control.c:60.

Steps to reproduce:  
I used **gcc 9.4 and AddressSanitizer**(export CFLAGS="-g -fsanitize=address" CXXFLAGS="-g -fsanitize=address" LDFLAGS="-fsanitize=address"before make examples) to build **libiec61850**.  
First, I run the server_example_simple in directory libiec61850/examples/server_example_simple by command sudo ./server_example_simple so that the server is set up.  
Then I tested client_example_control in directory libiec61850/examples/iec61850_client_example_control by command sudo ./client_example_control.  
But I got SEGV in function ControlObjectClient_setOrigin in src/iec61850/client/client_control.c:328.

    $ sudo ./client_example_control
    AddressSanitizer:DEADLYSIGNAL
    =================================================================
    ==12824==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000078 (pc 0x5638e2e178dc bp 0x7ffe9101eb20 sp 0x7ffe9101eb00 T0)
    ==12824==The signal is caused by a READ memory access.
    ==12824==Hint: address points to the zero page.
        #0 0x5638e2e178db in ControlObjectClient_setOrigin src/iec61850/client/client_control.c:328
        #1 0x5638e2e06190 in main /home/saltf1sh/target/libiec61850/examples/iec61850_client_example_control/client_example_control.c:60
        #2 0x7fc4901b70b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x240b2)
        #3 0x5638e2e05dbd in _start (/home/saltf1sh/target/libiec61850/examples/iec61850_client_example_control/client_example_control+0x26dbd)
    
    AddressSanitizer can not provide additional info.
    SUMMARY: AddressSanitizer: SEGV src/iec61850/client/client_control.c:328 in ControlObjectClient_setOrigin
    ==12824==ABORTING

CVE-2023-27772: SEGV in function ControlObjectClient_setOrigin() · Issue #442 · mz-automation/libiec61850

Red Hat Security Advisory 2023-1765-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: openvswitch2.17 security update  
Advisory ID:       RHSA-2023:1765-01  
Product:           Fast Datapath  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1765  
Issue date:        2023-04-13  
CVE Names:         CVE-2023-1668  
====================================================================  
1. Summary:

An update for openvswitch2.17 is now available in Fast Datapath for Red Hat  
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Fast Datapath for Red Hat Enterprise Linux 8 - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Open vSwitch provides standard network bridging functions and support for  
the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

* openvswitch: ip proto 0 triggers incorrect handling (CVE-2023-1668)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* [23.C RHEL-8] Fast Datapath Release (BZ#2177685)

* [CT] Inner header of ICMP related traffic does not get DNATed  
(BZ#2178200)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2137666 - CVE-2023-1668 openvswitch: ip proto 0 triggers incorrect handling  
2177685 - [23.C RHEL-8] Fast Datapath Release  
2178200 - [CT] Inner header of ICMP related traffic does not get DNATed

6. Package List:

Fast Datapath for Red Hat Enterprise Linux 8:

Source:  
openvswitch2.17-2.17.0-88.el8fdp.src.rpm

aarch64:  
network-scripts-openvswitch2.17-2.17.0-88.el8fdp.aarch64.rpm  
openvswitch2.17-2.17.0-88.el8fdp.aarch64.rpm  
openvswitch2.17-debuginfo-2.17.0-88.el8fdp.aarch64.rpm  
openvswitch2.17-debugsource-2.17.0-88.el8fdp.aarch64.rpm  
openvswitch2.17-devel-2.17.0-88.el8fdp.aarch64.rpm  
openvswitch2.17-ipsec-2.17.0-88.el8fdp.aarch64.rpm  
python3-openvswitch2.17-2.17.0-88.el8fdp.aarch64.rpm  
python3-openvswitch2.17-debuginfo-2.17.0-88.el8fdp.aarch64.rpm

noarch:  
openvswitch2.17-test-2.17.0-88.el8fdp.noarch.rpm

ppc64le:  
network-scripts-openvswitch2.17-2.17.0-88.el8fdp.ppc64le.rpm  
openvswitch2.17-2.17.0-88.el8fdp.ppc64le.rpm  
openvswitch2.17-debuginfo-2.17.0-88.el8fdp.ppc64le.rpm  
openvswitch2.17-debugsource-2.17.0-88.el8fdp.ppc64le.rpm  
openvswitch2.17-devel-2.17.0-88.el8fdp.ppc64le.rpm  
openvswitch2.17-ipsec-2.17.0-88.el8fdp.ppc64le.rpm  
python3-openvswitch2.17-2.17.0-88.el8fdp.ppc64le.rpm  
python3-openvswitch2.17-debuginfo-2.17.0-88.el8fdp.ppc64le.rpm

s390x:  
network-scripts-openvswitch2.17-2.17.0-88.el8fdp.s390x.rpm  
openvswitch2.17-2.17.0-88.el8fdp.s390x.rpm  
openvswitch2.17-debuginfo-2.17.0-88.el8fdp.s390x.rpm  
openvswitch2.17-debugsource-2.17.0-88.el8fdp.s390x.rpm  
openvswitch2.17-devel-2.17.0-88.el8fdp.s390x.rpm  
openvswitch2.17-ipsec-2.17.0-88.el8fdp.s390x.rpm  
python3-openvswitch2.17-2.17.0-88.el8fdp.s390x.rpm  
python3-openvswitch2.17-debuginfo-2.17.0-88.el8fdp.s390x.rpm

x86_64:  
network-scripts-openvswitch2.17-2.17.0-88.el8fdp.x86_64.rpm  
openvswitch2.17-2.17.0-88.el8fdp.x86_64.rpm  
openvswitch2.17-debuginfo-2.17.0-88.el8fdp.x86_64.rpm  
openvswitch2.17-debugsource-2.17.0-88.el8fdp.x86_64.rpm  
openvswitch2.17-devel-2.17.0-88.el8fdp.x86_64.rpm  
openvswitch2.17-ipsec-2.17.0-88.el8fdp.x86_64.rpm  
python3-openvswitch2.17-2.17.0-88.el8fdp.x86_64.rpm  
python3-openvswitch2.17-debuginfo-2.17.0-88.el8fdp.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-1668  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZDfaINzjgjWX9erEAQiMWg//d9j3aPfYak2tV8EI9xSItFv6WpoLCB4y  
rC4956fWN4hzmKSYHnrw4uvhEVPf1hsue5zJIO0VHlT5MqmwDn6wDjP//V8GC4lE  
JUmTZHQMcWlt/dZQm2mh2I0n4oR0y/4gY3f4kKXUPM0Mg1S1MAEahmm4S9NWAGF7  
f2nVf1b1PACs3E4QfStldiawDDmwPCe8zsaaCCVL9sIR/KZI6yoZOJu8RjCWHac6  
0kw6LpIDjOwoJ/tc2JMoP/1JORzA+6S0Lrg+ZI8Kd0qwL/6KOcBpgCYXYD1eyp60  
18At7rFMonFlOW2JG8A0ewe6MZDXoyJsWjNZl2xPXsa1tHT/jnK29EbXr14X40kx  
/fpSdiRr1zSfChCPFVedxaBWY9L2UoAUGx6TnGXNuNC1UTM0pseMfUMy7TAC4ZV4  
o6qH7hC4a2W1tOxndAq8MWGeh49pq1n/EjwF+deKU73ke834pwDfQFRO03YB4jjM  
myicYpRKimbd6TzFhunIaKJcEYGX5Jna6nBd50a2b5mfHOS/FKah2fmROTK8bRv8  
202/9CCCGWSzE3IlUT9JcamNcdre0xZHmkYXpyLTuW0keXp+wlb19aVR42ZtRq6L  
U+TiznvhSU3XuH7KxJJS0AQdi+zyBWSR24ADbE70nQfu0nP6hupQBo6Eg2dnhdva  
w5iYSsJ1/AA=J+dO  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1765-01

Red Hat Security Advisory 2023-1769-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: openvswitch2.17 security update  
Advisory ID:       RHSA-2023:1769-01  
Product:           Fast Datapath  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1769  
Issue date:        2023-04-13  
CVE Names:         CVE-2023-1668  
====================================================================  
1. Summary:

An update for openvswitch2.17 is now available in Fast Datapath for Red Hat  
Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Fast Datapath for Red Hat Enterprise Linux 9 - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Open vSwitch provides standard network bridging functions and support for  
the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

* openvswitch: ip proto 0 triggers incorrect handling (CVE-2023-1668)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* [23.C RHEL-9] Fast Datapath Release (BZ#2177686)

* [CT] Inner header of ICMP related traffic does not get DNATed  
(BZ#2178203)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2137666 - CVE-2023-1668 openvswitch: ip proto 0 triggers incorrect handling  
2177686 - [23.C RHEL-9] Fast Datapath Release  
2178203 - [CT] Inner header of ICMP related traffic does not get DNATed

6. Package List:

Fast Datapath for Red Hat Enterprise Linux 9:

Source:  
openvswitch2.17-2.17.0-77.el9fdp.src.rpm

aarch64:  
openvswitch2.17-2.17.0-77.el9fdp.aarch64.rpm  
openvswitch2.17-debuginfo-2.17.0-77.el9fdp.aarch64.rpm  
openvswitch2.17-debugsource-2.17.0-77.el9fdp.aarch64.rpm  
openvswitch2.17-devel-2.17.0-77.el9fdp.aarch64.rpm  
openvswitch2.17-ipsec-2.17.0-77.el9fdp.aarch64.rpm  
python3-openvswitch2.17-2.17.0-77.el9fdp.aarch64.rpm  
python3-openvswitch2.17-debuginfo-2.17.0-77.el9fdp.aarch64.rpm

noarch:  
openvswitch2.17-test-2.17.0-77.el9fdp.noarch.rpm

ppc64le:  
openvswitch2.17-2.17.0-77.el9fdp.ppc64le.rpm  
openvswitch2.17-debuginfo-2.17.0-77.el9fdp.ppc64le.rpm  
openvswitch2.17-debugsource-2.17.0-77.el9fdp.ppc64le.rpm  
openvswitch2.17-devel-2.17.0-77.el9fdp.ppc64le.rpm  
openvswitch2.17-ipsec-2.17.0-77.el9fdp.ppc64le.rpm  
python3-openvswitch2.17-2.17.0-77.el9fdp.ppc64le.rpm  
python3-openvswitch2.17-debuginfo-2.17.0-77.el9fdp.ppc64le.rpm

s390x:  
openvswitch2.17-2.17.0-77.el9fdp.s390x.rpm  
openvswitch2.17-debuginfo-2.17.0-77.el9fdp.s390x.rpm  
openvswitch2.17-debugsource-2.17.0-77.el9fdp.s390x.rpm  
openvswitch2.17-devel-2.17.0-77.el9fdp.s390x.rpm  
openvswitch2.17-ipsec-2.17.0-77.el9fdp.s390x.rpm  
python3-openvswitch2.17-2.17.0-77.el9fdp.s390x.rpm  
python3-openvswitch2.17-debuginfo-2.17.0-77.el9fdp.s390x.rpm

x86_64:  
openvswitch2.17-2.17.0-77.el9fdp.x86_64.rpm  
openvswitch2.17-debuginfo-2.17.0-77.el9fdp.x86_64.rpm  
openvswitch2.17-debugsource-2.17.0-77.el9fdp.x86_64.rpm  
openvswitch2.17-devel-2.17.0-77.el9fdp.x86_64.rpm  
openvswitch2.17-ipsec-2.17.0-77.el9fdp.x86_64.rpm  
python3-openvswitch2.17-2.17.0-77.el9fdp.x86_64.rpm  
python3-openvswitch2.17-debuginfo-2.17.0-77.el9fdp.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-1668  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZDfaINzjgjWX9erEAQgdjQ//RB88e003zD0P5VKlgcd8xQcxdHy8WkKp  
BksrNOZnjGEeUw3qyqjQaADC8SlmvEWCg7Vh3wxZvAE30nOQOHLZ3iZufvxHAxi3  
0MSyKGolC2W7jCtgEA3TMVu3yx/Pb5sh02iRh32Bp4q7B76blUt+MqR/6APyAHFP  
EOxCrGL4Uif1rC96U1tlexErOmHRdE/hSso/mw5NtP6E5kt27qiNJEsQC4ep3Csi  
61e6+T/dgH/cHso3t5JNX9zdijrSqJmXfc9G3gGxlfkYgUJo7su04Rpx757ufGi2  
sMKR6cEJJKB7kfyhGFys8txsJhsXG5sAMuLDowHEPn/TBtRq734EFIL+A3ksMUTR  
RmBDUqgycibn3uHkG3MOG9/JhJbCp6xA2B8I74ygWezjvbnLqILHvOzWO8PgXypV  
wIwlGBdtcICL2ORDelPznaCf/SltjFrOg0cOxo1IPIMakHYRsEuocyEnzpRH7IVl  
05x1i964/ur4B6j5m6qVJa9aX3eADHl2Tzkc9ykeYJ/Wv/W+LNksOTuxwRknGxn5  
MmMrMO87eF7uxALARIlo6UjggmT38A39cy/rdrlmT0BUHafLGe8sz7vwhklRwoAw  
GoEsPaDmN4hotvh94Unf89SwSXKKp1S8XG1+DIl091Rg1nkcSudBoC3k4PmYRSY+  
7qP7ZWcYyvk=xchJ  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1769-01

Red Hat Security Advisory 2023-1766-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: openvswitch3.1 security update  
Advisory ID:       RHSA-2023:1766-01  
Product:           Fast Datapath  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1766  
Issue date:        2023-04-13  
CVE Names:         CVE-2023-1668  
====================================================================  
1. Summary:

An update for openvswitch3.1 is now available in Fast Datapath for Red Hat  
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Fast Datapath for Red Hat Enterprise Linux 8 - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Open vSwitch provides standard network bridging functions and support for  
the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

* openvswitch: ip proto 0 triggers incorrect handling (CVE-2023-1668)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* [23.C RHEL-8] Fast Datapath Release (BZ#2177687)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

Users of openvswitch3.1 are advised to upgrade to these updated packages,  
which fixes these bugs.

5. Bugs fixed (https://bugzilla.redhat.com/):

2137666 - CVE-2023-1668 openvswitch: ip proto 0 triggers incorrect handling  
2177687 - [23.C RHEL-8] Fast Datapath Release

6. Package List:

Fast Datapath for Red Hat Enterprise Linux 8:

Source:  
openvswitch3.1-3.1.0-17.el8fdp.src.rpm

aarch64:  
network-scripts-openvswitch3.1-3.1.0-17.el8fdp.aarch64.rpm  
openvswitch3.1-3.1.0-17.el8fdp.aarch64.rpm  
openvswitch3.1-debuginfo-3.1.0-17.el8fdp.aarch64.rpm  
openvswitch3.1-debugsource-3.1.0-17.el8fdp.aarch64.rpm  
openvswitch3.1-devel-3.1.0-17.el8fdp.aarch64.rpm  
openvswitch3.1-ipsec-3.1.0-17.el8fdp.aarch64.rpm  
python3-openvswitch3.1-3.1.0-17.el8fdp.aarch64.rpm  
python3-openvswitch3.1-debuginfo-3.1.0-17.el8fdp.aarch64.rpm

noarch:  
openvswitch3.1-test-3.1.0-17.el8fdp.noarch.rpm

ppc64le:  
network-scripts-openvswitch3.1-3.1.0-17.el8fdp.ppc64le.rpm  
openvswitch3.1-3.1.0-17.el8fdp.ppc64le.rpm  
openvswitch3.1-debuginfo-3.1.0-17.el8fdp.ppc64le.rpm  
openvswitch3.1-debugsource-3.1.0-17.el8fdp.ppc64le.rpm  
openvswitch3.1-devel-3.1.0-17.el8fdp.ppc64le.rpm  
openvswitch3.1-ipsec-3.1.0-17.el8fdp.ppc64le.rpm  
python3-openvswitch3.1-3.1.0-17.el8fdp.ppc64le.rpm  
python3-openvswitch3.1-debuginfo-3.1.0-17.el8fdp.ppc64le.rpm

s390x:  
network-scripts-openvswitch3.1-3.1.0-17.el8fdp.s390x.rpm  
openvswitch3.1-3.1.0-17.el8fdp.s390x.rpm  
openvswitch3.1-debuginfo-3.1.0-17.el8fdp.s390x.rpm  
openvswitch3.1-debugsource-3.1.0-17.el8fdp.s390x.rpm  
openvswitch3.1-devel-3.1.0-17.el8fdp.s390x.rpm  
openvswitch3.1-ipsec-3.1.0-17.el8fdp.s390x.rpm  
python3-openvswitch3.1-3.1.0-17.el8fdp.s390x.rpm  
python3-openvswitch3.1-debuginfo-3.1.0-17.el8fdp.s390x.rpm

x86_64:  
network-scripts-openvswitch3.1-3.1.0-17.el8fdp.x86_64.rpm  
openvswitch3.1-3.1.0-17.el8fdp.x86_64.rpm  
openvswitch3.1-debuginfo-3.1.0-17.el8fdp.x86_64.rpm  
openvswitch3.1-debugsource-3.1.0-17.el8fdp.x86_64.rpm  
openvswitch3.1-devel-3.1.0-17.el8fdp.x86_64.rpm  
openvswitch3.1-ipsec-3.1.0-17.el8fdp.x86_64.rpm  
python3-openvswitch3.1-3.1.0-17.el8fdp.x86_64.rpm  
python3-openvswitch3.1-debuginfo-3.1.0-17.el8fdp.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-1668  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZDfaINzjgjWX9erEAQgq0Q//bKc0CM9R2JeB8Czrus6oTHhXpBt+ykbW  
ynNuGnQFwrIK2ToqHAvCXfbavCbP+ENebsxzCfKBzE0kL2KrTq5v/cgcETyWsc2O  
VJ+LxTeYOjuKXObO+aAQujcEpU89FiwXPcdyBr0ayuLof+tLuem78VQoPyDnMBmF  
zB9RIIOjznXOFPhwej8DokAziEVtjgKwWuh1/V4nYquIAFyP7hm4IQ26OkVLxhZG  
LNCXmHYFxwgqXBn9vEmTNuAjRZFHkyIHHH6ShZHwz//tK4EbwW5v+IvQpCa6rkHT  
beZh2ivr7t07J27xheD7AZPmat1dlOBmSo3yy67W9hC2t1YGp0ryaTyq1SZt2+h0  
a8+CF8870BjZidp6tLsRc5EMz+/WSoRatYn92WOfKnAyrMfSXgZvqpq94nv+oYJw  
uLA3FMc2mae7JDWVkl/K1TT8r2b9aUQk8qL0w1onAQComtOFbNzOvWfwQMp2PMZ9  
l13TQpJGEhu5NiXKUeQZvT+XLyuZ80DsyyPES080CQ3IdJ0uCcMpQDb346PJUfG6  
/kSMi0LiPRArFgQXWfL4EWNKPnEBeLJQmaFO7grNPAi8k4cuuiHbx2NTByAdQKFg  
ayKoM1ntNB6KGBVQnhScsELj6lFZp/RiBWpocpj1nHVxlIdwmbIqU8UIDK26QvrJ  
xi7Xxtsl0ZQ=aTXK  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1766-01

Red Hat Security Advisory 2023-1770-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: openvswitch3.1 security update  
Advisory ID:       RHSA-2023:1770-01  
Product:           Fast Datapath  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1770  
Issue date:        2023-04-13  
CVE Names:         CVE-2023-1668  
====================================================================  
1. Summary:

An update for openvswitch3.1 is now available in Fast Datapath for Red Hat  
Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Fast Datapath for Red Hat Enterprise Linux 9 - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Open vSwitch provides standard network bridging functions and support for  
the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

* openvswitch: ip proto 0 triggers incorrect handling (CVE-2023-1668)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* [23.C RHEL-9] Fast Datapath Release (BZ#2177688)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2137666 - CVE-2023-1668 openvswitch: ip proto 0 triggers incorrect handling  
2177688 - [23.C RHEL-9] Fast Datapath Release

6. Package List:

Fast Datapath for Red Hat Enterprise Linux 9:

Source:  
openvswitch3.1-3.1.0-14.el9fdp.src.rpm

aarch64:  
openvswitch3.1-3.1.0-14.el9fdp.aarch64.rpm  
openvswitch3.1-debuginfo-3.1.0-14.el9fdp.aarch64.rpm  
openvswitch3.1-debugsource-3.1.0-14.el9fdp.aarch64.rpm  
openvswitch3.1-devel-3.1.0-14.el9fdp.aarch64.rpm  
openvswitch3.1-ipsec-3.1.0-14.el9fdp.aarch64.rpm  
python3-openvswitch3.1-3.1.0-14.el9fdp.aarch64.rpm  
python3-openvswitch3.1-debuginfo-3.1.0-14.el9fdp.aarch64.rpm

noarch:  
openvswitch3.1-test-3.1.0-14.el9fdp.noarch.rpm

ppc64le:  
openvswitch3.1-3.1.0-14.el9fdp.ppc64le.rpm  
openvswitch3.1-debuginfo-3.1.0-14.el9fdp.ppc64le.rpm  
openvswitch3.1-debugsource-3.1.0-14.el9fdp.ppc64le.rpm  
openvswitch3.1-devel-3.1.0-14.el9fdp.ppc64le.rpm  
openvswitch3.1-ipsec-3.1.0-14.el9fdp.ppc64le.rpm  
python3-openvswitch3.1-3.1.0-14.el9fdp.ppc64le.rpm  
python3-openvswitch3.1-debuginfo-3.1.0-14.el9fdp.ppc64le.rpm

s390x:  
openvswitch3.1-3.1.0-14.el9fdp.s390x.rpm  
openvswitch3.1-debuginfo-3.1.0-14.el9fdp.s390x.rpm  
openvswitch3.1-debugsource-3.1.0-14.el9fdp.s390x.rpm  
openvswitch3.1-devel-3.1.0-14.el9fdp.s390x.rpm  
openvswitch3.1-ipsec-3.1.0-14.el9fdp.s390x.rpm  
python3-openvswitch3.1-3.1.0-14.el9fdp.s390x.rpm  
python3-openvswitch3.1-debuginfo-3.1.0-14.el9fdp.s390x.rpm

x86_64:  
openvswitch3.1-3.1.0-14.el9fdp.x86_64.rpm  
openvswitch3.1-debuginfo-3.1.0-14.el9fdp.x86_64.rpm  
openvswitch3.1-debugsource-3.1.0-14.el9fdp.x86_64.rpm  
openvswitch3.1-devel-3.1.0-14.el9fdp.x86_64.rpm  
openvswitch3.1-ipsec-3.1.0-14.el9fdp.x86_64.rpm  
python3-openvswitch3.1-3.1.0-14.el9fdp.x86_64.rpm  
python3-openvswitch3.1-debuginfo-3.1.0-14.el9fdp.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-1668  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZDfaLtzjgjWX9erEAQgWtw//Q8Uf6a/o/eN5OJxyMupZANRTuKoPOXeu  
vUuwVU6oVNklao0FCs3BkMUfoGagZfHqJiVtaJBp48hpHWprZ6CJ6Prc18k/KIkY  
hhN/z42p1fLC+J4JzMuA3cODHVc0JkXuRT1wMfGYfKq4RLPaW6jADVSIGzTIZhc9  
YtppXWcpp5cEgvoF9/NtZspKggFUWuXj4BymJ7fzmxGpDkHkaMMdMX+9+qTevpyP  
Kj0G9YfdmmUGWAaZ3Fm5/vh8otoeTDOU83YgTl+kQrflPg/PJVuTAiJ3cjA+Sl1U  
yZDyUxNwgSwvJ4PJKMif6SrNsvv1PQpxK9UE9Q8JWVlXVwvPw5aHpj9bhk5Kmv3n  
t/x37zdKWPbldBeuQlNpXTNAZ1YFGd5PSzseR8fJXoyinhcT+ATC4mAyWhoq5+B5  
J7NLCxJDXfO8pzBbnv5whaDS3fztXbFpKQC5wC26x/az4Fci2+y2EX9TTxYTyA2P  
JZ0zp4wZpHHk78xoSPOMGuvURwl9NYGPQvLtztg6sOFx/XDwC3fws+SGTkeUJjfw  
xiAdisM4JAujDR0jiMRBe+WkElVF1uaT1KolLQPxu9kxcNuLJ/Qr62kBjsPfgkF0  
feZT3Uui2ZZhuX/F/z74OkKS+ke9dIeN75d6KpYiMfaJdYpRC2rmU6f1aQBfcVik  
dd1tBu49mHM=xop/  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1770-01

Red Hat Security Advisory 2023-1747-01 - The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: pki-core:10.6 security update  
Advisory ID:       RHSA-2023:1747-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1747  
Issue date:        2023-04-12  
CVE Names:         CVE-2022-2414  
====================================================================  
1. Summary:

An update for the pki-core:10.6 module is now available for Red Hat  
Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2  
Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update  
Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream E4S (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream TUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The Public Key Infrastructure (PKI) Core contains fundamental packages  
required by Red Hat Certificate System.

Security Fix(es):

* pki-core: access to external entities when parsing XML can lead to XXE  
(CVE-2022-2414)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2104676 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v. 8.2):

Source:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.src.rpm  
ldapjdk-4.21.0-2.module+el8.2.0+6294+b7db4606.src.rpm  
pki-core-10.8.4-1.module+el8.2.0+17305+ef598dea.src.rpm  
tomcatjss-7.4.1-2.module+el8.2.0+6294+b7db4606.src.rpm

aarch64:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm

noarch:  
ldapjdk-4.21.0-2.module+el8.2.0+6294+b7db4606.noarch.rpm  
ldapjdk-javadoc-4.21.0-2.module+el8.2.0+6294+b7db4606.noarch.rpm  
pki-base-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-base-java-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-ca-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-kra-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-server-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
python3-pki-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
tomcatjss-7.4.1-2.module+el8.2.0+6294+b7db4606.noarch.rpm

ppc64le:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm

s390x:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm

x86_64:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v. 8.2):

Source:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.src.rpm  
ldapjdk-4.21.0-2.module+el8.2.0+6294+b7db4606.src.rpm  
pki-core-10.8.4-1.module+el8.2.0+17305+ef598dea.src.rpm  
tomcatjss-7.4.1-2.module+el8.2.0+6294+b7db4606.src.rpm

aarch64:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm

noarch:  
ldapjdk-4.21.0-2.module+el8.2.0+6294+b7db4606.noarch.rpm  
ldapjdk-javadoc-4.21.0-2.module+el8.2.0+6294+b7db4606.noarch.rpm  
pki-base-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-base-java-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-ca-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-kra-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-server-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
python3-pki-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
tomcatjss-7.4.1-2.module+el8.2.0+6294+b7db4606.noarch.rpm

ppc64le:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm

s390x:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm

x86_64:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v. 8.2):

Source:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.src.rpm  
ldapjdk-4.21.0-2.module+el8.2.0+6294+b7db4606.src.rpm  
pki-core-10.8.4-1.module+el8.2.0+17305+ef598dea.src.rpm  
tomcatjss-7.4.1-2.module+el8.2.0+6294+b7db4606.src.rpm

aarch64:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm

noarch:  
ldapjdk-4.21.0-2.module+el8.2.0+6294+b7db4606.noarch.rpm  
ldapjdk-javadoc-4.21.0-2.module+el8.2.0+6294+b7db4606.noarch.rpm  
pki-base-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-base-java-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-ca-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-kra-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-server-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
python3-pki-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
tomcatjss-7.4.1-2.module+el8.2.0+6294+b7db4606.noarch.rpm

ppc64le:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm

s390x:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm

x86_64:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2414  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZDcxWNzjgjWX9erEAQi/AA/9GNdQctKqRnMI2c+jyjs/LF5USS5Qx3dk  
axfQaGBzI7jYtBReNbGlVnlQzS+/DjiChUfl2m2YU1pAhhO3B7/Nd5t6xC9mMkUN  
Itvzu46P1pPCt0pURc+BEpC6PxIHq6cFpEeS9L52FFWjUTYKH/IeIb3Po0XGtyZ1  
lHIOjqvAZTXSi+7IR07pXBKNy03vUNVdVcRDqNkls9FFfKDsx11/KgoIksWxkBtC  
oiuhLaMzlsmmL2VC60ZbrGKBstOIalL+X1p1JmG3W5aRFiIu90MeyHpX1cQwldlD  
mWzKZUG/e8KI7iFufQZ6nsHGrCvREWDncpbUcRxilRI1jBPqI5cJfol2CKmrAMT7  
UWhn4WMfBGmKr7heUxemxJowFtlRSbzz0I95qW5J3JA74JjsMDxkLwWnTlLf70yo  
F71oy0IJWSdQ776bkR9oy7ZlcLioNhFEtGR9/kDc2AKdP1bc+hNZV2s/2UYC0aSj  
4Nx3gJp8g1PcnwDMJwL3KvxA4DWZ4YhJ2lInSqGQ37WyIr/7OPknjWaVdzb1unvl  
fRjWygiwJ90zEOv2gkyVAa01GrScO/xi6ppR1am6lXVGdUcmZYYs3jeL0ajEEkvo  
g/3hqWgqcai9a8DkaubbwhwPDpia+s38CjRQML3AD+k+02IZcOr1pcNFygy/BLyR  
TppOjgbEuAk=PPtl  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1747-01

Ubuntu Security Notice 6014-1 - Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service or inject forged data. Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information.

==========================================================================  
Ubuntu Security Notice USN-6014-1  
April 12, 2023

linux, linux-kvm, linux-lts-xenial vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM  
- Ubuntu 14.04 ESM

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux: Linux kernel  
- linux-kvm: Linux kernel for cloud environments  
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty

Details:

Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP  
implementation in the Linux kernel did not properly handle IPID assignment.  
A remote attacker could use this to cause a denial of service (connection  
termination) or inject forged data. (CVE-2020-36516)

Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk,  
Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre  
Variant 2 mitigations for AMD processors on Linux were insufficient in some  
situations. A local attacker could possibly use this to expose sensitive  
information. (CVE-2021-26401)

Jürgen Groß discovered that the Xen subsystem within the Linux kernel did  
not adequately limit the number of events driver domains (unprivileged PV  
backends) could send to other guest VMs. An attacker in a driver domain  
could use this to cause a denial of service in other guest VMs.  
(CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)

Wolfgang Frisch discovered that the ext4 file system implementation in the  
Linux kernel contained an integer overflow when handling metadata inode  
extents. An attacker could use this to construct a malicious ext4 file  
system image that, when mounted, could cause a denial of service (system  
crash). (CVE-2021-3428)

It was discovered that the IEEE 802.15.4 wireless network subsystem in the  
Linux kernel did not properly handle certain error conditions, leading to a  
null pointer dereference vulnerability. A local attacker could possibly use  
this to cause a denial of service (system crash). (CVE-2021-3659)

It was discovered that the System V IPC implementation in the Linux kernel  
did not properly handle large shared memory counts. A local attacker could  
use this to cause a denial of service (memory exhaustion). (CVE-2021-3669)

Alois Wohlschlager discovered that the overlay file system in the Linux  
kernel did not restrict private clones in some situations. An attacker  
could use this to expose sensitive information. (CVE-2021-3732)

It was discovered that the SCTP protocol implementation in the Linux kernel  
did not properly verify VTAGs in some situations. A remote attacker could  
possibly use this to cause a denial of service (connection disassociation).  
(CVE-2021-3772)

It was discovered that the btrfs file system implementation in the Linux  
kernel did not properly handle locking in certain error conditions. A local  
attacker could use this to cause a denial of service (kernel deadlock).  
(CVE-2021-4149)

Jann Horn discovered that the socket subsystem in the Linux kernel  
contained a race condition when handling listen() and connect() operations,  
leading to a read-after-free vulnerability. A local attacker could use this  
to cause a denial of service (system crash) or possibly expose sensitive  
information. (CVE-2021-4203)

It was discovered that the file system quotas implementation in the Linux  
kernel did not properly validate the quota block number. An attacker could  
use this to construct a malicious file system image that, when mounted and  
operated on, could cause a denial of service (system crash).  
(CVE-2021-45868)

Zhihua Yao discovered that the MOXART SD/MMC driver in the Linux kernel did  
not properly handle device removal, leading to a use-after-free  
vulnerability. A physically proximate attacker could possibly use this to  
cause a denial of service (system crash). (CVE-2022-0487)

It was discovered that the block layer subsystem in the Linux kernel did  
not properly initialize memory in some situations. A privileged local  
attacker could use this to expose sensitive information (kernel memory).  
(CVE-2022-0494)

It was discovered that the UDF file system implementation in the Linux  
kernel could attempt to dereference a null pointer in some situations. An  
attacker could use this to construct a malicious UDF image that, when  
mounted and operated on, could cause a denial of service (system crash).  
(CVE-2022-0617)

David Bouman discovered that the netfilter subsystem in the Linux kernel  
did not initialize memory in some situations. A local attacker could use  
this to expose sensitive information (kernel memory). (CVE-2022-1016)

It was discovered that the implementation of the 6pack and mkiss protocols  
in the Linux kernel did not handle detach events properly in some  
situations, leading to a use-after-free vulnerability. A local attacker  
could possibly use this to cause a denial of service (system crash).  
(CVE-2022-1195)

Duoming Zhou discovered race conditions in the AX.25 amateur radio protocol  
implementation in the Linux kernel, leading to use-after-free  
vulnerabilities. A local attacker could possibly use this to cause a denial  
of service (system crash). (CVE-2022-1205)

It was discovered that the tty subsystem in the Linux kernel contained a  
race condition in certain situations, leading to an out-of-bounds read  
vulnerability. A local attacker could possibly use this to cause a denial  
of service (system crash) or expose sensitive information. (CVE-2022-1462)

It was discovered that the implementation of X.25 network protocols in the  
Linux kernel did not terminate link layer sessions properly. A local  
attacker could possibly use this to cause a denial of service (system  
crash). (CVE-2022-1516)

Duoming Zhou discovered a race condition in the NFC subsystem in the Linux  
kernel, leading to a use-after-free vulnerability. A privileged local  
attacker could use this to cause a denial of service (system crash) or  
possibly execute arbitrary code. (CVE-2022-1974)

Duoming Zhou discovered that the NFC subsystem in the Linux kernel did not  
properly prevent context switches from occurring during certain atomic  
context operations. A privileged local attacker could use this to cause a  
denial of service (system crash). (CVE-2022-1975)

It was discovered that the HID subsystem in the Linux kernel did not  
properly validate inputs in certain conditions. A local attacker with  
physical access could plug in a specially crafted USB device to expose  
sensitive information. (CVE-2022-20132)

It was discovered that the device-mapper verity (dm-verity) driver in the  
Linux kernel did not properly verify targets being loaded into the device-  
mapper table. A privileged attacker could use this to cause a denial of  
service (system crash) or possibly execute arbitrary code. (CVE-2022-20572,  
CVE-2022-2503)

Duoming Zhou discovered that race conditions existed in the timer handling  
implementation of the Linux kernel's Rose X.25 protocol layer, resulting in  
use-after-free vulnerabilities. A local attacker could use this to cause a  
denial of service (system crash). (CVE-2022-2318)

Zheyu Ma discovered that the Silicon Motion SM712 framebuffer driver in the  
Linux kernel did not properly handle very small reads. A local attacker  
could use this to cause a denial of service (system crash). (CVE-2022-2380)

David Leadbeater discovered that the netfilter IRC protocol tracking  
implementation in the Linux Kernel incorrectly handled certain message  
payloads in some situations. A remote attacker could possibly use this to  
cause a denial of service or bypass firewall filtering. (CVE-2022-2663)

Lucas Leong discovered that the LightNVM subsystem in the Linux kernel did  
not properly handle data lengths in certain situations. A privileged  
attacker could use this to cause a denial of service (system crash) or  
possibly execute arbitrary code. (CVE-2022-2991)

It was discovered that the Intel 740 frame buffer driver in the Linux  
kernel contained a divide by zero vulnerability. A local attacker could use  
this to cause a denial of service (system crash). (CVE-2022-3061)

Jiasheng Jiang discovered that the wm8350 charger driver in the Linux  
kernel did not properly deallocate memory, leading to a null pointer  
dereference vulnerability. A local attacker could use this to cause a  
denial of service (system crash). (CVE-2022-3111)

It was discovered that the sound subsystem in the Linux kernel contained a  
race condition in some situations. A local attacker could use this to cause  
a denial of service (system crash). (CVE-2022-3303)

It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux  
kernel did not properly perform bounds checking in some situations. A  
physically proximate attacker could use this to craft a malicious USB  
device that when inserted, could cause a denial of service (system crash)  
or possibly execute arbitrary code. (CVE-2022-3628)

Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux  
kernel contained an out-of-bounds write vulnerability. A local attacker  
could use this to cause a denial of service (system crash).  
(CVE-2022-36280)

It was discovered that the NILFS2 file system implementation in the Linux  
kernel did not properly deallocate memory in certain error conditions. An  
attacker could use this to cause a denial of service (memory exhaustion).  
(CVE-2022-3646)

It was discovered that the Netlink Transformation (XFRM) subsystem in the  
Linux kernel contained a reference counting error. A local attacker could  
use this to cause a denial of service (system crash). (CVE-2022-36879)

It was discovered that the infrared transceiver USB driver did not properly  
handle USB control messages. A local attacker with physical access could  
plug in a specially crafted USB device to cause a denial of service (memory  
exhaustion). (CVE-2022-3903)

Jann Horn discovered a race condition existed in the Linux kernel when  
unmapping VMAs in certain situations, resulting in possible use-after-free  
vulnerabilities. A local attacker could possibly use this to cause a denial  
of service (system crash) or execute arbitrary code. (CVE-2022-39188)

Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel did not  
properly perform reference counting in some situations, leading to a use-  
after-free vulnerability. A local attacker could use this to cause a denial  
of service (system crash) or possibly execute arbitrary code.  
(CVE-2022-41218)

It was discovered that a race condition existed in the SMSC UFX USB driver  
implementation in the Linux kernel, leading to a use-after-free  
vulnerability. A physically proximate attacker could use this to cause a  
denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2022-41849)

It was discovered that a race condition existed in the Roccat HID driver in  
the Linux kernel, leading to a use-after-free vulnerability. A local  
attacker could use this to cause a denial of service (system crash) or  
possibly execute arbitrary code. (CVE-2022-41850)

It was discovered that the USB core subsystem in the Linux kernel did not  
properly handle nested reset events. A local attacker with physical access  
could plug in a specially crafted USB device to cause a denial of service  
(kernel deadlock). (CVE-2022-4662)

It was discovered that the network queuing discipline implementation in the  
Linux kernel contained a null pointer dereference in some situations. A  
local attacker could use this to cause a denial of service (system crash).  
(CVE-2022-47929)

Kyle Zeng discovered that the IPv6 implementation in the Linux kernel  
contained a NULL pointer dereference vulnerability in certain situations. A  
local attacker could use this to cause a denial of service (system crash).  
(CVE-2023-0394)

It was discovered that a memory leak existed in the SCTP protocol  
implementation in the Linux kernel. A local attacker could use this to  
cause a denial of service (memory exhaustion). (CVE-2023-1074)

Mingi Cho discovered that the netfilter subsystem in the Linux kernel did  
not properly initialize a data structure, leading to a null pointer  
dereference vulnerability. An attacker could use this to cause a denial of  
service (system crash). (CVE-2023-1095)

Kyle Zeng discovered that the ATM VC queuing discipline implementation in  
the Linux kernel contained a type confusion vulnerability in some  
situations. An attacker could use this to cause a denial of service (system  
crash). (CVE-2023-23455)

Lianhui Tang discovered that the MPLS implementation in the Linux kernel  
did not properly handle certain sysctl allocation failure conditions,  
leading to a double-free vulnerability. An attacker could use this to cause  
a denial of service or possibly execute arbitrary code. (CVE-2023-26545)

It was discovered that the NTFS file system implementation in the Linux  
kernel did not properly validate attributes in certain situations, leading  
to an out-of-bounds read vulnerability. A local attacker could possibly use  
this to expose sensitive information (kernel memory). (CVE-2023-26607)

Duoming Zhou discovered that a race condition existed in the infrared  
receiver/transceiver driver in the Linux kernel, leading to a use-after-  
free vulnerability. A privileged attacker could use this to cause a denial  
of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-1118)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 16.04 ESM:  
   linux-image-4.4.0-1118-kvm      4.4.0-1118.128  
   linux-image-4.4.0-239-generic   4.4.0-239.273  
   linux-image-4.4.0-239-lowlatency  4.4.0-239.273  
   linux-image-generic             4.4.0.239.245  
   linux-image-generic-lts-xenial  4.4.0.239.245  
   linux-image-kvm                 4.4.0.1118.115  
   linux-image-lowlatency          4.4.0.239.245  
   linux-image-lowlatency-lts-xenial  4.4.0.239.245  
   linux-image-virtual             4.4.0.239.245  
   linux-image-virtual-lts-xenial  4.4.0.239.245

Ubuntu 14.04 ESM:  
   linux-image-4.4.0-239-generic   4.4.0-239.273~14.04.1  
   linux-image-4.4.0-239-lowlatency  4.4.0-239.273~14.04.1  
   linux-image-generic-lts-xenial  4.4.0.239.207  
   linux-image-lowlatency-lts-xenial  4.4.0.239.207  
   linux-image-virtual-lts-xenial  4.4.0.239.207

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-6014-1  
   CVE-2020-36516, CVE-2021-26401, CVE-2021-28711, CVE-2021-28712,  
   CVE-2021-28713, CVE-2021-3428, CVE-2021-3659, CVE-2021-3669,  
   CVE-2021-3732, CVE-2021-3772, CVE-2021-4149, CVE-2021-4203,  
   CVE-2021-45868, CVE-2022-0487, CVE-2022-0494, CVE-2022-0617,  
   CVE-2022-1016, CVE-2022-1195, CVE-2022-1205, CVE-2022-1462,  
   CVE-2022-1516, CVE-2022-1974, CVE-2022-1975, CVE-2022-20132,  
   CVE-2022-20572, CVE-2022-2318, CVE-2022-2380, CVE-2022-2503,  
   CVE-2022-2663, CVE-2022-2991, CVE-2022-3061, CVE-2022-3111,  
   CVE-2022-3303, CVE-2022-3628, CVE-2022-36280, CVE-2022-3646,  
   CVE-2022-36879, CVE-2022-3903, CVE-2022-39188, CVE-2022-41218,  
   CVE-2022-41849, CVE-2022-41850, CVE-2022-4662, CVE-2022-47929,  
   CVE-2023-0394, CVE-2023-1074, CVE-2023-1095, CVE-2023-1118,  
   CVE-2023-23455, CVE-2023-26545, CVE-2023-26607

Ubuntu Security Notice USN-6014-1

Debian Linux Security Advisory 5386-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5386-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffApril 12, 2023                        https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2023-1810 CVE-2023-1811 CVE-2023-1812 CVE-2023-1813                 CVE-2023-1814 CVE-2023-1815 CVE-2023-1816 CVE-2023-1817                 CVE-2023-1818 CVE-2023-1819 CVE-2023-1820 CVE-2023-1821                 CVE-2023-1822 CVE-2023-1823Multiple security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the stable distribution (bullseye), these problems have been fixed inversion 112.0.5615.49-2~deb11u2.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmQ27IkACgkQEMKTtsN8TjZJnRAAmqQ2oitZ8Xe6N7LFmTq9sADGRMIpupykpRNnPRItA6tVGyDK/yfZnURzD3PTe3uvNx+W8GY+cam3PVjVrPBOXBIga+0NX7krtrs/yIsdKPw0M5EuMiAIl/zwAdoPb8joxdgXMcdDU778iGrx7F0U8/L2cznVSxPP/KZLdEVu35ZoIPxNmH1AmOI91qWoraFdCbLutmtqwTDBwbq+Mk2uzGLlYAhhjEettIArw61unBpi6fMWoCDRSRvIHdXpQWya6WN0MfrUWgtWtQCoqIjyixCOhGVOxYoDrVzJNFDfKZ50eHCwwQxFQPTeK4xk4XBqrh7FnByEAURtZ9dgn3jRdAKZbKsaRQcCYRtGRkbllYD6jYoRTAru+L6b5BKiOL2HZ9Degy53JLNbc92yHpUMnn8oX3AKJM/GKmd053DJkLBP4eVfjh+EyR5cdI4m/pl8zhhQCqt9f7iKoCQPeJe2egMDVg0+Jf1o4oP5117sazBTmsx5yNcsBKHa4jhCUcNxan+7BeRM11edcKkNLDlq/YNC7+ZsqqR6Fps1/rLTgQ0L0LqW2OuEfKfUrfOd9B4G/uWHlYzQepxLy+AcUYnoCekFBHZJ+jtlkwVQ2PBgJ7crSGSWrbfjq0M1NSb9iOlchyINbnvkY3s+YDU0IZcOJqt5lNCrQ0paysYt/+pv994=9/cQ-----END PGP SIGNATURE-----

Debian Security Advisory 5386-1

Debian Linux Security Advisory 5385-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or spoofing.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5385-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
April 12, 2023                        https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : firefox-esr  
CVE ID         : CVE-2023-1945 CVE-2023-29533 CVE-2023-29535 CVE-2023-29536  
                 CVE-2023-29539 CVE-2023-29541 CVE-2023-29548 CVE-2023-29550  
Debian Bug     : 982794

Multiple security issues have been found in the Mozilla Firefox  
web browser, which could potentially result in the execution  
of arbitrary code or spoofing.

For the stable distribution (bullseye), these problems have been fixed in  
version 102.10.0esr-1~deb11u1.

We recommend that you upgrade your firefox-esr packages.

For the detailed security status of firefox-esr please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/firefox-esr

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmQ28JsACgkQEMKTtsN8  
TjbdRg/8DSoN4DTk+CAuIooGwX0fON/G7DgsrGR+dFwQEBd/PMf7Hy+A9EpjOO7E  
IeXK4XHNOV8qbAx3wQ3E9R6oZT//rvgXjYbiNY717OUkK1D7C5QJEinJsY57J2WX  
TW4Q27RuPVVft9sCsKkq47yQE+XT11Z7FuQ+L8xOSZ8+adfvhKhrlZGtzSd9Olux  
1XNmYgJGXu0IEzm5lqWzu+zvraY/yZbOFMStdu3t/tF+jIA2O6v25E2xczObOepv  
TbynApqS1YAH7qlbvjE31qZ3J0mTWhPLtdo6OBKucpc1KBRuSJYcC5sUoGZ5dFrl  
5+K3YfOlPjTww94mx1Own1WDyNw+g37lEGt5enQ/EkWSVKK4co/pzCvzmc7xxzr9  
64ukerv/C94KjSdmPPr6kr4qjUJThs/XlFTbhbPvRRL0Blk/fIJuG1dALXk2R2Ut  
4La0T9h0tGoEoLDGoI1A/cKl2cLnpGg0LeLxWhMysVcYSFcza/0EfYmGtDbRp5iv  
bB+vlpYjjWaNyx+ZtxDtbPtZ9ZmTOKPjrQ+bJFAEYqykIAlueC3bBwqpMz5SxPqg  
NDxWoGK13S//9Ug3c/GPcxNNiV1jNPxuG9Dy3Kq1/LHKrDtnYOfjXrg7nqelRSHS  
1NVzxuTD/0lV8tlo/806hoZToxINqi+c13/Nm5GnDiMzdg3u/hQ=RuqS  
-----END PGP SIGNATURE-----

Tag

#linux